How to Make Regulatory Change Actions Work For Your Company

How to Make Regulatory Change Actions Work For Your Company

The volume, velocity and range of regulatory change actions today are overwhelming. By having a regulatory change management system to track and monitor regulatory change activity, you can provide your executives and regulators with more visibility and a clear outline of what you are doing to minimize compliance risk.

Read More

5 Ways Global Organizations Can Remain FCPA Compliant


David P. Nolan
Vice President
Klink & Co., Inc.

Recently, HSBC announced that it was under investigation by the Securities and Exchange Commission (SEC) for its hiring practices in Asia. HSBC’s practice of hiring employees based upon their ties to government officials may violate the U.S. Foreign Corrupt Practices Act (FCPA). The FCPA regulates the activities of organizations and individuals with ties to the U.S. in matters involving foreign government officials. Foreign government officials include the heads of major government agencies and other leaders, down to the customs agent at a port or an environmental inspector. The FCPA forbids businesses and individuals from currying favor with government officials to get or keep business. Hiring the relative of a foreign government official to get or keep business is not permitted under the FCPA; however, that is what HSBC is being investigated for.

Hiring those with ties to government is not a new problem for global banking organizations. In 2015, BNY Mellon paid a nearly $15 million fine for providing student internships to family members of wealthy foreign officials in the Middle East. Other banks are being queried by the SEC about their potentially improper hiring practices, including Credit Suisse, Goldman Sachs, Morgan Stanley, Citigroup and UBS.

The FCPA does not forbid hiring family or friends of a government official. It does, however, make it illegal to hire anyone with a corrupt intent to obtain or keep business based upon that employee’s relationship to government officials. The SEC and the U.S. Department of Justice (DOJ) both take an aggressive view when it comes to FCPA enforcement, and they can be less than reasonable when it appears that an organization is trying to provide any benefit to enhance its standing with a government official. Improper hiring practices that violate the FCPA can readily give rise to civil penalties imposed by the SEC and possible criminal cases brought by the DOJ.

Below are five ways global organizations can avoid FCPA liability:

  1. When hiring outside the U.S., develop policies and procedures assuring that internships and jobs are being filled only by the best people.
  2. Be specific about the types of benefits that can be provided to officials.
  3. Provide crucial FCPA training, preferably in person, to those making important hiring decisions outside of the U.S.
  4. Perform due diligence regarding an applicant’s credentials and ties to government officials to insure that the record is clear regarding why that employee was hired.
  5. Conduct FCPA audits to make sure that hiring practices outside the U.S. are compliant with the FCPA.


Hiring for global employees may create liability, but with good due diligence and effective compliance policies, you can protect your organization.

Bribery Not Limited to Envelopes of Cash: BNY Mellon Internships Violated the FCPA


Ron Cresswell, J.D., CFE
ACFE Research Specialist

On August 18, 2015, the Securities and Exchange Commission (SEC) announced a $14.8 million settlement with Bank of New York Mellon (BNY Mellon). According to the SEC, the bank violated the Foreign Corrupt Practices Act (FCPA) by giving valuable internships to the relatives of foreign officials. This case is a good reminder that bribery can take many forms. It is not limited to envelopes of cash. Under the FCPA, companies may not offer “anything of value” to improperly influence a foreign public official. Violations may result from expensive gifts, travel and entertainment expenses, charitable contributions or even internships.

The BNY Mellon Case
The case arose from an existing business relationship between BNY Mellon and the sovereign wealth fund of an unnamed Middle Eastern country. A sovereign wealth fund is a government-owned investment fund. BNY Mellon managed and serviced the fund, which held more than $55 billion in assets.

Two officials of the fund repeatedly and aggressively requested student internships for their relatives (two sons and one nephew). BNY Mellon hired the three relatives as interns, even though they did not meet the rigorous admissions criteria for the bank’s internship program. Two of the internships were paid, and one was unpaid. The paid internships were paid at a higher rate than was customary. In addition, the internships were longer than usual, and they were customized to provide a uniquely valuable work experience for the recipients. In emails, high-level BNY Mellon employees made it clear that the relatives were hired in an effort to retain and increase the bank’s business with the fund. One email stated that BNY Mellon “was not in a position to reject the request from a commercial point of view.” Based on this evidence, the SEC found that the internships violated the anti-bribery provisions of the FCPA.

The SEC also determined that BNY Mellon violated the FCPA’s internal controls requirement. While BNY Mellon had a broad FCPA policy, the bank failed to ensure that its employees understood the policy and received appropriate training, especially with respect to hiring. Human resources personnel were not trained to flag potentially problematic hires. Senior managers had the authority to hire individuals without any review by legal or compliance staff. The SEC found that BNY Mellon’s internal controls were not tailored to address the specific corruption risks inherent in the bank’s business.

The settlement with the SEC included $8.3 million in disgorgement and $1.5 million in prejudgment interest. It also included a $5 million penalty. The penalty probably would have been higher if BNY Mellon had not cooperated with the SEC’s investigation.

The BNY Mellon case is an important reminder that bribery is not limited to cash payments. The FCPA prohibits companies from offering anything of value to improperly influence foreign officials, including jobs or internships.

