Here are some compliance stories from the past week that I found interesting:

Shadowing a Swindler by Richard Tofel

His review of the Harry Markopolos book: No One Would Listen

[N]early all the whistleblowers she had met shared two qualities. First, they were onto something—that is, there was at least some truth to what they were saying. Second, they were “a little bit nuts.” … None of this behavior makes Mr. Markopolos’s case against Mr. Madoff any less convincing. Nor does it excuse the SEC. But it does provide a fuller picture of the author than the cardboard cut-out of the lonely hero we’ve been hearing about for the past 15 months. With his book, Mr. Markopolos sheds more light than he intends on just why no one would listen.

OECD Guidance On Internal Controls, Ethics and Compliance by Melissa Klein Aguilar in Compliance Week’s The Filing Cabinet

The OECD Working Group on Bribery has issued “Good Practice Guidance on Internal Controls, Ethics and Compliance,” which calls for companies in the 38 countries that are party to the OECD Anti-Bribery Convention to put in place strict internal controls and establish ethics and compliance programs as part of a strategy to combat bribery in international business deals.

Blagojevich Speaks on Ethics (And I Would Listen) by Chris MacDonald on The Business Ethics Blog

Of course, when you’re listening to someone who is accused of, or who has admitted to, significant wrongdoing, there’s no guarantee you’re hearing the truth. Some of them may be inveterate liars; others may be lying to polish their own image. So, naturally, you should take what they say with a grain of salt. But to think that there’s nothing to learn from them is a mistake.

To Improve Performance, Audit Your Employees’ Emails by Michael Schrage

Because the rhythm and rhetoric of effective email exchange is a critical success factor in business performance, mismanagement of email may in fact be a symptom of other weaknesses in your organization.

The Rise of  Client Collaboration by Jordan Furlong

Welcome to the world of client collaboration, where buyers of legal services share information with each other and where lawyers are often not needed on the voyage. The internet has enabled people with legal questions and problems to speak with and learn from each other on a massive scale, far beyond what was possible in the days before email and social networks. As a result, they are turning less frequently to their lawyers and more frequently to each other to acquire the legal information they need.

SIGTARP Quarterly Report to Congress

As important as assessing the effectiveness of TARP programs is, in the final analysis, TARP can truly only be a success if TARP is both managed well and its positive effects are enduring. The substantial costs of TARP — in money, moral hazard effects on the market, and Government credibility — will have been for naught if we do nothing to correct the fundamental problems in our financial system and end up in a similar or even greater crisis in two, or five, or ten years’ time. It is hard to see how any of the fundamental problems in the system have been addressed to date.

FCPA Enforcement in 2010: Prepare for Blastoff by Bruce Carton in Securities Docket

When Assistant Attorney General Lanny Breuer was recently asked to comment on enforcement of the Foreign Corrupt Practices Act in 2009, he minced no words: “One can say without exaggeration that this past year was probably the most dynamic single year in the more than 30 years since the FCPA was enacted.”

