Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode we take a deep dive into recent Hogan Lovell’s report High Seas: Steering the Course II Navigating bribery and corruption risk in 2020. We conclude with a special tribute to Bernie Ebbers and his role in creating the modern compliance professional.

Some of the highlights include:

  • What do the survey results say about the direction of compliance function spending?
  • Can companies manage risks in emerging markets when compliance spending is decelerating?
  • Technology can improve compliance efficiency but it can also improve compliance evasion.
  • Will CCOs be able to interpret data from ComTech tools?
  • What are the implications for the compliance discipline and CCO?

Resources

Hogan Lovell’s report High Seas: Steering the Course II Navigating bribery and corruption risk in 2020, click here.

Matt Kelly blog post, Compliance Resources Getting Tighter

Robert Conrad died last week. For anyone who grew up in the 60s, he was simply James West, star of The Wild Wild West. It was one of the most rootin’ tootin’ shows around, with Jim West as an 1870s super-secret agent, channeling James Bond to the Old West. It featured action, gadgets, coolness and action (did I mention action). Conrad had later successes but did not reached the heights of Jim West. Conrad performed many of his own stunts and was a self-described tough guy. His sidekick on the show was Artemus Gordon played by Ross Martin, who was the brains behind West’s brawn. Conrad had early starts in television in two iconic television shows, Hawaii Eye and 77 Sunset Strip. After The Wild Wild West, Conrad starred in Baa Baa Black Sheep and had a prominent role in Centennial.

I thought about Conrad’s approach to the role of James West in the context of tech in compliance or what I have dubbed ComTech. Compliance has been pushed more to the forefront in anti-money laundering (AML). As banking institutions, financial institutions and the financial services industries continue to tighten and strengthen AML controls, criminals and other nefarious actors will move into non-financial corporations to move money for the simple reason that such robust controls required in the financial realm are not generally required in the non-financial corporate world. Non-financial corporations should have robust AML controls in place and one of the requirements for any best practices AML policy is to “know your customer” (KYC). Artificial Intelligence (AI) will allow a more robust KYC approach.

Another area where compliance is often left behind is in the arena of mergers and acquisitions (M&A). Since the 2012 FCPA Guidance, the focus of compliance in M&A has been more on the pre-acquisition phase of a deal. Often the compliance function is either brought in at the last minute and does not have the time to perform adequate compliance due diligence or there is an overwhelming amount of data to be reviewed and the resources available (or made available) to the compliance function is woefully inadequate. AI has made inroads into this process, to the immense assistance of compliance.

Such a review could include such issues as whether third-party sales representatives have the requisite background due diligence in the files, their status and commission rates paid. There could be a review of top sales and business developments folks in high-risk regions, correlated with a gift, travel and entertainment (GTE) analysis. Finally, you could consider sales in high risk regions or even sales spikes from low risk areas from the compliance perspective.

A prime example of where AI can assist the compliance function is with third parties in Supply Chain (SC) management. Every multi-national has literally thousands of vendors. Getting a handle on those is always a challenge simply because of the numbers involved. By using AI, a compliance practitioner can immediately identify vendors that present anti-corruption compliance or other risks to an organization. Having led an effort to list out all vendors by hand to begin the risk ranking process, I can personally attest to the greater efficiencies AI can bring to the exercise.

There is yet another set of AI tools that can review contracts to see if any specific types of clauses are non-standard. It would seem a relatively easy software coding exercise to adapt such products to compliance clauses. This type of approach could also be used for non-standard governance clauses in joint ventures (JVs) or other types of business venture agreements. Having been assigned the task of reading all my then employer’s JV agreements (87) and third-party sales agents contracts (211) from across the globe and recalling the amount of time it took to do so; I can again personally attest to the greater efficiencies we are considering through the use of AI.

This example also points to one of the key disadvantages to AI and ComTech going forward. In past years, it was through document review and the detailed reading of documents and cases that many junior lawyers were trained. In my experience, reading all those JV agreements and third-party sales agents’ agreements gave me a very good education in contract language and what positions were more and less favorable to each party. This is how many young associates were trained in law firms. This very practical method of training will eventually go away.

This final example also points to one of the key limitations of ComTech. While it might help to have AI review the JV agreements and third-party sales agents’ contracts, it only could identify non-standard contract language. Unfortunately, since most of the agreements and contracts are bespoke, they were uniformly non-standard. Further, the assignment I was given required an analysis of each non-standard contract, so the judgment of a human was required. Even as AI becomes more sophisticated, the judgment of a professionally trained compliance practitioner is still required to validate the areas flagged by AI as anomalies.

