Global Featured Wired

The Herbalife FCPA Enforcement Action: Part 4 – Final Thoughts

FCPA Compliance & Ethics -

We are the end of my multi-part exploration of the Herbalife Nutrition Ltd (Herbalife) Foreign Corrupt Practices Act (FCPA) enforcement action with both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Herbalife settled with the DOJ via a Deferred Prosecution Agreement (DPA) and Information and with the SEC via a Cease and [...]

The post The Herbalife FCPA Enforcement Action: Part 4 – Final Thoughts appeared first on Compliance Report.

Converge20- Ian Foxley – Whistleblower Protection: The Dawn of the Next Era

FCPA Compliance & Ethics -

CONVERGE is in its 5th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of [...]

The post Converge20- Ian Foxley – Whistleblower Protection: The Dawn of the Next Era appeared first on Compliance Report.

The Affiliated Monitors Expert Podcast Series – What is a Responsible Contractor?

FCPA Compliance & Ethics -

In this special podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Rod Grandon. We will be considering the responsibility of federal contractors to maintain their status as “Responsible Contractors” and explore the benefits of having an effective compliance and business ethics program not only to increase business efficiencies [...]

The post The Affiliated Monitors Expert Podcast Series – What is a Responsible Contractor? appeared first on Compliance Report.

United States: This Week in Government Enforcement

Global Compliance News -

In brief

Please join us for a new weekly video series, hosted by Baker McKenzie’s North America Government Enforcement partners Tom Firestone and Jerome Tomas.

This weekly briefing is available on demand and will cover hot topics and current enforcement actions related to white collar crime and criminal investigations in the US and abroad to arm you with the information you need to start your business week.

As one of the largest global law firms, we will call upon our exceptionally deep and broad bench of white collar experts throughout the world and particularly in the commercial hubs of Europe, Asia, Africa and Latin America to join our weekly discussion series.

These briefings will cover:

  • High-profile DOJ case updates and implications
  • SEC enforcement developments
  • CFTC enforcement developments
  • Other white collar defense industry developments
Contents 8 September 2020

Video Link

24 August 2020

Video Link

17 August 2020

Video Link

10 August 2020

Video Link

3 August 2020

Video Link

27 July 2020

Video Link

20 July 2020

Video Link

13 July 2020

Video Link

6 July 2020

Video Link

29 June 2020

Video Link

22 June 2020

Video Link

17 June 2020

Video Link

9 June 2020

Video Link

26 May 2020

Video Link

The post United States: This Week in Government Enforcement appeared first on Global Compliance News.

Fraud Eats Strategy Episode 3: Interview Techniques & Detecting Deception on Zoom

FCPA Compliance & Ethics -

In this episode, we talk about remote witness interviews and how to make the best of a bad situation using time-tested interrogation techniques and other methods. While things are starting to return to something resembling normal, our use of video conferencing as a business tool is here to stay. I’ve been fielding a lot of questions [...]

The post Fraud Eats Strategy Episode 3: Interview Techniques & Detecting Deception on Zoom appeared first on Compliance Report.

31 Days to a More Effective Compliance Program – Code of Conduct as an internal control

FCPA Compliance & Ethics -

In 2016, one of the most interesting non-international focused FCPA enforcement actions was announced by the SEC. It involved a clear quid pro quo benefit paid out by United Airlines, Inc. to David Samson, the former chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity [...]

The post 31 Days to a More Effective Compliance Program – Code of Conduct as an internal control appeared first on Compliance Report.

Christian Focacci on Sanctions, Data and Vetting Third Parties [Podcast]

The Compliance & Ethics Blog -

Post By: Adam Turteltaub Keeping up with the latest sanctions requirements is very difficult. Names of individuals and organizations are added and removed frequently, and there are multiple prohibited persons and entities lists to track. The US Office of Foreign Asset Control (OFAC) list is but one of several to consult, and just because a […]

Malaysia: Extra Territorial Effect of New Corporate Liability for Corruption Offences

Global Compliance News -

In brief

The new corporate liability provision under Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (“Section 17A“) has come into force on 1 June 2020. As highlighted in our earlier client alert (see Link), a company may be held criminally liable under this new provision for acts of bribery committed by its directors, employees or other associated persons.  The only defence available is for the company to prove that it has put in place adequate procedures designed to prevent these corrupt acts.

This new corporate liability provision applies not only to Malaysian companies, but also to foreign companies with businesses in Malaysia.