	Mark Fryenburg asked back to his speak to his class: CS 299 Web 2.0: Technology, Strategy, Community. I’m going to tackle personal knowledge management. After all, that is the reason that Compliance Building exists. I’ll be there on the afternoon of March 17. I did a similar presentation to this class last spring. Rather than the marketing aspects of blogs and web 2.0 tools, I’ll focus on how they can help you as individual in accumulating the knowledge you need to do your job and develop yourself professionally. Hopefully, I can open the eyes of these college students. Don’t assume that the digital generation knows how to use web 2.0 tools any better than you.
	In April will be heading down to San Antonio to an ICI Mutual Conference to speak about social media and compliance. My presentation will focus on the issues that investment companies and investment advisers will have in dealing with social media. This will be my first time in San Antonio.
	On May 6,  I will be speaking at the Annual Conference for the Association of Legal Administrators. My topic will be The Social Networking / Web 2.0 Revolution. I’m going to bring my experience as a lawyer, law firm client, legal administrator and user of web 2.0 to give a better understanding of the web can firms and ways that firms can manage the use of web 2.0.
	On May 17, I will be down in Miami at Interact 2010: The Legal and Compliance Technology Forum. I will be on a panel with Kathleen Edmond, Chief Ethics Officer of Best Buy and Janice Innis-Thompson, SVP & Chief Compliance Officer of TIAA-CREF. We will talking about governing social media. The focus will be on ways to monitor, manage and make the most of employee use of web 2.0 tools.
	From May 24 to 26, I will be hanging out at the Compliance Week 2010 Conference. I’ll be able to sit back and enjoy the great agenda and leading speakers from the industry and government. I had a great time at this conference last year and met some great people. So I’m going back for more. There should be some great compliance bloggers there: Francine McKenna of re: The Auditors, Bruce Carton of Securities Docket, Tom Fox of Tfoxlaw’s Blog (he needs a better name for his blog), Alex Howard of SearchCompliance.com, and Compliance Week Editor In Chief Matt Kelly
	For a change of pace, I’m speaking at Pax East on March 26 on Bringing up the Next Generation of Geeks. In my spare time, I’m a contributor to Wired’s Geekdad. The Pax East panel will be composed of a bunch of the GeekDad writers.

You can see my upcoming and past speaking engagement on my speaking engagements page.

Visit the Better Business Bureau

I occasionally like to look at consumer fraud complaints to see if I can learn any lessons for corporate compliance.On the consumer side there is tremendous volume of complaints and many parties trying to help.

It caught my eye when four different organizations got together to identify the top consumer complaints for 2009. Here are their lists:

Massachusetts Office of Consumer Affairs

1. Home Improvement Contractors
2. Auto Insurance
3. Health Insurance
4. Lemon Law
5. Foreclosure assistance

Massachusetts Attorney General’s Office

1. Time Share Resellers
2. Loan Modification Fee Schemes
3. Deceptive Advertising and Solicitations
4. Deceptive Lending Schemes
5. Fake Check Scams

Better Business Bureau of Eastern Massachusetts

1. New Car Dealers
2. Retail Furniture Dealers
3. Collection Agencies
4. Used Car Dealers
5. Movers

Federal Trade Commission

1. Identity Theft
2. Third Party/Creditor Debt Collection
3. Foreign Money Orders/Check Scams
4. Internet Services
5. Shop-at-Home and Catalogue Sales

Differences in the Lists of Complaints

I’m sure each agency has a different taxonomy for categorizing complaints so it’s not fair to compare across agencies. I will anyhow.

It seems really strange that the lists are so different. You would think that there would be some common themes.

I see “Lemon Law” on the Office of Consumer Affairs, with “New Car Dealers” and “Used Car Dealers” on the Better Business Bureau list. So they both have cars, but no sense of the consumer complaint from the BBB list.

The Office of Consumer Affairs has “foreclosure assistance” and the Attorney General has “Loan Modification Fee Schemes” on its list. I sense those entries are a sign of the times and each agency is trying to focus on those related issues.

How you intake complaints will affect how you classify complaints and how you report on complaints. So I thought it would be a useful exercise to see how these agencies intake complaints to see if you can see a relationship to their top complaints.

Federal Trade Commission

Why does the FTC have a category for “Internet Services”? That seems way too broad. I guess it is just the “internet is scary” category. So I tried out the FTC Complaint Assistant.

Its no surprise that “Identify theft” is the top category. That the first question asked. So with the FTC complaint everything is either an identify theft complaint or something else.

The something else is then divided into “Debt collectors or debt collection practices”, “Credit Reports” or something else. So its no surprise what the second item is on the FTC list. It does leave me surprised that “Credit Reports” did not make their top five. The “internet” is one of the categories in other, but the other two on the top five are no obvious from the input taxonomy.