There are still compliance professionals, usually legally trained, who fear these innovations. In honor of the return of Sarah Connor to the big screen last year, I want to remind you that Skynet has not yet become self-aware so, at least for a little longer, humans are still in charge. There have always been technological innovations which help make compliance disciplines run more efficiently, more smoothly and more profitably. AI is simply another step in this line of technological developments. There is certainly no reason to be afraid of using it. Given the disruption which has impacted the legal profession through LawTech; disruption is not far behind in the compliance world through ComTech.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020

Today’s guest is Ray Pathak is the COO of Nymity, which was recently acquired by TrustArc. He chats with Tom Fox about the acquisition and how his company is reimagining privacy.

A Powerful Combination
Nymity and TrustArc have been in the compliance space for a combined 40 years. Nymity has research expertise, and TrustArc is versed in automation and technology. The companies coming together with their complementary skills have created something powerful and special in the marketplace.

Reimagining Privacy
Tom asks Ray to expand on its catchphrase, ‘Reimagining Privacy’. It’s about providing data intelligence within the compliance solution, Ray responds, so that companies can do more with less. “We want to empower organizations to understand their data better and by understanding it, be able to do more with their data.” He calls this ‘unleashing the data’.

The wait-and-see approach used by so many companies is a failure waiting to happen, Ray argues. It may solve the problem of today, but it’s not viable long-term because you would have to start from scratch each time a new law comes out. He advocates a more proactive, take-control approach: build out a comprehensive privacy program so when a new law comes out you’re just tweaking your program instead of creating a whole new one.

Embedding four layers of research within their tools so that information is available to clients when they need it, makes Nymity’s solution different from other solutions on the market. Ray goes on to explain how this process brings privacy intelligence to their clients, saving them valuable time. Their comprehensive framework containing 139 different technical and organizational measures, grouped into 13 categories, and mounted to over 900 local and international laws allows clients using the framework to build out their data privacy program to comply with many laws.

Future Trends
Tom asks Ray to comment on the top issues in data privacy for 2020 and beyond. Ray responds that the first issue is the impact laws like CCPA will have. More states are coming out with privacy laws, likely to be more comprehensive than CCPA, he predicts. The second issue he talks about is making data privacy easier for people. Privacy is becoming more complex, but their privacy intelligence tool makes it more accessible for clients. Thirdly, he says that by combining technology with research, his company is helping to provide insights to organizations with their solution.

Resources
Nymity.com
TrustArc.com

The Houston Astros sign-stealing scandal filled out quite a bit last week with two significant new items. The first was an interview on the MLB Network by Tom Verducci, of disgraced Astros manager A.J. Hinch (Hinch Interview). The second was an article in the Wall Street Journal (WSJ) by Jared Diamond, entitled “‘Dark Arts’ and ‘Codebreaker’: The Origins of the Houston Astros Cheating Scheme” (the ‘Dark Arts’ article). In his piece, Diamond detailed how it was the Astros Front Office, led by General Manager (GM) Jeff Luhnow, who originally developed the team’s sign-stealing capabilities. Both stories go a long way towards explaining the toxic culture that existed on the Astros. However, before I go into the sordid details of the toxicity, first a tribute to one of the greatest writers on baseball in the second half of the 20th Century, Roger Kahn, who passed away last week.

In 1951, Kahn was a 24-year-old sportswriter working at the now defunct New York Herald Tribune when he was assigned as the beat reporter for the Brooklyn Dodgers. It was one year into the Golden Decade of Baseball when there were only eight teams per league and only 400 major league players. It was just after Jackie Robinson had broken the color barrier and the very best of the Negro Leagues was beginning to come into Major League Baseball (MLB). It was the decade of the greatest competition with the most talented players, before expansion diluted the talent levels. Kahn was there in New York City when one of the New York teams, the Yankees, Dodgers or Giants won early World Series save one.

While his sports writing was outstanding, I was introduced to Kahn through his book The Boys of Summer about the great Dodger teams from the 1950s who lost five out of six World Series to their rival from the American League (AL), the Yankees. Equally poignant was his tracing of their paths after baseball; from Jackie Robinson to Carl Furillo, the hardhat who sued baseball, to Roy Campanella, paralyzed in a car accident after the team moved to Los Angeles. According to his New York Times (NYT) obituary, “The Boys of Summer” — along with “The Summer Game,” the first collection of Roger Angell’s revelatory New Yorker pieces about baseball, also published in 1972 — more or less created a new literary category: long-form narrative baseball reporting.”  Michael Wilbon, co-host of PTI,  called it the best book on baseball ever. It was one of the books that has remained with me since I read it the first time, many years ago.