Contents Impact on Foreign Companies

The new Section 17A applies to all foreign companies and partnerships which carry on businesses in Malaysia. Although the Act is silent as to what amounts to “carrying out business” in Malaysia, it is likely that a foreign entity will fall within the ambit of Section 17A if it carries on business in Malaysia through an agent or intermediary such as a distributor or reseller and/or through a subsidiary.

The following are examples of two scenarios where a foreign company may be exposed to liability under Section 17A:

  1. Foreign company’s employees or agents pay a bribe in Malaysia

A foreign company may be liable for an offence under Section 17A of the Act if its employees, agents or persons associated with it bribes or attempts to give a bribe in Malaysia to obtain or retain business or business advantage for the company.

  1. Foreign company’s subsidiary pays a bribe in Malaysia

A foreign company may also be liable if its subsidiary bribes or attempts to give a bribe in Malaysia to obtain or retain business or business advantage. This is illustrated in the first prosecution under the UK Bribery Act 2020 in the case of R v Sweett Group plc (“Sweett“) (unreported)(2015), whereby a subsidiary of Sweett paid a bribe in the Middle East to secure a project. Notwithstanding that, the subsidiary engaged in the bribery without the involvement or knowledge of its parent company and that the contract was awarded to the subsidiary, the judge took into account the fact that the subsidiary was not autonomous but was effectively operated by Sweett as a division in the Middle East.

For completeness, we wish to highlight that liability may not accrue through simple corporate ownership or investment, or through the payment of dividends or provision of loans by a subsidiary to its parents. The degree of control of the Malaysian subsidiary will be a relevant factor whether liability is extended to a foreign holding company under Section 17A.

Action to consider

The penalties arising from liability under Section 17A is a fine not less than 10 times the value of the bribe or MYR 1 million (whichever is higher) and/or imprisonment of a term not exceeding 20 years.

In light of this, foreign companies with businesses in Malaysia should take steps to assess their risk and to consider putting in place the required adequate procedures which is the only defence available for corporates arising from liability under Section 17A. Please refer to our previous client alert here on how to comply with the requisite adequate procedures under Section 17A.

View Korean version

View Japanese version

The post Malaysia: Extra Territorial Effect of New Corporate Liability for Corruption Offences appeared first on Global Compliance News.

Evolution of Dynamic Biometrics: Disrupting the Fraud Prevention Landscape

Corporate Compliance Insights -

In the last six months, practically everything has gone digital, creating a mountain of new digital data for fraudsters to mine. Sujata Dasgupta discusses the rise in dynamic-biometrics-based identity verification, the next step in fraud prevention for the financial services industry. The world today is powered by digital technologies, from financial services to health, entertainment, […] The post Evolution of Dynamic Biometrics: Disrupting the Fraud Prevention Landscape appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)

5 Tips for Responding to Civil Investigative Demands

Risk Management Magazine -

Civil investigative demands or letters, also referred to as CIDs, are powerful tools for the Attorney General and other government agencies to collect and acquire information necessary for an investigation that could result in the prosecution of individuals or entities. CIDs target individuals or entities believed to have defrauded the U.S. government or abused governmental programs. Common recipients of CIDs include medical providers and health care companies being investigated for fraud or submitting false claims to government health care programs, as well as federal government contractors that allegedly inflated pricing for labor or materials or otherwise engaged in improper billing, or “false claim” practices.

Frequently, the U.S. Department of Justice (DOJ) issues CIDs related to qui tam (or whistleblower) lawsuits, in which the government seeks information from the target to determine the validity of the whistleblower’s allegations and to evaluate whether it will intervene in the civil proceedings. Until a CID is issued, the target may have no knowledge of the lawsuit filed against it because it is under seal and not readily accessible in the public record. 

Any company who receives a CID should recognize the seriousness of the request and thoughtfully prepare its response. It is important to understand that when a CID is issued, it is considered an instrument aiding a civil investigation that can produce a criminal prosecution. Additionally, even in the civil context, the impact can include significant damages and civil penalties, reputational harm, and potential exclusion from federal health care and other government contracting programs. However, individuals and entities can change the course of the investigation and reduce exposure by promptly preparing an appropriate and timely response to the request.

In general, CIDs request documents and other material believed to be either in the possession, custody or control of a target to be either inspected or produced. Not only are physical business records frequently requested, but also electronically stored information (ESI), including emails, text messages and even voicemail messages stored on a company’s server. CIDs can also include questions relating to the requested documents and materials and can further require the provision of recorded statements.

