Global Featured Wired

Everything Compliance-Episode 27, the Zuckerberg and Cohen Edition

FCPA Compliance & Ethics -

This week the gang goes for more of a roundtable Q&A with a couple of topics. We first consider the testimony of Facebook CEO Mark Zuckerberg before Congress and his company’s imbroglio with Cambridge Analytica and then the search warrant issued to Michael Cohen. Stayed tuned to the end for rants in this edition. Matt [...]

The post Everything Compliance-Episode 27, the Zuckerberg and Cohen Edition appeared first on Compliance Report.

Wendt and Sultan: How ‘oral downloads’ created a work-product protection waiver

The FCPA Blog -

As discussed in our prior post, the SEC charged Mathias Francisco Sandoval Herrera and Maria D. Cidre, two former executives from General Cable, with accounting fraud in January 2017. In response, these defendants sought to compel General Cable’s counsel, Morgan Lewis, to produce certain materials related to the firm’s corresponding investigation for the company, including investigation interview notes, SEC meeting notes, and an investigation report.

Farewell to Barbara Bush: The Role of a Compliance Committee Chair – Part II

FCPA Compliance & Ethics -

Today I conclude my two-part series on the role of a Compliance Committee Chair. However, first I wanted to honor Barbara Bush, who died Monday. She was as beloved a First Lady as America has seen, certainly in my lifetime. In Houston, she was a near mythic figure for her generosity, love and commitment to [...]

The post Farewell to Barbara Bush: The Role of a Compliance Committee Chair – Part II appeared first on Compliance Report.

Identifying and Verifying Ultimate Beneficial Owners

Corporate Compliance Insights -

Getting the Full Picture, Fast Comprehensively identifying and verifying corporate hierarchies and ultimate beneficial owners (UBOs) has become increasingly important since the implementation of 4MLD and MLR2017. However, achieving this view is time-consuming, and most organisations struggle to uncover the full picture. In this article, Paul Charmatz, Managing Director at encompass corporation, explores some of the The post Identifying and Verifying Ultimate Beneficial Owners appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)

Draft Law implementing GDPR in Portugal

Global Compliance News -

The Council of Ministers recently approved Draft law n.º 67/2018 (hereinafter “Draft Law”) that will ensure the implementation of the GDPR in Portugal. This draft is still subject to changes as it will have to be approved by the Parliament, with the discussion and voting scheduled for the next 3rd of May.

Nonetheless, there are some important points to highlight in respect of the choices made by the Government:

  • On a practical note, and certainly clearing a significant backlog, according to the Draft Law, all of the notifications and authorization applications pending decision, will expire when the Draft Law enters into force.
  • In contrast, the Draft Law states that all controllers that have an authorization issued pursuant current Portuguese Data Protection Law (Law n.º 67/98, of October 26), will be exempt from undertaking a Data Protection Impact Assessment.
  • Also alleviating the burden of implementation is the possibility of having a further 6 months (i.e. until November) in order to obtain new consents in line with the requirements of the GDPR.
  • According to the Draft Law the National Commission for Data Protection (Comissão Nacional de Proteção de Dados – CNPD) will remain as the Supervisory Authority in the matter of Data Protection.
  • The competent authority for the accreditation of certification bodies for data protection will be the Portuguese Accreditation Institute, I.P. (IPAC – Instituto Português de Acreditação, I.P).
  • Following the example of other countries and the opinion of those most actively discussing the matter in Portugal, the Draft Law states that in relation to the minimum age for allowing to process children’s personal data in the context of an offer of information society services is 13 years old.
  • With respect to portability, the Draft Law states that where interoperability of the data is not technically possible, the data subject has the right to demand that the data is delivered to him in an open digital format.
  • With regard to the right to erasure (“Right to be forgotten”), the draft law provides that in cases where there is a data retention period imposed by law, the right to erasure provided for in article 17 of the RGPD can only be exercised after that period.
  • The Government has also opted to impose some limitations on data processing resulting from CCTV recording, mostly to comply with the existing legal framework set by Law no. 34/2013, of May 16 and guidelines from the Portuguese Data Protection Authority.
  • In respect of data retention periods, the Draft Law clarifies that the data retention period shall be (i) the one that is established by law or regulation or (ii) the period that is necessary for the purpose of the processing. However, it also adds that: 1) where, by the nature and purpose of the processing, it is not possible to establish the data retention period, the retention of the data shall be deemed lawful; and 2) in case the Controller or Processor is required to prove compliance with obligations, they may retain the data until the the statute of limitation period defined by law elapses.
  • Some of the more controversial choices have been with respect to data processing in the context of employment, where the draft law, besides clarifying the legal grounds for processing (generally disqualifying consent), has included some important limitations on: 1) the use of CCTV recordings, as well as on other technological means of remote surveillance (restricting it for criminal proceedings, or for the purposes of establishing disciplinary liability, carried out within a criminal proceeding); 2) the processing of biometric data of employees (only allowed for the control of attendance and control of access to the premises); 3) the transfer of personal data of employees between companies (only allowing said transfer in cases of occasional transfer of the employee, as far as the transfer of the data is proportional, necessary and appropriate to the objectives to be achieved or of assignment of employees by a company of temporary work, or secondment to another State).
  • With regards to public entities, the Draft Law contains detailed indications on the possible options for appointment of a single DPO for different entities.
  • There is also an indication that processing of personal data by public entities for purposes other than those determined by the collection of the data is allowed, provided that processing is carried out in the public interest.
  • The Draft Law also contains specific provisions concerning the processing of data in the context of: 1) public procurement proceedings; 2) health databases or centralized registers; 3) archiving purposes in the public interest; 4) scientific or historical research or for statistical purposes – making reference to the principle of data minimization and to the use anonymisation or pseudonymisation of the data, whenever the purpose of the controller may be achieved with the data in the referred conditions.
  • The technical guidelines for the application of the GDPR to public entities are to be approved by resolution of the Council of Ministers, which has meanwhile been published (Council of Ministers Resolution n.º 41/2018) and establishes the minimum compulsory and recommended technical requirements applicable to the IT systems and networks of public entities, which should be adopted until 29 of September of 2019.
  • With regards to penalties, the draft law defines 3 different levels of fines, setting minimum amounts depending on the nature of the infringer or size of the company (large enterprises – from €1.000 up to €4000; SMEs – from €500 up to €2.000; or individuals – from €250 up to €1.000): 1) very serious administrative offense (with a statute of limitation period of 3 years); 2) serious administrative offense (with a statute of limitation period of 2 years); 3) minor administrative offense (with a statute of limitation period of 1 year).
  • Another controversial option was the choice of exempting the application of fines to public entities, although defining that this option should be reviewed within 3 years, after the entry into force of the Draft Law.