Better Business Bureau

Next I went to the Better Business Bureau’s online complaint form.  Their form’s taxonomy is

• my vehicle
• My cell phone or wireless carrier
• a product or service (other than a vehicle or a cell phone)
• a charity
• children’s advertising

So its no surprise that New Car Dealers and Used Car Dealers are in their top five list.

Massachusetts Office of Consumer Affairs

I thought it was strange to see this agency in the mix because it has a limited mandate when it comes to consumer complaints. If you go to their How to Resolve a Consumer Problem webpage they make it hard to even find how to file a complaint with this agency.

They really just have jursdiction on Lemon Law disputes and home improvement arbitration. So what’s odd is that lemon law was only in the number four position in their top five.

(In the interest of disclosure, I worked as a intern at this agency working on consumer complaints.)

Massachusetts Attorney General

This consumer complaint form has the broadest taxonomy, with two dozen categories to choose among.  I would put the most faith its listing of the top consumer complaints because you are not forcing them into a box.

But that leaves me wondering how “time share resellers” are above “loan modification fee schemes”? Maybe there are just lots of people trying to unload their time shares in this bad economy so they can avoid having to modify their loan.

Sources:

• Press Release: Top 5 Consumer Issues and Complaints Outlined by Patrick-Murray Administration’s Office of Consumer Affairs and Business Regulation, Attorney General’s Office, Better Business Bureau, and Federal Trade Commission

If you want to see a classic case of the problems with selective disclosure take a look at the recent SEC case against Presstek, Inc. and its former CFO.

Presstek was having a bad quarter in 2006. The CFO knew that the company would be reporting bad financial performance for the quarter. The CFO told an investor that the results would be bad. The investor immediately sold its shares in Presstek. The next day Presstek publicly released its poor financial performance for the quarter.

Slam dunk.

It’s that kind of selective disclosure that the SEC was trying to prevent when it enacted Regulation FD. It is bad that some investors could preferential treatment to material information and be able to act on that information before the general public.

“This investigation related to matters that occurred prior to the changes in executive leadership which took place in 2007,” said Jeff Jacobson, Presstek’s Chairman, President and Chief Executive Officer. “We feel very strongly about corporate governance and we are pleased to put this legacy issue behind us.”

In addition to the $400,000 settlement with the SEC, Presstek also had to pay a $1.25 million to settle a securities class action case related to the matter.

Even though it was a straightforward violation, the question I have is: How did the SEC find out? Perhaps they noticed the spike in the selling of shares and the purchasing of puts by the investor. Perhaps somebody blew the whistle? Perhaps the company self-reported?

Sources:

• SEC Complaint
• SEC Press Release – Litigation Release No. 21443 Securities and Exchange Commission v. Presstek, Inc. and Edward J. Marino, 1:10-CV-10406 (D. Mass. March 9, 2010)
• Presstek Press Release: Presstek Announces Resolution of SEC Investigation
• Presstek Announces Receipt of “Wells Notice” From SEC Staff
• Regulation FD 17 CFR Parts 240, 243, and 249
• REG FD – A New Enforcement Priority by Thomas Gorman in SEC Actions

It’s always useful to look at what your competition is doing. The same is true in drafting your code of conduct (or code of ethics or whatever name you chose). It is useful to look at you what your competitors’ codes of conduct look like.

Since Sarbanes-Oxley requires a public company to have a code of conduct, its fairly easy to dig around the investor relations portion of their website or SEC filings to get your hands on examples.

Since my company is a real estate company, I put together a database of Codes of Conduct for Real Estate Companies.

My original goal was to find codes for other real estate private equity companies. I struck out.

So I expanded to public REITs and real estate investment advisers. All of the companies in the database are public.

So far I have not found a private real estate company that has published its Code of Conduct. This is what I expected and not a criticism. In fairness, I haven’t publicly published my Code of Conduct.