Upon receiving a CID, the company should first consider which individuals or departments will have to produce information and start a preservation program to ensure that they do not destroy or delete relevant documentation through any sort of corporate document retention policy. It is vital to avoid inadvertent ESI destruction. For example, companies should avoid disposing of employer-issued devices, and disable the automatic deletion of ESI that may no longer be stored on an individual user’s cell phone or laptop but still stored on the entity’s servers. It may be necessary to implement a bring your own device (BYOD) policy or issue directives to employees who use personal devices to not alter or replace their devices.

Secondly, the company needs to immediately determine the scope of the CID and whether it can respond and comply given resident expertise. Generally, retaining outside counsel is advised, with the rare exception of larger companies with sophisticated in-house legal resources. It is important to make an initial determination as to whether the issuing agency or DOJ has complied with basic procedural requirements such as specifying the conduct being investigated, the laws violated, or the type of information being requested and how it must be produced. If the request is overly broad, burdensome or invasive, the company should consider negotiating with the issuing agency and possibly filing a motion to set aside or modify the CID. Keeping open lines of communication with the issuing authority is key. Early communication and a willingness to cooperate can change the course of the investigation—ideally keeping it civil. A prompt acknowledgment and conversation about the requests and their scope, with an early intervention or clarification request can cause the agency to be cooperative.

Thirdly, if possible, determine whether the recipient of the CID is a target of a fraud investigation or merely a witness who is deemed likely to have or control relevant information or witnesses relating to another person or entity under investigation. Such information concerning what laws may be violated or the conduct being investigated may not be apparent from the CID. Again, prompt consideration of the CID and early planning can save precious time if a dialogue needs to be opened or a legal motion needs to be filed with regard to its validity.

Fourth, ensure that the information provided is complete and accurate, as answers to written questions or any testimony provided will be under oath and written certification that all documents requested have been produced will be required. CIDs are powerful instruments because they allow the issuing agency to request information and testimony far broader than through typical discovery devices. In fact, challenging CIDs or successfully narrowing the scope is extremely difficult as most courts will give great deference to the requests and allow very few objections or claims of privilege to the documents. This is why CIDs are a more frequently used tool—once the government decides to intervene in a whistleblower action, or initiate its own suit, it will be limited to traditional discovery instruments.

Maintaining credibility with the government is critical to avoiding increased scrutiny for a claim with the DOJ. It may be tough to strike the right balance between being forthcoming and complying with the CID in a comprehensive way and instinctively protecting the company’s interests. This is a primary reason to retain counsel with the necessary expertise. Being untruthful or misleading in your communications with the entity issuing the CID or producing incomplete information will likely draw additional scrutiny and possibly turn a civil investigation into a criminal matter.

Finally, negotiate away the inevitable, with counsel if possible. If your internal investigatory process indicates that documents and/or the witness testimony show improper billing practice or fraud, attempt settlement with the DOJ or other governmental agency. While turning over documents may be mandated, this also poses a threat to the entity because there is no Fifth Amendment privilege related to the production of documents as exists with regard to an individual’s testimony. If you are going to negotiate a settlement, ideally you will want to do so before any sealed complaints become public record after a limited period of time. However, DOJ may request and file motions with the court to keep the records under seal, particularly if the investigation is cooperative and fruitful.

Responding to a CID requires prompt and skilled attention during the typical 20-day response period. Quick planning can lead to either a cooperative and successful provision of information or, in the worst case, an open dialogue with the DOJ or other governmental agency that could mitigate the investigation’s impact, and ideally, prevent reputational harm and keep the process civil.

Webinar: Digital Tax Services in Latin America

Global Compliance News -


Baker McKenzie’s VAT/Indirect Tax Practice presented ‘Digital Services in Latin America,’ on 12 August 2020. This was the second presentation in the International VAT Conference Webinar Series, a global webinar series designed for VAT specialists from all industry sectors that aims to discuss the latest developing trends and hot topics in the VAT/GST and customs arena.

The Latin America Tax Practice Group invites you to attend session two of the International VAT Conference focusing on the Latin America region that address the critical indirect tax issues businesses should analyze in a global economic downturn. Please find below more details about those sessions and learn more about the rest of the series.

Focusing on the main aspects and proposals of the Digital Services Tax (DST) appearing throughout Latin America. Experts from Argentina, Brazil*, Chile, Colombia, Mexico and Venezuela discuss their respective jurisdiction’s VAT proposals regarding DST.

*In cooperation with Trench Rossi Watanabe, a Brazilian law firm.

The post Webinar: Digital Tax Services in Latin America appeared first on Global Compliance News.

