Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Top 10 FCPA Resolutions

The Foreign Corrupt Practices Act (FCPA) is a United States federal law which addresses accounting transparency and bribery of foreign officials. The US Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) are both responsible for FCPA enforcement – the SEC, for those companies under its regulatory jurisdiction, and the DOJ, for all other companies.  This enforcement famously leads to large settlement payments by offending companies, the resolution of which is often reached by collaboration among numerous governments and supervisory entities.

The ten largest FCPA resolutions as of the writing of this blog post are listed below, with links to more information and business case studies on each.

READ MORE

Corporate cultural change: Consistent and visible enforcement

This is the second in a series of five posts suggesting best practices for implementing corporate cultural change.  For an overview of all the tips on this subject, check out this preview postLast week’s post discussed tone and conduct at the top.  Today’s post is about enforcement.  Next Monday’s post, on March 12, will discuss effective policies.  The fourth post in the series, on March 19, will focus on procedures to complement those policies.  Finally, on March 27, the fifth post in the series will discuss tips for going beyond training in order to create effective and engaging employee education initiatives to boost awareness and compliance culture.

Last week’s post discussed the importance of commitments by executive boards, senior management, and top leadership in organization to expressing tone and modelling conduct to enable change.  Once the path is cleared for institutions to follow, by the statements and actions that aim to define and promote the necessary change, effective and bold enforcement actions must follow.

READ MORE

Round-up on FCC compliance

This is the seventh in a series of seven posts about regulatory compliance priorities and enforcement trends.  The first post was about the Commodity Futures Trading Commission (CFTC).  The second post was about the Federal Trade Commission (FTC).  The third post was about the Securities & Exchange Commission (SEC).  The fourth post was about the Food & Drug Administration (FDA).  The fifth post was about the U.S. Department of Agriculture (USDA).  Last week’s post was about the Environmental Protection Agency (EPA).  Finally, today’s post, the final one, will be about the Federal Communications Commission (FCC).

The U.S. Federal Communications Commission (FCC) is the US regulator charged with supervising interstate communications via the mediums of radio, television, wire, satellite, and cable.  The FCC was created by the Communications Act of 1934 to replace the Federal Radio commission, a predecessor regulator with jurisdiction over radio only, and incorporate the telecommunications regulation responsibilities of the Interstate Commerce Commission, in recognition of the advancement of communication and broadcasting technologies.

The modern FCC has six main operating objectives: providing affordable access to broadband internet; maintaining a competitive framework for communications services providers; ensuring the efficiency and efficacy of spectrum (radio); setting media regulations which encourage digitalisation, competition, and diversity; cooperating with public safety and homeland security crisis communications; and contributing to ongoing modernization of the FCC itself as innovation evolves.  Within these objectives, the FCC sets media policy pertaining to broadcast, cable, and satellite television and broadcast radio regarding content, indecency, ownership, and transition to digital.  Interstate telecommunications services including landed telephone, internet, mobile services, and a variety of other radio and broadcasting networks and databases are also within the FCC’s purview.

Certainly the biggest story in recent years involving the FCC has been the changes to the Obama-era Net Neutrality rule.  For a basic but thorough explanation of Net Neutrality, recent changes to its regulatory handling, and the various interests at stake, check out this QuickTake from Bloomberg.