Finally, the draft law foresees a list of criminal offenses similar to that which was already included in the previously existing Portuguese Data Protection Law.

The post Draft Law implementing GDPR in Portugal appeared first on Global Compliance News.

Catastrophe Losses Not Scaring Off Alternative Capital

BRINK News -

The record losses from the natural disasters of 2017—with current estimates of total insured catastrophe losses around $140 billion—provided a significant test for the decade-long rise of alternative capital in risk finance. Businesses and observers may now be wondering: Will the alternative financing that flowed into the insurance and reinsurance industry over the past decade flee?

The answer appears to be a definitive “no.”

Alternative capital, also known as convergence capital, comprises capital from insurance-linked securities managers, specialist reinsurance-sponsored managers, and generalist direct investors as opposed to more “traditional” insurance financing. Pension funds, sovereign wealth funds, and others have earmarked an estimated $1 trillion for investment in the insurance industry, according to Guy Carpenter & Company and JPMorgan Chase Asset Management.

Reinsurance companies historically have used a number of methods to develop their capital base, with alternative capital providing a portion in recent years. The benefits for organizations using alternative capital as a complementary form of risk transfer can include diversifying coverage, efficient and direct deployment of capital, competitive pricing, and dedicated underwriting.

Although losses from Hurricanes Harvey, Irma, and Maria triggered payouts from investors, data from Guy Carpenter show 9 percent more alternative capital entered the industry at the end of last year than in the previous year—and that’s after providers replenished lost capital. Those three major hurricanes accounted for 64 percent of global insured losses from natural disasters in 2017, according to Swiss Re. A previous test of alternative capital occurred in 2011, which saw $110 billion in insured disaster losses. Those losses, however, were largely non-U.S. based—dominated by the Tohoku, Japan, earthquake and tsunami and severe flooding in Thailand.

Since 2011, alternative capital has grown each year, accounting for an estimated $82 billion in 2017, nearly one-fifth of global reinsurance capital (see Figure 1). Traditional capital, meanwhile, has remained stable but has not grown.

Who’s Investing in Catastrophe Risk?

In the broad universe of alternative capital, the many players have different investment objectives. For example, private equity firms and hedge funds may seek double-digit returns and an exit after a few years. Pension funds, on the other hand, may only require mid-single-digit returns because they have a much longer investment horizon.

Pension funds are among the largest investors in alternative financing. These funds represent the world’s largest source of capital, accounting for more than $25 trillion in the 35 member nations of the Organisation for Economic Co-operation and Development. According to the OECD, 75 percent of pension fund assets are in equity and fixed-income investments. The OECD calculates that, in 2016, global pension funds made a weighted average return of 2 percent to 5 percent on their assets.

Alternative investments such as commodities and real estate and nontraditional securities such as catastrophe bonds are attracting interest from pension funds and other investors because their returns tend to have low correlation to other asset classes. Insurance-linked securities are attracting investors because they offer diversification, potentially higher yields and less volatility over time than traditional stocks and bonds amid low interest rates. Risks covered under ILS vary, but one of the most common over the past 20 years has been U.S. windstorm risk.

Outlook for 2018 Is Positive

What might 2018 hold for alternative capital backing of catastrophe risks? If there is another test of this form of capital, will the result be the same? Or if this year’s losses replicate those of 2017, will alternative capital go elsewhere? There are pundits on both sides, but from this vantage point, alternative capital flight seems unlikely.

One reason is the consistent reaction following major events, such as hurricane loss. The current annual seasonal hurricane forecast by the Colorado State University Tropical Meteorology Project projects that 2018 will see slightly above-average activity. The CSU team forecasts the probability of a Category 3, 4, or 5 hurricane making landfall in the U.S. as 63 percent for the entire coastline. The average probability during the past century was 52 percent. Where a storm makes landfall is a dominant factor in the amount of insured loss. Historically, the insurance industry has attracted investment following large-loss years.

Another reason is the room to deploy more capital. With $1 trillion earmarked for insurance risk and $82 billion invested in 2017, alternative capital providers have much more capital to allocate to insurance risk. Relative to the size of the global insurance and reinsurance marketplace, alternative capital participation represents a small percentage.

The future is uncertain. Catastrophe losses in 2018 may turn out to be heavy, or they may be light. What would be the financial impact if three major storms significantly greater than Harvey, Irma, and Maria struck the U.S. coastline in sequence or if another major natural catastrophe coincided with a single major storm? Fortunately, the global insurance industry—and its capital—has yet to experience that phenomenon in its core markets. Until it does, investor interest in supplying capital for insured risk is likely to continue to rise. If such loss events were to occur, a similar response appears likely as well.

Developing resiliency for retail businesses with warehousing on demand

Continuity Central.Com -

The need to manage seasonality is a given for the majority of retailers - from Easter to Christmas, Black Friday to summer sales, effective management of trading peaks is key to success. But in an increasingly volatile business environment, with events from Brexit to global political uncertainty affecting retail operations, future proofing any business has become a significant challenge. As Charlie Pool, CEO, Stowga explains, rethinking seasonal planning by embracing warehousing on demand can not only cut costs but also deliver essential contingency planning for retail businesses.

AML Compliance Lessons Learned from US Bancorp and Rabobank Enforcement Actions

Corruption, Crime & Compliance Blog -

Global banks have been the focus of enforcement actions, focusing on AML and sanctions violations.  With the new beneficial ownership regulations effective May 11, 2018, we are about to see a significant transformation in AML compliance and enforcement.

I have scheduled a free webinar, The New Era of AML Compliance: The Need to Refresh Your AML Compliance Program, May 15, 2018, at 12 Noon EST.  You can sign up Here.

Justice Department prosecutors brought two significant AML enforcement actions in the beginning of 2018.

US Bancorp (USB) entered into a two-year deferred prosecution agreement (DPA) for failing to maintain an adequate anti-money laundering program and failing to file a suspicious activity report (SARs).  USB agreed to pay $458 million in forfeiture, a $75 million penalty to the Office of the Comptroller of the Currency, and a $70 million payment to the Department of Treasury’s Financial Crime Enforcement Network (FinCEN).

Rabobank’s subsidiary plead guilty to a conspiracy to violate money laundering laws and obstruction of a regulatory investigation of its activities in California.  Rabobank agreed to pay $368 million in forfeited funds.

The lessons learned from these two significant AML enforcement actions include:

Adequate Resources: A financial institution that fails to allocate adequate resource to operate a robust AML compliance program is doomed to fail.  Both USB and Rabobank allocated minimal resources to their respective compliance programs and suffered serious consequences when their compliance programs faltered.  A company that ignores the need for resources is demonstrating its lack of commitment to ethics and compliance and will never be able to achieve an effective ethics and program.

