Managing Cybersecurity Threats in Latin America

A growing problem in Latin America is the prevalence of cyberattacks across the region. 

Latin America faces an outsized threat from cybercrime, with increasing attacks year over year. Cybercrime has impacted businesses, banks, infrastructure, and government agencies.

Businesses and investors in the region must carefully assess the risks associated with cybercrime in the region. This includes evaluating the vulnerability of local partners and employees. This is extremely important for protecting valuable intellectual property. 

Sophisticated Hacking Rings 

Hacking rings are a pervasive problem throughout the region partly due to Latin America’s still developing commitment to cybersecurity, which is not keeping pace with rapid technological innovations. 

Personal data and intellectual property compromised by cyber-attacks are used to exploit governments, companies, and individuals for profit, blackmail, or political reasons and often circulate the dark web as purchasable data for other bad actors. 

Several high-profile incidents have raised awareness surrounding these issues in recent years. 

Regional Highlights

Costa Rica. In 2022, the government of Costa Rica suffered a weeks-long bombardment of ransomware attacks from a Russian-based hacking group. The attacks led the Costa Rican president to declare a state of emergency after the ransomware crippled the Costa Rican Treasury. 

Brazil. Further south in Brazil, some of the most sophisticated hacking organizations actively attack companies and government institutions. Brazil’s population is particularly vulnerable to cybercrime due to high levels of internet usage, including mobile banking services and e-commerce, without the cybersecurity infrastructure and enforcement to go along with it. 

Most recently, reports of a massive data leak exposed the personal data of over 220 million living and deceased individuals. This data includes names, addresses, phone numbers, tax information, and salaries, among other things, and affects nearly every Brazilian citizen. 

Chile. The Chilean government has fallen victim to significant cyberattacks in recent years, leading to sensitive data and intelligence leaks. The ‘hacktivist’ group Guacamaya was responsible for one such attack, which exposed sensitive information relating to military, defense, and police operations. Local hacktivist groups have also targeted foreign mining firms and other companies for political purposes. 

Mexico. In Mexico, hacker organizations have attacked financial institutions, companies, and government agencies for political or social grievances and profit. Hacker groups in Mexico and throughout Latin America also contribute to the growing levels of organized crime and have been linked to cartels or hired by them for political and monetary gains. 

Venezuela. Venezuela has also become increasingly susceptible to cybercrime due to widespread social and economic grievances and the inability to pursue and prosecute cybercriminals. 

Widespread government censorship of the internet and services has driven demand for black market products. The Venezuelan government has also targeted foreign companies through cyberattacks for geopolitical purposes. 

In fact, Venezuela has been an incubator of tools for cybercriminals in the region. It has also seen an influx of cyber actors from Russia and China who seek to disrupt the United States and its agenda in the Western hemisphere. 

Targets of Cybercrime in Latin America

Virtually every citizen, government, or company in Latin America is at risk of or has fallen victim to cybercrime. However, cybercriminals have been wildly successful in their attacks against the following:

Underwhelming International Response 

Overall, the lack of cohesion between Latin American governments has led to an underwhelming response to the growing levels of cybercrime. In most countries, the legal framework prohibiting cybercrime is weak, as is the ability to enforce existing law. 

The lack of resources for training and creating cybercrime law enforcement units is a regional trend. Low international cohesion and dialogue levels have also facilitated a sluggish response to the problem. 

What this Means for Businesses and Investors 

The cybersecurity environment in Latin America poses significant risks and opportunities for companies and investors. 

As a result, companies looking to do business in or partner with local firms should conduct deep due diligence investigations including cybersecurity assessments to understand the extent of any hidden risks before investing. 

Along with establishing a robust cybersecurity program that accounts for local country risks, training employees about data security, phishing, and other cybercrime indicators is also essential. 

Finally, there are significant opportunities for cybersecurity firms, tech firms, and companies specializing in educational forums regarding internet safety and norms. As Latin American governments come to terms with the cybercrime problem, there may be increased investment into technology to combat and deter the increasing risks. 

Crypto Giant Binance’s $4.3 Billion Fine and the Need for Taking Compliance Seriously

Binance Holdings Limited, branded Binance, the world’s largest cryptocurrency exchange, agreed to pay an approximate $4.3 billion settlement, the largest in history, according to a press release by the U.S. Treasury Department on November 21, 2023. The company plead guilty to charges by the Treasury’s Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC), and IRS Criminal Investigation (CI) of engaging in anti-money laundering (AML), unlicensed money transmission, and sanctions violations. 

The settlement is part of a global agreement concurrent with Binance’s resolution of related matters with the Department of Justice (DOJ) and the Commodity Futures Trading Commission (CFTC). The resolution also includes criminal charges against Changpeng Zhao, known as CZ in the industry, founder and Chief Executive Officer (CEO) of the crypto exchange giant who “issued guidance to ‘appear’ compliant, while knowingly allowing the apparently violative activity to continue.” 

As noted in the CFTC’s complaint, “Binance and Zhao’s ethos of prioritizing profits over legal compliance” underscores how Binance’s business was run—"Its Compliance Program Was Just “For Show”.” The staggering settlement and CZ’s criminal charges are strong warnings for companies to take their own compliance programs and ethical practices seriously.

The Treasury also announced that the settlement with Binance resolves:

 “Violations of the Bank Secrecy Act (BSA) and apparent violations of multiple sanctions programs. The violations include failure to implement programs to prevent and report suspicious transactions with terrorists — including Hamas’ Al-Qassam Brigades, Palestinian Islamic Jihad (PIJ), Al Qaeda, and the Islamic State of Iraq and Syria (ISIS) — ransomware attackers, money launderers, and other criminals, as well as matching trades between U.S. users and those in sanctioned jurisdictions like Iran, North Korea, Syria, and the Crimea region of Ukraine.”

FinCEN’s settlement agreement imposes a five-year monitorship, assesses a civil monetary penalty of $3.4 billion, and requires significant compliance undertakings, including ensuring Binance’s complete exit from the United States” (from which it had been banned in 2019). 

OFAC assessed a $968 million penalty and the settlement agreement require Binance to “abide by a series of robust sanctions compliance obligations, including full cooperation with the monitorship overseen by FinCEN.”

The Treasury further stated: 

“Binance willfully failed to report well over 100,000 suspicious transactions that it processed as a result of its deficient controls, including transactions involving terrorist organizations, ransomware, child sexual exploitation material, frauds, and scams.”

Binance Ongoing Legal Issues

CZ's settlement with the DOJ includes a penalty of $50 million. He stepped down as CEO of Binance and is forbidden to have any involvement in the company. 

The settlement also includes prohibitions against his making any direct or indirect public statements that contradict his admission of guilt and acceptance of responsibility. CZ faces a possible 10-to-18-month prison sentence and his request to visit his family in the UAE has been denied twice. 

Since the settlement, the SEC has submitted a notice of supplemental authority to the court presiding over its case against Binance, highlighting similarities with the Terraform Labs case whose co-founder Do Kwon legal faced legal action for purportedly conducting unregistered securities offerings and fraudulent activities in relation to its tokens. The court ruled on December 28th in the Terraform case in favor of the SEC, finding specific tokens qualified as securities, principally because they were investment contracts. This has future implications for how crypto asset securities are assessed in the U.S.