Kahn wrote about baseball through the eyes of a fan, with much awe and wonder. I wonder what he might make of the state of baseball about now? Verducci, writing in SI.com about his interview, said, “Hinch became the first person associated with the scandal to admit to it in detail and explain how wrong it was. Regretful, apologetic and briefly teary-eyed, Hinch this week, in an exclusive interview with SI and MLB Network, talked about when he knew about the scheme, his biggest regret, his emotional meeting with Crane, the whistleblower Mike Fiers, and his future plans.”

I watched the interview and Hinch was clear that felt he was responsible because he was the Manager. It happened on his watch and he did not do enough to stop it. Smashing the clubhouse monitor being used not once but twice was not enough to get the message across. Hinch admitted he should have said something. Hinch said, “I regret so much about that and it’s so complicated and so deep and there are parts that are hard to talk about but taking responsibility as the manager … it happened on my watch. I’m not proud of that. I’ll never be proud of it. I didn’t like it. But I have to own it because I was in a leadership position. And the commissioner’s office made it very, very clear that the GM and the manager were in position to make sure nothing like this happened—and we fell short.”

For me, perhaps most enigmatically, Hinch said he would do things different now. He stated, “As a leader what I’ve learned and how I’ve grown and the bigger stages that I’ve been on, I know how I would respond today.” At the time, I wondered how or why he believes he has grown enough to challenge the sign stealing scheme in the first place. After all wasn’t he the Manager (with a Capital M)? Apparently being the Manager on the Astros did not give you all that much power from what we learned from the Dark Arts article.

It turns out that the Astros developed their original sign stealing scheme back in 2016 and it was a front office initiative signed off by now disgraced and fired former GM Luhnow. The scheme was allegedly dreamed by a then intern (now front office exec). It even had a code name (although not very clever), Codebreaker.

 According to the Dark Arts article, “The way Codebreaker worked was simple: Somebody would watch an in-game live feed and log the catcher’s signs into the spreadsheet, as well as the type of pitch that was actually thrown. With that information, Codebreaker determined how the signs corresponded with different pitches. Once decoded, that information would be communicated through intermediaries to a baserunner, who would relay them to the hitter.” Luhnow claimed he never knew about the scheme all the while admitting he saw a PowerPoint presentation on it. Indeed, the intern, “Derek Vigoa, currently the Astros’ senior manager for team operations, told investigators that he presumed Luhnow knew it would be used in games because that was “where the value would be,” according to the letter.” Put another way, do you think employees put plans to lie, cheat and steal in a PowerPoint presentation and then plan not to use it.

Moreover, once, when responding to an email “titled “Road Notes (April-May), which include reference to ““The System”—a reference to … as “all kind of covert operations,” including sign-stealing, “Luhnow responded to that email a day later: “These are great, thanks.” He wrote another email about three hours later. “How much of this stuff do you think [Hinch] is aware of?” In the face of all of this, Luhnow denies all knowledge of the sign-stealing scheme.

There you have it. The GM had the front office create a cheating system and tried to hide it from the Manager. Manager Hinch did not feel like he could stop the cheating system because it appears that it was condoned by the front office. What does that tell you about the toxic culture that existed at the Houston Astros? Manager Hinch knew the sign stealing scheme was wrong but could not go to his boss because he thought his boss was the one who had approved the scheme in the first place. It is only going to get worse for the Astros

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020

 

From Vaudeville to the Silver Screen to the Small Screen, the Marx Brothers made an impact wherever people found them. Now Tom Fox and Mike Volkov have wedded their love of the Marx Brothers with their passion for compliance and bring them into the boardroom to help explain and explore the sometimes-chaotic world of governance, risk-management, ethics and compliance. In this episode they begin a three-part series where they discuss the movie A Night at the Opera and how it informs the 2019 in Compliance, FCPA enforcement actions and Compliance into 2020 and beyond.  In this episode we put on our prognosticator’s turbans and looked into the veiled land of 2020 and beyond in compliance.


Highlights from the podcast include:

1.     Why data will become more important in compliance?

2.     You have an ABC compliance program. What about Anti-Trust and Trade Compliance?

3.     How do the OFAC Compliance Framework and Anti-Trust Division Guidance inform ABC compliance?

4.     Where will compliance convergence go in 2020?

5.     Will 2020 be the year of the ‘Ethical Edge’?

6.     What will happen to FCPA enforcement numbers in 2020? What about individual prosecutions.

Resources

Mike Volkov-FCPA Predictions for 2020

Tom FoxCompliance Insights for 2020 and Beyond

Marx Brothers-The Sanity Clause SceneYouTube