Global Featured Wired

Rabobank Coughs Up $368 Million and Pleads Guilty to Conspiracy to Money Launder and Obstruct Investigation

Corruption, Crime & Compliance Blog -

The Justice Department announced a guilty plea by a subsidiary of Rabobank, a Dutch global bank, to a conspiracy to violate money laundering laws and obstruct a regulatory investigation of Rabobank’s activities in California.  (Copy of Plea Agreement Here).  Rabobank agreed to pay $368 million in forfeited funds.  Rabobank’s settlement follows the deferred prosecution agreement with George Martin, a Rabobank manager in Southern California, who agreed to cooperate with the ongoing criminal investigation.

In a brazen conspiracy committed by Rabobank and top executives of its California operations, Rabobank laundered hundreds of million dollars in untraceable cash from Mexico through its rural bank branches in Imperial County in Southern California.  Rabobank then transferred the money via wire transfers, checks and cash transactions without notifying federal regulators of the suspicious nature of the transactions.

Rabobank executives conspired to obstruct and mislead the Office of Comptroller of the Currency during a 2012 examination by hiding deficiencies in its AML program, and specifically withholding a consultant’s assessment of its AML program.

Rabobank had a long history of deficient AML compliance.  The OCC had imposed deficiency findings and consent orders regarding Rabobank’s AML program.  Notwithstanding Rabobank’s failure to improve its AML program, the OCC eventually closed the enforcement action in 2012.

Rabobank continued to engage in laundering activities.  The factual statement contains numerous examples of efforts that Rabobank took to continue its laundering activities.

Rabobank maintained a Monitoring and Investigations Unit to monitor and manage thousands of monthly high-risk alerts.  A total of three people were assigned to the Unit to review and investigate approximately 2,300 alerts and two people were tasked with conducting more than 100 investigations per month, including approximately 75 customers per month for whom SAR determinations had to be made.

In June 2010, the Mexican government announced money laundering restrictions on cash transactions involving US dollars at Mexican banks.  In reaction to this announcement, Rabobank observed large increases in cash deposits at its Southern California branches.  Rabobank’s branch located two blocks from the Mexican border was the highest performing branch in California.  Rabobank continued to market its services to Mexican nationals with cash-intensive activities.

To avoid investigation of suspicious accounts, Rabobank developed a process to add customers to a Verified List, notwithstanding the presence of numerous red flags and suspicious indications of money laundering.  In one case, a customer at a specific branch engaged in $100 million of cash deposits and related transactions before Rabobank closed the account.  In another case, a customer made withdrawals in increments of $9500, totaling $1 million over a year, before Rabobank closed the account.

In November 2012, the OCC began an examination of Rabobank’s.  The next month, Rabobank hired a consultant to review its AML compliance program.  At the same time, an executive at the company raised serious concerns with the executive management team (several of whom were well aware of the laundering activities and actively promoting the scheme).

The consultant’s report identified numerous deficiencies in Rabobank’s compliance program and recommended numerous actions to enhance its program.  The consultant shared the report with individual members of the executive management team.  The executive who previously told the executive management team about deficiencies in Rabobank’s program provided similar information to the OCC examiners.

In February 2013, the OCC sent a letter to Rabobank concerning its AML program and requested any reports or recommendations from the consultant’s report.  Several executives then conspired among themselves to withhold the bulk of the report except for a summary and then provided false responses to the OCC concerning its AML program.

At the same time, in response to specific warnings about deficiencies in Rabobank’s Southern California bank operations, the executives informed the reporting executive that she would no longer be permitted to report to the executive management team and eventually she was placed on leave and then fired from the bank.

The post Rabobank Coughs Up $368 Million and Pleads Guilty to Conspiracy to Money Launder and Obstruct Investigation appeared first on Corruption, Crime & Compliance.

Breaking News in the Industry: February 19, 2018

Loss Prevention Media -

Police arrest 3 in connection with theft of 291 card numbers at gas pumps

You pay for a tank of gas with plastic, stick your card back in your wallet and, next thing you know, somebody has used that number to withdraw cash. One round of recent financial identity thefts snatched 291 debit or credit card numbers at two gas stations, one in Roanoke, Virgnia, and one in Collinsville, court papers said. But it was payback time when the alleged culprits stopped at the Blue Eagle Credit Union branch on Electric Road in Roanoke. A credit union employee who remembered earlier suspect transactions by the same people called Roanoke County Police. Officers arrived in time to halt their vehicle at the drive-up ATM. Before the day was out, its three occupants were in jail. Alain Ayo-Una, 22, of Hialeah, Florida; Jeniffer Morejon-Garcia, 26; and Amehed Morejon, 37, were jailed on charges of conspiracy to commit access device fraud, aggravated identity theft, and aiding and abetting others in the commission of a crime.