Does the World Need Its Own Risk Management System?

BRINK News -

A recently published book called Aftershocks and Opportunities – Scenarios for a Post Pandemic Future explores the impact of COVID-19 on the world’s economy, geopolitics, environment, society and working life, from now to 2035. In one of the chapters, futurist David Wood explores the idea of a global risk management system. 

David Wood is the chair of London Futurists and the principal of Delta Wisdom, an independent futurist consultancy. BRINK began by asking him what the purpose of a more comprehensive risk management system might be.

WOOD: One reason for a more comprehensive risk system is that you often need to amalgamate insights from multiple perspectives to really appreciate the nature of the challenges and opportunities ahead. If you look at the lead-up to the 9/11 bombings, it turned out there was ample evidence and intelligence that had been seen by individual groups, but because there was insufficient sharing of information between the different agencies and insufficient imagination as to what the al-Qaida terrorists might be doing, nobody managed to join the dots in a satisfactory way beforehand.

Greater Pooling of Insights

WOOD: We must be more transparent and open in pooling our insights, because often the biggest possibilities emerge not just when one trend moves forward, but when several trends collide or converge in ways that individual observers may not have anticipated.

BRINK: To do this well would obviously involve governments cooperating with each other and sharing knowledge and information. How do you foresee that happening in an age when governments seem increasingly nationalist and there is less and less global cooperation?

WOOD: There are worrying trends toward populism, but at the same time, there are also trends that encourage countries to cooperate, even in the countries where the leaders might be hostile to each other — especially if they can be persuaded of the true scale of the risks that are confronting them.

A good example was what happened in the 1980s, between former presidents Ronald Reagan and Mikhail Gorbachev. When Ronald Reagan became president, he spoke of the Soviet Union as the evil empire. When Mikhail Gorbachev took power in the Soviet Union, the Soviet Union regarded the West with great hostility. But something changed that enabled them to work toward a significant reduction in nuclear weapons. And that was the new understanding that a nuclear attack would not just destroy some cities, but that the dust created by these explosions would go high into the stratosphere and could block out the sun’s light, creating a nuclear winter that would impact both sides, killing many more people than previously expected.

Understanding a Common Purpose

WOOD: There were other factors, of course, like the personal chemistry between President Gorbachev and President Reagan, but this is a model of what is needed: clear, credible discussions of huge risks that will cause even nationalist populist leaders to start reconsidering their positions.

We need global leaders and budget holders to wake up to the responsibility that there are greater numbers of large risks out there than ever before.

BRINK: What role would you imagine the United Nations would have in this? After all, the U.N. is a risk management body that was created after the Second World War.

WOOD: The U.N. was set up with the right vision and purpose for its time, but like many other organizations, it has become fossilized and is the victim of inertia. It needs to be regenerated or rejuvenated by one means or another. 

We need global leaders and budget holders to wake up to the responsibility that there are greater numbers of large risks out there than ever before. Large risks are changing from matters of occasional concern to matters of constant concern. Leaders need to understand that, as technology becomes more advanced — not just artificial intelligence, but also biotech, cogno-tech, robotics and nanotech — it opens huge new risks as well as huge, new opportunities. 

And so the likelihood and variety of risk overall is higher than in the past, which means it’s even more important that enough public mindshare is given to this task of understanding them.

Becoming More Risk-Literate

BRINK: You talk about the psychology of denial, which is a common human trait in risk management. You can’t imagine something like COVID-19 until it’s happened. Are there ways that you can mitigate against that in thinking about future risk?

WOOD: We need to be immersed in discussions of credible scenarios for what might and might not happen, rather than just Hollywood films. We need to become much more literate at understanding the risks of outbreaks of infectious diseases, as well as the other risks of contagion, whether it’s financial contagion or malware contagion, or fake news contagion and so on.

And we need to understand things more probabilistically. Probability is a difficult concept, but we need to help people understand it, so when things like bird flu or SARS or MERS happen, the public appreciates that things could well have turned out very differently. In each case, it was either because the diseases weren’t sufficiently infectious enough to spread easily from human to human, or because of aggressive action that various governments took that prevented these earlier cases of infection from causing wider damage.

Science isn’t a fixed, black-and-white understanding. Science reevaluates itself as it gains better insights. We need to be prepared to plug that probabilistic understanding into our actions. I wish that children at school learned more about risk planning and scenarios. We should all become more competent talking about this. We should all learn more about exponentials and know how they can accelerate and how they can slow down. And when we tell the story of recent history, we should give more credit to those instances when scenario planning had a positive role to play in the outcome.