  • Cooperation with the FTC: In the aftermath of the rollback of net neutrality protections ensured by the FCC in its December 2017 vote, much of the regulatory attention has been on assurances that the FTC will step into the gap to pick up on vital enforcement efforts.  The two agencies have agreed to a memorandum of understanding on their collaboration with each other, much of which appears to be based on pre-Net Neutrality classifications which established shared jurisdictions for the FCC and the FTC.  The details of this plan, however, both in its depth and its ultimate application, remain to be seen:  FCC and FTC outline how they’ll cooperate after net neutrality vote   
  • Legal engagement with states: Facing regulatory rollback at the federal level and judging legislative action to be unlikely, some states have started to consider creating their own legal frameworks in absence of a higher supervisory authority providing oversight. California is one state which has been vocal about wanting to fill the regulatory gap created by federal rollbacks by creating state systems to establish accountability, and the topic of Net Neutrality is a hot-button one for states to get involved.  Because the FCC’s order bars states from making their own overt rules about Net Neutrality, lawmakers will need to get creative about using their resources and existing regulatory authority to capture broadband internet service providers (ISPs) in their jurisdiction to force constructive compliance:  In the Wake of the FCC’s Net Neutrality Repeal, California Eyes Its Own Net Neutrality Law  
  • …And cities: California is far from the only state spurred into action by the Net Neutrality change, as over 20 states have mounted various challenges to the decision and/or efforts of their own to require ISPs doing business in their states to observe Net Neutrality.  Cities are engaged also, with New York City officials considering the ways the city can enforce the principles of Net Neutrality on its own:  States and Cities Keep the Battle for Net Neutrality Alive 
  • Corporate political engagement: Changes in regulatory position and public policy on topics of great consumer interest are practical candidates on which corporations can engage and take political position. The Net Neutrality repeal was not only controversial but provoked a wide range of emotional and intellectual reactions from the public.  So, it’s an interesting and compelling corporate social responsibility (CSR) tactic for many companies to engage politically about Net Neutrality and thereby enhance their relevance to and credibility with current and prospective customers.  Burger King got a lot of attention for doing so not only boldly but informatively:  Why is Burger King better at explaining net neutrality than the FCC?  

Post-Net Neutrality rule-making, the FCC will likely seek a new alignment on a broad variety of issues impacting its wide mandate.  As demonstrated by the diverse range of priority topics below, the FCC will have a full regulatory agenda for 2018, and rehabilitation of its public image and its processes through which it engages with consumers, lawmakers, and stakeholders, will be a top priority for the agency.  As discussed in this article, the challenges are inherent in rebounding from 2017 and setting a fresh set of priorities for 2018.

As this series on regulatory enforcement and compliance interests has shown, whatever the current rhetoric on the proper reach of supervision may be, these agencies will always have a huge impact on life and business.  Whether this is through regulatory expansion, delay and inaction, or rollback, the choices made on regulatory agendas have sweeping influence on topics as diverse as investor protection, public health and safety, the environment, consumer rights, and all areas of the securities and financial markets.

 

READ MORE

Round-up on FTC compliance

This is the second in a series of seven posts about regulatory compliance priorities and enforcement trends.  Last week’s post was about the Commodity Futures Trading Commission (CFTC).  Today’s post will be about the Federal Trade Commission (FTC).  On Thursday January 4, the post will be about the Securities & Exchange Commission (SEC).  On Thursday January 11, the post will be about the Food & Drug Administration (FDA).  On Thursday January 18, the post will be about the U.S. Department of Agriculture (USDA).  On Thursday January 25, the post will be about the Environmental Protection Agency (EPA).  Finally, on Thursday February 1, the post will be about the Federal Communications Commission (FCC).

The Federal Trade Commission (FTC) is the US regulator charged with supervisory authority to protect consumers as well as enforce antitrust laws to avoid monopolies and ensure competitive business practices. Created in 1914 by the Federal Trade Commission Act, the FTC is an independent regulatory agency with the purpose to monitor the markets for anticompetitive developments and investigate and eliminate those where they emerge. Avoiding monopolies, known as trust, was a major political focus at the time the FTC was created and eliminating these large, anti-competitive business entities, known as “trust busting,” was an important priority for President Woodrow Wilson. The creation of the FTC was intended to bring an administrative efficiency to regulating interstate trade so that these trust and antitrust matters could be determined more expediently by the regulatory agency instead of working their way slowly through the courts.

In its current state, the FTC has broad supervisory authority over business practices where consumer protection or competitive processes are involved. The mandates of its various bureaus include protecting consumers against unfair or fraudulent acts or practices, enforcing existing antitrust laws, and reviewing pending mergers. These issues come from consumer and business reports, pre-merger notice filings, press reports, and congressional inquiries.

The FTC’s enforcement actions extend to individual companies, groups of companies, or industries with the main objective of addressing series consumer fraud or harm and preventing anti-competition business developments. With such a far-reaching set of interests, the issues and focuses that characterize the FTC’s regulatory agenda and enforcement priorities are equally diverse.