Melissa McAllister, U.S. postal inspector, said in court papers that the three had driven 900 miles from South Florida and were “part of a large criminal group” engaged in financial identity theft. Charges are pending in Roanoke federal court. Inside the rented car, officers found $10,278 in cash, two money orders worth $1,350, nine card-skimming devices, a card encoder, financial transaction receipts, a laptop, two thumb drives, a notebook and two passports, the filing said. In addition, the vehicle contained 116 bank or credit union plastic cards, 112 of which had been re-encoded with stolen card numbers. The encoding device model found in the suspects’ car was available Friday on Amazon for $68. After the Walmart ATM withdrawals, police identified suspects from a store surveillance video, the filing said. A city police officer determined that the same suspects had withdrawn cash at Blue Eagle Credit Union locations.  [Source: The Roanoke Times]

More than $15,000 in fraud refunds reported at 10 big box stores

A loss prevention associate reported four known suspects have committed six thefts totaling $1,768 at 9:39 a.m. Feb. 5 at The Home Depot, 4100 N. 124th St in Wauwotsa, Wisconsin. The report said the suspects have also committed fraud refunds at 10 additional Home Depot Wisconsin locations, totaling $15,134.  [Source: Journal-Sentinel]

LP Worldwide: Bungling burglar is knocked out by a flying brick thrown by his own accomplice [Viral Video]

These two bungling robbers in Shanghai, China, have more chance succeeding at slapstick comedy than a life of crime after one bounced a brick off his mate’s head. Hilarious CCTV footage has captured the moment when one of the hooded men walked in front of a brick being thrown at a window. The blow knocked the robber out and his friend went from burglar to first-aider within seconds. He dragged him across the floor as he tried to revive him so they could make their escape. Police in China released the CCTV footage from the attempted robbery in Shanghai and the pair were immediately branded the pair ‘the dumbest criminals in the world’.  The 50-second clip has gone viral with thousands of people sharing it on Chinese social media sites. A spokesman for the Shanghai Public Security Bureau said: ‘If all burglars were like this, we wouldn’t need to work overtime.’ One joker commented: ‘Mind if we rob your place? ‘Knock yourselves out!’  [Source: Metro UK]

Law enforcement and retailers organize to fight organized retail crime

Organized retail crime costs metro-area retailers $10 million in losses every year. Law enforcement, retailers and loss prevention specialists are working together on a coalition to stop shoplifters. There are 200 members. “We all share information, pictures of suspects, crime trends we’re seeing,” Omaha Police Detective Jerrod Galloway said. “It’s that cooperation that is helping us identify people.” Detective Galloway handles all retail investigations for OPD. He also leads the coalition that meets regularly to find ways to fight organized retail crime. “We’re trying to move into a real time crime fighting environment where a retailer can share a picture with me and within 10 minutes it’s shared with 200 people now and getting suspects identified,” Galloway said.

Police are also sharing suspect information on social media, particularly the Omaha Crime Stoppers Twitter account. @opdcrimestop. It reaches a wide audience, outside of Omaha. “Sometimes within 15 minutes of the crime happening, the suspect is identified and we can dispatch an officer to their house and meet them there as they arrive home from doing their crime,” Galloway said. Nebraska Furniture Mart is also involved, along with other major retailers, like Walmart, Target, Best Buy and Von Maur. To keep shoplifters out of the stores and behind bars, police can arrest them on enhanced charges, such as using a device to remove security tags. Also, multiple shoplifting counts can turn into felonies. Police and retailers want you to share and retweet suspect’s pictures from the Twitter account. Remember, if you help solve a crime, you could be eligible for a Crime Stoppers reward.  [Source: KETV7 News]

Delivery employee accused of stealing computers, cell phone

A FedEx worker faces a felony charge after police say he was caught on camera stealing laptops and cell phones. In Arkansas, Craighead County District Judge Tommy Fowler found probable cause Thursday to charge Jeremiah Lamar Jones, 34, of Jonesboro with theft of $5,000 or less but greater than $1,000. According to court documents, a FedEx loss prevention specialist contacted police last December about the alleged theft. Video footage provided to investigators showed Jones concealing five laptop computers and an iPhone 8 in his clothing then walking out to his vehicle in the parking lot, the probable cause affidavit stated. The stolen items were valued at $4,480.91. When the LP specialist confronted Jones, he said Jones ran to his car and drove away. “He advised that he has had no contact with [Jones] since that incident,” Detective Josh Wiiest stated in the court documents. After investigating the case and searching for Jones, Detective Wiiest obtained a bench warrant for Jones’ arrest on Jan. 10. Police arrested Jones on Feb. 15. He’s being held at the Craighead County Detention Center on a $10,000 cash/surety bond awaiting arraignment on March 30.  [Source: WMCactionnews5]

Four years for man who rolled TVs out of emergency exit

A Champagne, Illinois, man who admitted stealing televisions from a big-box store has been sentenced to four years in prison. The charges to which Nevada J. Powell, 22, of the 1200 block of Crispus Drive pleaded guilty were more serious because he rolled the TVs out an emergency exit. Retail theft over $300 by emergency exit is a Class 2 felony. And because of Powell’s prior convictions for residential burglary and burglary, prison was the only option for sentencing. Powell admitted that on Aug. 28, he loaded televisions in a cart at the Walmart on High Cross Road in Urbana and left through an emergency exit. Two other theft cases, one alleging he did the same thing at the same Walmart on Sept. 15, and another alleging he stole more than $300 worth of alcohol from the Savoy Walmart on March 30, 2017, were dismissed in return for his guilty plea. Court records show that besides the prior burglary convictions, he also had convictions for retail theft and resisting a police officer. [Source: The News-Gazette]

The post Breaking News in the Industry: February 19, 2018 appeared first on LPM.

Bringing bad directors to book

CGI – Corporate Governance Institute -

The world’s full of good and bad – good and bad foods, good and bad books, good and bad movies. The list is endless and somewhere in there you’re bound to find good and bad directors. As it’s the bad directors who threaten to disrupt the good workings of the board and, in turn, the […]

The post Bringing bad directors to book appeared first on CGI - Corporate Governance Institute.

Governance policy in Japan: Kicking the can down the road?

