22 October 2008

EESA: Oversight & Legal Filings...

What is on the mind of GCs in the United States and United Kingdom? What are they saying about the costs of litigation, labor and employment, the financial/subprime crisis, regulatory investigations and FCPA, e-discovery preparedness and patent infringement claims. A Fulbright & Jaworski 5th year survey, gets the answers from 350 senior-level executives.

Lawsuit fears also vary across the United States: California companies have qualms about employment cases; Northeastern companies worry about environmental cases; and Southern companies expressed concerned about class actions and products liability lawsuits.

The survey responses indicate that lawsuits filings ultimately vary by industry.

During the past year, two-thirds of insurance companies reported at least six new lawsuits, followed by 55 percent of retail companies.

Manufacturing companies were the third most sued industry, with 54 percent facing six new claims. Health care providers followed closely behind with 52 percent reporting a half dozen new cases.

Two industries were far less likely to face multiple lawsuits in one year.

Thirty-seven percent of financial services companies reported six new lawsuits compared with 30 percent of technology firms.


Somehow we think the financial services companies are going to see a large spike in the next nine months. The SOX cases will be tested and there will be a few that won't get settled. The outcomes will set the precedence for Corporate Governance related suits for years to come.

Keep on "eye" on this one. Part of the new EESA legislation will have some kind of IG and oversight. This will be keeping the legal teams busy:

7) Compliance: The law establishes important oversight and compliance structures, including establishing an Oversight Board, on-site participation of the General Accounting Office and the creation of a Special Inspector General, with thorough reporting requirements. We welcome this oversight and have a team focused on making sure we get it right.

The Special Inspector General's purpose is to monitor, audit and investigate the activities of the Treasury in the administration of the program, and report findings to Congress every quarter.


The "TARP" Inspector will have their hands full and since they are appointed by the President, you can be sure that they will not be too partisan.

17 October 2008

Ethics: Management 101 to the rescue...

A few years ago there was an anonymous posting on CSO Online about "Doing the Right Thing". It could only be about the rules and policies set down by the ethics committee. Right?

"Directors and executives now must take an active leadership role for the content and operation of compliance and ethics programs," the U.S. Sentencing Commission's statement reads in part. "Companies that seek reduced criminal fines now must demonstrate that they have identified areas of risk where criminal violations may occur, trained high-level officials as well as employees in relevant legal standards and obligations, and given their compliance officers sufficient authority and resources to carry out their responsibilities."

The commission notably adds: "If companies hope to mitigate criminal fines and penalties, they must also promote an organizational culture that encourages a commitment to compliance with the law and ethical conduct by exercising due diligence in meeting the criteria."


Every Fortune caliber organization from financial services to health care has already implemented a pervasive compliance program to mitigate the risk of ending up with the SEC or US Attorney in the lobby.

The catalyst behind these initiatives is generated from the U.S. Sentencing Commission's Organizational Sentencing Guidelines. They allow for more lenient sentencing if an organization has evidence of an "effective program to prevent and detect violations of law."

The Guidelines contain criteria for establishing an "effective compliance program."

These include oversight by high level officers, effective communication to all employees, and reasonable steps to achieve compliance such as:

  • · Systems for monitoring and auditing
  • · Incident response and reporting
  • · Consistent enforcement including disciplinary actions

Yet the corporate incivility continues. Why is it that we can’t pick up the morning paper or listen to the news on the way to work without hearing about a new indictment of a top ranking officer?

Here lies the question many Board of Directors are scratching their heads about these days. How can we avoid these ethical and legal dilemmas and how can they be addressed without creating a state of fear and panic?

That’s when we really learned that this game of business is just about the human factors. It’s really not about the controls, the monitoring or even the awareness programs. It’s about being a model manager, and a model human being.

The odds are it will be the human factors that are going to be what gets you on the steps of the local federal building. And it all comes back to good old-fashioned management 101.

As indicated, the great manager can impact the lives of tens or hundreds of people in your company. Conversely, the uncivil manager can wreak havoc with a similar numbers of lives. The position of management is ever so powerful to influence those around them.

Your company wide compliance initiative has the elements that provide guidance for creating a program that the government is likely to look favorably upon. The problem is that these same criteria inadvertently communicate the message that implies building a program based on this formula is enough. It isn’t.

13 October 2008

Homeland Security: The Risk of Fusion Man...

Modern Day Operational Risk Management, requires a multi-skilled and versatile individual. Someone who understands the difference between "Information Warfare" and "Cyberterrorism." And if you were born after 1980 and part of Generation Y, then you might even have more insight on how Sam Fisher has managed his way through unimaginable risks throughout his career as a Splinter Cell operative. You understand why Homeland Security is evermore focused on HUMINT and our national security is ever so vulnerable to an increasing reliance on the Internet Protocol (IP).

Information warfare is an attack against computers, networks, or information systems to coerce or intimidate a government and its people. These attacks result in violence against people or property and generate fear. Attacks that disrupt nonessential services or create a costly nuisance are not considered information warfare. Cyberterrorism results in severe effects such as death, bodily injury, explosions, plane crashes, water contamination, severe economic loss, and so on.

Information warfare is easily and most effectively waged against civilians. Because of its size and reliance on technology, no nation is as vulnerable to information warfare as the United States. Information warfare can be waged anonymously, or with all the publicity in the world.

If were born before 1960 and you fall into the "Baby Boomer" category, you better spend some time with your "Generation Y" kids or nieces or nephews, if you want to better understand what is now coming over the threat horizon. There have been published reports of Global Hawks and Predators seeking out their targets with skilled aviators located thousands of miles away. These tools and systems of warfare are easily turned in our own direction and now Homeland Security finds it nexus with some new Operational Risk challenges. Accomplished authors such as P.W. Singer writes about "What happens when science fiction becomes battlefield reality"?

If issues like these sound like science fiction, that’s because many of the new technologies were actually inspired by some of the great sci-fi of our time ­ from Terminator and Star Trek to the works of Asimov and Heinlein. In fact, Singer reveals how the people who develop new technologies consciously draw on such sci-fiction when pitching them to the Pentagon, and he even introduces the sci-fi authors who quietly consult for the military.

But, whatever its origins, our new machines will profoundly alter warfare, from the frontlines to the home front. When planes can be flown into battle from an office 10,000 miles away (or even fly themselves, like the newest models), the experiences of war and the very profile of a warrior change dramatically. Singer draws from historical precedent and the latest Pentagon research to argue that wars will become easier to start, that the traditional moral and psychological barriers to killing will fall, and that the “warrior ethos” ­ the code of honor and loyalty which unites soldiers ­ will erode.

Homeland Security professionals and new recruits to the various public and private sector organizations are ever more savvy and vital to managing the risks of the coming decades. Technology and the newest inventions of the human mind are consistently applied for the purpose of good and the well being of our fellow man. We are consistently pushing the outside of the envelope to fly farther and faster, even if it means becoming a "Fusion Man."

Swiss adventurer Yves Rossy flew from France to Britain Friday propelled by a jetpack strapped to his back -- the first person to cross the English Channnel in such a way.

Rossy, a pilot who normally flies an Airbus airliner, crossed the 22 miles between Calais and Dover at speeds of up to 120 mph in 13 minutes, his spokesman said.

When the white cliffs of Dover came into view, he opened a blue and yellow parachute and drifted down in light winds to land in a British field where he was mobbed by well-wishers.

"Everything was perfect," he said afterwards. "I showed that it is possible to fly a little bit like a bird."

Rossy traced the route of French aviator Louis Bleriot, who became the first person to fly across the Channel in an aircraft in 1909.

The Swiss pilot was propelled by four kerosene-burning jet turbines attached to a wing on his back. He ignited the jets inside a plane before jumping out more than 8,000 feet above ground.


We suspect that Mr. Rossy has hired some very competent lawyers to work on his patents and licensing of intellectual property. By now, it all may be classified and Sam Fisher is taking his first test flights.

07 October 2008

FCPA: 21st Century Investigations...

Intellectual property theft, corporate espionage, transnational economic crime and the Foreign Corrupt Practices Act (FCPA) are on collision course with international 21st Century investigators. New age professionals who were almost born with a keyboard or PDA in their hand; remain ever vigilant.

The use of third parties, offshore banking and other avoidance mechanisms such as Black Market Peso Exchange (BMPE) increases the potential for theft, corruption and abuse buried in global commerce using the Internet Protocol (IP).

The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term "knowing" includes conscious disregard and deliberate ignorance. The elements of an offense are essentially the same as described above, except that in this case the "recipient" is the intermediary who is making the payment to the requisite "foreign official."

Intermediaries may include joint venture partners or agents. To avoid being held liable for corrupt third party payments, U.S. companies are encouraged to exercise due diligence and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives. Such due diligence may include investigating potential foreign representatives and joint venture partners to determine if they are in fact qualified for the position, whether they have personal or professional ties to the government, the number and reputation of their clientele, and their reputation with the U.S. Embassy or Consulate and with local bankers, clients, and other business associates. In addition, in negotiating a business relationship, the U.S. firm should be aware of so-called "red flags," i.e., unusual payment patterns or financial arrangements, a history of corruption in the country, a refusal by the foreign joint venture partner or representative to provide a certification that it will not take any action in furtherance of an unlawful offer, promise, or payment to a foreign public official and not take any act that would cause the U.S. firm to be in violation of the FCPA, unusually high commissions, lack of transparency in expenses and accounting records, apparent lack of qualifications or resources on the part of the joint venture partner or representative to perform the services offered, and whether the joint venture partner or representative has been recommended by an official of the potential governmental customer.


Digital fingerprints and technology has changed the way we manage and store information just as it has changed the way cases are developed and presented to new juries who understand the evidence. Organizations operating on a global scale with branch offices in London, Frankfurt, Mumbai, Hong Kong and Shanghai are continually exposed to operational risks associated with rogue employee behavior in the normal course of doing business in country. The legal matrix of risk exposures are magnified by Internet commerce, privacy, intellectual property and transnational policing.

In the recent "2008 Report to the Nation on Occupational Fraud and Abuse" by the ACFE, the Banking / Financial Services industry group suffered the highest frequency of losses:

  • # of Cases - 132
  • % of Cases - 14.6%
  • Median Loss - $250,000.00
The type of scheme with the highest percentage was corruption at 33.3% of banking cases. Government had 106 cases with 26.4% of these associated with corruption. The telecommunications sector endured the biggest impact with 16 cases reported yet with a median loss of $800,000.00 . Healthcare suffered 76 fraud cases at 26.3% involving corruption.

In all cases the digital trail is there for the forensic professionals to track, trace and assemble the history and chronology of events. Unfortunately for the prosecution and the plaintiffs, there is a tremendous backlog for the collection and analysis of this modern day CSI. Independence and expertise is the key element of getting your favorable day in court. Judges and juries are far more educated on the new Federal Rules of Evidence and Civil Procedure. Lawyers are utilizing the eDiscovery threat to force premature settlements. Meanwhile, the digital evidence continues to be collected, imaged and stored for analysis waiting it's day in court.

21st Century investigators utilize digital forensic certifications and training combined with years of education and experience. Managing the legal risk to institutions and those who have been implicated is their only priority by achieving a defensible standard of care. Judging the evidence is not their interest nor their objective. Insuring that the relevant information is soundly collected, preserved and presented without spoilation or prejudice, is the primary mission.