How COVID-19 Can Help Improve Your Company’s Risk Management

BRINK News -

Company managers have seen their enterprises devastated by increased coronavirus cases, social distancing and forced closings. The number of restaurant patrons, airline passengers and office workers remain a fraction of their pre-pandemic totals across much of the world, and a quick and full comeback is still nowhere in sight. 

While company managers have little control over the spread of the pandemic, they are responsible for managing the responses of their own enterprises. Based on a study of catastrophic risk management in a range of firms before the coronavirus, we suggest several courses of action for those facing COVID-19. The actions are premised on changing the way decision makers think about preparing for disruptions to their enterprises, and dealing with recoveries in the wake of a disaster, according to Mastering Catastrophic Risk by Howard Kunreuther and Michael Useem.

Thinking Deliberatively

Psychologists and behavioral economists have long warned that when left to our own devices, we tend to focus on short time horizons and make poorly informed forecasts about the future. 

Daniel Kahneman, a recipient of the Nobel Prize in economics, makes a compelling case for us in Thinking, Fast and Slow to raise our game by more carefully reflecting on how we make decisions before and after unlikely events that can have serious impacts on firms’ operations. 

We need to think more strategically, more analytically, more comprehensively and more long-term — or more deliberatively, in Kahneman’s words. 

By reflecting on the impacts of low-probability but high-consequence events, such as hurricanes, wildfires and pandemics, rather than treating them as beyond our normal threshold of concern, we can take invaluable steps before it is too late. 

Risk Vigilance

A good way to learn to be more deliberative is to study both past and current setbacks, including the pandemic we are all struggling with now. By doing so, we will be better able to respond to our current crisis and develop longer-term strategies for contending with future reversals. 

A starting point is enhancing risk vigilance, the ability to foresee potential disasters and ready oneself in advance. To illustrate the challenge, homeowners in the San Francisco region had known their area to be seismically active, yet only 22% had earthquake insurance coverage when the 1989 Loma Prieta earthquake killed 63 people and caused $6 billion in property damage, according research by professor Risa Palm. But four years later, earthquake insurance coverage had increased to 37%. The same behavior occurred in the aftermath of the 1994 Northridge earthquake in the Los Angeles region that killed 57 and caused $20 billion in property damage. The rate of homeowners’ earthquake insurance more than doubled in areas hit by the quake, wrote Palm in Illusions of Safety: Cultural and Earthquake Hazard Response in California and Japan.

Our Personal Experience Shapes Our Response

In other words, personally experiencing a disaster, not just hearing or reading about one, significantly improved the victims’ deliberative thinking about the next one. Yet, a subsequent challenge is for managers to then maintain that vigilance as a disaster recedes in the rearview mirror. Follow-up studies reveal that just 10% of homeowners in California hold earthquake insurance today, even as the region is likely to experience another devastating earthquake as the years pass.

By taking steps to prepare for future risks — rather than myopically assuming they will not happen — managers are more likely to reduce their potential consequences. 

Fortunately, other research offers a more affirmative view of the sustainability of deliberative thinking. Consider a study of the childhood experiences of company executives who had been exposed in their formative years to an earthquake or other natural disaster that had caused large numbers of nearby fatalities and significant damage. 

It found that CEOs who had experienced or witnessed those early losses built more rainy-day reserves in their companies than those who had been spared the disasters, a sign that their own risk vigilance had been sustained for decades.

Managing Risk Is an Art

A second feature of deliberative thinking is risk management, a leader’s ability to balance risk appetite, such as when they venture into new territory, with risk tolerance should they suffer severe losses, as many have during the current pandemic. By taking steps to prepare for these eventualities — rather than myopically assuming they will not happen — managers are more likely to reduce their potential consequences. 

Along this line, a study found that insurers that strengthened their risk management capabilities had lower volatility in their earnings and far outperformed comparable enterprises. While we never know for certain what calamities lie ahead, managers who have readied their firms to do better following a catastrophe report higher returns over time.

Tragically, it took the death of two Walmart employees for the company to introduce additional safety measures that included more widespread checking for worker symptoms, making masks and gloves available to their employees and limiting the number of shoppers in its stores. Had Walmart undertaken protective measures early in the pandemic by thinking more deliberatively, it might have averted the fatalities.

The Steps to Take

Drawing on these and other studies, we recommend three steps to increase deliberative thinking amidst the pandemic in whatever role you are playing:

Step 1. Make risk vigilance and risk management intrinsic features of your daily deliberations. Check with those who may already be more deliberative than you, whether epidemiologists or even your competitors.  