Ethical Boardroom Feeds -

Nicholas Benes – Representative Director, The Board Director Training Institute of Japan



Japan recently held an election that was essentially a confirmation referendum on ‘Abenomics’ – a growth policy for which corporate governance reform is the poster child of the most important policy theme, ‘structural reform’. Especially in the absence of labour market reform, it alone can lead to a significant increase in productivity and growth.

Unfortunately – unbeknown to the man on the street – specialists sense that Japan’s governance reform train is in danger of losing its momentum, when much still remains to be done.

To some extent this was inevitable. Most politicians don’t understand the deeper issues and what to propose next. Bureaucrats are always happy to declare victory, so they can get promoted to new positions. Despite all the hoopla over Japan’s Stewardship Code, most Japanese domestic institutional investors still have not acquired the courage to voice concrete, specific opinions in the policy arena. Talk about ‘constructive engagement’ and more proactive proxy voting makes most investors in any country worry about ‘more costs… and less profit’. So, they hold back all the more.

In the absence of more (and more detailed) pressure from investors, most executives only make the superficial changes in governance practices that will least disturb their organisation and the stability of their careers, regardless of the impact on long-term profitability, growth and even sustainability. Judged by their actions, many of them are hypocrites, who talk about long-term thinking, but ‘kick the can down the road’ as they wait to retire and move on to cushy jobs as ‘advisors’ that carry no legal liability. As with policymakers, it is just so much easier to do little and move on.

While significant progress has been made, Japan’s corporate governance problem, and the low productivity that comes with it, is not going to be optimally solved tomorrow at many firms. Quite simply, there is still a lot to fix here. Conversely, that means that the potential benefits are huge, but it will take time for them to be realised in full and more significant progress will require specific demands from investors. But if those benefits do not become more visible in the next few years, foreign investors will surely move on… by moving out. This would not bode well for the future of Japan’s economy, which needs their continued market participation and voice.

If you sit on a board, talk with investors and extrapolate the government’s own policy logic, the most important ‘next reforms’ that the government should take are not all that mysterious. They are:

1. Use the Company Law amendment process, now under way, to prescribe fiduciary duties for the many shikkou yakuinn ‘executive officers’ who do not sit as elected directors but manage the company at a senior level alongside executive directors and are often later ‘promoted’ to director status.

“Unfortunately — unbeknown to the man on the street — specialists sense that Japan’s governance reform train is in danger of losing its momentum, when much still remains to be done”

There is clear precedent to do this, as executive officers in one form of corporate governance in Japan, the ‘three-committee-style company’ already bear the same fiduciary duties as directors per the company law and can be sued by shareholders for violating their duty of due care. However, unsurprisingly, only about three per cent of Japanese listed companies use the ‘three-committee-style company’ governance format, which is voluntary. At the other 97 per cent of listed companies, most so-called ‘executive officers’ are nothing other than employees under the labour law, who have to obey orders (or nonverbal ‘expectations’) from their ‘seniors’ on the board and cannot be sued by shareholders for malfeasance. ‘Shikkou yakuin’ is just a title; it is a phrase that does not appear anywhere in the company law.[1] The result is that when such persons are later appointed to the board, they not only have no prior board experience (and usually, no governance training), but they also have no prior familiarity with the concept of fiduciary duty owed to the company and shareholders. To quote from a recent article by a compliance expert writing recently in the Nikkei Newspaper: “Japanese companies are based on the practice of hiring all of their employees out of university and employing them for the long term… In the process, directors are promoted and advance in a ‘community’ and come to feel that they are the ‘selected few’ in that community… Senior executives have advanced for so long as ‘employees’ that it is difficult for them to be aware that they have fiduciary contracts with the company based on the company law and that they are subject to its rules.”[2]

Obviously, directors need to be made aware of such rules prior to their appointment as directors, not ‘after, if at all’. For this reason, I have suggested the codification of fiduciary duty for executive officers for years. And in fact, last April the Ministry of Economy, Trade and Industry (MET) proposed the exact same thing in a memo submitted to the Company Law Advisory Council, but it appears to have been completely ignored by the other members of the Council. Japan’s political leaders should not let METI’s good work go to waste in the final stages of the amendment process.

2. Similarly, use the company law amendment process to harmonise key aspects of the confusing array of three different corporate governance models that listed companies can adopt. By doing this, the Ministry of Justice could move Japan towards a more consistent version of the monitoring model for governance that has become internationally accepted, is now frequently mentioned here, and is reflected in Japan’s own corporate governance code. A more consistent version of monitoring, reflected in the law, would have a beneficial impact on the mindsets actions of both executive and non-executive directors.

3. Consistent with the monitoring model, revise the Corporate Governance Code next year (as is now scheduled) so that the criteria for claiming full compliance with the code requires a majority of independent directors on a company’s board and if there is not compliance, an explanation of the company’s reasons for not appointing them. Research shows that in most countries of the world, including Japan, companies with a majority of independent directors tend to out-perform those without them, especially when the shareholder base is fragmented and there are no large holders who drive governance.[3]

4. Adopt policies that will strongly encourage companies to further reduce unnecessary cross-shareholdings, which are usually just a not-so-subtle way of buying approval votes at the AGM from stable shareholders – something that technically is a punishable crime under the company law and wastes valuable capital or puts it at risk. A combination of tax incentives and enhanced disclosure would work nicely. Unsurprisingly, an increasing body of research shows that the level of such ‘policy holdings’ correlates with slower restructuring, less entrepreneurial investment and lower financial performance by Japanese companies, rather than raising profitability, as is often claimed.[4]

5. Set forth clearer guidance regarding the allowable topics and exact procedures that will provide institutions with bright-line sanctuary when they seek to coordinate their views and ‘collaboratively engage’ with Japanese companies. The Financial Services Agency (FSA) should work with institutional investors and respected law firms to bring this about, as was done in the UK by The Investor Forum when it fashioned its Collective Engagement Framework last year. As things stand now, investors fear that they may be reprimanded for not filing – or not updating – a bothersome large holders’ report (as a group) every time they attempt to communicate with a company in their portfolio. Given Japan’s continuing cross-shareholder problem as described above, this is an increasingly obvious issue that needs addressing.