Failing to Comply

On January 19, 2022, Binance lauded their company’s efforts in "security, regulation, and compliance,” on their company blog, announcing they had "increased our security and compliance team’s headcount by 500%, drawing in some of the industry’s best talent.” They further stated their commitment to conducting over “70 law enforcement workshops on topics related to crypto, blockchain, and combatting digital financial crime" and that they were "the first blockchain and crypto organization to join the National Cyber-Forensics and Training Alliance (NCFTA),” along with implementing key upgrades to our identity verification (know-your-customer, or KYC) processes.”

Yet, rather than leading the way in “security, regulation, and compliance,” Binance actively and intentionally failed in all regards, behaving as “bad actors” in their pursuit of profit and growth.

In September 2021, Tigran Gambaryan, a former special agent of the Internal Revenue Service—Criminal Investigation (IRS-CI) joined Binance as VP of Global Intelligence and Investigations. Tigran, whose background includes over a decade as a special agent has investigated numerous cases involving "national security, terrorism financing, identity theft, distribution of child pornography, tax evasion, and bank secrecy act violations during his award-winning career" and who led "multi-billion-dollar cyber investigations, including the Silk Road corruption investigations, BTC-e bitcoin exchange, and the Mt. Gox hack," according to Binance's own website.

Gambaryan was quoted as saying “Compliance is the first line of defense. We will work closely with our colleagues in compliance to identify criminals and refer them for prosecution…. Our goal is to increase trust in cryptocurrency by establishing Binance as the leading contributor in the fight against human trafficking, ransomware and terrorism financing. I want to educate the worldwide law enforcement community on how Binance is a partner in the fight against the illicit use of cryptocurrency.…”

So, what happened?

CZ, Binance’s founder and CEO set the tone. 

Samuel Lim, Binance’s first and former Chief Compliance Officer (CCO) is also charged in the CFTC’s complaint which states, “Zhao, and Lim have all chosen to ignore those requirements and undermined Binance’s ineffective compliance program by taking steps to help customers evade Binance’s access controls.” 

Company employees, “Binance officers, employees, and agents have acknowledged that the Binance platform has facilitated potentially illegal activities” and even joked about it, according to the CFTC’s filing. In 2019, Lim “explained to a colleague that terrorists usually send “small sums” as “large sums constitute money laundering” after receiving information “regarding HAMAS transactions” on the company platform. A coworker’s response: “can barely buy an AK47 with 600 bucks.”  In 2020, concerning certain clients Lim said in a chat: “Like come on. They are here for crime.” The response from Binance’s Money Laundering Reporting Officer (MLRO)? We see the bad, but we close 2 eyes.”

The tone at the top sets the tone for a company’s ethics (or lack thereof) and culture. In Binance’s case, this tone was set by “bad actor” senior executives.  Compliance and ethical behavior must always be a priority for businesses of any size. 

TAKE AWAYS

Binance believed that adhering to compliance and legal strictures would impede growth and cause a loss of customers and revenue. 

Binance is not the only company that views compliance this way and from the crypto exchange’s continuing legal and criminal entanglements, the lesson should be obvious. But this does not seem to be the case. Some companies consciously choose to perform the bare minimum of compliance. They either fail to note its vital importance, or resent the financial and time investment needed for successful compliance endeavors, often seeking to ignore or off-shore their compliance responsibilities to countries such as India, forgetting that the majority of FCPA and other violations involve subsidiaries in foreign jurisdictions. 

Internal departments within a company may also be resistant to following, reporting, and adhering to compliance strictures thinking it is a strain on their time, productivity, and staff. This is incorrect thinking. Compliance needs to be part of the culture of all companies and needs to start at the top. Trying to get compliance managers or staff to encourage or cajole executives and others to follow through on compliance initiatives should not be the norm. It should be expected that executives lead the way and see it as something critical to the company’s success. This “tone” needs to come from the top and be reinforced at all levels within the company in order to be effective. Compliance needs to be built in to corporate departments responsibilities and tasks rather than viewing it as an external burden.

This should also be inherent in hiring executives, starting with a Tier III due diligence investigations at regular intervals. Due diligence investigations are designed to detect hidden and undisclosed information that is not readily available in standard background checks. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues. 

Open Source Intelligence (OSINT) investigations are an important source of information in addition to publicly available records. Partnering with a third-party, non-biased global security and risk management company, is one of the integral pieces in making sure that risk is mitigated both externally and internally within a business. 

Integrity in business is key to continued success. As Deputy Attorney General Lisa Monaco stated in her remarks announcing Binance and CEO guilty pleas to federal charges in the $4 billion resolution: “Some say the key to success in the tech sector is to “move fast and break things.” Today’s actions show that if what you break is the law, there will be consequences.”

Here’s Why You Should Always Use International Background Checks When Vetting Executives

Many executives today have studied, lived or worked internationally. One of the most indispensable ways to make sure you don’t end up with legal, financial or reputational damage from your next merger or acquisition is to conduct an international background check on any executives of companies you plan to go into business with.

With the world becoming more and more interconnected, companies are expanding their operations with international collaborations as they tap into diverse markets.  This gives bad actors more opportunities to hide their illicit activities across borders… making your job of uncovering potential risks to your business even more difficult – and a lot more necessary.

Unfortunately, standard background checks miss many of the red flags that would be uncovered in an executive due diligence investigation that includes an extensive international background check.

Not only that, but conducting international background checks can be a real headache.  Every country has its own rules and laws you have to follow.  Some countries prohibit obtaining such records in the first place, making an already difficult task even more challenging.

Here’s What Could Happen If You DON’T Conduct International Background Checks

In short… a  LOT!  There may be many risks involved for you or your business.

That’s because without proper vetting, you run the risk of hiring individuals who may have a history of criminal activity, financial improprieties, or other red flags that could ultimately harm your company’s reputation and bottom line. 

If you only check an executive’s background locally, you may miss important indicators about that individual.  Every country should be checked individually to see whether an executive has any significant issues in their history such as sanction violations, criminal convictions, or not having the qualifications they are claiming such as their education, professional licenses or employment history.

Without conducting an international background check, you could miss crucial details when it comes to an executive's financial history.  Maybe they have shady dealings in their past, have violated sanctions requirements, have undisclosed debts, or financial skeletons in their closet that they obscured or failed to report to you.  These hidden surprises can blow back on you later, causing serious financial headaches and even regulatory exposures.

You might also run afoul of international or country-based regulations such as anti-corruption laws by working with a particular individual or company.  Or perhaps the executive was compliant in their business in one country but you missed the regulations they violated in another, putting your company at risk by acquiring their company or simply working with them.

The last thing you want is to find yourself on the other end of dealing with something similar to the Germany-based company Wirecard.  After Wirecard declared insolvency, it was discovered that $2.1 billion was missing from the company's accounts despite allegations from German regulators that the money never existed in the first place.  Wirecard’s CEO, as well as two senior executives, face multiple years in prison if convicted.   