  • Consumer DNA testing services and privacy: Companies offering DNA testing services for everything from ancestry to genetic diseases to potential allergies to nutritional needs have become very popular in recent years. Most of these services involve consumers using a kit at home to collect samples of hair, skin, or saliva, which they then send to the company. The company then tests the samples itself or sends them to a third-party lab service for testing and then compiles results and analytical data into a slick, branded presentation that is sent back to the customer to study. If these services were performed in the traditional setting of a doctor’s office, the customer would be treated as a patient and would therefore be afforded commensurate protections and have expectations of privacy and informed consent for the collection, use, and storage of their genetic material. In the retail DNA testing service business, however, the duty owed to consumers is more dubious and the practices of companies less closely supervised or disclosed. As the popularity and prevalence of these tests continues, the FTC will likely look to standardize and investigate business practices of these companies:  Senator Calls on FTC to Investigate DNA Ancestry Companies
  • Use of consent decrees: The public and courts are taking a closer look at the often widespread use of settlement agreements by regulatory entities. The FTC typically uses these in enforcement actions in the data-privacy arena when companies experience breaches that puts consumer information security at risk. Consumers having their data stolen in cybersecurity compromises of payment systems or other retail financial data records. Settlement agreements and consent decrees are meant to apply to individual companies in federal-level, case-specific circumstances only, but the legal precedent has evolved for this common law practice to be potentially applied to establish liability under state law as well. In the continued use of consent decrees, the FTC needs to elucidate clearly what standards apply to constitute a violation and when and where liability may exist:  Federal Court’s Embrace Of FTC Data-Breach Settlements As ‘Common Law’ Treads On Due Process
  • Venue shopping for overlapping antitrust review: As noted in this post, major merger and acquisition activity is at a high pitch in the markets right now. Many large companies are seeking to merge with or acquire another and in lots of cases, regulatory review is exhaustive and detailed. Regulators seek concessions, order sales or exclusions to assets, delay transactions, and influence deals in both the press and Congress. In this intense environment, companies looking to merge with or acquire another approach these transactions hoping for the lightest regulatory touch possible. As there are overlapping supervisory schemes, companies can attempt to shop for the friendliest regulator who might green-light the planned transaction. The FTC and the Department of Justice (DOJ) both conduct antitrust reviews. The perception in the marketplace is that the FTC review may be easier to pass or less burdensome in terms of settlement requirements than that of the DOJ. Therefore some large companies – such as CVS in its planned deal with Aetna – would prefer to be subject to the FTC to improve their odds of passing muster:  CVS likely wants FTC antitrust review, not Justice Department, of Aetna deal
  • Occupational licensing reform: Portability of occupational licenses – such as those required for nurses and accountants – has long-been a challenging political and business issue. States have wildly varying educational and experiential standards for achieving and maintaining these licenses, often making it very hard for professionals who need them to work to move between states that have differing licensure requirements. Military spouses in particular often find themselves shut out of work due to family relocations. On the other end, consumers could be potentially harmed due to unmet expectations for professional service standards in states where the licensing schemes are more lax or supervisory enforcement is inadequate compared to others. Short of a concerted effort by multiple individual states, there is an authority vacuum in the task of making a coherent and coordinated system out of this patchwork of rules, tests, and qualifications. The FTC could be the appropriate regulator to intercede in these circumstances and create a reformed federal unifying system that would function to provide access to work as well as protect consumers’ interests:  The Onerous, Arbitrary, Unaccountable World of Occupational Licensing
  • Net neutrality: Finally, nearly any discussion of US federal regulatory compliance hot topics at the end of 2017 is incomplete without mention of one of the biggest themes of the time, net neutrality. As the Federal Communications Commission (FCC) is pulling back from rule enforcement on net neutrality, both the FCC and the public expect the FTC to take up a more prominent role. The obvious areas where the FTC would have jurisdiction would be those concerning information security, principally data privacy, as well as competitive practices of service providers as well as other digital companies. Time will tell what approach the FTC intends to take in filling this enforcement void:  After Net Neutrality: The FTC Is The Sheriff Of Tech Again. Is It Up To The Task?

Be sure to check back next week for a round-up on SEC regulatory compliance.

