The Moody Blues finally made it to Houston last week (well Sugar Land – but close enough). They were celebrating the 50th anniversary of the release of what many call the first progressive rock album, Days of Future Passed. While there was certainly sadness in the air as tributes to Ray Thomas were played, there was also celebration of the Moody Blues finally being inducted into the Rock and Roll Hall of Fame. The concert was less a standard raucous rocking affair when the band returned from intermission to play this fabulous album straight through.

The album features music by singer-songwriter and guitarist Justin Hayward, Mellotron played by then keyboardist Mike Pinder and “the band and the orchestra only actually play together during the final song part of “Nights In White Satin”.” The album is one of the earliest examples of progressive rock music, which featured psychedelic rock ballads and orchestral interludes by the London Festival Orchestra. Bill Holdship, writing in Yahoo! Music, has said the band “created an entire genre here.” David Fricke and Robert Christgau, writing in Rolling Stone, cited it as one of the essential albums of 1967 and finds it “closer to high-art pomp than psychedelia.” Will Hermes, writing in Spin Magazine, cited the album as an essential progressive rock record. An influential work of the counterculture period, Bruce Eder writing in AllMusic called the album “one of the defining documents of the blossoming psychedelic era, and one of the most enduringly popular albums of its era.”

While the album concept has largely faded from the music scene in favor of one shot downloads, albums were the way we got to know bands and musicians when I was in my formative years. You can close your eyes listen to Days of Future Passed over and over again and literally see the entire album flash across your mind. While “Nights In White Satin” probably was more popular as the top single song from the album, for my money it was “Tuesday Afternoon”. But listening to the entire album straight through in concert was a treat to behold.

I thought about taking this bigger picture view in the context of the Control Risks 2018 Risk Map, entitled RiskMap 2018. It is one of the definitive forecast of political and security risk across the globe in the coming year. The top five listed risks for 2018 were: 

  1. North Korea – While Control Risks believes war on the Korean peninsula is unlikely, the paths of escalation are clear, de-escalation is harder to plot. The search is on for the least bad option, but it’s not clear what that is. The risks of miscalculation and accidental escalation are the highest they’ve been since North Korean leader Kim Jong-un assumed power.
  2. Large scale cyber-attacks targeting infrastructure – 2017 was the year of large-scale but random disruptive attacks. Control Risks believes that 2018 will see the likes of WannaCry, NotPetya and BadRabbit recur, but in a more powerful, targeted and disruptive manner. National infrastructure systems are particularly at risk.
  3. Protectionism policy of the Republican administration – Control Risks believes there is a low likelihood but if does occur, it will likely be a high impact, but the threat is there: in a year of mid-term elections, NAFTA negotiations fail to make enough headway, the administration pulls the US out of NAFTA and the WTO, and goes after China on trade, causing profound disruption to international commerce.
  4. The big power rivalry in the Middle East – Control Risks believes that across the region, the combination of an ambitious Saudi Arabia and assertive Iran informs and inflames conflicts and enmities in Syria, Lebanon, Iraq and Yemen and between Israel and the Palestinian Territories. Control Risks does not believe these two countries will go to war.
  5. Personalized leadership – Astride the business risk landscape is a collection of assertive world leaders who rely on nationalism and, to varying degrees, populism. Prone to capricious decision-making, they find foreign companies convenient targets. More than ever, knowing the mind of the person at the top is essential.

Each of these areas has full reports dedicated to them and available for download. Further, the Risk Map is broken down by region. The main map covers the countries of the world and provides regional nuance within and across national borders. The Maritime, Kidnap and Travel Risk maps give further insights into Control Risks areas of specialist expertise. In short all of this information is available for any compliance professional for use in helping to assess your annual risks going forward. It is a visual, data and information feast for anyone interested in global risk, in a wide variety of areas.

If you are in the Houston area, the Greater Houston Business and Ethics Roundtable (GHBER) is privileged to have Control Risks present its 2018 Risk Map at our first meeting of the year, this coming Thursday, 25th January, from 8-10 AM at the offices of Marathon Oil, here in Houston. Our presenter will be Control Risks Director, Jonathan Wood, the author of the White Paper on the Number 1 listed risk of the Global Powder Keg, including North Korea. Wood leads Control Risks’ Global Issues practice, on global political, operational, security and integrity risks to multinational organizations in the oil and gas, mining, insurance, financial services, retail, construction and technology sectors. His subject matter expertise encompasses geopolitics, global governance, economic development and transnational security issues. He leads Control Risks’ analysis of transnational terrorism, single-issue direct action, and geopolitics. In short, Wood knows his stuff and he can further educate all who attend the GHBER meeting.