With compliance, it’s better to think of competitors as peers instead of the competition. You might get some market gain with a competitor lost to a compliance or ethical failure. You’re more likely to get more government oversight and regulation, less of investor confidence and many more headaches.

Database of Codes of Conduct for Real Estate Companies

Image of Columbia Center is by simonsonjh from Wikimedia Commons

Money Laundering is bad and financial institutions need to have internal controls policies, procedures and processes to identify higher-risk accounts and monitor the activity. At the core of an anti-money laundering program is that an institution must know its customers and the risks presented by its customers.

The program becomes more difficult when the customer is a corporation or legal entity.

An alphabet soup of federal regulators just jointly issued new guidance “to clarify and consolidate existing regulatory expectations for obtaining beneficial ownership information for certain accounts and customer relationships.” The Financial Crimes Enforcement Network, Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, Securities and Exchange Commission, and Commodity Futures Trading Commission all joined in the guidance.

Identifying the ownership and control of a legal entity can be difficult. Often, the only way to get the information is from the entity itself, with no third party way to identify the veracity of the information. Most financial institutions struggle with how far to dive into a legal entity to determine the beneficial ownership.

This joint guidance effectively adopts the FinCEN definition of beneficial owner:

“[T]he individual(s) who have a level of control over, or entitlement to, the funds or assets in the account that, as a practical matter, enables the individual(s), directly or indirectly, to control, manage, or direct the account. The ability to fund the account or the entitlement to the funds of the account alone, however, without any corresponding authority to control, manage, or direct the account (such as in the case of a minor child beneficiary), does not cause the individual to be a beneficial owner.” [31 CFR 103.175(b)]

The first step is to obtain enough information about the structure and ownership of the entity so you can determine if the account will pose a heightened risk. With a heightened risk, you should conduct enhanced due diligence.

Accounts for senior foreign political figures always require Enhanced Due Diligence that is reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption. [31 CFR 103.178 (b)(2) and (c)]

The one interesting statement is that financial institutions should consider implementing policies on an enterprise-wide basis to share information about beneficial ownership of their customers. Anti-money laundering staff should be able to cross-check for information with other departments. Avoid silos of information.

The guidance does not offer anything new or insightful. But it is good to see the regulators joining together to try to standardize the expectations across different types of financial institutions.

Sources:

• SEC Release 34-61651 Policy Statement on Obtaining and Retaining Beneficial Ownership Information for Anti-Money Laundering Purposes
• FIN-2010-G001 FinCEN Clarifies Expectations Regarding Beneficial Ownership Guidance Released in Conjunction with Financial Regulators
• Board of Governors of the Federal Reserve System SR 10-5 Interagency Guidance on Obtaining and Retaining Beneficial Ownership Information
• OCC 2010-11 Bank Secrecy Act/Anti-Money Laundering: Beneficial Ownership Guidance
• 31 CFR 103.175(b)
• 31 CFR 103.178

Image is by AlwaysAwake: Money Laundering: Hiding ownership and profits in offshore jurisdictions using myriad mechanisms in Switzeland, money laundering capital of the world, & other islands and nations. Favorite tool of mega-rich arch-criminal banking & corporate investors

National Consumer Protection Week 2010 is March 7-13.

Take advantage of the FTC’s free resources, which can help you protect your privacy, manage money and debt, avoid identity theft, understand credit and mortgages, and steer clear of frauds and scams.

This year’s theme is Dollars & Sense: Rated “A” for All Ages. The idea is to highlight the importance of using good consumer sense at every age, from grade school to retirement.

In the meantime, Congress still seems to be thinking about whether there should be a federal consumer protection agency and who should be in charge of it. Senator Dodd appears to want it under the umbrella of the Federal Reserve. US Representative Barney Frank wants a Consumer Financial Protection Agency to be an independent watchdog on financial issues.

For a more light-hearted view:

Sources:

• Frank: Proposal for Fed consumer protection agency ‘like a bad joke’
• Funny or Die’s Presidential Reunion

Books about compliance, business ethics, law and financial markets can be well written, interesting and thought-provoking. But they’re not fun.