READ MORE

Round-up on CFTC compliance

This is the first in a series of seven posts about regulatory compliance priorities and enforcement trends.  Today’s post will be about the Commodity Futures Trading Commission (CFTC).  On Thursday December 28, the post will be about the Federal Trade Commission (FTC).  On Thursday January 4, the post will be about the Securities & Exchange Commission (SEC).  On Thursday January 11, the post will be about the Food & Drug Administration (FDA).  On Thursday January 18, the post will be about the U.S. Department of Agriculture (USDA).  On Thursday January 25, the post will be about the Environmental Protection Agency (EPA).  Finally, on Thursday February 1, the post will be about the Federal Communications Commission (FCC).

The Commodity Futures Trading Commission (CFTC) is the US regulator charged with supervisory authority over the futures and option markets. Created in 1974 by the Commodities Futures Trading Act, the CFTC is an independent regulatory agency with the purpose to monitor and protect the markets by prohibiting fraudulent activity or other misconduct and to control against risk from these. In the aftermath of the 2008 global financial crisis and the markets reforms which were implemented during the economic recovery, the CFTC has played a more prominent role in the largely unregulated general derivatives (contracts that derive their value from the performance of an underlying entity, such as an asset, index, or interest rate) and specifically, swaps (derivative contracts where two counterparties exchange cash flows of each other’s financial instruments) markets, to encourage transparency and gradually move toward a more stringent supervisory framework.

The CFTC’s principal mission is to ensure the successful and efficient operations of the futures markets, by keeping competition fair and preventing market abuse or other threats to financial integrity and efficacy. As the futures markets and particularly the derivatives and swaps markets are very international, the CFTC collaborates heavily with international partners and oversees a huge variety of diverse financial institutions and service providers, including exchanges, clearing houses, dealers, and commodity pool operators.

The CFTC has often been seen as the smaller, less powerful or prominent cousin agency to the Securities and Exchange Commission (SEC). However, as the CFTC refines its position within the financial regulatory landscape of the global markets and within the US economy, certain issues and emphases have emerged which distinguish the CFTC.

  • Bitcoin: The CFTC made headlines in November 2017 in paving the way for CME Group and Cboe Global Markets Inc to trade bitcoin futures contracts. Investors and markets professionals all over the world have been waiting for the first regulatory verdicts in the US on how cryptocurrencies markets may be handled. The CFTC has answered this boldly, indicating a permissive attitude toward the trading practices coupled with a strict expectation for robust monitoring and reporting to enable oversight of the famously volatile and active bitcoin trading markets. The CFTC had already declared in 2015 that it would treat bitcoin as a commodity, and the ensuing years have shown US financial regulators struggling to agree on what the cryptocurrency is in terms of financial markets and what risks and protections might be applicable for those wishing to invest or speculate in it. The CFTC has chosen to give the futures trading a yellow light, allowing it to go ahead with a cautious eye toward the intense enforcement and investor protection needs that could arise and obtaining assurances from the exchanges that they will proactively cooperate and share the necessary data with the CFTC: Bitcoin Futures Are Coming and Regulators Are Racing to Catch Up
  • Whistleblowers: While far outpaced by the SEC’s much more well-known and publicized whistleblower program, the CFTC’s program was created at the same time as the SEC’s, by the post-financial crisis Dodd-Frank Act in 2010. In 2017, while still modest in comparison to the SEC, the CFTC is having a banner year for payments of whistleblower rewards. These rewards come from sanctions imposed by the CFTC due to validated whistleblower claims against CFTC-covered organizations. This represents a reporting increase by whistleblowers to the CFTC of 70 percent over 2016, indicating that whistleblowers are recognizing the value of the CFTC as an enforcement body. Therefore this uptrend in handling of whistleblower claims could likely continue: Why Wall Street Should Worry About the CFTC Whistleblower Program
  • Deregulation: The overall trend in the US is toward a preference for fewer or more efficient and targeted regulations. This is a clear reversal especially in the financial markets, where in the years after the global financial crisis the momentum was toward more complex and far-reaching regulatory and supervisory oversight on the economy and market participants. This was a reasonable and necessary response to not only the recession but the numerous and varied financial scandals and frauds that were uncovered and damaged the markets and society’s trust in the financial systems. These risks and root causes of misconduct and abuse are still present, so balancing a regulatory posture which prefers a lighter touch against the need for investor protector and facilitation of transparent and equitable markets is a challenge for all regulatory agencies, including the CFTC: CFTC Enforcement Actions Drop Sharply in 2017
  • MiFID II: The revised Markets in Financial Instruments Directive, or MiFID II, is a wide-sweeping set of EU financial regulatory rules coming into effect in January 2018. These new regulations will have huge impact on the way banks and other financial institutions interact with and make money from the markets. While these are European laws, the globality of the markets means that regulators and market participants all over the world are contending with how to handle these new supervisory guidelines. The Futures Industry Association (FIA) has been actively lobbying the CFTC on behalf of its members, including large banks such as Goldman Sachs and Morgan Stanley, to confirm that the new European requirements will not bring expensive new limitations in the US as well: Wall Street Has New MiFID Migraine, Now in Futures Market
    In continuation of this, one important area in which the CFTC has already been deal-making with the EU in anticipation of the approaching MiFID II application is with derivatives trading venues. The European Commission and the CFTC have agreed upon mutual recognition of trading venues so that those in the United States can benefit from an equivalence decision recognizing them as eligible for compliance with MiFID II requirements by virtue of their satisfaction of CFTC requirements: EU and CFTC Implement Mutual Recognition of Derivatives Trading Venues
  • Blockchain: Apart from regulating bitcoin as a commodity, the CFTC hopes to benefit from the technology that underlies cryptocurrencies, blockchain. The CFTC has voluminous amounts of data from the diverse market platofrms and service providers that it supervises and has historically struggled to parse and study these huge troves of data efficiently and meaningfully. The CFTC hopes that the reporting reliability, transparency, and information security offered by the ledger technology blockchain can enable better review and analysis of this data. Traditional procurement requirements have often dogged attempts to implement more advanced or emerging technologies, but one of the priorities of the CFTC and other US government agencies currently is to leverage innovation such as from financial technology (fintech), regulatory technology (regtech), and supervisory technology (suptech): CFTC Looks to Blockchain to Transform How It Monitors Markets