If you are in Houston, I hope you can join us. The information Control Risks makes available is worth it. For more information on the GHBER meetings, featuring Jonathan Wood of Control Risks, go the GBHER website.

While you are considering all this, I heartily suggest you download Days of Future Passed from iTunes, sit back and get ready for a great audio and imaginary travel through a day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Are CCOs at risk? Indeed is should the entire compliance industry be running for cover. Adam Dobrik explores explore in GIR. Court Golumbic explores in “The Big Chill”: Personal Liability and the Targeting of Financial Sector Compliance Officers” in the NYU Compliance and Enforcement Blog.
  2. Tom and Mike Volkov argue the new FCPA Corporate Enforcement Policy has ended, once and for all, the debate around amending the FCPA to add a compliance defense. See Tom’s article in Compliance Week Magazine and listen to Mike Volkov’s podcast.
  3. The FCPA will be with us for years to come, argues Jaclyn Jaeger in her Compliance Week piece, “How the FCPA withstands the test of time
  4. Teva Pharmaceuticals resolves bribery case with Israel authorities. Chiam Gelfand reports in a guest post on the FCPA Blog.
  5. Ben DiPietro considers whether AI will have machine executable rules, in the Wall Street Journal Risk and Compliance Report.
  6. Roy Snell publishes a heartfelt letter to retiring Pat Kelly, the FBI Integrity and Compliance Officer in the SCCE Blog.
  7. Matt Kelly explore the salary misconduct penalty in two posts on his Radical Compliance blog, The Salary Penalty for Misconduct and More Thoughts. Matt & I explored the issue on the most recent episode of Compliance into the Weeds.
  8. Jonathan Marks explains why skepticism is an auditor friend in Skepticism – a Weapon to Fight Fraud in his Board and Fraud blog.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program, sponsored this month by Convercent. In January, I bring together the entire year of compliance program best practices with 31 days to a more effective compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  11. Join Tom and Dun & Bradstreet CCO Louis Sapirman for a SCCE Webinar on 360-Degrees of Compliance Communication. Registration and information is available here.
  12. Jay is too worried about Tom Brady’s hand to get out a weekend report. Should he be? Jacob Feldman reports in Sports Illustrated.
  13. We preview this week’s NFL playoffs.

Do you recall the boycott of South Africa from the 1970s and 1980s as a lexicon of the global fight against apartheid? The boycott extended from business to sporting events and everything in between. The campaign was one of the key reasons for the fall of the white minority government. Now a new campaign fighting the specter of corruption in the country may be gaining traction as the New York Times (NYT) has reported that South African President Jacob Zuma agreed to set up a nationwide corruption commission to look into allegations of rampant corruption through looting of government agencies and state-owned entities, most particularly through Zuma’s links with the Gupta family. Zuma had long resisted such calls from government officials and even members of his own political party, the African National Congress (ANC).

There is not much doubt one of the companies to be investigated will be McKinsey and Company (McKinsey) and a transaction it worked on for the South African state-owned utility Eskom and a company controlled by the Gupta family named Trillian Capital Partners Ltd. (Trillian), in 2015 and 2016. In Q3 of 2017, reports began circulating about this transaction. In response McKinsey conducted an internal investigation but claiming it did not find any evidence of payment of bribes or other evidence of corruption which are illegal under the Foreign Corrupt Practices Act (FCPA). The report did find that the company had failed to follow its own internal compliance policies, procedures and internal controls by doing business with a third party which had not gone through the company’s full due diligence process. Additionally, McKinsey placed a partner in South Africa on a leave of absence. This partner had been involved in bringing a subcontract, which had been alleged to be either a politically exposed person (PEP) or conduit to a PEP into a consulting contract with McKinsey and “whether it knowingly let funds from state power utility Eskom be diverted to a Gupta company as a way of securing a $78 million contract to advise Eskom.”

The project which brought McKinsey to grief involved a restructuring plan for a South African state-owned utility, Eskom. The next step was to be implementation of the plan for which McKinsey was to be paid up to $370MM over four years. This amount was characterized in one internal McKinsey report as “exorbitant”. However, it was not price gouging which impacts the FCPA. It was McKinsey’s work with a business partner on the implementation, Trillian. Eskom alleged pointed McKinsey to partner with Trillian as a part of the requirement to work with a black empowerment partner. It turned out that Trillian was associated with the Gupta family. Six months after beginning work, McKinsey had not inked a contract with Trillian and Eskom pulled the implementation contract, after McKinsey “only” billing $76MM.