Avoid pre-established criteria for SARs and account/transaction scrutiny:  USB adopted set criteria for the number of high-risk transactions that could be reviewed and the number of SARs that could be filed.  Such an approach, by definition, was ineffective because it failed to account for relevant circumstances and changes in risk profiles.  When USB fixed the problem, USB discovered there were a large number of transactions/accounts that should have been renewed, and USB ended up filing 2,121 SARs for a six-month period.

Implement controls for regulatory interactions: USB and Rabobank deceived and mislead the Office of Comptroller of the Currency.  To avoid such a problem, companies have to establish internal controls governing responses to regulatory inquiries and audits and have multiple levels of review to ensure that accurate and complete information is provided to the regulators.  If a single person or small group of persons have such responsibility, they can coordinate and conspire to mislead the regulator, especially when their conduct is at issue.

Apply rules no matter the size of the customer:  USB and Rabobank sought to protect large customers who were important to the bank’s financial performance.  This is a critical point – bank rules and policies have to be applied consistently when dealing with large customers.

Document and subject to internal review changes in policies and procedures:  Rabobank sought to circumvent AML restrictions by adding high-risk customers to a verified list of approved customers.  Such additions should be subject to careful review and any change in policies and practices has to be reviewed, justified and supported by careful analysis.

Independent AML assessments are critical:  Surprisingly, Rabobank had an independent AML assessment conducted during the period of misconduct.  The report found a number of deficiencies in the AML compliance program.  Companies have to be aware of an assessment, share the results, and develop a remediation plan that is subject to oversight, monitoring and continuing review.  Banks have to devote more time and attention to the assessment process and the implementation of remediation based on such an assessment.

The post AML Compliance Lessons Learned from US Bancorp and Rabobank Enforcement Actions appeared first on Corruption, Crime & Compliance.

TRACE Podcast: Cost-Effective Internal Investigations

Corporate Compliance Insights -

Jeff Clark of Willkie Farr & Gallagher provides comprehensive guidance for planning and executing internal investigations and leveraging resources.   The post TRACE Podcast: Cost-Effective Internal Investigations appeared first on Corporate Compliance Insights.

(This is only a summary. Click on the headline to view the entire article at Corporate Compliance Insights and participate in the discussion.)

Congress Questions Facebook CEO on Wildlife Crime

Whistleblower Protection Blog -

In his testimony before Congress last week, Facebook CEO Mark Zuckerberg received tough questions from members of Congress about wildlife trafficking and the illegal ivory trade on his two-billion user social media site.

At the Joint Senate Committee Hearing, Senator Chris Coons (D-DE) referenced a recent Time article examining illicit wildlife crime on Facebook, stating, “wildlife traffickers are continuing to use Facebook tools to advertise illegal sales of protected animal parts.” Zuckerberg responded, “we’re going to have more than 20,000 people at the company working on security and content review.”

Yet, these new content review policies could be harmful if Facebook focuses only on deleting the illegal content. Instead, Facebook must work with law enforcement officials to combat illegal wildlife trade on its website.

Facebook provides a platform that facilitates communication for the illegal ivory trade. Representative Buddy Carter (R-GA) stated, “there’s so much ivory being sold on Facebook that it’s literally contributing … to the extinction of the elephant species.”

This is no exaggeration. Both the Asian and African elephant species are listed as endangered under Appendix I of the UN Convention on International Trade in Endangered Species (CITES). Central Africa lost 64% of its elephants within a decade. Furthermore, the world is currently facing the sixth mass extinction of animal and plant species. Zuckerberg admitted a lack of awareness on illicit ivory trade through Facebook. Once again, he mentioned Facebook’s increased efforts for content review. Yet, he still fails to acknowledge that Facebook profits from the illicit ivory trade and the loss of biodiversity.

In response to the Zuckerberg Hearings and Facebook’s profits from wildlife crime, Stephen M. Kohn, Executive Director of the National Whistleblower Center, stated that “Congress needs to ensure that the Securities and Exchange Commission (SEC) does its job. Permitting criminal activity on a company’s property will ultimately impact the value of the company stock, harming investors. The SEC cannot permit US investors to contribute the extinction of numerous threatened species including elephants, rhinos, and tigers.”

Senator Coons and Representative Carter should be commended for pressing Zuckerberg on these important issues. The international ivory trade and illegal wildlife trafficking jeopardize diverse ecosystems and species’ survival. The National Whistleblower Center’s Global Wildlife Whistleblower Program seeks to enlist whistleblowers to come forward and expose illegal wildlife trafficking. It is important that we push Facebook to eliminate wildlife trafficking on its site and urge Congress members to make sure online sites cannot be used as a hub for wildlife trafficking.

Those that know about the illegal wildlife trade can report it to an attorney here.

Webinar: The New Era of AML Compliance — The Need to Refresh Your AML Compliance Program

Corruption, Crime & Compliance Blog -

The New Era of AML Compliance:

The Need to Refresh Your AML Compliance Program

May 15, 2018, 12 Noon EST


Anti-Money Laundering compliance programs are evolving to take into account new government expectations and regulations, including FinCEN’s new beneficial ownership regulations and recent enforcement actions. Recent AML enforcement have raised important issues for financial institutions as well.

Join Michael Volkov, CEO of The Volkov Law Group, as he discusses new AML compliance expectations and the need for financial institutions to refresh and refocus their AML compliance programs.

The post Webinar: The New Era of AML Compliance — The Need to Refresh Your AML Compliance Program appeared first on Corruption, Crime & Compliance.

3 Indispensable Ideas for Your Retail Store Safety Checklist

Loss Prevention Media -

For the third time, Sam’s Club has lost an appeal in a personal injury action that awarded a woman $1 million for injuries she sustained in a New Jersey store after being hit in the leg with a flatbed cart.

“Viewed in the light most favorable to plaintiff, the evidence makes clear plaintiff suffered disfiguring scarring, numbness, ongoing constant pain, and impairment of the use of her leg,” the New Jersey Appellate Division wrote in their February 2018 decision, Newton v. Sam’s Club. “Defendant has not clearly and convincingly established that the damage award is a miscarriage of justice. To be sure, this was a high verdict, but that does not mean it was excessive.”

.inline-text-ad h1, .inline-text-ad h2, .inline-text-ad h3 { margin-top: 0; } .inline-text-ad h1 { font-size: 18px !important; font-weight: bold !important; } .inline-text-ad p { font-size: 1.0rem; } .inline-text-ad { border-top: 1px dotted #cccccc; border-bottom: 1px dotted #cccccc; padding-top: 20px; } @media only screen and (max-width: 768px) { .inline-text-ad { text-align: center; } .inline-text-ad h1, .inline-text-ad h3, .inline-text-ad h3 { font-size: 1.15em; } } @media only screen and (max-width: 460px) { .inline-text-ad h1, .inline-text-ad h3, .inline-text-ad h3 { font-size: 1em; } } Find out what you need to know about modern retail security in a FREE Special Report, Retail Security and Safety: CCTV Surveillance Systems, Retail Alarm Systems, and Security Training, right now!

With such eye-popping verdicts still being handed out, retail store safety—and getting employees to follow all the steps on your retail store safety checklist—is critical. Even a small mistake, like the one that led to the million-dollar verdict against Sam’ Club, can be a costly. In the case, a 72-year-old woman was struck in the leg by a flatbed cart loaded with boxes of chicken wings pushed by another customer (which a Sam’s Club employee had retrieved for the customer).

How can a retail company reduce the risk of injuries? Such a question is clearly too simplistic to answer. What a retail organization can do to cut injuries depends on what it has already done, its risks, and where it is along the safety management continuum. But the question “what did you do to cut injuries?,” while unable to provide universally applicable answers, can help to highlight real-world examples of safety success.

We’ve researched the question and put it to a range of companies—and unearthed several ideas for addressing common safety challenges. Loss prevention executives may want to review these steps for a retail store safety checklist to see if any actions that other companies have found helpful might prevent their next injury-and perhaps a million-dollar jury award.

1. Identify new equipment as “not ready for use” until it receives the necessary “okays.” One director of health and safety thinks his company’s simple “red tag procedure” has helped to prevent equipment from posing an unnecessary workplace hazard. As soon as a piece of equipment comes into a facility, receives a modification, or moves from one department to another, it receives a red tag indicating that it is off limits until it receives the necessary signatures from personnel with the authority to sign off.

2. Don’t try to change workers’ minds until you know what’s in them. Anytime you provide a safety training session or try to implement new safety procedure, success is hit or miss unless you understand the way workers currently address the situation in question. “Giving information is like throwing spaghetti on the wall: you have no idea what will stick until after you’ve thrown it,” explained one safety training consultant.

LP directors must appreciate that workers currently live within a system and, even if it doesn’t work well, that a safety intervention is a disruption to that system. She says that workers do not make a decision to adopt new work methods based on the specific data or information they are given; rather, they decide based on how it applies to their values, beliefs, and history (the system). Retail safety leaders need to tailor safety training to that system if they want workers to incorporate the information when they are back performing their job duties.

3. Look for real-life training examples. After several hand injuries, including severe lacerations, tip amputations, and fractures, one company enlisted the victims of injuries to lead safety meetings and an open discussion on past incidents, nip and pinch points, and what the loss of a hand could mean to their lives and their families. “It was one of the most effective meetings that I’ve been involved in,” the safety director said, who added that they’ve conducted the same training without injured employees but that they had less impact.

Other companies said they drove safety success by…

  • Moving hazard warning signs and safety message signs around. After six months in a single location, a safety sign probably doesn’t even register with employees. If allowed, move such signs to a slightly different location so workers notice them again.
  • Giving employees education on how to adjust their office chairs. One company said they deployed a new line of highly adjustable office chairs for workers but found that many of them never changed the factory setting because they weren’t sure how to operate the controls.
  • Providing employees with an online portal where they can report safety problems, fill out reports, and make safety suggestions.
  • Providing a training feedback form at the conclusion of safety training. A safety director can’t know what works and what doesn’t without affording workers the opportunity to evaluate safety training programs.
  • Including safety performance data in each employee’s annual review.
  • Conducting a weekly safety teleconference with senior managers.
  • Assigning each new worker to a “safety buddy” for the first month of work.

The post 3 Indispensable Ideas for Your Retail Store Safety Checklist appeared first on LPM.

Holiday Shopping Habits Throw Off Our Supply Chain Objectives

Loss Prevention Media -

Did you ever notice that stores see more foot traffic and retail sales increase around the holidays? Of course you did; that’s Retail 101. But how often do you think about the implications of holiday shopping patterns for other business areas in the retail organization–notably, the supply chain?

In the era of online shopping, we see that tremendous volume increases in the supply chain are occurring during the holiday season. Although the data for the 2017 season has not yet been released, it’s evident that the retail industry has in some ways failed to keep up with the latest holiday shopping trends.

Glenn Master, contributing writer, shares some thoughtful observations on this topic in an article, “The Fallout of Holiday Peak,” in the March-April 2018 issue of LP Magazine. Master points out three key areas where the industry is falling behind in meeting its supply chain objectives. The first area is in volume projections. From the article:

Most retailers have analytic models that produce estimated volume projections to determine the number of orders that will be passing through the supply-chain network. This information is passed on to contracted transportation providers, allowing them to plan for the staffing models necessary to handle the anticipated product volume.

Despite all the computer analytics being used, the one thing that cannot be easily forecasted is how online ordering can be affected by the unpredictability of human behavior. This is especially true from Thanksgiving Day through Cyber Monday. In talking with my loss prevention peers in both retail and transportation, consumer sentiment was grossly underestimated going into the 2017 holiday season. So regardless of the current political atmosphere, the Federal Reserve raising interest rates, or the potential that North Korea may launch a nuclear bomb, US consumers were ready to spend money this holiday season.

Learn more about the other two areas where retailers need to be stepping up their supply chain game in “The Fallout of Holiday Peak.”

You can also visit the Table of Contents for the March–April 2018 issue or register for a free subscription to the magazine. [Note: if you’re already a logged-in subscriber, the previous link will take you to the current issue instead.]

The post Holiday Shopping Habits Throw Off Our Supply Chain Objectives appeared first on LPM.

2018 Compliance Institute Guest Blogs: Never Gets Old

The Compliance & Ethics Blog -

By Tomi Hagan Welcome back to Las Vegas, Compliance Institute attendees! The excitement and anticipation surrounding this conference never gets old. Knowing that I am going to reconnect with friends and colleagues I have met over the years, network and make new connections, and spend time celebrating this great profession make the preparation and stress […]

Breaking News in the Industry: April 18, 2018

Loss Prevention Media -

Shoplifting crew strikes home improvement stores

Baltimore County Police say they cleared fifteen shoplifting incidents at home improvement stores involving an organized crew of criminals, and are asking for the public’s assistance in identifying two more of the suspects. Police say the two suspects pictured are associated with this shoplifting crew and were caught on surveillance camera taking tools from a Home Depot store in western Baltimore County. The suspects involved in this shoplifting crew have stolen in excess of $100,000 worth of tools, usually Dewalt or Milwaukee tool kits. While detectives have cleared fifteen cases from Baltimore County, there are at least forty documented cases involving this group of suspects spanning throughout Maryland and in Delaware. The suspects typically enter the stores, most commonly Home Depot or Lowe’s, in groups of 2 – 4 people and walk straight to the tool corral area, take easily carried tool kits, then walk together directly out of the store. Anyone who recognizes the two unidentified suspects or has any information on these crimes or additional suspects can contact police at 410-307-2020.  [Source: Fox5 News]

Starbucks says it will close its 8,000 company-owned stores in the US for one afternoon to educate employees about racial bias

The announcement follows an uproar over the arrest of two black men who were waiting for a friend at a Philadelphia Starbucks last week. The store manager called the police. “I’ve spent the last few days in Philadelphia with my leadership team listening to the community, learning what we did wrong and the steps we need to take to fix it,” Starbucks CEO Kevin Johnson said in a statement. “While this is not limited to Starbucks, we’re committed to being a part of the solution,” he said. “Closing our stores for racial bias training is just one step in a journey that requires dedication from every level of our company and partnerships in our local communities.” Starbucks says the training will be developed with guidance from experts including former Attorney General Eric Holder.