Step 2. Build on what you already do well. Pharmaceutical firms during the pandemic have doubled down on vaccines, beer makers on sanitizers and auto producers on ventilators. 

Step 3. Act deliberatively now to help others think similarly. The owner of three crowded pizza stores in Tennessee closed them voluntarily because they were jammed and patrons were not distancing themselves. Less than a day later, a nearby restaurant shuttered itself for the same reason, citing the actions of the first. 

Deutsche Bank Settlement with OFAC Highlights Risk of Insufficient Due Diligence and Screening

Program on Compliance and Enforcement, New York University School of Law -

by John F. Curran, Jacob Gardener, and Christopher Dioguardi

On September 9, Deutsche Bank Trust Company Americas (“Deutsche Bank”) agreed to pay the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”) $583,100 to settle potential civil liability for apparent violations of the Ukraine-Related Sanctions Regulations.  The settlement, which resolved two types of apparent violations involving two different entities on OFAC’s List of Specially Designated Nationals and Blocked Persons (“SDNs”), underscores the importance for banks to effectively screen transactions and diligently investigate red flags in order to avoid processing payments involving SDNs.  It also highlights the value of taking prompt remedial action and fully cooperating with OFAC once an apparent violation is discovered.        

Deutsche Bank’s Apparent Violation Involving the Processing of a Transaction with Reason to Know of an SDN’s Potential Interest  

In August 2015, Deutsche Bank processed a $28.8 million transfer of funds through the U.S. related to a series of fuel oil purchases in which an SDN named IPP Oil Products (Cyprus) Limited (“IPP”) had an interest.  Under OFAC regulations, transactions involving property or interests in property of SDNs such as IPP are prohibited. 

On the day of the transaction, a lawyer for one of the parties to the fuel oil purchases contacted Deutsche Bank, indicated that the payment had to be processed that day in order to meet a strict deadline, and assured the bank that although IPP had some past involvement in the purchases, IPP had transferred title to the fuel oil before being placed on the SDN List.  Deutsche Bank personnel apparently accepted counsel’s assurances without independent corroboration and processed the payment almost immediately without following up on information suggesting that IPP may have had a continuing interest in the transaction (OFAC’s enforcement release does say what that information was).

The statutory maximum civil monetary penalty applicable to this apparent violation was $57.7 million.  However, under OFAC’s Economic Sanctions Enforcement Guidelines, the penalty assessed is primarily driven by two considerations: whether the apparent violation is voluntarily self-disclosed and whether it is non-egregious.  Both lower the base penalty amount below the statutory maximum.  Egregiousness is based on an analysis of ten “general factors,” the most salient of which are the willfulness and recklessness of the conduct at issue, the apparent violator’s awareness of that conduct, the harm to the sanctions program objectives, and the individual circumstances and characteristics of the apparent violator. 

Here, Deutsche Bank did not voluntarily self-disclose the apparent violation.  Fortunately for it, however, OFAC deemed the conduct at issue non-egregious.  Because of that, and the fact that the value of transaction exceeded $170,000, the base penalty for the apparent violation under the Guidelines was $250,000. 

After weighing a number of aggravating and mitigating factors, OFAC agreed to settle the apparent violation for $157,500.  On the aggravating side of the scale, OFAC noted that Deutsche Bank is a large and commercially sophisticated financial institution and that its senior compliance staff and legal personnel were involved in the transaction and failed to exercise a minimal degree of caution or care.  However, OFAC pointed to several factors in Deutsche Bank’s favor.  Most notably, OFAC noted that Deutsche Bank processes a large volume of payments; had not received a penalty notice or Finding of Violation from OFAC in the five years preceding the IPP transaction; maintained an OFAC compliance program at the time of the transaction; took remedial action in response to the apparent violation by committing to review with its U.S. sanctions compliance unit the circumstances of the apparent violation and, as necessary, conduct additional training and implement changes to the bank’s internal procedures; and cooperated with OFAC’s investigation, including by submitting detailed and well-organized information to the agency.

Deutsche Bank’s Apparent Violations Involving Repeated Screening Failures

Nearly five months after the IPP transaction, Deutsche Bank processed another 61 transactions involving a different Ukraine-related SDN.  Specifically, from December 22-30, 2015, Deutsche Bank facilitated the transfer of over a quarter-million dollars to accounts with Open Joint Stock Company Krasnodar Regional Investment Bank (“Krayinvestbank”), a financial institution on the SDN List.