McKinsey has said that it has not uncovered any illegal payments under the FCPA. However, FCPA also prohibits the corrupt “offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to” a foreign official. Over-paying for a contract and having some of the over-payment rebated to foreign officials is a well-known bribery scheme. It would be easy to envision a bribery scheme where there is an “exorbitant” amount paid to the prime contractor, which then hires a subcontractor who receives a very high fee for bringing very little or indeed nothing to the project. Another tactic could be to simply begin a project before due diligence is completed, then if it comes back with uncleared red flags, claim the company is now contractually obligated to complete the work. Finally, there is simply the old-fashioned wink, wink, nod, nod where there is an ‘understanding’ the bribe receiver will be taken care of at some point in the future.

Further, even if there were no illegal payment or illegal promise to pay, there is the matter of McKinsey violating its own internal compliance controls, which can be a separate FCPA violation, even without evidence of bribery and corruption. At one point, McKinsey had said it has done nothing which would require it to self-report to the Justice Department. John Gapper, writing in the Financial Times (FT), said “This seems to be setting the reputational bar rather low.” It turns out his thoughts were not the final word on the subject.

Early this week, South African prosecutors ordered McKinsey to forfeit its share of the Eskom contract “after prosecutors argued that the fees may be the proceeds of corruption.” While McKinsey has previously apologized for “several errors of judgment” from its work on the project; it continues to proclaim its overall innocence stating, “We are returning the money not because we have done anything wrong but because Eskom has told us they did not follow the appropriate process.”

Recent revelations about McKinsey and others in South Africa over possible allegations of corruption have driven home a truism that many in the compliance space have known for some time; that South Africa has become one of the most corrupt countries on earth. When you couple a structural requirement baked into every government contract with a non-South African company for a local content partner with a corrupt system you have a recipe for rampant corruption. Such would appear to be the situation on South Africa today.

The Gupta family is widely viewed as the true power behind sitting President Zuma. The Guptas fingerprints are all over the transactions involving McKinsey and others. Yet this is only the highest profile allegations of corruption which is claimed to be ongoing in the country. Foreign companies are routinely directed to certain players under the requirement of the Black Economic Enterprise (BEE) requirement for a local South African partner. This alone is a well-known red flag under any anti-corruption compliance program.

With all the public information coming out of South Africa, it is not surprising to see reports that the FBI is now investigating US companies with ties to the Gupta family. Eric Holder has publicly stated he would not be surprised if the Department of Justice was investigating US companies for their actions in South Africa. With these revelations, one must wonder if a FCPA country sweep with the Justice Department focusing on South Africa is just around the corner.

Similar questions might be asked in the United Kingdom as Lord Hain, has accused the law firm of Hogan Lovells of aiding corruption at South Africa’s revenue service and has apparently referred the firm to UK’s Solicitor Regulation Authority for investigation. With South Africa’s continuing commercial connection to Great Britain the same question might be asked of the UK government, most specifically the Serious Fraud Office and other authorities under the UK Bribery Act.

For US and UK companies doing business with the South African government now is the time review your third-party risk management protocol for any local agents, distributors or partners in South Africa. If your company comes under scrutiny through a follow-on case, it may well fare much worse than a company which cleans itself up sooner rather than later.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018

In this episode, Richard Lummis and I consider the recent revelations which came to light that during the tenure of the former Chief Executive Officer, Jeff Immelt and the saga of GE’s ghost jets. Immelt had an empty plane fly behind his jet on corporate trips. This ghost jet tracked Immelt’s jet and was designed to be available if there was a mechanical issue, which presumably could not be fixed sufficiently in time for the CEO’s busy travel schedule. There were several important lessons which every Board of Director can learn from these revelations going forward.

Thomas Gryta, Joann S. Lublin and Mark Maremont, writing in the Wall Street Journal (WSJ), said that a GE spokesperson noted the reason for the ghost plane ““This practice, which GE has discontinued, involved business-critical itineraries with tight schedules, multiple international stops and, in most cases, security concerns.”” The spokesperson then gratuitously added, ““We do not believe that the understandable criticism of this discontinued practice fairly reflects on Jeff’s dedicated service to GE for over 30 years.”” However the WSJ piece, citing un-named sources said, “While CEO, Mr. Immelt wanted a backup jet in case there was a mechanical issue that could lead to delays”. The cost to operate the ghost plane was about $6500 per hour, adding up to $250,000 to the cost of each flight.