Imagine if you had gotten into business with one of the executives completely unaware they were a key part of this scandal because they were able to hide their former place of employment and history.

Such background failures can also take a massive toll on your reputation.  If you’re not careful, your good name can go down the drain in a flash.  While it’s possible to bounce back from fines or regulatory breaches, when your reputation takes a hit, your company's worth could quickly devalue.  After you receive negative media coverage and your brand suffers, you can lose customers and shareholders, find yourself dealing with litigation or regulatory fines, lose some of your best employees, and lose the productivity of the ones who choose to stay.  Even recovering from reputation damage is often very costly and can take a very long time. Many companies have experienced this and it is often difficult and costly to reverse. 

This is especially true as supply chains grow increasingly complex and reach all corners of the globe.  The further down the supply chain, the greater the reputational risks become as the visibility of the executives you get into business with is decreased or may be a lot more murky.  With greater reliability on foreign markets and companies, the more places bad actor executives have to hide, or to cover up their illicit dealings.

For example, Moderna recently found itself grappling with an unfortunate scenario.  The company hired a CFO in the middle of 2022, only to swiftly part ways because his background check failed to turn up the securities reporting violations he was accused of commiting at his previous place of employment: Dentsply Sirona. 

The fallout was not just financial – although it did include a significant $700,000 hit for the CFO's salary and a subsequent dip in the company’s stock price – it also created a formidable public relations nightmare.  

While Moderna claimed they had done “appropriate” due diligence on the CFO’s background, one must ask how they failed to uncover the obvious red flags.  Commonplace background checks focus on only 4 or 5 key areas, looking at education and employment verification, alongside a criminal history review and a reference interview.  But these routine checks provide just a sliver of public information, often missing significant details - especially those that are concealed or undisclosed. 

The situation becomes even more difficult trying to piece together the history of a new executive hire or board member who has worked overseas.  Every country operates under its unique set of laws, and in certain jurisdictions, there are explicit prohibitions preventing agencies from accessing certain records.

Your company is also opening itself up to potential lawsuits from shareholders as well as liability if you fail to complete due diligence on your international background checks.  A typical standard procedure consists only of a basic international background check on executives or a surface-level scrutiny of businesses against global watch lists.  This reveals only a fragment of what the business has undertaken or the executive has participated in.

Benefits Of Conducting International Background Checks

International background checks completed with deeper-level due diligence are the best way to avoid bad actors that can leave you liable for activities that could cripple your business like bribery and corruption; often finding 30% more information than a routine or basic background check. 

Due diligence backgrounds are instrumental in mitigating the risks associated with executive fraud by providing a comprehensive and global perspective on an individual's professional and financial history.  The goal is to uncover potential red flags early on, enabling you to make informed decisions and safeguard against fraudulent activities.

By assessing an executive's compliance with laws and regulations in various jurisdictions, you can scrutinize any history of legal issues, regulatory violations, or sanctions to give you insights into any potential fraudulent or unethical behavior.

For example, imagine hiring an executive who claimed to have been working as a consultant in another country for 9 years…

Only to discover too late that they were actually in prison for felony fraud the entire time!

This is an actual case discovered by the investigators at Infortal.

International background checks are also able to root out people pretending to be something they are not.  Infortal has uncovered 100’s of cases, for example, where executives have clear relationships with State Owned Enterprises (SOEs) that are sanctioned by the U.S. 

They are also necessary to root out potential executive fraud schemes, such as violations of the Foreign Corrupt Practices Act (FCPA) your company could be liable for. 

For example, executives at Goldman Sachs Malaysia pleaded guilty to conspiracy to violate the FCPA.  These executives conspired together to pay over one billion dollars in bribes to high-ranking government officials in Malaysia and Abu Dhabi to obtain lucrative business for Goldman Sachs. In addition to these criminal charges, there was a recovery of over $1 billion in assets associated with and traceable to the money laundering and bribery scheme. Imagine the damage to the reputation of Goldman Sachs in this situation.

Such cases of fraud, embezzlement, or other financial crimes would not be found through a standard background check.  

Verifying an executive's educational and professional credentials on an international level ensures that the information you have on the executive is accurate.  Inconsistent or fabricated credentials can be indicators of potential fraudulent behavior.

Additionally, an international background check often includes a behavioral analysis of an executive's past behavior and whether leadership issues may exist, including harassment.  This can help you identify any patterns that may indicate a predisposition to engage in fraudulent or egregious activities after you hire them.

Conducting international background checks not only mitigates your reputational risks, it also demonstrates your commitment to due diligence - which builds trust with your stakeholders, including clients, partners, investors, and the public.

It helps you ensure compliance with global legal and regulatory standards to steer you away from potential legal troubles, reinforcing your reputation as a responsible business entity.  And it lets global stakeholders know you are committed to integrity and responsible business conduct: fostering trust and positive relationships around the world.

Why You Should Choose Infortal For Your Background Checks

Infortal is a licensed investigative company that specializes in due diligence investigations – a much higher bar than a standard background checking operation.

Infortal not only has 38 years experience conducting extremely accurate international background checks, but we also offer a double guarantee when it comes to the accuracy of our information.

Not only do we 100% guarantee that we are conducting the background check on the right person, but we guarantee that the information our sources provide will be 100% correct.

This industry leading guarantee ensures that you are easily able to position yourself with a positive and reputable global image and shows that you have a commitment to ethical business conduct, risk mitigation, and the protection of stakeholders' interests.

The unique life experiences of the Infortal staff brings decades of international expertise and travel to work for you whenever you need a thorough international background check that ensures you’ve covered every possible basis. 

As the CEO of Infortal Worldwide, Candice Tal is instrumental in helping companies navigate risk and optimize operational success for their business, employees, and assets.  With over 30 years of expertise in the investigative field, she is widely recognized as a leading subject matter expert in global due diligence investigations.  Candice's insights have been featured in various media and business publications, and she has made significant contributions to the compliance industry's foundational book, The Compliance Handbook.

As the Vice President of Global Compliance & Investigations at Infortal Worldwide, Chris Mason is at the helm of the International Investigations Team.  His role involves collaborating with clients to orchestrate due diligence investigations, and streamlining pathways for private equity investment, M&A transactions, and the global expansion of businesses.  As a licensed attorney with a CAMS certification and more than a decade of experience specializing in investigating financial crime, Mr. Mason has contributed his expertise while working as Chief Economist of the International Investor Program (DHS) and was subsequently VP Anti-Money Laundering (AML) at a distinguished global investment bank.

In his capacity as the Director of Geopolitical Risk at Infortal Worldwide, Dr. Ian Oxnevad heads the firm's Geopolitical Risk Intelligence & Analysis initiatives.  Dr. Oxnevad's insightful Geopolitical Risk perspectives serve as the guiding force for Infortal Worldwide's Geopolitical Risk training program, due diligence investigations, and advisory services on global risk intelligence. Combining his background as a political scientist and political economist, Dr. Oxnevad skillfully intertwines economics with security studies to evaluate a spectrum of issues, including geopolitical risk, economic warfare, intelligence, terrorism, corporate espionage, and money laundering.