6. Create strong incentives for corporate pension funds to sign the Stewardship Code, for example via disclosure to their employees and pensioners regarding their stewardship policies. Although hundreds of institutions (mainly fund managers) have signed the voluntary stewardship code, the signatory list includes only two non-financial corporate pensions. As huge asset owners, pensions are the biggest customers of fund managers and as such are best-positioned to influence their analysis, engagement and proxy voting practices by switching funds to the managers who are most dedicated. Oddly, Japanese companies pride themselves on how much they value employees, yet neglect employees’ pension assets by failing to sign the stewardship code and report how they have handled those funds. Why? Japanese companies are afraid that if their pension funds become more proactive, those same governance and proxy voting practices might boomerang on them at their own shareholders meeting.

Recently, a study group set up by the Ministry of Health, Labor and Welfare (MHLW) and the Pension Fund Association for the express purpose of encouraging corporate pension funds to sign the stewardship code, issued its report. As a result, it is rumoured that the huge pension funds of two iconic companies, Toyota and Panasonic, are now considering signing the stewardship code. (And as of this writing, it appears that Panasonic’s pension fund will sign.) If such firms sign, others will follow, because it would be embarrassing in front of employees not to sign. A little push from the government, via required disclosure, would be very easy to put in place and likely to be highly effective.

7. Enable more convenient ESG analysis by investors by improving disclosure data formats and databases so that data can be used free of copyright concerns and in machine-readable form, and can be easily analysed using artificial intelligence and text-mining methods. Japan has an open data national policy that professes to do this for all public data, but it seems that so far corporate disclosure has not been considered public data for purposes of this policy, even though it is in the public domain, is intended for unhindered public consumption and is provided to and by government agencies (such as the FSA) or stock exchanges that they regulate.

Thus, the result of the corporate governance code that I initially proposed for Japan has been that (as I intended) there is now much more disclosure about governance practices at each company to analyse, but: a) data providers are afraid of infringing copyrights held by corporations if they provide the full text of reports in a database; and b) sadly, not enough of the new data is being analysed and compared. Moreover, the TSE is not policing the quality and formatting of disclosure. As one simple example, TSE has, by its own hand, taken 11 completely separate disclosure categories in its corporate governance reports and lumped them under a single XBRL identifying tag: ‘disclosure items’. This makes it impossible for a computer to automatically find and separate the 11 disclosure items into the categories to which they pertain – for example, compensation policy, nominations policy, director training policy and the like. It would be a simple matter for the FSA, as regulator of the TSE, to order the latter to correct this mistake, which makes a mockery of the use of XBRL.

At this point, without strong, steadfast political guidance emanating from the Prime Minister’s office and the LDP, these policies are unlikely to be put in place. If they are not, the biggest contributor to productivity enhancement will fail to achieve its potential.

Because the LDP won the November elections by a wide margin, one of the following will occur: 1) either the Prime Minister, the LDP and government officials will be even more tempted to declare victory and will become preoccupied with amending the constitution; or 2) they will view their election victory as the clearest possible mandate to double-down and maintain momentum on corporate governance reform. Let’s hope it will be the latter that history records.


About the Author:

Mr. Benes is representative director of the The Board Director Training Institute of Japan (BDTI), a “public interest” non-profit certified by the Japanese government. A lawyer and MBA who worked as an investment banker at JP Morgan and then led his own M&A advisory boutique, Mr. Benes has served on a number of Japanese boards. He has also advised the Japanese government as a member of various government committees. In 2013, he proposed that the creation of a corporate governance code be included in the Japanese government’s growth strategy, to be implemented under the auspices of the Financial Services Agency (FSA). He then advised members of the diet and the FSA, with regard to the drafting process and the content of Japan’s first corporate governance code.


1.Amazingly, given that a literal translation of the word would be “executive board member”, which fact makes the title rather misleading and even raises legal concerns about “apparent authority”.

2.The Cause of Scandals is the Influence of a Sense of Unity, by Juichi Watanabe writing in the Nikkei Newspaper, Dec 22, 2017.

3.See Corporate Governance Codes on Board Composition and Firm Value, by Michele Catano, Naoshi Ikeda, 2016.

4.See Enjoying the Quiet Life: Corporate Decision-Making by Entrenched Managers, by Naoshi Ikeda, Kotaro Inoue, and Sho Watanabe (NBER Working Paper No. 23804, Sept 2017).

The Key Concerns Troubling Corporate Legal Executives Today

Corporate Compliance Insights -

Data Security and Technology Top the List AlixPartners recently surveyed more than 200 executives worldwide and found that the majority consider data security a major concern. And most of those organizations are taking proactive measures to protect against data breaches. Louis Dudney details findings from the AlixPartners latest poll. Corporate legal and compliance executives have The post The Key Concerns Troubling Corporate Legal Executives Today appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)

Singapore’s New Cybersecurity Act – A Relief and Leading the Way for Others?

