The Twelve Days of Compliance

Sing it with me:

On the first day of compliance,
my audit gave to me:
Madoff in a prison jumpsuit.
madoff
.
.
On the second day of compliance,
my audit gave to me:
Two legal frauds,
and Madoff in a prison jumpsuit.
dreier 2
.
On the third day of compliance,
my audit gave to me:
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
markopolos
.
.
On the fourth day of compliance,
my audit gave to me:
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
schapiro
.
.
On the fifth day of compliance,
my audit gave to me:
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
Charles Ponzi
.
.
On the sixth day of compliance,
my audit gave to me:
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
mozillo
.
.
On the seventh day of compliance,
my audit gave to me:
Seven black swans a swimming
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
black swan
.
.
On the eighth day of compliance,
my audit gave to me:
Eight bribes in billing
Seven black swans a swimming
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
blago
.
.
On the ninth day of compliance,
my audit gave to me:
Nine trades a-troubling
Eight bribes in billing
Seven black swans a swimming
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
troubling trades
.
.
On the tenth day of compliance,
my audit gave to me:
Ten laws a-changing,
Nine trades a-troubling,
Eight bribes in billing,
Seven black swans a swimming,
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
barney frank
.
.
On the eleventh day of compliance,
my audit gave to me:
Eleven accounting errors,
Ten laws a-changing,
Nine trades a-troubling,
Eight bribes in billing,
Seven black swans a swimming,
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
satyam
.
.
On the twelfth day of compliance,
my audit gave to me:
Twelve data breaches,
Eleven accounting errors,
Ten laws a-changing,
Nine trades a-troubling,
Eight bribes in billing,
Seven black swans a swimming,
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
data-theft
.
madoff

Social Networking is Serious Business

aiimnelogoIf you live in the Greater Boston area and have $45 lying around, I am speaking on social networking on January 15, 2010 hosted by the New England Chapter of AIIM.

Social Networking is Serious Business
Newton Marriott Hotel
January 15, 2010
8:30 a.m. – 11 a.m.
$40 AIIM NE members/$45 non-members

I will be joining John Pepper, the CEO of Boloco and Russs Edelman the CEO of Corridor Consulting. Being the lawyer and compliance guy on the panel, I will be focusing on the regulatory, compliance and legal issues related to web 2.0 / social networking. That means I’m talking about the downside and the ways to get yourself in trouble.

In other words, I’m putting the emphasis on the “serious” part in the presentation name.

Register for Social Networking is Serious Business

COBRA Subsisdy Set to be Extended

recovery_gov

With the COBRA subsidy having expired, Congress has moved ahead to extend the subsidy.

Section 1010 of the Department of Defense Appropriations Act, 2010 extends the COBRA subsidy program for six more months, moving from a nine month subsidy to a 15 month subsidy.

It also extends the eligibility for workers from December 31, 2009 to February 28, 2010.

Since the change is included in the Department of Defense Appropriations Act for 2010 (military spending for the year), everyone expects President Obama to sign it shortly.

References:

Who Said Government Ethics Wasn’t Funny?

Office of Government Ethics Seal

You might think that the United States Office of Government Ethics would be overly serious and lack a sense of humor.

You would be wrong.

Check out the poem at the end of their Reminder about Holiday Gifts & Fundraising
(.pdf)

The holiday season – a time for good cheer!
For egg nog, for parties, for friends to be near.
But I must be careful
Lest I accept free
A gift not permitted, no matter how wee.

Part two six three five of the 5 CFR
Explains in detail the relevant bar.
It defines the term gift
To mean all things worth money.
That’s NBA tickets or jars full of honey.

Some gifts may be taken but some are verboten.
The source is the key – it’s the rule that I’m quotin’.
When from me or others
The source seeks some act,
I must find an exception or I could be sacked.

Check out the rest of the poem.

References:

Compliance Bits and Pieces for December 18

Here are some interesting stories from the past week:

“Mr. Ruehle, You Are a Free Man”: Judge Carney’s Dramatic Dismissal of the Broadcom Backdating Criminal Case by Kevin M. LaCroix in The D&O Diary

There has been widespread news coverage of the dramatic December 15, 2009 decision of Central District of California Judge Cormac Carney to throw out the options backdating related criminal charges against Broadcom co-founder Henry T. Nicholas III and CFO William Ruehle, based on prosecutorial misconduct.