Infortal works with all industries, and specializes in high tech as well as biotech and big pharma, the medical device industry, financial institutions, banks, AI and robotics companies.

Our Searches Are Different

At this point, the question you may be asking yourself is: what makes an international background check from Infortal so different? 

The simplest answer is that Infortal goes above and beyond a simple background check.  Our investigations start where public records end.  Public records are also limited outside of the US.  We start by conducting a keyword search of around 30 red flag keywords that searches through tens of millions of online records for anything that looks fishy.  But that’s just the beginning.

We next conduct deep dive due diligence using Open Source Intelligence (OSINT) inquiries which go much further than publicly accessible records.  This delves into the deep, dark and historical data of the internet that goes far beyond basic Google searches.  In fact, Google only covers a small fraction of what’s actually available on the Web.

The OSINT process assesses criminal history, financial and legal matters, civil litigation, relationships and affiliations with other business or government entities, reputation concerns, ties between executives and foreign officials, involvement with shell companies, indications of fraud, traces of money laundering, financial irregularities, conflicts of interest, and more.  It goes far beyond a linear public records check. We also look at what information is missing.  What should be there that is not easily found?

But we don’t stop there.  That’s because a thorough international background check requires the use of local resources.  Conducting a search using the language of a given country often yields much different results than simply running the search in English.  In fact, certain countries like China and Russia even have their own version of the internet and this must be taken into account.  Our boots on the ground local contacts in 160 countries give us a much more accurate perspective of what’s really going on with the executive who spent time working there.  We can even conduct interviews with the people overseas they have purported to work with.

The data obtained through our deep due diligence investigations in the international background check process is irreplaceable, offering a shield to companies against executive malfeasance, reputational harm, regulatory fines, penalties, and potential legal challenges. 

Executive due diligence, distinguished for its meticulousness, provides additional assurance in fulfilling your board of directors’ fiduciary duty of care and has the capacity to unveil indispensable information that standard background checks will most likely fail to detect.

If you would like to further explore the intensive process used by Infortal with every background check, you can read a further summary of it here.

If you have questions about a specific type of situation or want guidance on different levels of due diligence feel free to Contact Us.

We would love to speak with you about your specific due diligence investigation needs and offer a complimentary consultation which you can book here.

The Resurgence of Pre-Suez Canal Shipping Routes and Its Economic Implications

Pre-Suez Canal Shipping Routes

The maritime shipping industry has been the backbone of global trade for centuries, with technological and infrastructural advancements steadily reducing costs and shipping times. However, geopolitical tensions and missile attacks from Iran-backed Houthi rebels in Yemen have forced modern shipping giants such as Maersk to take a step back in time, and adopt logistical strategies reminiscent of the pre-Suez Canal era. 

Navigating Around Africa: A Costly Detour

The Suez Canal, a vital waterway connecting the Mediterranean Sea to the Indian Ocean via the Red Sea, has been a critical route for the efficient movement of goods between East Asia and Europe since 1869.  Modern Eurasian maritime shipping is nearly unthinkable without this open link in Egypt.  

However, recent missile and drone attacks on commercial shipping from Iran-backed Houthi rebels in northern Yemen have sent modern merchant lines back in time.  Now, cargo carriers traversing in the Red Sea have to re-route around Cape of Good Hope to reach the Straits of Gibraltar. This new-old route circumventing Africa has not only extended delivery times, but also caused a dramatic rise in shipping costs due to energy and insurance prices. 

The immediate effect of rerouting away from the Suez Canal is the significant increase in the distance that cargo ships must travel. This detour results in higher fuel consumption, greater operating costs, and the need for more prolonged periods of manpower, all of which contribute to a surge in the overall cost of shipping. Consumers used to short delivery times, and retailers accustomed and “just in time inventory” are facing higher costs all around. 

Climbing Shipping Costs: The Ripple Effect on Global Trade

Adversities faced on the shipping front have had a considerable impact on business. Shipping routes connecting Asia with the United States, seemingly unrelated to the Eurasian shipping conundrum around the Sea, have seen costs rising by 55%.  For routes that connect Asian and Northern European ports, shipping lines, now grapple with container costs that have soared to more than 170% of what they were prior to Houthi attacks. 

The compounded effect of these changes is profound. It affects trade balances, prompts a reevaluation of sourcing strategies, and may even lead to a further push for regionalization or localization of supply chains. The hopes for a return to more secure and cost-effective shipping routes rest on the resolution of geopolitical conflicts; until then, businesses must adapt to a new, turbulent normal in maritime trade logistics.

Geopolitical Tensions and Private Sector Responses

The changing face of global geopolitical tensions is prompting shipping companies to reassess their risk management and strategic planning. The attacks carried out by the Houthi rebels underscore the vulnerability of key maritime routes and highlight the necessity for shipping companies to remain nimble and responsive to emerging threats. The Houthis, wielding the power to disrupt the flow of commerce through the Red Sea, have become a focal point for maritime security concerns. Combined with the Ukraine war and sanctions on Russia, Eurasian trade is threatening to be severed due to geopolitical risk

Investors' Outlook Amidst Maritime Uncertainty

Amidst the backdrop of uncertain maritime logistics, investors are keenly observing the industry's capacity to handle disruptions. In a surprising twist, some financial analysts are perceiving these challenges as opportunities for growth and profitability within the shipping sector. Some institutional portfolio investors are showing agility and expertise in managing such complex scenarios might appear more attractive to investors seeking resilient business models.

For example, Goldman Sachs has revised upwards its financial outlook on Maersk's shares.  The logic behind this short-term positive outlook is based on the assumption that Houthi attacks will be quickly resolved by diplomacy or military deterrence thanks to Operation Prosperity Guardian.  Should attacks and the Africa reroute continue for a year, this new shipping lane will lead to significant inflationary pressure on top of an already stressed global financial system.  These pressures could be catastrophic to retailers and manufacturers in Europe and Asia, and adversely affect portfolio investors farther afield. 

The ongoing situation in Ukraine and the resulting sanctions on Russia have drastically altered traditional trade routes and relationships, effectively severing Eurasian trading ties. This strategic bifurcation has sent ripples through supply chain networks, prompting companies to seek alternative routes and partnerships to maintain the flow of goods. 

The tension between the involved nations—Russia, Iran, China—and the West poses a significant risk to the stability of the global economy.

Strategies for enhancing business agility might include the following:

Want to learn more? Check out our Global Risk Certification course today!

Geopolitical Risk for Executives in China

Conducting geopolitical risk assessments before considering entering China is critical to protecting your firm and employees.   

A Growing Risk for Foreign Businesses and Executives in China 

China under Xi Jinping has presided over a regulatory crackdown against foreign businesses that has accelerated recently, leaving foreign business executives and investors at risk. The Chinese Communist Party has expanded control over China’s business sector as the government turns increasingly authoritarian. 

The fallout from the COVID-19 pandemic and heightened tensions with the West and China’s neighbors have resulted in far more stringent and aggressive actions from Beijing that target foreign companies and the private sector. Understanding the risks of this shift and how they may affect the safety and security of business operations and personnel is paramount for foreign firms operating in the country.  