Sherrilyn Ifill, the president of the NAACP Legal Defense and Education Fund, and Jonathan Greenblatt, CEO of the Anti-Defamation League, will also help design the program, as will executives from the Equal Justice Initiative and Demos, the progressive think tank. The experts will also review the effectiveness of the training, Starbucks said.  The two men entered the Starbucks on Thursday and asked to use to the bathroom. An employee told them it was only for paying customers. When they then sat in the store without ordering anything, the manager called police, and the men were arrested for trespassing. No charges were filed. Johnson met with the two men on Monday and apologized for how they were treated, a company spokesperson said. The company says the manager who called the police is no longer working at that store. Starbucks would not comment on other reports that she has left the company by mutual agreement. Separately, a Facebook video taken in January at a Starbucks in California shows a black customer saying that he was not allowed to use the bathroom when a white customer was. The racial bias training will be provided on May 29 to about 175,000 workers. [Source: CNN Money]

Ring worth $20,000 stolen from jewelry store; two men sought

Police were looking for two men Thursday after they stole a ring worth more than $20,000 from a Killeen, Texas, jewelry store. The theft was reported just after 1 p.m. Wednesday at the Zales store at 2100 W.S. Young Dr. The two men entered the store and requested to see the ring, police said. An employee allowed one of the two to look at the ring, and then both suspects ran, taking the ring with them. Both men were black and one was in his 20s with a small Afro and brown eyes. He was wearing a black and yellow jogging suit with a jaguar or lion logo on the front and back. The second was also in his 20s and has short black hair and brown eyes. He was wearing blue jeans, white shoes, a white tank top and a blue jean jacket with “Nicki Minaj” on the back. The two may have escaped in a white sedan. Investigators are asking anyone with information to call Crime Stoppers at (254) 526-TIPS.   [Source: KWTX10 News]

Teen employee charged with felony theft for returns scam

A 16-year-old girl was charged with felony theft Sunday after she allegedly stole merchandise and money from JCPenney over several months. According to a Galesburg, Illinois, police report, officers were called about 4 p.m. Sunday to the retail anchor at Sandburg Mall, 1150 W. Carl Sandburg Drive. Once there, a corporate loss prevention associate told police the teenage worker had been under investigation for a month for reportedly making fraudulent returns. The employee “would find a cash purchase, and then make a return for the merchandise, and take the cash for the return.” Store records showed the worker allegedly took about $3,800 in returns and stolen merchandise. The employee reportedly wrote a statement and told the loss prevention officer the thefts began in December 2017.   [Source: The Register-Mail]

Woman arrested for shoplifting dog collar earns felony charge for carrying pills

A woman who was already wanted in Stafford, Virginia, picked up a new felony charge Wednesday after she was arrested for trying to steal a dog collar and other items from a county Walmart, police said. Serena Marie Ball, 46, of Locust Grove was charged with possession of a controlled substance after Percocet that she didn’t have a prescription for was found on her following her arrest, Stafford Sheriff’s spokeswoman Amanda Vicinanzo said. Ball was also charged with misdemeanor larceny. According to police, Deputy Dominic Torrice went to the Walmart in response to a reported shoplifting. A loss prevention associate told Torrice that a woman had opened a bag of dog bones and stuffed some in her pockets and removed a tag from a shirt and placed it on a dog collar. Store surveillance video showed that the woman had failed to pay for just under $40 worth of items in the self-checkout line, Vicinanzo said. Police said the suspect became belligerent when taken into custody, continually screaming and claiming she was injured. Medical personnel were called to the scene and determined that the woman was not injured. At the Rappahannock Regional Jail, the dog collar was recovered among her belongings, along with the pills. Ball was wanted in Stafford Circuit Court for skipping a court appearance late last year. She is charged with DUI, 3rd offense, which is also a felony.  [Source: The Free Lance-Star]

Trust in Facebook has spectacularly nosedived after its enormous data breach

Trust in Facebook has spectacularly collapsed after the consulting firm Cambridge Analytica was revealed to have improperly accessed data from as many as 87 million users. A survey of 3,000 people by the Ponemon Institute, a US think tank, reported by the Financial Times, showed that users were significantly more skeptical than they were last year that Facebook would handle their personal information with care. In the week after the former Cambridge Analytica staffer Christopher Wylie’s revelations about the data breach, just 27% of respondents to the Ponemon study agreed with the statement “Facebook is committed to protecting the privacy of my personal information.” This was a substantial drop from the 79% of people who agreed with the statement in 2017. The findings support Business Insider Intelligence’s 2018 Digital Trust survey, which found that 81% of Facebook users have little to no confidence in the company to protect their data and privacy. These fears were considerably more pronounced for Facebook than they were for Instagram, LinkedIn, Snapchat, Twitter, and YouTube. Ponemon has been polling US Facebook users for most of the past decade, according to the FT. It said some respondents were particularly upset the company had not informed them of the Cambridge Analytica data breach in 2015, when Facebook learned of it. “They put Facebook on such a high pedestal that the bottom is more painful,” Ponemon’s chairman, Larry Ponemon, told the Financial Times. Business Insider has contacted the think tank for the full results of its survey.   [Source: Business Insider]

The post Breaking News in the Industry: April 18, 2018 appeared first on LPM.

The Evolving First Line of Defense

Program on Compliance and Enforcement, New York University School of Law -

by Michael Held

Keynote Address

Good morning.  It’s an honor to join you at the 1LoD Summit.  The views I express today are my own, not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.[1]

I’ve heard it said that being in the risk control business can be, and often is, a thankless task. We get all the blame when something goes wrong, and none of the glory when things go right.  So, I want to start my remarks with a word of gratitude to you, my fellow travelers in the world of risk controls.  Thank you—not just for the invitation to speak today, but also for the work you perform each day at your firms. 