Global Compliance News -

On 5 February 2018, the Cybersecurity Bill was passed by Parliament. A draft version of this bill (Draft Bill) had previously been issued for public consultation by the Ministry of Communications and Information (MCI) and the Cyber Security Agency of Singapore (CSA) on 10 July 2017. The Draft Bill was subsequently revised to take into account feedback gathered during this consultation exercise. For an overview of the key requirements of the Draft Bill, please refer to our earlier update. This update focuses on the amendments that have since found their way into the Cybersecurity Act as passed by Parliament.

The Cybersecurity Act addresses quite a number of concerns raised during the public consultation exercise. For instance, our previous update questioned the definition of “significant cybersecurity incidents” which need to be reported, the technical standards expected to be maintained in the Draft Bill, and raised queries relating to when notifications on change in ownership of critical information infrastructure (“CII”) are required. The Cybersecurity Act does away with the first two terms and provides welcome clarity on the notification requirement. In addition, through its removal of the individual licensing requirement, its emphasis on compliance with promulgated codes of practice, and its express designation of CII and cybersecurity threats, the Cybersecurity Act significantly reduces the compliance burden on cybersecurity professionals and CII owners. It was also welcome to see that computer systems in the supply chain supporting the operation of a CII will not be designated as CIIs, as clarified by the Ministry of Communications and Information and the Cyber Security Agency of Singapore in their Report On Public Consultation On The Draft Cybersecurity Bill issued in November 2017. This means that data centre owners and cloud services operators will not be caught (at least in this phase) by the Cybersecurity Act.

Many jurisdictions in the region are in the process of developing their own cybersecurity legislation to impose requirements on certain businesses to implement protections against cybersecurity risks into their computer systems. A source of frustration for businesses operating in multiple jurisdictions is the divergence in approaches by law makers. It will be interesting to watch whether these jurisdictions take a similar approach to Singapore and narrow down their Cybersecurity legislation to cover just CII owners and not any network operators.

Summary of key changes 1. Designation and protection of critical information infrastructure
  • A main focus of the Cybersecurity Act is regulation of owners of CII. The definition of CII is limited to computers or computer systems that have been expressly designated as such by the Commissioner of Cybersecurity (the Commissioner). The Draft Bill had suggested a broader meaning of CII broader than designated computer systems.
  • The term “owner of a CII” is defined as its legal owner (including joint owner). The Draft Bill definition was broader and extended to someone with effective control or responsibility for its continuous functioning. The significance of being an owner of CII is that the Commissioner may issue the owner of CII with a notice designating a computer or computer system as CII for the purposes of the Cybersecurity Act. The Commissioner may designate the computer or computer system as CII if satisfied that it is necessary for the continuous delivery of an essential service (46 are listed) and the loss or compromise of the computer or computer system will have a debilitating effect on the availability of the essential service in Singapore. It is also worth noting that to be regulated as CII the computer or computer system needs to be wholly or partly located in Singapore.
  • The Cybersecurity Act introduces a mechanism allowing a person who has received a notice from the Commissioner designating a computer or computer system as a CII to request that the notice be instead sent to a third-party after showing that only that person has effective control over and the right to change the system. That third party is then deemed as the owner of CII for the purposes of the Cybersecurity Act.
  • The Cybersecurity Act modifies the requirements for audits and risks assessments. Previously, the Draft Bill required audit and risk assessments every three years. The Cybersecurity Act now requires audits at least once every two years and risk assessments once a year.
  • The Cybersecurity Act provides more clarity on notifications on changes in ownership of CII. It specifies that any change in beneficial or legal ownership (including any share in such ownership) must be reported not later than seven days after the date of change in ownership. The Draft Bill required owners to notify the Commissioner of any change in ownership no later than 90 days before the date of the intended change in ownership. The requirement to notify in advance of ownership change raised obvious practical and confidentiality concerns.
  • The Cybersecurity Act requires owners of CII to report “prescribed” cybersecurity incidents or any other incidents specified by the Commissioner. Previously, the Draft Bill required the reporting of all “significant” cybersecurity incidents. Prescribed cybersecurity incidents requiring notification will be set by the Commissioner.
  • The Cybersecurity Act requires owners of CII to establish mechanisms and processes for the purposes of detecting cybersecurity threats and incidents as set out in any applicable code of practice. Previously, owners of CII had to establish mechanisms and processes to detect “any cybersecurity threat”.
  • The Cybersecurity Act removes reference to “recommended technical standards” in the context of the standard of performance expected from owners of CII. This change is welcome; our earlier update pointed out that this phrase was vague and undefined.
2. Licensing of Cybersecurity Service Providers
  • The number of licensing schemes has been reduced to one; the distinction between “investigative” and “non-investigative” cybersecurity services has been removed and replaced with a narrower concept of licensable services. Under the Cybersecurity Act, penetration testing and managed security operations centre (“SOC”) monitoring services are licensable cybersecurity services that cannot be performed without a licence.
  • The Cybersecurity Act now clarifies that employees who are hired to provide cybersecurity services are no longer subject to licensing requirements. In other words, licensing is only compulsory for those in the business of providing cybersecurity services, whether they are individuals or corporate entities.
  • A company does not require a separate license if a related company already has such a license. “Related company” in the Act has the same meaning as the term in the Companies Act.
  • A licensee must now only keep records for three years; the Draft Bill required a duration of five years.
3. When information requested by the Commissioner may be withheld

Where the Commissioner has reason to believe that a computer or computer system may constitute a CII and requests information to substantiate this belief, the Cybersecurity Act now clarifies that any person to whom a notice for information is issued is not obliged to disclose information protected by law, contract, or the rules of professional conduct. Previously, it was not clear whether professional conduct rules or contractual obligations could legitimately prevent disclosure.