Be sure to check back next week for a round-up on FTC regulatory compliance.

READ MORE

Round-up on compliance investigation and enforcement trends

Keeping up to date on developments in compliance investigation and enforcement priorities is important for planning compliance programs and setting strategic agendas. In a constantly changing regulatory environment, continuing education is a must. Recent developments suggest that regulators are regrouping and preparing new priorities, while companies are trying to contend with regulations and avoid looming legal challenges.

  • Prosecution of white-collar criminals is at an all-time low as some companies appear to be considered “too big to jail” and risk-adverse trial strategy rules the day:  Why Corrupt Bankers Avoid Jail
  • Airbnb, possibly setting precedent for other “shared economy” companies without traditional regulatory compliance frameworks, looks to pre-emptively contend with legal challenges by striking deals with municipalities:  Airbnb Tries to Clear Away Political and Legal Challenges in New York and San Francisco
  • The ECJ may declare Uber a transportation company later this year, opening the tech giant to much stricter regulatory scrutiny; in anticipation, Uber has withdrawn from some EU member states where the regulatory burden already overwhelms its appetite for the market: Europe’s Top Court Leaning Towards Dealing Uber a Big Regulatory Blow
  • HSBC, amidst negotiations with the U.S. Department of Justice as it is under investigation for its role in the bond market pre-2008 crisis, is concerned over regulatory gaps in the global financial market that may be unpredictably fragmented by Brexit, in which cooperation between regulators and investigators could become more problematic:  HSBC chief sounds alarm over financial regulation and Brexit
  • Amid mounting prosecutorial pressure and investigation efforts worldwide, a guilty plea and cooperation from ex-Credit Suisse Banker:  Ex-Credit Suisse Banker Helping U.S. After Tax Guilty Plea
  • Scandal at Wells Fargo continues to unfurl its tentacles into new areas of the bank’s business, now reaching into auto loan customers who were charged for unauthorized car insurance; previous attempts at punishment or reform now seem insufficient in light of the scope and scale of the wrongdoing, upping the ante on what is considered justice in corporate crime:  Give Wells Fargo the Corporate Death Penalty

This summer’s trends indicate diminished enforcement efforts, regulators regroup and try to ascertain a new approach to holding corporate criminals accountable for their ethical lapses, in light of previous attempts failing to adequately discourage wrongdoers. In the meantime, companies finding themselves cornered by regulatory pressures hope to gain time to comply or the blessing to continue as-is by negotiating agreements or reaching settlements with regulators.

READ MORE