The growing sophistication and stature of the first line of defense is, in my view, an unqualified improvement in corporate governance—especially at financial firms.  Let’s begin with what you are defending. 

The credibility and reputation of your colleagues, your employer, and your industry. 

The trust of your customers and clients.  

And, perhaps most important, the public interest.  

From my perspective, you are not just a first line of defense for your organization.  You are the first line of defense against significant risks to the financial system.  This may sound inflated to some.  And it is not unusual to begin a speech with a bit of flattery.  But I mean this sincerely.  The first line of defense helps keep problems small.  It enhances a firm’s commitment to both its private and public purposes.  It contributes materially to the trustworthiness of firms and the financial system, and therefore promotes financial stability. 

Today’s agenda promises to inform and to challenge, and to help the first line develop professionally as a distinct area of corporate controls.  For my part, allow me to share some observations based on my work at the New York Fed. 

First, I want to discuss the risk of developing harmful silos in a three lines of defense model.[2] 

Second, I want to encourage you to be creative and inclusive in your approach to the first line of defense.  You are probably already consulting with technology specialists.  But I am also thinking of fields such as behavioral science.  The observations of neuroscientists and psychologists have disrupted the field of economics, and may help firms better manage risk.

Third, I will offer some thoughts on the development of professional attributes in the first line of defense, especially community and courage.

Three Lines of Defense, Not Three Silos of Defense

Since the financial crisis, we have seen a proliferation of the three lines of defense model across the financial industry.  The official sector has helped promote this framework.[3] 

The three lines of defense model is a useful framework, but it is a means to an end.  It is not an end in itself.  The goal is a well-controlled firm with respect to its risks.  There is a potential danger associated with applying the three lines of defense framework so rigidly that it detracts from that goal.  Independence and expertise are desirable.  Silos are not.  Excessive formalism can limit the overall control framework of an organization. 

I offer these observations with humility gained through experience.  I have witnessed many discussions about where lawyers fit into the three lines of defense.  First line?  Second line?  Not in any line?  In hindsight, such debates are a distraction.  It is much more important to think instead about the tasks the lawyer is performing.  How do those tasks fit in to the overall goal of helping the organization control its risks? 

Ultimately, substance matters much more than form.  Of course, clarity of roles and responsibilities is important.  It is also important that a front line business feel accountable for managing the broad set of risks confronting it.  Indeed, one of the benefits of the three lines of defense model is that the business lines think more expansively about the risks they face, beyond just traditional notions of credit and counterparty risk.  But an effective risk manager worries less about whether her firm’s risk management framework exactly matches the theory of the three lines of defense, and more about whether the risks facing the firm are well controlled. 

Get Creative

It’s easy to say, in essence, “Don’t miss the forest for the trees.”  Let’s acknowledge that the challenges you encounter in the first line of defense are a veritable thicket.  To manage effectively the risks that your firms face requires intellectual agility and creativity.  For now, I want to touch on a few considerations: diversity, choice architecture (especially incentives), and moral reasoning.  These inputs can help you apply the three lines of defense model more effectively, especially in the face of rapid technological innovation.


If you want to think nimbly, embrace diversity: the way we think, our backgrounds and areas of expertise, our experiences—including, but certainly not limited to, the ways that people treat us because of where we were born, our race, gender, pedigree, sexual orientation—and even our values.  Diversity can help address the problem of silos that I described earlier.  The problem with silos is not specialization, but blind spots.  At the New York Fed, I don’t want economists making legal judgments, or lawyers performing economic analyses.  But I very much want lawyers and economists to provide insights to each other based on their specialties. 

More generally, inviting outside views helps avoid common, human biases.[4]  “Groupthink” is one well-documented bias.  Another is the “endowment effect”—placing greater value on what one already has versus what one does not.  What links these phenomena is an excessive preference for the status quo.  It is remarkable how often problems in financial firms can be overlooked because of a sense that they are part of a normal, business-as-usual state of affairs.  A diversity of inputs can help us see the flaws in what we accept as normal. 

Diversity is a frequent topic of conversation, but it is not easy.  My view is that, like other ethics, diversity is a habit that takes practice.  As first line of defense professionals, try to develop the habit of seeking out other points of view.  Diverse points of view may come from junior employees in your line of business.  They may also come from HR professionals, sociologists and psychologists, communications experts, even lawyers.  For financial firms, prudential supervisors can also contribute to a diversity of viewpoints.  Their horizontal view of practices across firms not only helps promote a more stable financial system, but also helps firms identify problem areas. 

A diverse set of views, professional training, and life experience may help you see shortcomings in your risk management framework—even in the three lines of defense model.  Just because three lines of defense is a sensible way to manage risk does not mean it is perfect—no model is.  A diverse set of inputs will help you figure out how to apply more effectively the three lines of defense in your organization.

Choice Architecture

I recommend as well that you pay attention to choice architecture in deciding how best to construct a first line of defense.  By “choice architecture,” I mean the broad array of options that promote decisions aligned with the values and goals of your respective firms.[5]  How choices are presented can have a dramatic impact on outcomes.  Taking account of ordinary, human biases—including the ones I just mentioned—and organizational culture can help you present options in a manner that yields better results.

In the world of risk controls, individuals face choices every day—choices whether to walk right up to the line of appropriate behavior and risk crossing it; choices to get more or less compensation in exchange for riskier behavior; and choices to raise their hands (or not) when they suspect that something has gone awry.  In my view, effective controls require an appropriate balance of narrowly focused, prescriptive rules, and broader principles and standards.  The precise balance will vary, depending on the task and the firm.  But regardless of the setting, a thoughtful set of risk controls can improve the choices that employees make. 

One other word of advice on choices.  People need time—time to stop, breathe, and ask for help if they need it.  Making decisions sooner than necessary can lead to mistakes.  As human beings, we do not always see consequences in the first instance.  We need time to process.  Of course, time can sometimes seem like a luxury.  Time is, after all, money—or so we have been told.  But the consequences of making the wrong choice because you are in a hurry can be far more expensive.  I was speaking recently with a colleague with years of experience as a criminal prosecutor.  She observed that the first step on the path to criminal ruin often begins with one seemingly small, often rushed choice.  My own experience from years of seeing mistakes in the financial services industry leads me to agree.  People—especially junior employees—too often decide sooner than they must, without taking the time to raise their hand and ask for help.  So do not confuse thinking quickly and creatively with choosing rapidly in every instance.  When considering what structures in your organization can help people make good decisions, consider ways to build in adequate time to decide.


In any discussion of choices, it is critical to consider incentives.  Compensation is a powerful form of incentive.  We need to think creatively about how to structure compensation in ways that promote conduct aligned with the values and long-term financial interests of the firm.  Bill Dudley, the President of the New York Fed, has proposed one possible improvement.  Pay material risk takers and senior managers in the form of deferred debt, which vests in line with the medium- and long-term risks for which they are accountable.[6]  The idea is to create a performance bond for bankers akin to the security deposit that a tenant provides to a landlord. 

But, believe it or not, money is not the only way to motivate people.  One lesson of the LIBOR scandal is that employees are motivated by more than pecuniary gain.  In that case, loyalty to a network of professional contacts was a powerful incentive to commit fraud.  I am lucky to have had a very different experience at the New York Fed.  I oversee a staff of legal, compliance, and law enforcement professionals who appreciate their paychecks but, in all candor, are not in it for the money—or, at least, not entirely in it for the money.  What matters to them is the Federal Reserve’s public mission.  A good way to encourage their best conduct is to acknowledge their contributions to that mission. 

But don’t take my word for it.  A growing number of organizational experts and management consultants have concluded that job satisfaction and other intrinsic benefits matter as much if not more than extrinsic rewards, including pay.[7]  This is not to say that incentive compensation is weak tea.  It is certainly a powerful motivator.  My point is that, in your efforts to construct the most effective controls for your organization’s risks, consider both monetary and non-monetary incentives. 

Moral Reasoning

It is also important to promote moral reasoning.  I know there’s a joke in there somewhere.  After all, what is a lawyer doing talking about morality?  And there is some tension in advocating moral judgment in a discussion about controls.  Controls seek consistency and objectivity.  Morality, by contrast, can be very personal or subjective.  Controls often remove discretion.  Moral reasoning is all about choice.

But let’s be realistic.  We cannot rely exclusively on controls or process to achieve desired outcomes.  Not every situation can be anticipated.  Not every decision can be automated.  Controls can be out-maneuvered—sometimes unwittingly, but other times on purpose.  For all these reasons, good processes are necessary but not sufficient.  There will be situations in which your employees have to make choices.  Ignoring the moral dimension of choices carries significant risk.[8]  If you want your organization to be well controlled with regard to its risk, you have to consider the quality of choices, not just the reliability of processes.[9]  An organization should therefore develop the capacity of its employees to make good choices, not just permissible choices. 

So, how do you practice moral reasoning?  Bill Dudley has offered what I thought was a good starting point.  Get rid of the notion that a separate morality applies at work than at home.[10]  Bankers—and, for that matter, lawyers—cannot check their morals at the door when they step onto a trading floor or into a courtroom. 

Here are some other ideas, courtesy of a 2016 report by the Financial Conduct Authority entitled “Behaviour and Compliance in Organizations.”[11]  The report argues, among other things, that ethical considerations need to remain salient in order to promote good choices.  Salience can be achieved by prompting about moral codes—through language that emphasizes words like “moral,” “ethical,” and “good.”  Discussions by leaders and key culture carriers—that is, esteemed colleagues regardless of rank in a hierarchy—can also help if they address ethical dilemmas that arise in the course of business decisions.  Finally, salience occurs through proximity of decision-makers to those affected by decisions.[12]  So, look for ways to make the human consequences of choices more apparent.

In my view, a habit or culture of considering what is right, and not merely what is permissible, will help any organization attract, retain, and develop high-quality employees.  It will promote individual wellbeing and will contribute, over time, to an industry that makes fewer errors of judgment.

Do Not Rest

Above all, remember that this is a marathon, not a sprint.  So your organization now has three lines of defense—great!  But your work is not over.  You still have to question whether your organization can be better controlled vis-à-vis its risks.  The challenges and opportunities facing your firm do not stop changing.  You need to adjust accordingly. 

I encourage you to ask questions about the three lines of defense model and how it is applied in your organizations.  Here is one of the questions on my mind:  How do the three lines of defense take account of advances in technology?  Technological solutions in financial services are becoming cheaper, faster, more easily available—almost off-the-shelf—and help make your business more efficient and profitable.  But do you know how these solutions work?  Chances are, not really.  I certainly do not, but then I’m just a lawyer.  There may be a tendency to believe that brilliant people built and tested the product.  Surely they know better than you or I about how it works.  We should therefore just trust the experts. 

I have seen this movie before.  Similar assumptions existed a decade ago about CDOs and other complex securitizations and hedges.  It has been said that the financial crisis occurred because of a failure of imagination—of not anticipating risk.[13]  There was also a more basic failure.  Not enough people understood how complex financial products actually worked. 

It is critical that all three lines of defense—and, especially, the first line of defense—understand technology.  I urge you to question your current technology, and to think ahead to further changes.  For example, how will artificial intelligence challenge traditional methods of testing and assurance, which address static coding rather than dynamic learning?  How will machine choices about access to financial services, or the cost of those services, avoid perpetuating or exacerbating historical disparities of race, gender, age, or zip code?  These questions do not have easy answers, and they will likely lead to more questions.  So don’t rest.  Keep learning so that you can better anticipate risks.

Professionalism and the First Line of Defense

Finally, I encourage you to continue to develop a sense of your field as a profession.  Now, I do not mean to imply that anyone in this room is unprofessional.  But, like many others, I see a role for professionalism in finance.  The Banking Standards Board in the United Kingdom is a thought leader in this field.  According to its most recent annual review, which I recommend to you all, “[P]rofessionalism comprises the attitudes, judgement and high standards of behaviour, knowledge and skill expected of individuals working in banking. . . . [G]reater professionalism in banking would help create a sector that, now and in the future, better met the needs and expectations of its customers, clients, members, employees, the economy and wider society.”[14]

In my view, various aspects of professions have a lot to offer.  The eligibility requirements for many professions improve the likelihood that a practitioner will meet standards of competence and behavior in her professional conduct.  These requirements cover character, prior record, and reputation—not only skill or education.

Members of professions also benefit from codes of conduct that transcend specialized practices.  These principles offer an ethical framework within which to tackle problems that are not easily resolved by narrow rules or processes.  They make it easier to make and stick with good decisions. 

Gatherings in which members of a profession can come together and exchange ideas and opinions are crucial.  They help members of a professional community keep up to date on important industry-wide developments and raise issues that present the need for collaboration.  They also help to instill a shared sense of purpose and responsibility for carrying out the goals of the profession.

A profession can also provide personal accountability.  Lawyers, for instance, can be disbarred, and complaints against them can become matters of public record.  That is added incentive to maintain the skills, character, and other qualifications required to become (and remain) a member of the bar.

And, critically, professions do not stop improving.  Lawyers continue—I hope—to seek a more just society.  Doctors, a healthier one. 