China’s Targeting of Business Executives 

China has increasingly arrested foreign executives and employees and raided the premises of Western companies operating within the country. China has arbitrarily detained foreigners and Chinese citizens alike, while others have simply disappeared. Several high-profile cases, such as the disappearance of Chen Shaojie, the chief executive of the Chinese live-streaming platform DouYu, have highlighted this. Shaojie’s disappearance occurred after receiving scrutiny from China’s internet regulator. He joins a growing list of business executives to disappear in China over the last decade

Detentions have also been linked to geopolitical events and competition between China and its biggest geopolitical competitors. For example, after spending three years in custody, two Canadian businessmen were released back to Canada in 2021.  China’s detaining of Canadian nationals following the arrest of a Huawei executive in Canada based on a US-issued warrant. 

Chinese authorities denied a relationship between the arrest of the Canadian businessmen in China and the arrest of the Huawei executive in Canada; however, the timing of the arrests and releases coincided with that of the Huawei executive. This is not an isolated incident, as China has been accused on numerous occasions of a practice known as hostage diplomacy, where foreign nationals and executives are detained during geopolitical spats with their host countries and used as leverage for their advantage. 

Tightening Legislation 

In April 2023, China updated its counterespionage laws, stipulating that “all documents, data, materials, and items related to national security and interests” are under state secrets protection. The updated law does not specify what classifies as national security.  China’s authoritarian system makes arbitrary seizures and arrests of foreign professionals likely, while new regulations designed to centralize state power render foreign businesses at significant risk. 

In 2021, China also enacted a new data security law and the “personal information protection law,” which has bolstered uncertainty regarding data transfers, particularly of firms operating in China sharing data with entities outside the country. Like the new counterespionage laws of 2023, the legislation cites national security concerns loosely, leaving confusion around how to safely navigate data policy without receiving scrutiny from authorities. 

Who is Most at Risk 

Since early 2023, several foreign due diligence and consulting firms have been targeted by Chinese authorities under the auspices of national security concerns. 

PRC security forces have raided the offices of several US companies, leading to questioning, property confiscation, and the detention of local employees. Think tanks and due diligence firms such as the Mintz Group, Bain and Company, and Capvision have been targeted due to concerns regarding the alleged sharing of sensitive data and intel about Chinese firms, the economy, and institutions it views as compromising to its national security. 

International firms of this nature operating in China are at risk of increased surveillance, investigations, raids, and detentions of employees by Chinese authorities based on loosely defined and applied data security and counterespionage legislation. 

Though any foreign company operating in China faces risks, certain industries should operate with extra caution: 

Economic Impact of Emerging China Risk 

China is losing investor confidence, and foreign direct investment is falling. Targeting of foreign executives and businesses and heightened geopolitical risk and risk associated with pandemic fallout have left the international investment community hesitant to funnel resources to China. In fact, 2023 saw a rare decline in foreign direct investment in China. 

Confidence in the Chinese market has been dampened significantly by the growing number of detentions and disappearances of business executives. Travel bans and office raids have also led to concern for foreign firms operating in the country. This has led to concern from firms and investors for their employees, data, and intellectual property security, which have been frequently violated due to evolving legislation.

Supply chain volatility has risen, particularly after China’s stringent COVID-19 policies. Concerns over China’s future in the region, particularly regarding its relationship with Taiwan, pose risks to foreign businesses (particularly those from adversarial nations). Looking forward to a potential conflict with Taiwan, foreign companies must weigh the risks associated with doing business in China, given a conflict with Taiwan, and what this would mean for their operations and supply chains. Growing discontent with China’s treatment of Uyghur Muslims in Xianjiang Province and potential economic sanctions and other punishments from the international community also pose risks to supply chains and foreign nationals and companies. 

What to Know

Despite the recent risks highlighted above, China remains a significant economic market with a concentration of American and other international firms operating in the country. Before establishing a presence in the country, understanding the risks posed directly and indirectly to your company and executives is critical. 

You should arm your leadership team with a deep understanding of the region by conducting a country risk analysis related to your proposed operational plan. Going through this exercise may even open up other opportunities or locations for your business that will allow you to minimize your risk exposure.   

Is Your Firm at Risk? New Restrictions on Outbound Investment

In August of 2023, US President Joe Biden signed an executive order (EO) establishing new outbound investment regulations targeting Chinese development of certain technologies deemed to be risks to US national security. 

The order gives the Department of the Treasury oversight into US investors seeking to fund Chinese firms involved in developing sensitive technologies, including semiconductors, artificial intelligence, and quantum computing. The initiation of this executive order has opened the path to more formal restrictions on outbound investment, including the potential creation of a new outbound investment regime in the United States. This follows a growing trend among Western countries looking to maintain advantages over geopolitical rivals by controlling or diverting investment flows from their jurisdictions, particularly into the tech and energy sectors. 

President Biden’s Executive Order 

President Biden’s executive order, signed on August 9, 2023, establishes regulations for certain types of investment into the development of artificial intelligence tools, quantum information technology, semiconductors, and other microelectronics in ‘countries of concern.’ Currently, the only country explicitly mentioned in the order is the People’s Republic of China (PRC) and the Chinese-administered regions of Hong Kong and Macau. The Biden administration has earmarked the development of these sectors by China and Chinese firms as an ‘extraordinary threat’ to US national security interests due to their ability to advance warfighting, intelligence, and cyber capabilities. 

Furthermore, this order mandates that US individuals provide notification of information regarding certain transactions with foreign entities/individuals covered under these interests. It also prohibits certain transactions involving ‘covered’ foreign persons outright.  While these restrictions currently only target investments into certain Chinese entities, these restrictions will likely grow to include other countries and jurisdictions deemed threatening to national security. 

These new restrictions give the Secretary of the Treasury jurisdiction to prohibit certain outbound investments and require notification for others to preserve US strategic advantages over geopolitical foes. Being amongst the first of its kind, this executive order was open for public comment after its initial announcement in August.  Formal regulations include specific definitions of industries and products deemed threats to US National Security and will likely evolve in the coming months and years. 

The Future of Outbound Investment Regulations 

As the US rolls out these new regulations about outbound investment, other US allies are likely to consider similar policies. For example, the UK and other European countries have also signaled concern over China’s development of sensitive technologies and have begun to consider regulations and outbound investment regimes following Biden’s executive order. 

Many European countries share national security concerns over China’s ability to develop sensitive technologies that may bolster their warfighting capabilities, especially concerning their relationship with Russia. Growing fears over humanitarian issues in China, such as its treatment of Uighur Muslims in Xinjiang Province, have also raised concerns over the destination of outbound investment. 

The US Congress has debated in both the House and Senate the future of outbound investment beyond those established by the executive order. Currently, there is no formalized regime for reviewing outbound investment as there is for inbound foreign investment. However, Congress will likely build on the current legislation, expand the manifestation of geopolitical risk screening in business practices, and establish a more formal review process for specific transactions. 

China is the only ‘risky jurisdiction’ defined by the executive order; however, as legislation around this issue grows, new jurisdictions, products, and industries will likely be targeted by outbound investment restrictions. 