It’s NOT Just a Fantasy: Company Fires Employees for Running Fantasy Football League, For Real by Daniel Schwartz on the Connecticut Employment Law Blog.

This week, it was reported that Fidelity Investments fired four employees (including relationship managers to various clients) who were running various fantasy football leagues. What was curious about the company’s statement for the rationale for the firing was not so much using company time and resources for the league but rather it’s designation of fantasy football as a form of “gambling”.

SEC Charges FCPA Compliance Officer with Violations by Thomas O. Gorman in SEC Actions

The SEC brought an FCPA action against Bobby Benton, the Vice President of Western Hemisphere Operations of Pride International, Inc. Mr. Benton was responsible for FCPA compliance in his region. Pride is one of the world’s largest offshore drilling companies. SEC v. Benton, Civil Action No. 4:09-cv-03953 (S.D. Tex. Filed Dec. 11, 2009).

Chief Compliance Officer Now a Full-Time Job By Melissa Klein Aguilar for Compliance Week

Two new studies confirm what those tasked with oversight of corporate compliance probably already know: More and more often these days, the chief compliance officer’s job is a full-time, stand-alone gig, rather than a secondary duty one handles while wearing some other title.
A poll from the Open Compliance and Ethics Group found that of 365 respondents, nearly 75 percent said their company has a chief ethics and compliance officer or someone in a similar role with top-level oversight of compliance. That’s up from only 10 percent in a similar poll from 2005.

Recent Opinion Sheds Light on the Relevance Of Due Diligence to the FCPA’s ‘‘Knowledge’’ Requirement(.pdf) by Kenneth Winer and Gregory Husisian of Foley & Lardner LLP

I admit that I included this article because they refer to me as a “prominent commentator.” See Footnote 3. (Referenced source:
Sounding Off About Third Party Compliance even though I did not make the quoted statement.

The U.S. District Court for the Southern District of New York recently issued an opinion that sheds important light on one of those elements – the ‘‘knowledge’’ requirement. The case underscores that while a failure to perform due diligence when entering into an arrangement with an intermediary (such as a consultant, joint venture partner, or distributor) may expose a company or individual to substantial reputational and legal risks, the FCPA does not require such due diligence.

Herrmann’s Farewell Post Mark Hermann is leaving the Drug and Device Law blog (and private practice)

Credit Suisse Settles OFAC Charges for $536 million

credit-suisse-logo

The Credit Suisse Group has reached a settlement with U.S. authorities related to U.S. dollar payments involving parties subject to U.S. sanctions. The $536 million global settlement with Credit Suisse represents by far the largest sanctions settlement in the history of US Treasury’s Office of Foreign Assets Control.

The settlement arises out of Credit Suisse’s processing of thousands of transactions over a 20 year period that concealed the involvement of sanctioned parties. Credit Suisse approached OFAC in early April 2006 about an internal investigation it was conducting related to U.S. securities transactions executed on behalf of an entity subject to U.S. sanctions. In early 2007, after the New York County District Attorney’s Office began looking into several suspicious wire transfers, Credit Suisse also informed OFAC of a separate internal investigation related to its activities as a U.S. dollar correspondent for payments involving Iran, Sudan, Burma, Cuba, North Korea.

The settlement agreement lays out the decades long history of bad behavior at Credit Suisse.

“Credit Suisse in Zurich had a standard procedure of structuring payments to avoid disclosing the sanctions nexus of transactions passed through the United States, deleting or omitting certain information when transactions were to be processed through the United States, and providing incorrect information in wire transfer instructions executed through the United States on behalf of U.S. sanctioned individuals and entities. This standard procedure was embodied in internal directives, memoranda, and e-mails involving, among others, a Credit Suisse Bank Payments sector head, Credit Suisse’s Treasury and Trade Finance departments, the head of Credit Suisse’s Iran desk, as well as in e-mails between Credit Suisse and its Iranian bank clients.