So I decided I needed change and found a whimsically absurd novel that touches upon compliance: Shades of Grey, by Jasper Fforde.

Chromatacia is a world where people have limited ability to see color and your standing in the community depends on the colors you can see and how well you can see them. At the top of the social order stand those who see purple. At the bottom are the greys who can’t see any colors. Society is dominated by color and you are what you can see.

The protagonist is Eddie Russert, a red-seeing youth who has been punished with a humility reassignment for a school prank. Eddie is sent out to a fringe city with a “Pointless Task” of conducting of a chair census.

The book is more about a totalitarian regime than compliance. But it’s the rules that run the regime and compliance with rules that keeps society in order.

“But they were the Rules – and presumably for some very good reason, although what that might be was not entirely obvious.” For instance it is forbidden to count sheep, make new spoons or use acronyms. There is also a ban on the numbers between 72 and 74.

“The Rule book tells us precisely what is right or wrong — that’s the point. the predictability of the Rules and the unquestioning compliance and application is the bedrock of —” Eddie is cut off by Jane, a grey in the village of East Carmine. It’s his interest in Jane that sends Eddie on his adventures in Shades of Grey.

Jasper Fforde is probably best known for his Thursday Next series of books where literature has a prominent place in everyday life. Thursday Next herself being in the Literary Detective Division of Special Operations at starts the series by looking into who has stole a manuscript and killed one of the characters in it, changing the story forever. If you enjoyed those books, you will also enjoy Shades of Grey.

Setting Off Alarm Bells at Work by Steven D. Levitt on Freakonomics

Apparently, the use of such internet sites [Facebook]  is not tolerated by CPS and rather than block those websites altogether, accessing them causes this ear-piercing noise to go off that sounds something like a fire-department wagon passing directly by you.

…

The firm gives the workers an incomplete list of which sites are banned.  Thus, the worker can never be quite sure when they go to a site that should be banned (but may or may not actually be alarmed due to the difficulty of identifying and banning every naughty site), if they will trigger the alarm.

CNBC Video: Madoff Whistleblower Speaks from Securities Docket

CNBC’s Mary Thompson’s interview with Harry Markopolos, the Madoff whistleblower who is now promoting a book on how he he tried to warn the SEC and others about Madoff’s Ponzi scheme.

The Depressing Tone of Bank of America by Matt Kelly of Compliance Week

Sometimes corporate leaders step up and do the simple, ethical thing, and their tone at the top is a harmonized chorus delightful to hear. Sometimes they do the wrong thing, and their tone is more like a tribal screech of self-interest.

Internal Review of a Proposed Foreign Business Partner by Thomas Fox

A Foreign Business Partner Review Committee should be established which is tasked with reviewing all the investigative due diligence and the Business Unit’s case for partnering with the person or entity. The next area of review should of the proposed Foreign Business Partner’s ethics and compliance program. Such a program should have, at a minimum, the following elements of a Foreign Corrupt Practices Act (FCPA)-style compliance program in place.

To Be or Not to Be Honest with the SEC by Suzanne Barlyn in the WSJ’s Financial Advisor

Weighing the risks and rewards of voluntarily reporting compliance lapses to the Securities and Exchange Commission is a tricky issue for investment advisers. Gene Gohlke, associate director of the SEC’s Office of Compliance Inspections and Examinations, recently tried to ease advisers’ concerns about self-reporting violations that their compliance programs catch, such as certain trading errors.

I am a believer that the use of 2.0 tools can help compliance professionals. (Hopefully, this blog is a part of that proof.)

Moving to the inherently open communication of 2.0 tools from the inherently private channel communication of email can expose sunlight on behavior and expose information. Incorrect information and behavior can be corrected. Bad information and bad behavior can be seen and stopped before it snowballs into something larger.

I often hear people take the position that the digital youngsters coming out of college can use these Web 2.0 tools as easily as dialing a phone or that they are demanding them in the workplace. I don’t think that’s not true.

Law Schools and Wikis

Eric Goldman and Luis Villa shared their experiences in using wikis as part of their classrooms. It certainly sounds like their students struggled with using these tools, both behind the firewall and in the public Wikipedia.

In Mr. Goldman’s case he offered his law students the opportunity to publish an article in Wikipedia for 20% of their grade. About a quarter of the students in his cyberlaw class at Santa Clara University School of Law took him up on his offer.

In reaction to that article, Mr. Villa recounted his experience using a school-hosted wiki as part of his classes at Columbia Law School.

Other wiki concepts, like extensive linking, or publishing drafts to the world in wiki-style, were apparently even more strange to most of my classmates. None of the four class wikis were deeply interlinked or cross-referenced, outside of what was necessary to create a table of contents and occasional outlinks to wikipedia. Similarly, few students were willing to post works-in-progress to the wiki and refine them there- most students preferred to work privately and then put a final text into the wiki.

Collaboration Between Generations

I found the same to be true at my old law firm. In particular, the younger attorneys did not want interim drafts to be seen and were reluctant to contribute content. The more seasoned attorneys were more willing to edit and add information. The vast majority of article creation was limited to a small group.

In my view, younger team members are reluctant to produce content because they do not want to expose their lack of knowledge, they do not want to expose themselves for criticism and they have little grasp of the technology.

The lack of knowledge is true regardless of how you teach collaboration. It would seem silly to put the youngest members of the team in charge of the team’s knowledge and content production. They have the least understanding of the subject matter.

Dealing with Criticism

The criticism issue has two parts. On one side, I don’t think students are taught to collaborate. They go through school being graded on their individual performance. The few classes that grade as a team are outliers.

The second issue is the internal culture of  your company. Collaboration requires trust. You need to work as a team and avoid individual blame. It also requires sharing the credit for good work among the team. That is just how your company or group at the company operates. Technology does not change culture.

The Technology

As both Goldman and Villa point out, the technology is still a barrier. There are many inherent limitation in a wiki that you don’t have with Microsoft Word. I think the wiki markup language is a mistake. I think platforms should just use html based code.

Regardless of the underlying code, web-based documents do not have the rich formatting of Word. Arguably, you don’t need the vast majority of that formatting. It’s still very frustrating when something easy to do in Word is hard to do in a wiki.

Printing is another issue. In the end you may want to print hard copies. I have experienced widely different quality in what happens when a wiki page goes to the printer.

Wiki for One

I have to admit that I have not been preaching the benefits of 2.0 tools within my company. I use them purely as a knowledge tool for me. I use this blog and an internal wiki to store information for me to find as part of the compliance program. Most of the company is numbers driven, something for which web 2.0 tools are poorly suited.

I did collaborate with a summer intern on a compliance project using the wiki. I had the same experience as Goldman and Villa. Using a wiki did not come naturally to her. It took time for me to develop the trust for her to use it effectively.

In the end we worked together to create a tremendous amount of content for the compliance program that is well-organized and easy to find.

Other Examples

Over the last year I have seen an increase in the public use of Web 2.0 tools by compliance professionals. There has been a dramatic increase in the use of blogs. You can look at my blogroll for other examples.

One to take a close look at is Kathleen Edmond’s Blog. She publishes disciplinary examples from Best Buy. As you might expect, the examples do not include specific people or products. She is able to get the ethics story from Best Buy out into the public. She can get comments on her reasoning and the results.

Sources:

• Offering Students a Graded Wiki Option—My Experiences, and Some Lessons by Eric Goldman
• Wikis and Law School by Luis Villa
• Wiki-What? Reflections of a Cyberlaw Professor on an Alternative to the ‘Final Exam Only’ Grading System by Eric Lipman in Legal Blog Watch
• Bentley College CS299 Srping 2010 Blog