Deutsche Bank failed to stop the 61 payments because: (1) contrary to its internal procedures, it did not upload Krayinvestbank’s Society for Worldwide Interbank Financial Telecommunication Business Identifier Code (“BIC”) to its sanctions screening tool; and (2) Deutsche Bank’s screening tool was calibrated so that only an exact match to an SDN would trigger further manual review (meaning even de minimis changes or typographical errors would evade detection).  Despite each payment containing Krayinvestbank’s BIC and an almost identical match to Krayinvestbank’s name and address, all of which were included on the SDN List, Deutsche Bank processed the majority of the payments on a straight-through basis without manual intervention.

As with the apparent violation involving IPP, the apparent violations involving Krayinvestbank were neither self-disclosed nor deemed egregious.  Accordingly, OFAC calculated a Guidelines base penalty amount of $640,000 (again, far below the applicable statutory maximum penalty, which was $18 million).  OFAC agreed to settle these apparent violations for $425,600.  In explaining this figure, OFAC noted that, to Deutsche Bank’s credit, the bank did not appear to have acted willfully or recklessly and no supervisory or managerial bank staff appeared to have been aware of the conduct at issue.  OFAC also commended Deutsche Bank for quickly implementing changes to its procedures for adding BICs to its interdiction filter and for cooperating with OFAC’s investigation by providing well-organized and user-friendly information in a prompt manner.  However, OFAC faulted Deutsche Bank for the fact that, in 2013, the bank had settled a nearly identical apparent violation for failing to include the BIC of an SDN in its interdiction filter.


Deutsche Bank’s settlement with OFAC offers at least four important lessons.  First, OFAC expects financial institutions to take steps to independently corroborate representations made to them in order to ensure that SDNs do not have a present, future, or contingent interest in transactions they are asked to process, regardless of time sensitivity.  That is especially true for large, multi-million-dollar payments, which pose a heightened threat to the U.S. sanctions regime.  Second, it is not enough for financial institutions to have robust internal compliance procedures (such as Deutsche Bank’s inclusion of BICs in its sanctions screening tool) – they must also diligently follow those procedures.  Third, screening tools calibrated to detect only exact matches to SDNs are bound to miss unlawful transactions.  Although such rigid calibration may limit manual review of false positives, the efficiency savings do not justify the significant compliance risk of not identifying a sanctioned entity.  And fourth, OFAC is willing to show leniency towards those who cooperate with its investigations and take prompt remedial action to address compliance failures.   

John F. Curran is a partner, and Jacob Gardener and Christopher Dioguardi are associates, at Walden Macht & Haran LLP.


The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.

DOJ and CFTC Settle Spoofing Case with Scotiabank for $127.4 Million

Corruption, Crime & Compliance Blog -

In the last five years, the Justice Department and the Commodities Futures Trading Commission have aggressively prosecuted “spoofing” cases.  While the government’s record in these cases has been mixed, the government has been successful in securing guilty pleas and winning high-profile trials against traders.

Prosecutors have continued to push spoofing prosecutions to root out the conduct.  “Spoofing” refers to traders who engage in bogus conduct by entering fake orders and quickly canceling them prior to execution to manipulate the market price for more favorable terms.  Traders who engage in such conduct manually enter bogus trades to trick high-speed traders into making bad trades.

Some judges have been lenient in sentencing convicted defendants.  For example, two former traders were sentenced to time served and another defendant received time served after spending 10 months in prison while being extradited from Australia to the United States.

In its latest settlement, DOJ and the CFTC collected $127.4 million from Scotiabank for the conduct of four traders who engaged in spoofing over an eight-year period, 2008 to 2016, and made false statements to the government.  A former Scotiabank trader, Corey Flaum, cooperated with ongoing federal criminal investigations into gold, silver, platinum and palladium markets.

Scotiabank agreed to a three-year deferred prosecution agreement (“DPA”) and appointment of an independent compliance monitor for a three-year term.  DOJ specifically cited Scotiabank’s flawed compliance program and its failure to properly enhance its compliance program.  DOJ and Scotiabank agreed to the filing of a two-count Information charging Scotiabank with attempted price manipulation and wire fraud.

Between 2008 and 2016, four Scotiabank traders located in New York, London and Hong Kong engaged in manipulative trading in the gold, silver, platinum and palladium futures contracts markets on the New York Mercantile Exchange and Commodity Exchange.