Specifically, from on or about August 19,2003, to on or about November 1,2006, Credit Suisse processed 4,775 electronic funds transfers, in the aggregate amount of USD 480,072,032.00, through financial institutions located in the United States to the benefit of the Government of Iran and/or persons in Iran, including various Iranian financial institutions, in apparent violation of the prohibition against the “exportation, … directly or indirectly, from the United States, … of any … services to Iran or the Government of Iran,” 31 C.F.R. § 560.204.”

Credit Suisse is making the $536 million payment pursuant to a settlement agreement with OFAC and deferred prosecution agreements with the New York Country District Attorney’s Office and the United States Department Justice.

I would expect that a shareholder class action suit will be filed shortly as well. We have seen these shareholder suits result from FCPA settlements.

References:

SEC Approves New Custody Rule

sec-seal

The Securities and Exchange Commission adopted the proposed Custody Rule for investment advisers originally proposed last May. (See: SEC Releases Proposed Custody Rules for Investment Advisers)

As is typical with the SEC, they announced the rule was approved before they made the final version of rule available. The rule amendments will be effective 60 days after their publication in the Federal Register.

The SEC press release highlights the two biggest changes:

Surprise Exam

“The adviser is now required to engage an independent public accountant to conduct an annual “surprise exam” to verify that client assets exist. Such a surprise examination would provide another set of eyes on the client’s assets, and provide additional protection against theft or misuse. The accountants would have to contact the SEC if they discovered client assets were missing.”

Custody Controls Review

“When the adviser or an affiliate serves as custodian of client assets, the adviser is now required to obtain a written report — prepared by an accountant that is registered with and subject to regular inspection by the PCAOB — that, among other things, describes the controls in place at the custodian, tests the operating effectiveness of those controls and provides the results of those tests. These reports are commonly known as SAS-70 reports. Requiring that the accountant be registered with and subject to inspection by the PCAOB provides greater confidence regarding the quality of these reports.”

The rules are amendments to Rule 206(4)-2 [17 CFR 275.206(4)-2], Rule 204-2 [17 CFR 275.204-2] under the Investment Advisers Act of 1940 [15 U.S.C. 80b] (the “Advisers Act” or “Act”), to Form ADV [17 CFR 279.1], and to Form ADV-E [17 CFR 279.8].

References:

SEC Historical Society

November 1, 1974 - "We're Moving Right Along," Herblock, Copyright by The Herb Block Foundation
November 1, 1974 - "We're Moving Right Along," Herblock, Copyright by The Herb Block Foundation

The Securities and Exchange Commission Historical Society has launched a new gallery exploring the SEC during the mid to late 1970s: In the Midst of Revolution: The SEC, 1973-1981.

“From 1973 to 1981, the securities industry and the SEC experienced revolutionary change that created enormous upheaval, provided new economic opportunity and made the task of the SEC to respond to the new demands wrought by the rapid changes in the market increasingly more difficult.”

I was surprised to discover that the SEC’s Historical Society existed. I was even more surprised to see the wealth of information in its archives and virtual museum.

There is also a great history of the SEC’s regulation of insider trading.

Computer Files for Employees in France

Flag_of_France.svg

France has strict laws on the ability of a company to monitor its employees’ computers. But a recent French decision found that files created by an employee on a computer issued by the company for work purposes are presumed professional unless the employee identified them clearly as personal. So the company can open these files without the employee being present and without telling the employee in advance.

At least that is according to recent post in Proskauer’s Privacy Law Blog. The decision is in French so I am assuming that Ms. Martin’s French is better than mine. (Google’s translation of the case is not very good.)

“Until this case, the case law was unclear on whether folders or files located on an employee’s work computer but titled with the employee’s name or initials would be afforded privacy protection under workplace privacy laws. However in this ruling, the French Supreme Court made clear that all files created by an employee on an employer’s computer belong to the employer unless they are expressly identified as personal. By adopting this position, the French Supreme Court was consistent with the French Data Protection Agency (CNIL) which, since 2002, has advised that employees should be cautious when using their work computers for personal purposes.”

References: