CISA Issues a Fact-Sheet: Protecting Personal Information from Ransomware-Caused Data Breach

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) recently released a fact sheet to assist government and private sector organizations with protecting sensitive and personal information from a ransomware-caused data breach.

Summary

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems...CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations below.” (3)

  • Preventing Ransomware Attacks

    • Maintain offline, encrypted backups of data and regularly test your backups.

    • Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan.

    • Mitigate internet-facing vulnerabilities and misconfigurations.

    • Reduce the risk of phishing emails.

    • Practice good cyber hygiene.

  • Protecting Sensitive and Personal Information

    • Know what personal and sensitive information is stored on your systems and who has access to it.

    • Implement physical security best practices.

    • Implement cybersecurity best practices.

    • Ensure your cyber incident response and communications plans include response and notification procedures for data breach incidents.

  • Responding to Ransomware-Caused Data Breaches

    • Secure network operations and stop additional data loss.

    • If no initial mitigation actions appear possible, take a system image and memory capture of a sample of affected devices.

    • Follow notification requirements as outlined in your cyber incident response plan.

More details are provided in the CISA fact-sheet(3). For additional information and guidance beyond the CISA fact-sheet, refer to the Federal Trade Commission (FTC) web page titled “Data Breach Response: A Guide for Business”(4).

References

  1. CISA: “Home Page

  2. CISA: “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breach” - Web Page

  3. CISA: “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches” - Fact Sheet (pdf)

  4. FTC: “Data Breach Response: A Guide for Business” - Web Page

OFAC Publishes a Framework for Compliance

On May 2, 2019 the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)(1) published “A Framework for OFAC Compliance Commitments”(2). The publication is intended to provide OFAC’s perspective, to entities subject to US jurisdiction, on what are essential components of an effective sanctions compliance program.

OFAC developed this framework in our continuing effort to strengthen sanctions compliance practices across the boardThis underlines our commitment to engage with the private sector to further promote understanding of, and compliance with, sanction requirements.” - Andrea M. Gacki, Director of the Office of Foreign Assets Control (3)

Summary

  • OFAC continues to emphasize and “strongly encourage” entities subject to U.S. jurisdiction to take a risk-based approach to sanctions compliance by “developing, implementing, and routinely updating a sanctions compliance program (“SCP”).

  • Regardless of company size, sophistication, products/services, geographic locations, etc…each SCP should incorporate at least these five (5) components: management commitment, risk assessment, internal controls, testing and auditing, and training.

  • In enforcement cases, OFAC will evaluate an entities SCP against the Economic Sanctions Enforcement Guidelines (the “Guidelines”)(4) and when applying the Guidelines will favorably consider an entity that had an effective SCP in place at the time a violation occurred.

A Few Key Points

  • Management Commitment

    • Effective senior management commitment, among others, includes providing adequate resources for compliance and support for the authority of compliance personnel within the organization.

    • Adequate resources includes ensuring there are enough personnel with sufficient expertise dedicated to compliance, and adequate information technology, and other resources, as appropriate.

  • Risk Assessment(5)

    • OFAC recommends a risk-based approach to implementation of a SCP and one of the integral components of this approach is to conduct periodic risk assessments.

    • The assessment should include, among others, a review of customers, vendors, products, services, third-party intermediaries, and geographic locations.

  • Internal Controls

    • An effective SCP should include policies and procedures. These policies and procedures should be enforced and updated when weaknesses are detected or requirements change.

    • Sufficient personnel should be appointed to ensure proper integration of the company’s policies and procedures into the daily operation of the company.

    • The organization should clearly communicate their policies and procedures to all relevant staff.

  • Testing and Auditing

    • An effective SCP include’s a comprehensive and objective testing or audit function that identifies program weaknesses and deficiencies.

    • Any deficiencies identified, including software systems, should be addressed.

  • Training

    • An effective training program is considered an integral component of a successful SCP. The training should be provided to all appropriate employees and personnel on a periodic basis (at a minimum, annually).

  • Root Causes of OFAC Compliance Program Breakdowns - OFAC has identified the following common areas where deficiencies resulted in sanctions compliance failures:

    • Lack of a formal OFAC sanctions compliance program;

    • Misinterpreting, or failing to understand the applicability of, OFAC’s regulations;

    • Facilitating transactions by non-US persons (including through or by overseas subsidiaries or affiliates);

    • Exporting or re-exporting US-origin goods, technology, or services to OFAC sanctioned persons or countries;

    • Utilizing the US financial system, or processing payments to or through US financial institutions, for commercial transactions involving OFAC-sanctioned persons or countries;

    • Sanctions screening software or filter failures;

    • Improper due diligence on customers/clients;

    • De-centralized compliance functions and inconsistent application of their SCP; and

    • Utilizing non-standard payment or commercial practices.

Contact us to learn more about OFAC’s guidance and to find out how GCSG’s Advisory and Audit teams can guide and partner with you to reduce your sanctions compliance risk and protect your company’s bottom line and reputation.

References

Weekly Compliance News - Around the World

GCSG's Weekly Compliance News feature is a compilation of some of the previous weeks interesting trade compliance, anti-bribery and corruption, fraud, and due diligence news bites, from around the world.

The anatomy of a scam: How far fraudsters will go to steal your money  | Ottawa Citizen

“Gone are the days a Nigerian prince would email you, promising untold riches in exchange for a small payment upfront. Today’s scams are more intimate. Fraudsters craft tailored messages and emails; fake identities; real world addresses for not-so-real companies; websites; phone numbers; a significant corporate presence online; multiple email addresses; and even apparent news coverage from reputable sources.” (Click here for the article) - Global, Canada

Why corruption matters in the EU elections  | Transparency International

“Over the next four days, citizens from 28 countries across the European Union (EU) will cast their vote in one of the largest democratic elections worldwide. With 751 seats at stake in the European Parliament and each Member of Parliament (MEP) poised to serve a five-year term, there’s a lot riding on these elections.” (Click here for the article) - European Union

How does someone get scammed into buying $160,000 in gift cards?  | Marketplace Morning Report

“How does someone get scammed into buying $160,000 in gift cards? Nordstrom goes small.” (Click here for the article) - Global

Trade War: What Chinese Entrepreneurs Really Think  | FINEWS ASIA

“As the U.S.-Chinese trade tussle weighs heavily in Asia, what do Chinese entrepreneurs truly think about the conflict? finews.asia asked an Asian family office.” (Click here for the article) - USA, China

How to Demonstrate Your Value as an Anti-Fraud Professional  | ACFE

“The biggest challenge people have when working toward professional advancement is understanding how to communicate the value their expertise and experience can bring to decision-makers. Whether it’s a new job, a promotion, or signing on a new client or customer, the message must be about how your expertise and value solve their problems.” (Click here for the article) - Global

New EU-wide whistle-blower rules approved  | GCSG

“On April 16, the European Parliament voted(1) in favor of adopting new European Union (“EU”) wide standards to protect whistle-blowers. The standards are designed to protect whistle-blowers that reveal breaches of EU law in areas of public procurement, financial services and tax, money laundering, product and transport safety, protection of the environment, food and feed safety, animal health and welfare, nuclear safety, public health, security of network and information systems, competition, consumer and data protection, fraud, corruption and any other illegal activity affecting the use of Union expenditures.” (Click here for the article) - European Union

Top 5 Cyber Security Threats for Executives  | Prescient

“High profile cyber incidents such as massive data breaches have become increasingly common across industries, especially in the past two years. Such events speak to the shift in perception for cyber crimes–from an overlooked and niche concern to a public, major security problem for organizations across industries. Everything from manufacturing, healthcare, and traditionally higher risk sectors such as banking and technology have been privy to such incidents. In the corporate realm, senior executives are primary targets of hackers, fraud and phishing scams due to their high level of access to valuable corporate information.” (Click here for the article) - Global

U.S. Terminates Turkey’s Preferential Trade Agreement, Reduces Tariffs on Steel  | US News & World Report

“The United States on Thursday terminated Turkey's preferential trade treatment that allowed some exports to enter the country duty free, but it has halved its tariffs on imports of Turkish steel to 25%.” (Click here for the article) - USA, Turkey

New DOJ Corporate Compliance Program Guidance

The US Department of Justice - Criminal Division (“USDOJ”) announced(1) on April 30 the release of a new guidance document(2) on the evaluation of corporate compliance programs.

Effective compliance programs play a critical role in preventing misconduct, facilitating investigations, and informing fair resolutions.”(1) - Assistant Attorney General Brian A. Benczkowski

Part I of the document discusses the elements of a “well-designed” compliance program and Part II discusses the features of what an effectively implemented compliance program looks like.

There are three overarching questions prosecutors will ask themselves, when evaluating the effectiveness of a compliance program, at the time of an offense and at the time of a charging decision(2,3):

  • Is the program well designed?

  • Is the program effectively implemented (or applied earnestly and in good faith)?

  • Does the compliance program actually work in practice?

According to the USDOJ’s guidance, the elements of a “Well-Designed” Compliance Program include:

  • Risk Assessment - “Prosecutors should consider whether the program is appropriately designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business” and “the manner in which the company’s compliance program has been tailored based on that risk assessment”

  • Policies and Procedures - “Prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees” and “whether the company has established policies and procedures that incorporate the culture of compliance into it’s day-to-day operations.”

  • Training and Communications - “Prosecutors should assess the steps taken by the company to ensure that policies and procedures have been integrated into the organization, including through periodic training and certification for all directors, officers, relevant employees, and where appropriate, agents and business partners.”

  • Confidential Reporting Structure and Investigation Process - “Prosecutors should assess whether the company’s complaint-handling process includes pro-active measures to create a workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistleblowers” and “assess the company’s processes for handling investigations of such complaints…”

  • Third-Party Management - “Prosecutors should also assess whether the company knows its third-party partners’ reputations and relationships, if any, with foreign officials, and the business rationale for needing the third party in the transaction” and “assess whether the company engaged in ongoing monitoring of the third-party relationships"…”

  • M&A Due Diligence - “A well-designed compliance program should include comprehensive due diligence of any acquisition targets.”

Today’s guidance document is part of our broader efforts in training, hiring, and enforcement to help promote corporate behaviors that benefit the American public and ensure that prosecutors evaluate the effectiveness of compliance in a rigorous and transparent manner.”(1) - Assistant Attorney General Brian A. Benczkowski

DOJ prosecutors are encouraged to review whether or not a compliance program is a “paper program” or one that has actually been “implemented” and is periodically reviewed and revised when appropriate. According to DOJ guidance some elements of an effectively implemented program include:

  • Commitment by Senior and Middle Management

    • Does the company leadership demonstrate high level commitment to implement a culture of compliance?

  • Autonomy and Resources

    • Is the program adequately resourced with sufficient personnel and funding?

    • Are compliance personnel in senior positions and do they have adequate autonomy?

  • Incentives and Disciplinary Measures - “Prosecutors should assess whether the company has clear disciplinary procedures in place, enforces them consistently across the organization, and ensures that the procedures are commensurate with the violations.”

  • Continuous Improvement, Periodic Testing, and Review - “Prosecutors should likewise look to whether a company has taken reasonable steps to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct.”

  • Investigation of Misconduct

    • Is there a well-functioning and appropriately funded mechanism for the timely and thorough investigation of any allegations or suspicions of misconduct by the company, its employees, or agents?

  • Analysis and Remediation of Any Underlying Misconduct - “Prosecutors should consider any remedial actions taken by the corporation…”

Contact GCSG Advisory and Audit Professionals today for assistance:

  • In developing a Risk Profile for your business;

  • Evaluating the effectiveness of your existing compliance program;

  • Implementing a compliance program;

  • Providing third-party due diligence; and

  • Providing in-depth compliance audits to detect potential wrongdoing.

References

New US Sanctions on Iran's Iron, Steel, Aluminum, and Copper Sectors

On May 8, 2019, the Trump administration issued an Executive Order (EO)(1) establishing new sanctions on Iran’s iron, steel, aluminum, and copper sectors. A few key points from the EO include, but are not limited to, the following:

  • “All property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person(2) of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in: any person determined by the Secretary of the Treasury, in consultation with the Secretary of State”:

    • to be operating in the iron, steel, aluminum, or copper sector of Iran, or to be a person that owns, controls, or operates an entity that is part of the iron, steel, aluminum, or copper sector of Iran;

    • to have knowingly engaged, on or after the date of this order, in a significant transaction for the sale, supply, or transfer to Iran of significant goods or services used in connection with the iron, steel, aluminum, or copper sectors of Iran;

    • to have knowingly engaged, on or after the date of this order, in a significant transaction for the purchase, acquisition, sale, transport, or marketing of iron, iron products, aluminum, aluminum products, steel, steel products, copper, or copper products from Iran;….

In addition to the above, there are additional prohibitions on financial institutions and financial transactions (occurring with the noted sectors). The prohibitions included in the EO include:

  • the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any person whose property and interests in property are blocked; and

  • the receipt of any contribution or provision of funds, goods, or services from any such person.

Contact your GCSG Trade Compliance professionals for assistance in understanding how to reduce your risk and how this EO may affect your business.

References

(1) Executive Order (EO) on “Imposing Sanctions with Respect to the Iron, Steel, Aluminum, and Copper Sectors of Iran” - May 8, 2019

(2) United States person - means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.(1)

(3) Knowingly - with respect to conduct, a circumstance, or a result, means that a person has actual knowledge, or should have known, of the conduct, the circumstance, or the result.(1)

(4) Entity - means a partnership, association, trust, joint venture, corporation, group, subgroup, or other organization.(1)

Network of Iranian front companies disrupted by OFAC

On March 26, 2019 the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced(1) it had taken action against a network of 25 individuals and entities that had transferred over a billion dollars to the Islamic Revolutionary Guard Corps (IRGC) and Iran’s Ministry of Defense and Armed Forces Logistics (MODAFL).

The evasion scheme included a layered network of front companies and agents based in Iran, UAE, and Turkey that were set up to evade international sanctions and to gain access to the international financial system. The network exchanged devalued Iranian rials for dollars and euros.

We are targeting a vast network of front companies and individuals located in Iran, Turkey, and the UAE to disrupt a scheme the Iranian regime has used to illicitly move more than a billion dollars in fundsCentral to this network and sanctioned today pursuant to our counter terrorism authority is Iran's IRGC-controlled Ansar Bank and its currency exchange arm, Ansar Exchange, both of which used layers of intermediary entities to exchange devalued Iranian rial ultimately for dollars and euros to line the pockets of the IRGC and MODAFL…” (1)

Five front companies- UAE-based Sakan General Trading, Lebra Moon General Trading, and Naria General Trading, and Turkey-based Atlas Doviz, and the Iran-based Hital Exchange provided $800 million in funds to Ansar exchange.

Now more than ever, it is vitally important that global companies implement third-party due diligence and engagement policies. These policies are often risk-based but should be comprehensive and include at a minimum background investigation diligence and ongoing monitoring of distribution networks and contract agents.

Contact our Due Diligence compliance professionals at GCSG today to learn how we can help you mitigate your third-party risk with our due diligence reports, risk-ranking tool, policy development and implementation support, and international boots-on-the-ground third-party Audits.

References

(1) U.S. Department of the Treasury Press Releases - “United States Disrupts Large Scale Front Company Network Transferring Hundreds of Millions of Dollars and Euros to the IRGC and Iran’s Ministry of Defense.” - March 26, 2019

Weekly Compliance News - Around the World

GCSG's Weekly Compliance News feature is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Retaliatory tariffs on US chem exports to China threaten $18Bn in economic harm | ICIS

"The $11Bn worth of tariffs on US chemical exports enacted by China put almost $18Bn in domestic activity at risk along with nearly 55,000 US jobs..." (Click here for the article) - USA, China

New Sanctions Against Russia Have Unfavorable Impact on Defense Sector | BakerHostetler

"the U.S. State Department published new sanctions against Russia based on the Chemical and Biological Weapons Control and Warfare Elimination Act of 1991 after determining that the government of Russia had used chemical weapons in violation of international law..." (Click here for the article) - USA, Russia

Trump Rejects EU Offer to Remove Tariffs on Industrial Goods | ST&R Trade Report

"President Trump said Aug. 30 that a European Union offer to remove all tariffs on two-way trade in automobiles and other industrial goods is "not good enough."  (Click here for the article) - USA, European Union

'Urgency' for Asia Pacific mega trade deal | CNBC

"While the administration of U.S. President Donald Trump is considering slapping another $200 billion in tariffs on Chinese goods, 16 economies in Asia Pacific are racing to conclude a mega trade deal that would become the largest trading bloc in the world." (Click here for the article) - 10 ASEAN nations plus China, Japan, South Korea, India, Australia, New Zealand, 

EU lifts five-year old restrictions on solar panels from China | South China Morning Post

"The European Union will end its five-year-old restrictions on solar panel imports from China, officials said on Monday, as Brussels and Beijing increase their own trade cooperation in the face of protectionist steps from the United States." (Click here for the article) - EU, China

Kim struggles to revive North Korean economy battered by sanctions | Nikkei Asian Review

"In the two and a half months since his historic summit with U.S. President Donald Trump, North Korean leader Kim Jong Un has temporarily shelved de-nuclearization talks in favor of inspecting farms and factories to underscore his focus on improving an economy hamstrung by years of sanctions." (Click here for the article) - USA, North Korea, South Korea

Trump reportedly wants to hit China with tariffs on $200Bn worth of goods | Business Insider

"Bloomberg reported Thursday that Trump had told aides that he wants to follow through on a threat to impose tariffs on another $200 billion worth of Chinese goods as early as next week. That would mean more than half of all Chinese imports would be subject to tariffs." (Click here for the article) - USA, China

China may soon regret slapping tariffs on US soybeans | CNN Money

"One of China's major moves in the trade war with the US is in danger of backfiring on its own farmers.  They're facing a potential shortage of soybeans, one of China's biggest imports from the United States, after Beijing slapped a 25% tariff on them last month in retaliation for US tariffs on a swath of Chinese goods." (Click here for the article) - USA, China

Former DP World Manager must pay Dh5 million fine over bribe plot | The National UAE

"A former DP World manager who sought bribes from two companies in exchange for helping them win lucrative construction projects has had her 18-month jail term upheld – and been told she must still pay a fine of nearly Dh5 million." (Click here for the article) - UAE

Wells Fargo bankers fired after falsifying dinner receipts | Fox Business

"Yet another scandal has reportedly broken out at Wells Fargo.  The bank has fired or suspended at least a dozen employees at its investment bank - Wells Fargo Securities - over allegations these individuals doctored after-hours dinner receipts..." (Click here for the article) - USA

An overview of the Danske Bank money laundering scandal | Berlingske Business

"Berlingske has spent more than a year investigating the extensive money laundering at Danske Bank. Here is an overview of the case – with links to the most important articles (some are in Danish)...For years, large and deeply suspicious money flows were channelled unhindered through Danske Bank’s branch in Estonia – in what experts say was in breach of anti-money laundering laws." (Click here for the article) - Denmark, Estonia, Russia

 

Weekly Compliance News - Around the World

GCSG's Weekly Compliance News feature is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Cyber Crooks Hit British Law Firms, Steal Over 20 million pounds of client money | KYC360

"UK law firms are increasingly coming under attack from cyber criminals, with attacks costing law firms millions..." (Click here for the article) - UK

US State Department Imposes Sanctions on Russia for Use of Chemical Weapons | Baker McKenzie

"On August 24, 2018, the US State Department gave notice of new sanctions on Russia under the Chemical and Biological Weapons Control and Warfare Elimination Act of 1991 (the “CBW Act”) after determining that the Russian Government has used chemical weapons in violation of international law or chemical or biological weapons against its own nationals." (Click here for the article) - USA, Russia

Microsoft Hit With US Bribery Probe Over Deals in Hungary | WSJ

"Microsoft Corp. is being investigated by U.S. authorities over potential bribery and corruption related to software sales in Hungary, according to people familiar with the matter." (Click here for the article) - Hungary, USA

Company expelled from program for abuse, non-compliance | The Fiji Times

"A RENOWNED automotive company in Fiji has been stripped off from the Revenue and Customs’ Gold Card Services Program for abuse and non-compliance to Customs laws on numerous occasions." (Click here for the article) - Fiji

Nearly Half of Responding Organizations Plan to Modernize Compliance in Year Ahead | Corporate Compliance Insights

"Almost half (48.3 percent) of risk and compliance, internal audit, C-suite executive and board professionals plan to modernize their compliance functions by changing core compliance execution practices during the next 12 months, according to a recent Deloitte poll." (Click here for the article) - Global

Treasury blacklists firms, individuals accused of violating North Korean sanctions | WSJ

"Three South Koreans illegally imported North Korean coal and iron via Russia in violation of sanctions, South Korean customs officials said, exposing a crack in the US-led campaign to cut off trade with the Pyongyang regime." (Click here for the article) - North Korea, Russia, USA

SEC Charges Citigroup for Internal Controls Failure | CFO

"Citigroup agreed to an SEC enforcement action on Thursday that charged the bank with inadequate controls that failed to detect “fraudulently-induced” loans made by a Mexican subsidiary. The failure ultimately resulted in $475 million of losses reported by Citigroup.." (Click here for the article) - Mexico, USA

Oil giant Total has pulled out of Iran and giant gas project | CNBC

"French oil giant Total has officially left Iran and abandoned its deal to develop a giant natural gas field in the country, Iran's oil minister reportedly told state television Monday, leaving the isolated republic to look for a replacement." (Click here for the article) - France, Iran, USA

UK Government to publish no-deal Brexit advice | BBC News

"Three South Koreans illegally imported North Korean coal and iron via Russia in violation of sanctions, South Korean customs officials said, exposing a crack in the US-led campaign to cut off trade with the Pyongyang regime." (Click here for the article) - UK, EU

Freight forwarding and logistics firms to withdraw from business with Iran

According to Lloyd's Loading List, some logistics service providers have decided to halt business in Iran as a result of the re-imposition of US sanctions.  Others are taking a wait and see approach.  In addition, several major container lines such as CMA, CGM, Maersk, and MSC have withdrawn from Iran.(2)  

"Thomas Cullen, a senior analyst at logistics consulting firm Transport Intelligence, said the re-imposition of US sanctions “seems likely to be at least as brutal as the sanctions pursued for the decade prior to the JCPOA, with the US now pressing for Iran to be excluded from the SWIFT banking transaction system”."(1)

Cullen noted: “With the announcement last week that Renault was ceasing operations, something that Peugeot-Citroen decided last month, the CKD related container traffic will fall heavily. Possibly the Chinese VMs may increase inputs to compensate, but they are much weaker in this market.”(1)

Cullen added: “The leading western container lines have effectively withdrawn from services into Iran, presumably leaving shippers to arrange their own feeder services from Dubai. Once again, the Chinese carriers may be the only option.”(1)

References:

Saturday Compliance News - Around the World

GCSG's Weekly Compliance News feature is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Are CEOs Less Ethical Than in the Past? | Strategy + Business

"The job of a CEO at a large publicly held company may seem to be quite comfortable - high pay, excellent benefits, elevated social status, and access to private jets.  But the comfortable perch is increasingly becoming a hot seat, especially when CEOs and their employees cross red lines." (Click here for the article) - Global

What if BREXIT Happened Without an Exit Deal? | Stratfor

"Negotiators for the UK and the EU are racing the clock to reach agreements on a long list of remaining issues before the UK formally leaves the bloc..." (Click here for the article) - UK, European Union

Texas jury indicts Arkema, two executives over chemical releases | Reuters

"A Texas grand jury on Friday indicted chemicals manufacturer Arkema North America and two of its executives for releasing emissions that allegedly endangered the public after a 2017 hurricane." (Click here for the article) - USA

OFAC Sanctions Russian Bank for Moving North Korean Cash | RegTech Post

"The Office of Foreign Assets Control has named Russia's Commercial Bank Agrosoyuz as a Specially Designated National, for moving funds for a DPRK bank, and for two front companies acting for the North Korean Government." (Click here for the article) - Russia, North KoreaUSA

US elevates India to most-important allies list  | The Economic Times

"In a big boost to India, the US has eased the export restrictions for high-technology product sales to India by designating it as a Strategic Trade Authorization-1 country, the only South Asian nation to be on the 36 countries list." (Click here for the article) - IndiaUSA

EU Privacy Becomes Excuse to Withhold in US Bribery Probes | Bloomberg Law

"Companies are improperly using the European Union's fairly new privacy standards as the scapegoat for why they can't disclose documents to the US government during foreign bribery investigations..." (Click here for the article) - European Union, USA

CNPC refutes subsidiary's role in 1MDB money-laundering scandal | South China Morning Post

"China Petroleum Pipeline Engineering, a unit of China's state-owned oil and gas giant China National Petroleum Corp, had refuted a media report that money paid for its pipeline projects in Malaysia was diverted to third-party Cayman Islands companies involved in money laundering." (Click here for the article) - China, Malaysia, Cayman Islands, UAE

OECD Publishes Phase 4 Anti-Bribery Implementation Report on Germany

In June, the OECD published their Phase 4 report (the "Report") on Germany's implementation of the 1997 OECD Anti-Bribery Convention.  The OECD published their Phase 3 report on Germany in March 2011.

The Report describes Germany's achievements, challenges, and enforcement practices related to its foreign bribery laws.  Since 1999, there have been 67 bribery cases in Germany that have resulted in 328 individuals and 18 entities being sanctioned.  A majority of these having occurred in the last 5 years.  This rate places Germany among the highest enforcers of the Anti-Bribery Convention in the world.  

The Working Group commended Germany for holding individuals responsible, but noted a concern that there appeared to be insufficient enforcement against companies.  The Report noted that Germany has demonstrated an ability to detect bribery allegations through multiple sources including Mutual Legal Assistance, self-reporting by companies, coordination with tax authorities, and joint investigative teams in multi-jurisdiction investigations.    

Bribery Risks in Light of Trade Profile

Germany is the largest European economy and the 4th largest economy in the world.  It accounted for 7.85% of the world's exports in 2016.(1)  The German economy is very strongly oriented towards exports. Exports accounted for almost half of Germany's GDP in 2016.(2)  47% of German foreign direct investment is in the United States, UK, Luxembourg, and the Netherlands.(3)  Many of the bribery allegations involving German companies and nationals related to projects in Central, Eastern, and South-Eastern Europe.  

Germany's trading with China has increased substantially recently.  German imports from and exports to China rose to 180 billion USD in 2016 and Germany became the largest recipient of Chinese foreign direct investment in 2017.(4)

Germany has a high exposure to the risk of bribery of foreign officials due to its dependency on exports and its trading in high-risk industrial sectors in high-risk jurisdictions.(5

Bribery Cases        

Since 2011 there have been 121 foreign bribery cases being investigated, with 35 still under investigation and 42 cases terminated due to insufficient grounds.  47 cases have resulted in sanctions on individuals and/or companies.  In the last five years the rate of enforcement has increased significantly over the previous ten years.  

Report Conclusions and Recommendations

  • German tax authorities have played a large role in detecting foreign bribery cases.
  • There is strong cooperation between tax authorities, prosecutors, and the Police.
  • OECD commends Germany's efforts to investigate, prosecute, and sanction individuals.
  • Germany plays a leading role in enforcing the Anti-Bribery Convention.
  • A couple of the many recommendations included that they provide clear guidance to companies about self-reporting procedures and that they amend legislation to provide clear protections for whistle-blowers.

Case Examples from the Report

Aviation company: "A subsidiary of a German aviation company paid bribes amounting to EUR 100 000 between 2007 and 2011 to responsible persons of an aviation authority in a central African state to facilitate the securing more consulting service contracts for the privatisation of the African state run airports. The benefits resulting from the concluded consulting service contract were estimated to equal the paid bribes. The investigation proceedings were initiated in 2013 based on information self-reported by the company and received from foreign authorities. In the course of the investigation, MLA requests were sent to three Parties to the Convention in 2014 and 2017. Informal contacts were established with one Party prior to the execution of one of the MLA requests. The German aviation company was held liable by Cologne Local Court in 2014 and received a EUR 100 000 regulatory fine. No individual was held liable in this case."(6)

DB Schenker (Russia): "DB Schenker, a German logistics provider of the state-owned German rail company Deutsche Bahn, was commissioned to deliver car parts to Russia. Bribes amounting to EUR 1.7 million were paid to customs officers in order to get these officers to forego the customs controls and to accelerate customs clearance. The Cologne Public Prosecutor office opened an investigation in 2013 based on an anonymous report which led Schenker’s parent company DB Deutsche Bahn to self-report to law enforcement authorities. In total, seven individuals, including the former chief executive, entered into a resolution pursuant to section 153a CCP. In turn, DB Schenker was held liable by the Cologne Local Court in 2016 and received an overall regulatory fine of EUR 2 million. The punitive component of the fine is EUR 300°000 and the confiscatory component EUR 1.7 million.186 The prosecutors indicate that the amount of the confiscatory component is equal to the amount of the bribe payments because the proceeds of bribery could not be estimated."

References and Key Links:

Tuesday Compliance News - Around the World

GCSG's Tuesday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

European firms are increasingly tackling the scourge of bribery | The Economist

"Governments in Europe are catching up with America in pursuing corporate graft...A spate of scandals in Europe suggest that prosecutors, as well as the politicians who influence how much freedom judicial investigators enjoy, are becoming ever less tolerant of corporate corruption" (Click here for the article) - Europe, USA

Fraud biggest business risk to Middle East Businesses  | Gulf Digital News

"48% of Middle East businesses cited fraud and corruption as the greatest risk to their company, followed by cyber attacks (38%)..." (Click here for the article) - Middle East

Vietnam arrests oil refinery executives amid corruption crackdown  | Reuters

"Police in Vietnam arrested the chairman and the chief accountant of Binh Son Refining and Petrochemical Co. Ltd. on suspicion of embezzlement..." (Click here for the article) - Vietnam

UK Data Protection Act 2018  | Cordery Compliance

"The UK's new data protection legislation, the Data Protection Act 2018 (DPA 2018) received the Royal Assent..." (Click here for the article) - UK, Europe

Serious Fraud Office charges against Barclays dismissed  | Independent

"A court has dismissed charges brought by the Serious Fraud Office against Barclays relating to capital raisings that took place in 2008." (Click here for the article) - UK, Europe

 

 

Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Corruption Perceptions Index 2017 | Transparency International

"This year's Corruption Perceptions Index highlights that the majority of countries are making little or no progress in ending corruption..." (Click here for the article) - Global

US DOJ Files False Claims Act Complaint Against Pharmacy, PE Firm, and 2 Pharmacy Executives | The US Department of Justice

"The US has filed a complaint in intervention against Diabetic Care Rx LLC...two pharmacy executives...and a private equity firm..." (Click here for the article) - U.S.

Pakistan Avoids Inclusion on International Terror-Financing Watch List | Wall Street Journal

"Saudi Arabia joined Turkey and China in a move to block a U.S.-led attempt this week to place Pakistan on an international terror-financing watch list..." (Click here for the article) - Pakistan, Turkey, Saudi Arabia, China, U.S.

Compliance Needs to Adapt as Prosecutors Cooperate More | Wall Street Journal

"Greater cooperation among global law enforcement agencies to resolve corporate crime issues through settlements means companies need to be prepared to deal with a more complex set of rules..." (Click here for the article) - Global

UK Attorney-General Backs More Funding for Fraud Office | Financial Times

"The UK's attorney-general has backed more funding for the Serious Fraud Office to help it recruit top lawyers and reduce its reliance on "blockbuster funding" for handling big cases." (Click here for the article) - UK

Canada Customs Audits Reveal 66% Tariff Classification Non-Compliance | 3CE Technologies

"For the third straight year, CBSA published its list of trade verification priorities.  Tariff classification remains the agency's primary focus, with 1,267 companies being, or have recently been, audited for HS classification accuracy." (Click here for the article) - Canada

 

Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

UK will leave Customs Union and negotiate a free-trade deal | Sky News

"Speaking to Sky News Political Editor Faisal Islam, she said: "We are leaving the Customs Union.  Then we are going to negotiate a free-trade agreement with the EU." (Click here for the article) - UK, EU

U.S. slaps sanctions on network run through Laos casino | The Wall Street Journal

"The U.S. Treasury Department on Tuesday put sanctions on Laos-based alleged crime network it said operated through a casino and engaged in..." (Click here for the article) - Laos, US

U.S. becomes world's second-biggest tax haven | The Wall Street Journal

"The U.S. rose for the third straight time in a ranking of tax havens, becoming the world's second-largest, according to the latest analysis by a research..." (Click here for the article) - Global

Volkswagen supplier to face criminal case in emissions fraud | The Wall Street Journal

"A supplier for Volkswagen AG is in discussions with the U.S. Justice Department to resolve an impending criminal case arising from its alleged..." (Click here for the article) - Germany, U.S.

Whistleblower lawyers see a growth area: Customs Fraud | The Wall Street Journal

"Whistleblower lawyers see room for extra business on a new front: chasing customs-linked wrongdoing ranging from failing to label imported goods to shipping rhinoceros horn across the border..." (Click here for the article) - U.S.

Monday Compliance News - Around the World

GCSG's Monday Compliance News (published Tuesday the week of Jan 22) is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

The Impact of Retroactive Transfer Pricing Adjustments on the EU Customs Valuation | KPMG Meijburg & Co

"With its judgment of December 20, 2017 in the Hamamatsu Photonics Deutschland case, the Court of Justice of the European Union finally provided some clarity about the impact of retroactive transfer pricing adjustments...." (Click here for the article) - European Union

UK companies will face huge new VAT burden after Brexit | The Guardian

"More than 130,000 UK firms will be forced to pay VAT upfront for the first time on all goods imported from the European Union after Brexit...." (Click here for the article) - UK, European Union

Ban Ki-Moon's Nephew Pleads Guilty in Bribery Case | The Wall Street Journal

"Joo Hyun Bahn, the nephew of former United Nations Secretary-General Ban Ki-Moon, pleaded guilty on Friday to U.S. charges connected to a scheme to bribe a foreign official...." (Click here for the article) - Vietnam, U.S., Global

Canada takes the U.S. to WTO in wide-ranging trade complaint | The Globe and Mail

"The Canadian government is taking the United States to the world's trade court in a wide-ranging complaint that accuses Washington of flouting the rules of commerce." (Click here for the article) - Canada, U.S.

Deferred prosecution agreements proposed to take companies task | The Straits Times

"A new legal framework that can grant companies amnesty for certain corporate offences is being proposed in Singapore." (Click here for the article) - Singapore

Cigarettes and Murky Joint Ventures Help North Korea Evade Crackdown  | The Wall Street Journal

"Global businesses faced a deadline last week to exit joint ventures operating in North Korea, but dozens of them are still there." (Click here for the article) - North Korea, U.S., South Korea, China, Global

US Company Settles Whistleblower Lawsuit, Pays for Importer's Customs Fraud  | Global Trade Magazine

"Federal prosecutors in New York recently announced the settlement of a remarkable lawsuit relating to a scheme to evade import duties." (Click here for the article) - U.S.

SFO opens investigation into Chemring Group PLC and its subsidiary  | U.K. Serious Fraud Office News Release

"The SFO confirms it has opened a criminal investigation into bribery, corruption and money laundering arising from the conduct of business by Chemring Group plc and CTSL..." (Click here for the article) - U.K.

Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

With GDPR looming, key compliance questions still remain | DIGIDAY

"For better or worse, preparing for the General Data Protection Regulation is a do-it-yourself exercise for advertisers in the absence of stronger direction from regulators." (Click here for the article) - European Union

Turkish banker guilty of helping Iran dodge US sanctions  | Reuters TV

WATCH: US jury finds Turkish banker guilty of helping Iran dodge US sanctions (Click here for the video) - Iran, Turkey, United States

Firms can choose not to enter corruption-ridden markets | The Straits Times

"Many well-established multinationals have decent corporate cultures.  Their top managements have been known to decide that if a country operates by practices in keeping with the company ethos, they would not do business in that country." (Click here for the article) - Singapore

Drug Company Allegedly Bribed Doctors to Sell its Powerful Opioid Spray | Gizmodo

"The State of North Carolina is suing a pharmaceutical manufacturer for allegedly bribing doctors and defrauding insurers in order to sell more of its powerful fentanyl spray, fanning the flames of the opioid crisis that has millions addicted and is shortening lifespans." (Click here for the article) - United States

PWC faces negligence claim over $2bn fraud at Colonial Bank | The Times

"Auditors at PWC were negligent and missed a 'Red Flag' over a huge fraud that contributed to the collapse of a bank during the financial crisis, an American court has found." (Click here for the article) - Global

Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Governance Is the Next Target for Abenomics | The Wall Street Journal

"A wave of corporate scandals and Japan's persistently weak inflation are renewing pressure to improve the way the country's businesses are managed." (Click here for the article) - Japan

Corruption scandal hits Huawei with its top executive suspected of bribery | technode

"The excecutive vice president of Huawei's consumer business group Greater China, Teng Hongfei, has been taken away by the public security, according to people familiar with the matter." (Click here for the article) - China

Ex-Tennessee director of football ops to repay $14K due to forged receipts | Yahoo Sports

"Tennessee's former director of football operations is repaying the school over $14,000 after he pleaded guilty to misconduct regarding forged receipts for expense reports." (Click here for the article) - United States

Non-compliance to be 'very costly' for companies | moneycontrol

"Sending out a strong message to (Indian) corporates, the government has said non-compliance will be "very costly" and strong deterrents will be there to curb the dangerous adventure of using companies for wrongful purposes." (Click here for the article) - India

Argentine Congress Approves New Corruption Law

On Wednesday, November 8, 2017 the Argentine Congress approved a new law to combat corporate corruption.  The passage of this law follows the arrests of two Argentine politicians on corruption charges.

The law applies to private legal entities and covers the following crimes:

  • Local or international bribery and influence peddling
  • Illegal payments to public officials
  • Illegal enrichment of public officers and employees
  • Falsifying balance sheets and reports to conceal bribery or influence peddling

Companies are liable for the above crimes whether they are committed directly or indirectly on their behalf.  A corporation may also be held liable for the actions of third parties acting on their behalf.   

The bill allows for:

  • Courts to fine companies up to five times more than the amount fraudulently obtained
  • Companies to be blacklisted from public contracts for up to 10 years
  • The lessening of a corporations punishment for self-reporting a crime discovered by an internal compliance program, the existence of a sufficient compliance program prior to the violation, entering into a collaboration agreement, among other factors       

Key Link(s):

Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Procurement Leaders: Risk Management Ranks Among Top Concerns  | Risk & Compliance Journal - WSJ

"Reducing costs ranks as the biggest priority for chief procurement officers (CPOs) around the world, but risk management, technology, and talent are also top of mind..." (Click here for the article) - North America, South America, Asia Pacific, Europe, Middle East, Africa

Compliance Officers Less Worried About Liability | Risk & Compliance Journal - WSJ

"Concerns about personal liability have lessened somewhat for compliance professionals but a survey shows they continue to be a big worry for those tasked with handling compliance for their organization." (Click here for the article) - Global

The Emergence of Compliance - A new profession? | Harvard Law School Center on the Legal Profession

"What do compliance officers, social media marketers, and 3-D designers have in common?  They are all members of relatively new specialties, attempting to carve out areas of expertise to meet the evolving demands brought on by economic, technological, business, and social change." (Click here for the article) - Global

UN expands North Korea blacklist in first U.S., China sanction deal under Trump | Reuters

"The U.N. Security Council on Friday expanded targeted sanctions against North Korea after its repeated missile tests..." (Click here for the article) - China, North Korea, USA

Federal Contractors Face New Training Requirements | Risk & Compliance Journal - WSJ

"New rules that took effect Wednesday require cleared U.S. government contractors to have in place insider-threat awareness training programs before they can handle classified information." (Click here for the article) - USA

SEC Bars Former PetroTiger GC Convicted in Bribery Case | Corporate Counsel

"Former general counsel Gregory Weisman has been suspended from practicing before the U.S. Securities and Exchange Commission more than three years after his guilty plea in the PetroTiger Ltd. bribery case." (Click here for the article) - USA

Compliance Boosts Foothold in C-Suite, Boardrooms | Risk & Compliance Journal - WSJ

"Chief compliance and ethics officers are increasingly being included in senior-level discussions about corporate strategy, showing compliance is gaining favor in boardrooms worldwide but also pointing out the challenges the function continues to face, according to a survey..." (Click here for the article) - Global

General Motors Accused of Rigging Diesel Pickup Truck Emissions | Road and Track

"A class-action lawsuit accuses General Motors of rigging emission-control systems on 2011-2016 Chevrolet Silverado HD and GMC Sierra HD pickups with GM's Duramax turbo-diesel 6.6-liter V-8 engine." (Click here for the article) - USA

Exports and End-Use | RealClear Defense

"In a report this week, Amnesty International expresses its annoyance that the US Army failed to keep tabs on more than $1 billion worth of arms and other military equipment in Iraq and Kuwait." (Click here for the article) - Iraq, Kuwait, USA

Hong Kong and Macau regulators intensity efforts against money laundering, financial crime and terrorist funding | South China Morning Post

"Hong Kong and Macau have launched simultaneous shake-ups of the systems they have in place to tackle the growing menace of money laundering, financial crime and the funding of terrorist groups." (Click here for the article) - China, Hong Kong, Macau

China's Cyber Security Law: The Impossibility of Compliance? | Forbes

"China's much-anticipated Cyber Security Law (CSL) will come into effect on 1 June 2017.  The new law is the first comprehensive law to address cyber security concerns at the national level and to some extent consolidates cyber activities captured in other laws and regulations." (Click here for the article) - China

CVS's Omnicare to pay $23 million to resolve U.S. kickback case | Reuters

"CVS Health Corp's Omnicare unit has agreed to pay $23 million to resolve a whistleblower lawsuit alleging that it took kickbacks from a drugmaker..." (Click here for the article) - USA

Unaoil Probe Threatens Oil-Sector Merger | Risk & Compliance Journal - WSJ

"An oil merger is in danger after revelations of ties to Unaoil, which is under U.K. investigation for bribery and money laundering." (Click here for the article) - UK, USA

Japan's METI Issues Updated End User List | METI

(Click here for the post) - Japan

Bank's slapped with fines for weak anti-money laundering controls | Mail & Guardian

"Several local and international banks have been slapped with administrative fines by the South African Reserve Bank, for weak anti-money laundering and combating of financing of terrorism controls." (Click here for the article) - South Africa

Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting trade compliance, anti-bribery/corruption, fraud, and due diligence news bites, from around the world.

Chief Compliance Officer Fined, Barred from Work  - Corporate Counsel

"Once again, the federal government has held a chief compliance officer personally liable for failing to stop a company's misconduct." (Click here for the article) - USA

Why Me?  What Triggers a US Customs Inspection? - More Than Shipping

"Even today, it remains a mystery - how import shipments are selected to be inspected by U.S. CBP (Customs and Border Protection)..." (Click here for the article) - USA

Industries ranked by open FCPA related investigations - The FCPA Blog

"Here are industries ranked by the number of companies that have disclosed open FCPA-related investigations..." (Click here for the article) - USA, Global

Thirty companies name Brazil in connection with FCPA-related probes - The FCPA Blog

"Of the 104 companies that have disclosed open and active FCPA-related investigations, 30 have mentioned Brazil.  Seventeen have mentioned China.  Poland and India each have three mentions..." (Click here for the article) - Brazil, China, Poland, India

New ISO Anti-Bribery Standard Gaining Traction - Forbes

"Bribery and other forms of corruption continue to plague business and society.  According to the World Bank, some $1.5 trillion is paid globally in bribes each year..." (Click here for the article) - USA, Global

DOJ Sheds Some Light on U.K. Prosecutor Assignment - The Wall Street Journal

"A top U.S. Justice Department official spent part of a speech at an anti-corruption conference in Brazil revealing some of the reasons why the department plans to send a prosecutor on a detail to the U.K." (Click here for the article) - USA, UK, Brazil