I do not mean to call for the equivalent of the legal bar for bankers—although it might not be a bad idea.  But there are elements of professions that could be useful.  For example, forums like this one facilitate information sharing and promote a sense of community.  A code of professional conduct is another example.  Again, I refer you to the work of the Banking Standards Board, which has developed a “Statement of Principles for Strengthening Professionalism.”  Like Bill Dudley, I have argued that banking would benefit from a misconduct database.[15] Records of employee misconduct would be available to future employers to combat the so-called “rolling bad apple” phenomenon.  Hopefully this would encourage more careful choices by bankers in the same way that the risk of disbarment prompts lawyers to think about the long-term consequences of their decisions. 

None of these ideas is a magic bullet.  But they may be helpful as you consider how the first line of defense and the financial services industry develop as a profession.

Conclusion: Professional Courage

Let me end with one final thought on professionalism.  Looking back at the financial crisis and more recent scandals, there must have been people who recognized early that what was happening was wrong, but remained silent.[16]  As the first line of defense develops and convenes in gatherings like this, it is important to remember one other professional value: courage. 

Professional courage is key to the appropriate functioning of lawyers inside corporations.[17]  In what has been called the “partner/guardian” dilemma—a bit of a misnomer since the “dilemma” is really a good thing—lawyers are supposed to assist the firm in its mission and protect its long-term reputation, its good name as a store of value.[18]  That takes courage, especially when an action is technically legal but otherwise wrong or just plain stupid.

Your roles in the first line of defense also require professional courage.  You are partners in your business.  You are also guardians of your firm, the investment of its shareholder owners, the trust of its customers, and the expectations of public authorities.  That is not an easy task.  You have my sympathy.  And you have my thanks—not just for being an attentive audience, but also for all of your good work.

[1] Pinchas Becker, Thomas Noone, and Angela Sun assisted in preparing these remarks for the Keynote Address at the 1LoD Summit, New York, NY, April 17, 2018.

[2] See generally Gillian Tett, The Silo Effect (2015).

[3] See, e.g., Office of the Comptroller of the Currency, “OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches” (2014), available at; Basel Committee on Banking Supervision, “Review of the Principles for the Sound Management of Operational Risk” (2014), available at

[4] See Financial Conduct Authority, “Behaviour and Compliance in Organizations,” Occasional Paper 24 (Dec. 2016), available at

[5] Id.

[6] See William C. Dudley, “Enhancing Financial Stability by Improving Culture in the Financial Services Industry,” Remarks at the Workshop on Reforming Culture and Behavior in the Financial Services Industry (Oct. 20, 2014), available at

[7] See Salz Review: An Independent Review Of Barclays’ Business Practices 191-92 (2013) (collecting sources).

[8] See Wieke W. Scholten, Banking on Team Ethics: A team climate perspective on root causes of misconduct in financial services 110-13 (2018) (summarizing psychological research on moral climates that may facilitate misconduct).

[9] See Nicholas Morris and David Vines, Capital Failure 15-16 (2014) (“Trustworthiness requires conscious choices to be made rather than merely being the outcome of a reliable process.”).

[10] William C. Dudley, Remarks at the Culture Imperative – An Interbank Symposium, Jan. 11, 2017, available at (“My second message is to reject the idea that a separate regime of ethics or morality applies in banking. I’m sure you have heard this, or perhaps even thought this, at some point in your career. Let it end there. We often teach our children by asking them if they would engage in that type of behavior at home. This is good professional advice as well.”).

[11] See supra n.4.

[12] See Dan Awrey, William Blair, and David Kershaw, “Between Law and Markets: Is There a Role for Culture and Ethics in Financial Regulation?” 38 Del. J. Corp. L. 191, 208 (2013) (“Proximity is a measure of the physical, psychological, social, or cultural distance between a decision-maker and those whom their decisions affect.”).

[13] Tim Besley and Peter Hennessy, Letter to Queen Elizabeth II (July 22, 2009), available at (“So in summary, Your Majesty, the failure to foresee the timing, extent and severity of the crisis and to  head  it  off,  while  it  had  many  causes, was principally a failure of the collective imagination of many bright people, both in this country and internationally, to understand the risks to the system as a whole.”).

[14] Banking Standards Board, Annual Review 2017/2018, available at

[15] See Dudley, supra n.6; Michael Held, “Reforming Culture and Conduct in the Financial Services Industry: How Can Lawyers Help?” Remarks at Yale Law School’s Chirelstein Colloquium (Mar. 8, 2017), available at

[16] See Preet Bharara, “Criminal Accountability and Culture,” Remarks at the Federal Reserve Bank of New York’s Conference: Reforming Culture and Behavior in the Financial Services Industry: Expanding the Dialogue (Oct. 20, 2016), available at
  (“[T]here would be less corporate crime and less painful consequences arising from the crime that does occur if more people said something early on rather than remain silent or look the other way.”).

[17] See Association of the Bar of the City of New York, “Report of the Task Force on the Lawyer’s Role in Corporate Governance” 95 (Nov.2006) available at (“Not to waver or equivocate is no easy challenge for lawyers in some circumstances because of the economic and professional pressures already noted, and because the answers to legal issues are seldom completely free of doubt.  It may take genuine professional courage to provide unwelcome advice and stick to it.”).

[18] See Ben Heineman, The Inside Counsel Revolution 7 (2016).

Michael Held is General Counsel & Executive Vice President of the Legal Group at the Federal Reserve Bank of New York.

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.


Subscribe to Hong Kong Loss Prevention Association 香港防損協會 aggregator - Global Featured Wired

HKLPA (@the_hklpa) Tweets

RT @NDDCEL: Ethics training is broken. Can #storytelling fix it? 4 weeks 15 hours ago
RT @EthicalSystems: "We are trying to give advice to organizations that are incredibly complex. When you put individuals together, they… 1 month 1 week ago
RT @sh_oldenberg: To Understand Complexity, Use 7 Dimensions of Ethical Thinking 2 months 1 week ago
RT @ComplianceXprts: 7 Things Every SME Exporter Needs To Know About Protecting Their Brand 2 months 2 weeks ago
RT @ComplianceXprts: Exporters Guide To Managing Compliance - Download our free ebook now! 2 months 2 weeks ago
RT @mikevolkov20: Episode 14 - What Every Compliance Officer Needs to Know About Data Privacy and the EU's GDPR - Corruption, Crime &… 3 months 3 weeks ago
RT @ComplianceXprts: What You Need To Know About Auditing And Risk Management In The Transport Industry 4 months 5 days ago
RT @EthicalSystems: Our 2017 End of Year Letter from @JonHaidt and @azishf "This is the time for the business… 4 months 1 week ago
RT @ComplianceXprts: Inspection of Facilities and Sporting Venues - Due Diligence 4 months 1 week ago
RT @ComplianceXprts: 14 Essentials For Your Compliance Management System 4 months 3 weeks ago