However, a contractual obligation remains an invalid excuse for refusing to disclose information in the context of (i) an information request pertaining to a known CII or (ii) investigations of cybersecurity incidents. Under the Cybersecurity Act, the CII owner will not be treated as being in breach of any such contractual obligation if the disclosure was done with reasonable care and in good faith for the purpose of complying with such an information request. However, these provisions still risk raising concerns with businesses about protection of their commercially sensitive information.


We note that there are still a number of terms in the Cybersecurity Act that remain somewhat uncertain. For instance, we observe that the term “debilitating effect” used in Section 7(1) referring to availability of an essential service remains undefined. In addition, the Cybersecurity Act’s Regulations – which would furnish important details relating to the practical operation of the Act – have yet to be published. Matters to be covered in the Regulations include the process for the designation of CII, the standards to be maintained by an owner of CII, the responsibilities and duties of an owner of a CII and the type of changes that are considered material changes to the design, configuration, security or operations of CII to be reported by an owner of CII;

A key practical issue for owners of CII regulated under the Cybersecurity Act will be implementing arrangements with their third party service providers responsible for operating and supporting of CII that enable the owners of CII to comply with the Cybersecurity Act.

The Cybersecurity Act reflects the Singapore Government’s calibrated and balanced approach towards countenancing cybersecurity threats. The included amendments have attempted to strike a balance between the need for regulatory authorities to expeditiously designate, investigate, and receive information on critical information infrastructure and cybersecurity threats vis-à-vis the burdens imposed on companies and private individuals in the IT industry.

The post Singapore’s New Cybersecurity Act – A Relief and Leading the Way for Others? appeared first on Global Compliance News.

Rules apply – to others

CGI – Corporate Governance Institute -

In Germany things tend to be a bit different. Our democracy encompasses us all, we have co-determination between representatives of capital and representatives of the workers, and we’ve got rules that don’t apply to everyone. One of these ‘don’t apply to everyone’ is what we call ‘cooling off’, namely a time out when members of […]

The post Rules apply – to others appeared first on CGI - Corporate Governance Institute.

Holmes, Innovation & Compliance: Part I – Digital Strategies

FCPA Compliance & Ethics -

Today begins a week of double themed blog-posts. First, I am back with an homage to Sherlock Holmes. The second theme will be innovation in the compliance department. I will take some recent concepts explored in the most recent issue of the MIT Sloan Management Review and apply them to innovation and development of your [...]

The post Holmes, Innovation & Compliance: Part I – Digital Strategies appeared first on Compliance Report.

Bonds: How To Finance Climate Adaptation

BRINK News -

To date, “green bonds” have been seen as the primary vehicle for environmental or social impact in the fixed-income market. Green bond issuance has grown significantly since the market was initiated in 2007, with offerings by the European Investment Bank and the World Bank. In 2017, total labeled green bond issuances—those explicitly marketed by issuers as green and many receiving third-party verification of their “greenness”—amount to $221 billion in debt outstanding. An additional $674 billion has been identified as “climate-aligned” by the Climate Bonds Initiative, bringing the total market for such debt to nearly $900 billion.

The vast majority of projects financed by green bonds have been focused on achieving climate change mitigation goals via low-carbon energy installations or public-transport initiatives to reduce greenhouse gas emissions. But a less frequently considered (but arguably just as critical) element of the climate change investing equation is the need for climate adaptation. That is to say, initiatives that anticipate, plan for, and adapt to the changing climate and its impacts. Examples include altering coastal infrastructure for anticipated sea level rise or implementing green roofs and permeable pavements to reduce heat island effects in cities.

The Growing Need for Adaptation

Even if global warming is limited to 2 degrees Celsius by the end of this century, some significant level of change to historical weather patterns and sea levels is expected over this time frame. Indeed, leading research—and recent events in California and the Caribbean/U.S. Gulf Coast—indicates that these impacts are already materializing. Though such impacts are notoriously difficult to quantify, the United Nations Environment Programme pegs the annual requirement for investments in climate adaptation at $56 billion to $76 billion per annum in 2015, increasing to anywhere from $140 billion to $300 billion per annum in 2030. This equates roughly to an aggregate requirement of between $1.5 trillion to $3 trillion over the 15-year time period.

To date, actual and future committed public finance for climate adaptation has fallen woefully short of the estimated need. Though data is limited, it appears as though private finance is not being mobilized adequately to fill the remaining gap. Evidence of such limited commitment to adaptation can be found in the green bond universe where only 3 percent to 5 percent of issuances have been tied to an adaptation-related project, all in the water sector. This despite the fact that the Green Bond Principles acknowledge the application of bond proceeds to support “climate change adaptation (including information support systems, such as climate observation and early‑warning systems)” and that the Climate Bonds Initiative includes in its taxonomy an adaptation section (albeit unfinished).

To date, actual and future committed public finance for climate adaptation has fallen woefully short of the estimated need.