The New York Times (NYT) reported that the practice occurred during his 16-year tenure as CEO of GE. Yet it was the subject of an internal whistleblower complaint in 2014. The WSJ reported, “The company told GE’s directors the company had reduced the practice in mid-2014 and that the continued use of the backup plane was limited to isolated situations such as travel to risky destinations. The board members were previously unaware, the people said, and some were dismayed to learn of the practice. “Obviously, this was an excess,” one of these people said.”

Here was a clear misrepresentation to the Board of Directors. Even if limited to ‘isolated situations’ there was a CEO’s behavior and practices which was so egregious that it took a hotline compliant to change and the company executives were less than truthful to its own Board of Directors that the practice could continue. It was not as if company executives had any lack of understanding that the practice was not approved by the Board. The head of the Board’s Audit Committee mandated the practice must end.

To hide what was going on, the company went out of its way to hide the ghost plane practice as “Flight crews were told to not openly refer to the backup planes, for fear of raising eyebrows, especially at the small airport facilities for private jets, the people said. One person said the flight manifest sometimes listed “Robert Jeffries” or “Jeffrey Roberts” as the passenger on the second plane, when in fact the seats were empty.” That certainly sounds like someone trying to hide something.

What about the excuse that it was for security? James Stewart, writing in the NYT skewered that reasoning by citing to Scott Davis of Melius Research who stated, ““Not even heads of state get that kind of treatment.” Moreover, if the security was such a concern, why was GE sending its CEO there in the first place. Stewart wrote, “No one I spoke to in the field of corporate security said that made any sense, especially in the instance when the second plane stayed in Anchorage while Mr. Immelt traveled to Asia. There are plenty of planes there that could be chartered in case of emergency, not to mention commercial flights with first-class cabins and ample security. Robert Strang, a corporate security expert and the chief executive of the Investigative Management Group, told me he had been conducting security audits for chief executives for 29 years and could think of no similar example.” Finally, “If a destination is so dangerous that it requires a backup plane, then a C.E.O. shouldn’t be going in the first place”. And it’s not as if Mr. Immelt had been traveling to war-torn Syria or Afghanistan.

Next was a point that Immelt himself raised which spoke directly to business leadership. In a letter to John J. Brennan, chairman and CEO of Vanguard and GE’s lead director, Immelt said, “Given my responsibilities as C.E.O. of a 300,000-employee global company, I just did not have time to personally direct the day-to-day operations of the corporate air team.” He added, “Other than to say ‘hello’ I never spoke to the head of Corporate Air in 16 years.” The CEO of the company goes 16 years without once ever having a substantive conversation with the head of the group mandated with handling his air travel? Frankly I do not know whether to laugh or cry at this statement. If it is true what does it tell you about the Imperial leadership style of Immelt. If he is not telling the truth, it tells you about the liberties he is taking with his facts.

Stuart Davis also raised some obvious issues. If the CEO or his underlings were willing to violate the Board’s edict of no ghost jets; what else is there? Davis was further quoted, ““You hear about this and you have to wonder what else they were spending money on. You really have to question the financial oversight and controls and internal audit. You have to question the entire organization.””

According to the WSJ article, “GE informed its board’s compensation committee each year about how much the company had spent to fly Mr. Immelt on corporate aircraft, the people said. But those total amounts lacked details such as how many flights the CEO took, the number of pilots involved or the cost of aircraft fuel, people familiar with the process said. Directors assumed that GE’s human-resources executives had reviewed details about Mr. Immelt’s personal and business trips, according to one person. The GE board’s compensation committee should have requested more detail about Mr. Immelt’s usage.” Even if the Board was initially misled by GE executives, it should have asked for the details to test the information presented to it, especially as it had been the subject of a whistleblower compliant involving the CEO.

All this would seem to indicate that no one was either (1) running the ship, (2) watching the ship being run or (3) was interested enough to find out what was going on. That is laid at the feet of the Board, in not asking direct, probing questions. It also points to the role of compliance to resolve whistleblower issues and to monitor on an ongoing basis to ascertain if the remediation has been followed or the company reverted to its prior conduct. Finally, any CEO’s excuse that as a 30-year employee, including 16 as CEO and he never had time to say anything other than ‘hello’ to an employee speaks to a CEO who is not only ignoring his employees but clearing communicating that I do not care about you or your job function at this organization. How is that for not only tone at the top but also conduct at the top.

Today we continue our celebration and exploration of the original trilogy of Star Wars movies (plus-one) with a look at Episode VI. Return of the Jedi. In this final movie from the original three, the good guys win in the end after overcoming incredible odds, which was certainly a good result. Many fans and critics panned it for including the incredibly cute and furry Ewoks on the moon named Endor as a part of the storyline. Many thought one very tall Wookie was enough cuteness for the series. Yet the Ewoks did provide the setup to one of the movies best lines. The Ewoks thought one of Luke’s robots, C-3PO, was a god. Solo asked him to demonstrate some ‘god-like’ powers to which C- 3PO replied, “It is against my programming to impersonate a deity.”