The $127.4 million penalty consisted of two separate resolutions with DOJ and the CFTC.  Under the DOJ settlement, Scotiabank agreed to pay a total of $60.4 million consisting of: $42 million for spoofing and attempted price manipulation (half of which could be offset by payment to CFTC); $11.8 million in disgorgement; restitution for $6.6 in market losses.

Separately, in the CFTC settlement, Scotiabank agreed to pay $17 million for false and misleading statements.  Scotiabank also agreed to pay $50 million to resolve swap dealer business conduct, compliance and supervision failures for tens of thousands of swaps.

During the offense period, three compliance officers had substantial information regarding, but failed to stop, illegal trading by one of the traders between 2013 and 2016.  The trader provided information regarding the nature of his trading to a compliance officer, who shared the information with two other compliance officers.  Thereafter, the three compliance officers failed to undertake any further investigation of the trader’s practices or provide guidance or training. The three compliance officers later in 2016 reviewed the trader’s activity after six instances had been flagged for possible spoofing; again, the three compliance officers failed to take any action or follow up on the matter.

DOJ cited the fact that Scotiabank has improved its compliance technology and trade surveillance tools, doubled its compliance budget and added more than 200 full-time compliance positions.  Despite these improvements, at the time of the settlement, Scotiabank was not fully implemented and tested to demonstrate effectiveness.  As a result, DOJ insisted on appointment of a three-year independent compliance monitor.

DOJ cited Scotiabank’s compliance program failures and contribution to the criminal violations as the principal reason that DOJ concluded that Scotiabank should pay a fine calculated at the top of the applicable sentencing guideline range.

The post DOJ and CFTC Settle Spoofing Case with Scotiabank for $127.4 Million appeared first on Corruption, Crime & Compliance.

IsoMetrix Releases New Solution To Manage ESG Risks

Corporate Compliance Insights -

The centralized offering eliminates the burden of ESG reporting and provides a complete view of the organizations’ performance ATLANTA (September 16, 2020) – IsoMetrix, a global EHS software leader, today announced the launch of a new environmental, social and governance (ESG) solution. Designed to help organizations effectively understand and manage their ESG performance, the solution […] The post IsoMetrix Releases New Solution To Manage ESG Risks appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)

Nasdaq Launches AML Investigation Technology

Corporate Compliance Insights -

Nasdaq Automated Investigator to address gap in anti-money laundering (AML) investigations process NEW YORK (September 16, 2020) – Today, Nasdaq (Nasdaq: NDAQ) announced the launch of the cloud-deployed Nasdaq Automated Investigator for AML, the first automated solution for investigating anti-money laundering (AML) for retail and commercial banks and other financial institutions. Designed, built and offered […] The post Nasdaq Launches AML Investigation Technology appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)

2020 Study of Advancements in Enterprise Risk and Governance

Corporate Compliance Insights -

2020 has become one the most disruptive years in history. A global pandemic, wildfires, drought and social upheaval brought on by police violence and the greatest recession since the Great Depression. Risk management has never been more important. Global Compliance Associates, LLC, an enterprise risk management consulting firm, has conducted a first-of-its-kind study examining advancements […] The post 2020 Study of Advancements in Enterprise Risk and Governance appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)


Subscribe to Hong Kong Loss Prevention Association 香港防損協會 aggregator - Global Featured Wired

HKLPA (@the_hklpa) Tweets

RT @7Lenses: Leaders honoring the Character Lens demonstrate honesty, integrity, and trustworthiness. #BusinessEthics #csr 1 year 3 months ago
RT @ComplianceXprts: #Drones reduce costs, increase responsiveness and reduce risks for workers providing reconnaissance work in respons… 1 year 9 months ago
RT @LPmag: Making the Most of Loss Prevention Resources 1 year 11 months ago
RT @leadingincontxt: #Ethical #leaders seek mutual good. #csr #leadership #culture 1 year 11 months ago
RT @IBEUK: * New IBE Blog * IBE's researcher, Linn Byberg, asks how you interview for #ethics. It's not just a question of et… 1 year 11 months ago
RT @LPmag: The future of facial recognition technology will see increased demand and a growing market. 1 year 11 months ago 2 years 2 months ago
RT @leadingincontxt: How do we help young people become #ethical #leaders? #culture 2 years 3 months ago
RT @SecurityInsured: The latest Security Insured News! #cybersecurity #edmonton 2 years 3 months ago
RT @IBEUK: Let #GDPR test your ethical temperature. Communicate the importance of the ethical usage of personal data, the atti… 2 years 3 months ago