How To Close the Financing Gap

The reasons for the adaptation-financing deficit are manifold, and solutions will not come easily. But there are some promising subsegments in the global bond market for investors looking to diversify their sustainable investment portfolios with climate change adaptation solutions:

  • Catastrophe Bonds: Insurance-linked securities (ILS), in particular publicly traded catastrophe bonds, represent a compelling opportunity for investors to support financial resilience in the face of the multiplying physical impacts of climate change. While most issuers of ILS today are commercial insurers, a growing number of such transactions are originating from public-sector insurers, nonfinancial corporations, and public entities, many of which have at their core a social mission. The ILS market today is small—30 times smaller than the climate-aligned bond market at just $30 billion in debt outstanding—but the capacity of the global capital markets to assume more weather and catastrophe risk is immense. This capacity could be put to use plugging the widening catastrophe insurance gap, though a broader array of corporate and public-sector issuers will first need to recognize the merits of ILS in helping them manage their contingent weather/catastrophe liabilities.
  • Environmental Impact Bonds: Social impact bonds are not all structured as bonds per se and so defy simple aggregation, but by most estimates they represent a very small investable market (less than $1 billion in total issuance outstanding). These bonds follow a “pay for success” model whereby investors receive a higher rate of return if a certain predetermined social objective is met. Recently, the DC Water and Sewer Authority issued what is believed to be the first environmental impact bond globally, the proceeds of which will be used to support green infrastructure improvements (such as permeable pavement). If stormwater runoff reduces by a certain amount in the years post-issuance, then investors will receive a one-time additional payout when the bond reaches maturity.
  • Resilience Bonds: While resilience bonds are still just a concept, the elegance of the solution has distinct appeal, and several pilot programs are rumored to be in the works. In short, a resilience bond would act like a catastrophe bond for a municipality but with a built-in contingent premium discount for the issuer based on the completion of an infrastructure improvement, which would make the covered location(s) less susceptible to damage from the covered peril(s). Using premium discounts to incentivize long-term decision-making for individual policyholders is a time-worn concept in the personal insurance industry, though it has yet to be applied effectively in the catastrophe bond market.

While the above investment categories are all currently small in size (or as yet nonexistent), the building blocks for global investing in climate change adaptation are in place. Scaling these opportunity sets will be essential, as the need to move more dollars rapidly into climate finance to support adaptation is clear. This need will only increase as global temperatures continue to rise.

This article was first published in the MMC Climate Resilience 2018 Handbook.

LPM Insider Survey Results: Should Retailers Conduct Employee Bag Checks?

Loss Prevention Media -

In last week’s LPM survey, we discussed the practice of checking employee bags upon exiting the stores, and class action lawsuits filed by hourly retail workers demanding that the company pay them for the time they spent waiting for loss prevention inspections after clocking out and before leaving stores.

Nike recently prevailed in a class action lawsuit filed by hourly retail workers demanding that the company pay them for the time they spent waiting for loss prevention inspections after clocking out and before leaving stores. According to attorneys, the court decision was influenced by the retailer’s study that showed associates spent an average of 18.5 seconds as part of off-the-clock employee bag checks—and that 60.5 percent of all exits required zero wait time.

The original article, “Security Footage Sinks Employee Lawsuit Targeting Employee Bag Checks” can be viewed here.

Survey Results

More than 9 out of 10 (92 percent) of our survey participants believe that retail companies should continue employee bag checks when employees leave the store, with 47 percent agreeing that employee bag checks rarely inconvenience employees and only take a matter of seconds. 28 percent of respondents believe that if employees make the decision to bring bags to the workplace they should expect to have to wait to have them checked regardless of how long it takes to complete the inspection. Additionally, 18 percent of those participating in the survey feel that employers should move them time clocks closer to the exits where practical and allow employees to clock out after the inspection to avoid many of these issues.

Approximately 3 percent of respondents believe that the company should have to pay employees for the time that they are required to wait to have their bags inspected.

Contrarily, 5 percent of our survey participants believe that employee bag checks are unnecessary, unproductive, an invasion of privacy, and they should be eliminated altogether.

Here is a sampling of your comments:

“Based on society today and the risks, associate bags checks are a needed measure in protecting the environment and are an impression of control. Let’s remember this is work and extra “stuff” is not needed in the workplace.”

“At our company employee bag checks are a condition of their employment. We have signs clearly posted by the time clock stating they will be conducted on a random basis. If it’s an issue for them, either don’t bring a bag to work or work somewhere else.”

“Every company should have a good strategy for conducting the bag checks, like having the employee clock out after they get checked and conducting the bag checks in one spot near a time clock.”

“Most of the screening that takes place at our sites takes mere seconds. It is only those associates who bring shopping bags to the checkpoint that the process may take longer.”

“Employee bag checks may seem like an invasion of privacy, but on the other hand if an employee does not want to be inspected they should not attempt to bring anything in or out of the doors. Also, the bag checks I have conducted never hold an employee over 30 seconds.”

“The bags should be checked before the shift starts as well.”

“We set up our bag check several times a season, but we do this before the step where employees clock out.”

“Bag checks are important and we have developed several theft cases out of them.”

“Most employees get a 10-minute paid break throughout the day which more than offsets the time taken on the bag inspections.”

“We should all be involved in protecting the assets of our companies. Bag checks are useful, and should be welcomed, not fought.”

“I have identified several internal theft incidents as the result of bag checks. In my experience, stores who reinforce bag checks are more likely to deter concealment cases compared to those who do not.”

Do you have any additional thoughts? Let us know what’s on your mind.



The post LPM Insider Survey Results: Should Retailers Conduct Employee Bag Checks? appeared first on LPM.

Path to Board Positions Paved with Honesty, Discipline and Hard Work

CGI – Corporate Governance Institute -

Forget the glamour and prestige of a board position. Yes, it’s a great professional achievement, it opens up enormous opportunity and there are plenty of rewards, but getting onto a board – especially if you’re a novice – and then serving on it and doing it justice takes a lot of honesty, discipline, dedication and […]

The post Path to Board Positions Paved with Honesty, Discipline and Hard Work appeared first on CGI - Corporate Governance Institute.