What This Means for Investors 

Current geopolitical tensions threaten to polarize world powers further. War in Ukraine and China’s ambitions for territorial expansion and commercial dominance threaten the national security of the United States and its allies. Understanding this, the US and its allies have proposed and enacted sanctions and other regulations targeting individuals, companies, and industries worldwide, which threaten their capability to maintain military and economic superiority. 

Investors should understand that as geopolitical tensions continue to rise, overseas commercial and economic activities will be subject to heightened scrutiny from government institutions. This is especially pertinent to those heavily involved in the tech industry in artificial intelligence, cybersecurity, and semiconductors. Other sectors, such as (but not limited to) financial services, should also engage in heightened due diligence work to ensure they are ahead of and compliant with current and upcoming legislation about outbound investment. 

More profound economic implications of outbound investment controls may also hamper future investment opportunities, particularly in risky jurisdictions. Industries not directly affected by outbound investment regulations may have added difficulty operating in China and other potentially targeted regions. For example, geopolitical tensions between China and other countries have led to Chinese officials targeting foreign firms and executives in retaliation. This may continue to occur as they lose foreign investment in valued industries. 

Implications for De-Risking and Liability 

The Biden administration’s EO limiting investment in China is not confined to his tenure in office but is the latest development in how the federal government responds economically to geopolitical multipolarity.  Recent statements by Deputy Attorney General Lisa Monaco to the American Bar Association this past March, in conjunction with Biden’s EO, indicate the greater complexity and liability facing US companies seeking to invest abroad and adapt their supply chains.  

Traditional American business culture faces an increasing need to adapt and implement new training and due diligence practices to avoid rapidly emerging liability and regulatory restrictions due to geopolitical risk.  Companies can no longer look the other way. This is frequently emphasized at the Federal level, with significant implications for US companies operating abroad. 

The Risks of Terrorist Financing and Money Laundering

Terrorist Financing and Money Laundering

 

The recent terrorist attacks carried out by Hamas in Israel have raised concerns globally about terrorist financing and money laundering. Given the subsequent conflict, regulators will undoubtedly look more closely at the financing of Hamas and other terrorist organizations in the region, such as Hezbollah.  Hamas is a designated terrorist foreign terrorist organization by the U.S. Department of State.

Accordingly, firms need to examine their potential risk exposure.  You do not want to help facilitate terrorist financing unknowingly.   

Although terrorist financing mostly occurs in the shadows, it can also hide in plain sight. 

Terrorist organizations use a variety of tactics to move capital, including: 

Governments around the world have sought to combat the financing of terrorist activity in a variety of ways with a focus on increased regulation and enforcement. International sanctions regimes have also aimed at curbing the financing of terrorism. 

Despite these efforts, individual companies must understand the risks and their role in thwarting terrorist financing and money laundering. Failing to implement the proper controls and due diligence techniques can lead to inadvertently facilitating terrorist financing, which can bring on a tremendous amount of liability and reputational risk.  

 

The Hamas Financing Network 

Hamas’s global financial network displays the importance of vigilance against terrorist financing and money laundering, even in areas that are far displaced from the region, including the United States. 

Hamas raises funds in a variety of ways, including taxation of imports into Gaza, individual investment portfolios of top leaders, and diverse investment portfolios for the organization itself, which is estimated to be worth between $500 million and $1 billion USD with significant assets in Turkey, Sudan, Saudi Arabia, Algeria, and the United Arab Emirates among others. Hamas is also known to receive monetary and material support from Iran, which some estimate to be worth over $150 million per year.

Hamas additionally has an extensive global fundraising and political advocacy network that includes the United States. Hamas’s network in the United States dates back to 1988 with the formation of the Palestine Committee. Since then, the Palestine Committee has been divided into several organizations responsible for political advocacy, propaganda, and fundraising campaigns. 

The FBI has levied numerous investigations against pro-Hamas campaigns in the United States, which have led to the prosecution and deportation of Hamas operatives. Nevertheless, Hamas’s network in the United States remains intact, posing risks to financial institutions and firms providing financial services. 

As the issue of the Hamas-Israel war becomes more polarizing in the United States and throughout the Western world, firms must maintain strict due diligence and compliance processes to avoid any negative implications stemming from enabling terrorist financing of Hamas and other like-minded groups.  Due diligence investigations on third party suppliers will help to minimize inadvertently engaging with terrorist financing activities.

The US Department of Treasury Financial Crimes Enforcement Network (FinCEN) has recently issued an alert regarding Hamas, which can be found here. 

After the recent October 7 Hamas attack in Israel, the US has announced multiple investigations into supporters of the group in the US.  Additionally, because Hamas enjoys support across multiple countries otherwise removed from the direct Hamas-Israel conflict, the risks posed to financial institutions globally are severe. 

 

Who is at Risk? 

Terrorist financing and money laundering are global problems but pose higher risks to firms operating in or near areas with continued political and social unrest, combat areas and their neighboring regions, countries with increased rates of terrorist and extremist activity, and countries with weak financial and regulatory institutions.  This includes countries where the terrorist group may not be attacking, but where it enjoys levels of support among the population.

In addition, the following industries have higher risk exposures to money laundering and terrorist financing: 

 

Banks and Financial Institutions Face Heightened Risks 

Several international banks and financial institutions have been implicated in empowering significant money laundering and terrorist financing in recent years, highlighting the growing importance of customer due diligence and stringent AML/CFT controls and compliance. 

In 2015, Kuveyt Bank from Turkey was sued by the family of a teenager slain by HAMAS for allegedly providing financial services to entities tied to HAMAS. Though these claims were never settled in court because the plaintiff accepted a settlement offer, this case shows the reputational and financial implications associated with terrorist financing. 

Likewise, in 2012, US authorities alleged HSBC’s involvement in money laundering for drug cartels in Colombia and Mexico and terrorist organizations linked to Iran led to the bank paying over $1.9 billion USD in fines. The Bank’s performance fell drastically in the following years due to customer, investor, and legal backlash, leading to plummeting stock prices and lasting reputational damage. 

Kuveyt Bank and HSBC are just two examples of financial institutions implicated in money laundering and terrorist financing schemes, which have faced international backlash from investors, customers, and lawmakers. They show the growing importance of stringent customer due diligence and the need for robust AML/CFT controls and compliance. Establishing these is important to ensure corporate ethics are instilled in one’s company and to avoid catastrophic consequences from enabling criminal activity.

 

Combating Risk

It is much better to be solving risks before they start™. 

Successfully combating money laundering and terrorist financing begins with creating robust due diligence and compliance frameworks. 

US businesses can do this by establishing regular assessments regarding vulnerabilities related to customers and suppliers, conducting customer due diligence investigations, and assessing risks associated with the geographic location of business operations. 

Businesses can also invest in monitoring systems that flag risky or abnormal customer transactions and have clear protocols for handling suspicious activities. Corporations should be up to date with current AML/CFT programs and be aware of sanctioned individuals, companies, and states. Cooperation and relationships with law enforcement agencies regarding AML/CFT programs and concerns can also help keep your company ahead of potential risks. 