This movie’s big reveal was that Luke and Princess Leia were twins and that she was now free to unabashedly pursue bad boy Han Solo. While Episode VI was the lowest grossing film of the original three, coming in at only $572MM worldwide, it was still a great ride and visually stunning. George Lucas’ in-house organ, Industrial Light & Magic (ILM), certainly earned their title for their special effects in the movie. The Sarlacc battle sequence was great, the speeder bike chase on the Endor moon was way cool and the space battle between Rebel and Imperial pilots was a great ride. At the Academy Awards ceremony for movies of that year, Richard Edlund, Dennis Muren, Ken Ralston, and Phil Tippett, all from ILM, received the Special Achievement Award for Visual Effects Oscar award.

I thought about this entry in the Star Wars oeuvre when I read that HSBC and the Department of Justice (DOJ) had petitioned the US District Court for the Eastern District of New York for the bank to be released from its five-year Deferred Prosecution Agreement (DPA) which was entered into in December 2012. Samuel Rubenfeld, writing in the Wall Street Journal (WSJ) Risk and Compliance Journal, said, “The expiration of HSBC Holdings PLC’s deferred-prosecution agreement releases the bank from its sword of Damocles, but the legacy of the agreement taught the industry some tough lessons about anti-money laundering compliance”.

Martin Arnold, writing in the Financial Times (FT), noted, “The ending of the DPA is a vindication for the outgoing management team of Douglas Flint, who retired as chairman this year, and Stuart Gulliver, who is due to hand over as chief executive to John Flint, his retail banking head, in February. Mr Flint and Mr Gulliver made it one of their priorities to clean up the bank’s anti-money laundering and sanction controls, investing more than $1bn in compliance technology and creating a financial crime risk unit that has more than 7,000 staff.” But there were more tangible effects as “the move is expected to allow HSBC to return more of the $8bn of trapped capital that regulators have forced it to keep in the US”.

HSBC obtained this result through extensive remediation in fulfilling the requirements of the DPA. Arnold cited to Stuart Levey, a former DOJ and US Treasury official, who HSBC hired as its chief legal officer in 2012, “We took the decision to apply US level standards across the entire bank, which we didn’t have to do, but it is clearly one of the reasons why the DOJ agreed to do a DPA rather than prosecute us. Of course we still have improvements to make and we always will.”

In a press release, chief executive Gulliver noted “HSBC is able to combat financial crime much more effectively today as the result of the significant reforms we have implemented over the last five years. We are committed to doing our part to protect the integrity of the global financial system, and further improvements to our own capability and contributions toward the partnerships we have established with governments in this area will remain a top priority for the bank into 2018 and beyond.”

Chad Bray, reporting in the New York Times (NYT) Dealbook column, said, “As part of the agreement, the bank bolstered its financial crime controls and added staff members in a broad reshaping of its compliance structure. An outside corporate monitor was appointed in 2013 as part of the agreement and was expected to continue to examine the effectiveness of the bank’s anti-money laundering and sanctions compliance systems.”

Rubenfeld spoke with Dan Wager, vice president of financial crime compliance at LexisNexis Risk Solutions, who “said the expiry indicates the bank addressed its systemic issues, “a task many thought was not possible.” He added that “Large financial institutions could no longer expect to spend their way out of the situation. They had to alter the systemic issues within their walls, and really truly address them.” He further added that government regulators would also learn from the HSBC enforcement action and DPA settlement resolution and that it might well become the template moving forward for remediation, concluding “Such an agreement has benefits that a criminal conviction doesn’t, he said, because it provides a roadmap for other banks to follow to enhance their compliance programs: “Some might say the entire financial system benefits from the pain of the target institution.””

At the end of the final episode of the first trilogy, Luke see the specters of Anakin Skywalker, Yoda and Obi Wan Kinobi in front of him. As the latest Death Star is destroyed, planets in the Rebel Alliance all celebrate. While I am not sure how much celebrating HSBC might be doing this week, they should have pride in making it through the five-year DPA. The bank worked very hard to overcome its miss-steps and hopefully it will continue to do so ethically and in compliance.

May the Force be with you.

My good friend Doug Cornelius is also running a week of Star Wars/compliance themed blog posts on his site Compliance Building. Check them out for his take on a more well-rounded Star Wars oeuvre.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017