Beyond Shared Value: Character as Corporate Destiny

CGI – Corporate Governance Institute -

A new approach to enhancing corporate performance by upgrading the character of an organization. Corporate stewardship—an expanded sense of caring for people, communities, the environment, and future generations—is increasingly recognized around the world as a principle of enlightened business. We can no longer view corporations as isolated and independent entities, free to do whatever their […]

The post Beyond Shared Value: Character as Corporate Destiny appeared first on CGI - Corporate Governance Institute.

Episode 26 — Federal Reserve Blocks Wells Fargo Growth In Response to Governance and Risk Management Disaster

Corruption, Crime & Compliance Blog -

In an unprecedented action, on February 2, 2018, the Federal Reserve restricted Wells Fargo’s ability to grow its business until it implements comprehensive improvements to its board governance and risk and compliance systems.  Citing Wells Fargo’s poor record of governance and risk management resulting in the community banking sales incentive scandal and continuing problems at the bank, the Federal Reserve imposed detailed governance and risk management and compliance enhancements.

In this episode, Michael Volkov reviews the Federal Reserve’s unprecedented action against Wells Fargo.

The post Episode 26 — Federal Reserve Blocks Wells Fargo Growth In Response to Governance and Risk Management Disaster appeared first on Corruption, Crime & Compliance.

Capital Gains Lock-In and Governance Choices

The Harvard Law School Forum on Corporate Governance and Financial Regulation -

Posted by Scott J. Weisbenner (University of Illinois), on Sunday, February 18, 2018 Editor's Note: Scott Weisbenner is the William G. Karnes Professor of Finance at the University of Illinois. This post is based on a recent paper authored by Professor Weisbenner; Stephen G. Dimmock, Associate Professor of Finance at Nanyang Technological University; William Christopher Gerken, Assistant Professor of Finance at University of Kentucky Gatton College of Business and Economics; and Zoran Ivkovich, Professor of Finance at University of Michigan Eli Broad College of Business.

Does liquidity—the ability of shareholders to sell their shares easily—improve or harm corporate governance? Coffee (1991) and Bhide (1993) argue that liquidity is harmful for corporate governance because investors can more readily take the “Wall Street Walk” by selling their shares and thus avoid engaging in costly governance activities. In contrast, others have argued (see the review by Edmans (2014)) that liquidity can improve corporate governance because the threat of exit constrains management, and this threat is more credible when shares are liquid.


Overseeing Cyber Risk

The Harvard Law School Forum on Corporate Governance and Financial Regulation -

Posted by Paula Loop, Catherine Bromilow, and Sean Joyce, PricewaterhouseCoopers LLP, on Sunday, February 18, 2018 Editor's Note: Paula Loop is Leader at the Governance Insights Center, Catherine Bromilow is Partner at the Governance Insights Center, and Sean Joyce is US Cybersecurity and Privacy Leader at PricewaterhouseCoopers LLP. This post is based on a PwC publication by Ms. Loop, Ms. Bromilow, and Mr. Joyce.

Directors can add value as their companies struggle to tackle cyber risk. We put the threat environment in context for you and outline the top issues confronting companies and boards. And we identify concrete steps for boards to up their game in this complex area.

You don’t need us to tell you that cyber threats are everywhere. Breaches make headlines on what seems like a daily basis. They also cost companies—in money and reputation. Indeed, cyber threats are among US CEOs’ top concerns, according to PwC’s 20th Global CEO Survey.



CGI – Corporate Governance Institute -

Johannesburg, South Africa By Jene’ Palmer and reviewed by Terrance M. Booysen We know that both local and international organisations are continuously having to adapt to operate in uncertain business environments. Locally, the release of the Preferential Procurement Regulations 2017, which places stronger emphasis on ‘radical transformation’, against the backdrop of persisting low economic growth […]

The post DO YOU REALLY NEED A CORPORATE GOVERNANCE FRAMEWORK®? appeared first on CGI - Corporate Governance Institute.


Subscribe to Hong Kong Loss Prevention Association 香港防損協會 aggregator - Global Featured Wired

HKLPA (@the_hklpa) Tweets

RT @sh_oldenberg: To Understand Complexity, Use 7 Dimensions of Ethical Thinking 5 days 23 hours ago
RT @ComplianceXprts: 7 Things Every SME Exporter Needs To Know About Protecting Their Brand 1 week 4 days ago
RT @ComplianceXprts: Exporters Guide To Managing Compliance - Download our free ebook now! 1 week 6 days ago
RT @mikevolkov20: Episode 14 - What Every Compliance Officer Needs to Know About Data Privacy and the EU's GDPR - Corruption, Crime &… 1 month 2 weeks ago
RT @ComplianceXprts: What You Need To Know About Auditing And Risk Management In The Transport Industry 1 month 4 weeks ago
RT @EthicalSystems: Our 2017 End of Year Letter from @JonHaidt and @azishf "This is the time for the business… 2 months 2 days ago
RT @ComplianceXprts: Inspection of Facilities and Sporting Venues - Due Diligence 2 months 2 days ago
RT @ComplianceXprts: 14 Essentials For Your Compliance Management System 2 months 2 weeks ago
RT @ComplianceXprts: Our focus is on what people don't want to do. #ce 2 months 2 weeks ago
RT @mikevolkov20: ISO 37001: Board, Top Management and Anti-Bribery Compliance Responsibilities (Part III of V) - 4 months 4 days ago