 

China is Cropping Up on US Soil

China is Cropping Up on US Soil

American lawmakers on both sides of the aisle have increasingly expressed concerns about  foreign investment in the US agriculture industry, including purchasing farmland. Although the  increasing criticism may seem like an overreaction because foreign investors own just 3.1  percent of all US farmland (as of 2021), significant strategic factors must be considered if the US  continues to allow the continued increase in foreign ownership. The ownership of critical assets  and areas of farmland allows for leverage over food supplies and international markets.

Between 2009 and 2019, foreign ownership of American farmland nearly doubled. During this  time, Chinese investment in American farmland grew nearly tenfold as the Chinese Communist  Party (CCP) was more and more proactive in encouraging investment in the US agricultural  market. With increased ownership comes increased market influence.  

Why Is China Hungry for US Land? (see report)  

Over the past several years, China has faced increasing food instability due to various factors,  including a lack of arable land. Despite having a comparable land mass to the United States,  China possesses nearly 100 billion fewer arable acres. Considering China is the most populous  country in the world, this deficit is already crippling.  

The amount of farmable land in China continues to be at risk of shrinkage as it is converted to  account for rapid urban growth. Pollution has worsened as China has urbanized and threatens the

available land. The Chinese Ministry of Ecology and Environment reported in 2018 that  approximately 15 percent of groundwater was unusable. This is exacerbated by the Ministry of  Land and Resources data, which suggests nearly 20 percent of China’s agricultural land had  contaminated soil.  

Economically, China has prioritized urban growth through its 14th Five-Year Plan. Accordingly,  flight from the agricultural sector has resulted from its focus on industrialization and  urbanization.  

Additionally, the farming demographic in China is aging out, as young people are incentivized to  pursue more white-collar positions in cities. Compounding the flight from the agricultural sector  is the relative success of China’s economic strategy. China’s middle class has grown  substantially, and with it, the taste for more expensive foods. The meat industry faces higher  demands, and the Chinese have failed to keep up with the increased interest.  

Adding to this stress are natural disasters, pests, diseases, and pollution that continue to wreak  havoc on China’s food industry. Recent breakouts of African Swine Fever have devastated the  pork industry. Also, the fall armyworm, which feeds on over 80 different types of crops, has  decimated provinces across the country since 2019. When these pests and diseases are paired  with record flooding due to global environmental changes, China’s agricultural sector simply  cannot keep up with the demands of its booming population.  

Domestic pressures have pushed the Chinese government to look abroad, and Beijing has turned  to investing in foreign lands worldwide to help stabilize and subsidize its local market.  

A Blight on American Industry?  

High-profile purchases like the WH Group’s acquisition of Smithfield Food in 2013, the Fufeng  Group’s purchase of land near a North Dakota air force base in 2022, and Chinese billionaire  Sun Guangxin’s attempt to build a wind farm on hundreds of thousands of acres in Texas near  yet another Air Force base in 2021 have lawmakers raising their hackles over perceived threats to food supply and national security.  

How much of a risk are these acquisitions, and how are they monitored?  

It is worth noting that both projects near the Air Force bases in North Dakota and Texas were  halted over security concerns. The Committee on Foreign Investment in the United States  approved the Smithfield acquisition and has not publicly been found to cause any security  concerns. Furthermore, in the case of Smithfield, which primarily facilitates the production and  processing of pork, most of the land owned by the company is not necessarily arable farmland,  according to the CATO Institute.  

Smithfield has come under fire from politicians for its extreme consolidation along the supply  chain and vertical integration, which could have economic ramifications for US businesses  looking to be competitive at every level. However, regarding the threat to food supply, the  Center for Strategic and International Studies suggests that these purchases and the Chinese

ownership of farmland in the United States do not pose a significant risk to food stability in the  US. The low degree of threat comes from the fact that China owns only a tiny portion of  available farmland in the US.  

Sowing its Seeds  

According to a report by the US-China Economic and Security Review Commission, the  acquisition of US farmland has potential national security ramifications, regardless of the  location of the land being purchased. By involving itself heavily in the US agricultural sector,  China has put itself in an excellent position to benefit from American technology and other  intellectual property.  

This report indicates that China has historically shown interest in obtaining US intellectual  property in the agricultural sector through illicit channels like IP theft and physical seeds.  However, integrating Chinese-owned farms into the American agricultural sector would likely  simplify Chinese acquisition of advanced American technology.  

For example, agricultural technological developments, such as genetically modified (GM) seeds,  are in high demand because of changing environmental factors and food insecurity around the  globe. GM seeds mitigate risks surrounding droughts, disease, and pests and offer an increased  yield per acre of arable land. This resistance and productivity reduces the land needed to  produce sufficient crops. In short, GM seeds appeal to a Chinese state ridden with agricultural  insecurity and lagging behind US innovation.  

Stabilizing China’s food production capacities is not the only consequence of American  technology falling into Chinese hands. Chinese possession of GM seeds and specific agricultural  IP could pose serious military risks. The US-China Economic and Security Review Commission  suggests that GM seeds and IP are subject to reverse engineering, which could allow nefarious  actors to unlock blights and bioweapons based on the genetic material available. This is  particularly concerning because GM crops are by nature minimally varied, meaning that any type  of bioweapon or disease could more easily wipe out entire crop populations. Chinese acquisition  of this technology could allow the country to stabilize and increase its crop production. It could  fuel a dangerous conflict spiral between significant powers and heighten the risk of  bioterrorism.  

The Seeds of De-Risking  

Although foreign acquisitions of US land are monitored by the USDA and subject to further  approval by the Committee on Foreign Investment in the United States, businesses in the  agricultural sector should take extra steps to consider their business partners and potential  buyers.  

The concept of “knowing your customer” (KYC) due diligence so frequently applied to banks  can also apply to agriculture. Because USDA data relies entirely on self-reporting, American  business owners in the agricultural sector must look for warning indicators and risks surrounding  investors, buyers, and partners. This obligation includes knowing whom you do business with at

the personal and corporate levels. Due diligence on prospective business partners in this sector is  becoming more important.

Screening individuals for foreign political ties, ties to State Owned Enterprises (SOEs), major  criminal organizations, intelligence agencies, or front organizations reduce reputational risk from  partnering with entities that may draw scrutiny and scandal.  

This kind of in-depth screening requires more than a background check. It includes checking and  interviewing sources abroad, data mining social media posts, and employing skilled investigators  with sophisticated OSINT (Open Source Intelligence) techniques to identify imposters and bad  actors.  

As an agricultural vendor in the US, being approached by a business interested in land near  sensitive US military sites offers a clear warning indicator of potential risk.  

The location of your assets, such as proximity to military sites, can inadvertently expose your  company to legal and regulatory liability and potential violation of national security laws if you  sell to a bad actor.

Knowing the companies you sell to is another level of risk mitigation that goes beyond basic  investigation. This kind of sophisticated screening involves intelligence gathering to know the  background of your partner company, its beneficial ownership, and motivations.

For companies selling agricultural assets to Chinese buyers, intelligence and due diligence  investigation is just good business.