Since the SEC has signaled that hiring practices will be subject to scrutiny, companies must have hiring policies and procedures that take into account FCPA risks. These policies and procedures should include appropriate FCPA training for all employees. Human resources personnel should be trained to flag unusual hires, which should then be reviewed by legal or compliance staff.

As evidenced by the actions of BNY Mellon, broad FCPA policies are insufficient. Businesses should take care to specifically tailor internal controls to the corruption risks faced by their individual business.

Self-Reporting: 'Fess Up and Move On


James D. Ratley, CFE
ACFE President and CEO

When we were kids, we always knew we had choices. When we fibbed to our parents, we could wait for the truth to emerge, or we could quickly go back to them and come clean with all the details. Our choices: harsh punishment or a possible lighter sentence.

Large U.S. conglomerates have a similar problem. As they acquire companies around the globe and transform them into subsidiaries, they often have to reconfigure them to conform to U.S. laws and regulations such as the Foreign Corrupt Practices Act and the Sarbanes-Oxley Act. Now, that's not necessarily the hardest part. Policing those subsidiaries is much more difficult.

Let's say that years later a whistleblower from one of the subsidiaries reports to the company widespread corruption — a resurrected remnant of long-followed practices. What does the conglomerate do? Manage its risks, keep the infractions under wraps and work to clean up the mess? Or report the problems immediately to the U.S. Department of Justice?

In our latest Fraud Magazine cover article, Leslie R. Caldwell, assistant U.S. attorney general for the DOJ's Criminal Division, in essence, says go for the second option: 'Fess up and make amends — quickly.

"We encourage companies, particularly public companies, if they discover a significant compliance problem that also is a significant criminal issue to self-report to the Department of Justice," Caldwell says during a recent Fraud Magazine interview. Caldwell will be a keynote speaker at the 26th Annual ACFE Global Fraud Conference, June 14-19 in Baltimore, Maryland. 

"We encourage them to cooperate with us in our investigation," Caldwell says. "And they should be prepared to give us the relevant facts, documents and evidence in a timely fashion. They should include who is responsible for what went wrong and what these individuals did in the form of facts, not in the form of opinions or privileged attorney-client information. It's very important for companies to understand that they tell us which employees did what — even if it's senior executives."

Of course, a corporation's first responsibility is to avoid a situation in which it has to self-report. But if it finds itself in a legal bind, it should lace up its running shoes and race to the DOJ.

FCPA Compliance in China


By Mark Jenkins, CFE; Sunny Chu, CFE, CPA; and Christopher Meadors, J.D., CPA

As you sip your frothy Cappuccino while basking in the glow of your most recent quarterly report, which shows a dramatic increase in sales in your China division, your assistant busts into your office with a letter from …. the Department of Justice! Hmmm. What could they want?? 

While foreign direct investment (FDI) in China has lost some momentum — it decreased from $116 billion to $111.7 billion from 2011 to 2012 — China still remains one of the most preferred locations for corporate investment. Of course, great opportunities can often precede large frauds. Some multinational companies, such as the British pharmaceutical giant GlaxoSmithKline (GSK), are finding themselves in the headlines faced with allegations of violations of the U.S. Foreign Corrupt Practices Act (FCPA) and Chinese anti-bribery laws.  

When multinationals decide to enter China through FDI, several underlying forces could be a problem: 

  • Corruption that has long been the norm in China.
  • The Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) is now vigorously enforcing the FCPA.
  • The existence of state-owned entities (SOE) that appear to be private entities.


Although China is attractive for FDI, multi-nationals must know with whom they do business and be aware of the inherent risks of corruption. Transparency International’s 2013 Corruption Perceptions Index (CPI) ranks China a relatively poor 40th. (According to Transparency International, zero means highly corrupt, and 100 means limited corruption. To provide points of reference, Afghanistan and Somalia are 8 on the CPI, and Denmark and Finland are 90. Although China isn’t the highest in corruption, it remains a high-risk country.) 

What corruption risk could a multinational expect when doing business in China? In the GSK case, Chinese authorities are investigating the company for colluding with a travel agency to funnel money to government doctors using fraudulent invoices. (See “ GlaxoSmithKline Accused of Corruption by China,” by David Barboza, The New York Times, July 11, 2013.) In 2012, Eli Lilly had similar issues when its sales force employees were submitting expense reimbursements for cash, bathhouse visits and meals they were giving to Chinese government doctors in return for the doctors purchases of Eli Lilly products. 

The pharmaceutical industry is not alone in struggling with corruption in China. In 2012, Morgan Stanley’s real estate and fund advisory managing director, Garth Peterson, colluded with a former chairman of a Chinese state-owned enterprise, Yongye Enterprise Group. Peterson paid the Chinese official and himself “finder’s fees” of $1.8 million that Morgan Stanley owed to third parties. In exchange for the fees and personal interest in Morgan Stanley’s investments, the Chinese official brought business to Morgan Stanley. (See the SEC release, “ SEC Charges Former Morgan Stanley Executive with FCPA Violations and Investment Adviser Fraud.”) 

Read the full article on