Specialty Chemical Manufacturer Albemarle’s Fined $2.8 million to Settle Global FCPA Violations

Albemarle’s Fined $2.8 million

Albemarle corporation, agreed to a $2.8 million payment in penalties and disgorgement to the Securities and Exchange Commission (SEC) and Department of Justice (DOJ) to settle Foreign Corrupt Practices Act (FCPA) violations related to bribery in Vietnam, India, and Indonesia. According to the DOJ, Albemarle conspired to pay bribes to government officials in these countries between 2009 and 2017 through its third-party sales agents and subsidiary employees, to obtain and retain chemical catalyst business with state-owned oil refineries, resulting in around $98.5 million in illicitly gained profits.

Albemarle agreed to the SEC’s findings and to a cease-and-desist order against future FCPA violations, along with agreeing to pay more than $81.8 million in disgorgement and over $21.7 million in prejudgment interest, totaling more than $103.6 million.

In a parallel action, Albemarle entered into a three-year non-prosecution agreement (NPA) with the DOJ, agreeing to pay a criminal penalty of approximately $98.2 million and around $98.5 million in administrative forfeitures. The DOJ credited $81.8 million of the forfeiture against disgorgement for “its substantial cooperation and extensive and timely remediation pursuant to” Division Corporate Enforcement and Voluntary Self-Disclosure Policy.

Initiating the first FCPA application of the Compensation Incentives and Clawbacks Pilot Program announced earlier this year, the DOJ agreed to a penalty reduction for $763,453 in bonuses withheld from qualifying employees by Albemarle. The DOJ further stated that Albemarle disciplined “employees involved in the misconduct, including terminating eleven employees and withholding bonuses from sixteen employees.”

According to an internal SEC administrative order, Albemarle was charged with violating the FCPA’s anti-bribery, recordkeeping, and internal accounting controls provisions.

Investigations first started in back 2018 when Albemarle self-disclosed FCPA scrutiny. 

While Albemarle had centrally coordinated compliance, internal audit functions, contracting, legal, and finance, it sold catalysts through sales offices and third-parties in Indonesia, Vietnam, and India, as well as the United Arab Emirates (UAE) and China. 

Albemarle was purportedly well aware of the risk of bribery. The SEC findings report and inhouse audits conducted by Albemarle starting in 2013 identified numerous red flags and compliance gaps in their reliance on third-party agents and distributors in their Refining Solutions area. “For example, sales agents and distributors were paid: despite incomplete due diligence; despite a lack of an executed contract; despite having a contract that lacked required anticorruption provisions; and at rates higher than those provided for by contract – all in contravention of Albemarle’s policies and procedures.” Albemarle also failed to obtain reports of their agent's sales activities, backdated various agreements and reimbursed vague, unsupported and extra-contractual expenses.

According to the SEC, “Albemarle sold refinery catalysts globally through agents and distributors approved by Albemarle sales, business, legal, compliance, and finance personnel and management.” 

Albemarle undertook some effort to closing compliance gaps by hiring compliance personnel, reducing the number of sales agents and distributors without contracts, and implementing software to assist in third-party onboarding and contracting. According to the SEC, “it failed to devise and maintain a sufficient system of internal accounting controls with respect to commission rates and deviations from contracted rates.”

It's well known by the regulators that 90% of FCPA violations are prompted by third-parties and third-party business providers. These are often concerned with a company’s downstream supply chains and the companies themselves within foreign locales. What can be acceptable, or even legal, in one country, may not be legal elsewhere, and there is no reduction of a company’s legal responsibility if they have management or financial activity in the US.

The Albemarle enforcement once again highlights the need for strong compliance programs and Tier III human and business due diligence investigations to mitigate risk, especially when it comes to third-parties and foreign subsidiaries and agents. Thirty-five percent of third-party vendors have corruption related issues. 

Albemarle, as the SEC remarked, "failed to devise and maintain a sufficient system of internal accounting controls with respect to commission rates and deviations from contracted rates...despite certain Albemarle personnel having knowledge of red flags indicating the agents would use a portion of the commission to make bribe payments….” In some quarters, certain parties appear to have been willing to take the risk. 

The lesson here is the critical need for companies to partner with an independent, unbiased global security and risk management company capable of providing a business with a comprehensive analysis of all available public record data, supplemented with detailed in country field investigative intelligence to identify known, and more importantly, unknown conditions, and provide clear recommendations and actionable steps. There is something to say about the adage “not leaving the fox to guard the henhouse.” 

To discuss how to protect your business from FCPA violations, or to assess third party risk, reach out to Infortal here.

 

Poland: A Power Player on Europe’s Eastern Front

Poland Europes eastern front


As the conflict in Ukraine continues, Poland has played an increasingly important role in  mitigating tensions along NATO and the EU’s easternmost flank. Although Poland, Latvia,  Lithuania, and Estonia have jointly made-up Europe’s eastern front as NATO allies and members  of the EU for nearly 20 years, the strategic importance of their location has come to light as  concerns over Belarus’s alliance with Russia and the status of Kaliningrad, the Russian exclave  on the Baltic Sea which borders both Poland and Lithuania, are mounting.  

Where Ukraine had previously provided a buffer between Russia and the rest of Europe, the  conflict there has catapulted Poland to a new position of relevance and power in safeguarding  Europe against Russian and Belarusian aggression.  

Historical Importance 

Historically, Poland is no stranger to the importance of borders. Changing borders and rotating  sovereignty have informed much of Poland’s modern existence. In fact, Poland ceased to exist  entirely between 1795 and 1918 after being divided between the Kingdom of Prussia, Austria,  

and the Russian Empire. Between 1918 and the end of the Second World War, Poland’s territory  was constantly in flux due to fighting with the Soviet Union, separatist groups, and the looming  threat of Germany to the West, which ultimately annexed much of Poland by the end of the war. 

Most recently, however, Poland played a role on the other side of things as one of the  westernmost members of the Communist bloc during the Cold War. 

These historical factors have left Poland torn between the East and West; both are aware of the  influence of national borders and familiar with the complicated question of what it means to be  European. Poland’s unique experience could influence how it responds to conflict on its borders  moving forward and make it an invaluable guide in rethinking Europe’s eastern flank. 

Fresh Approach  

Informed as it is of the precarious nature of borders, Poland initially navigated the conflict on  Europe’s eastern flank by investing in military modernization and coordinating protection  measures between Lithuania, Latvia, and Estonia. This has called into question the traditional  power balance in the EU. Germany and France, traditionally viewed as the strongest leaders of  the EU, have been somewhat displaced as they struggle to keep pace with Poland’s new defense measures and military investment.  

Poland spearheaded a movement to provide Ukraine with Leopard 2 tanks despite initial  hesitancy from Germany. It has also invested in defense systems from the United States, Israel,  and South Korea to prepare itself for potential conflict with Russia.  

Poland’s swift military responses and political jockeying against typical EU powerhouses have, in many ways, increased the importance of Central Europe in the EU and invited a shift in the  center of gravity within the continent. It has stepped up to modernize its military speedily.  

It has brokered important defense deals with the United States and other nations, setting aside the  Europe-first sentiments that have caused recent strife between France and Germany and tension  among EU members. Poland has also helped install a more robust NATO presence across the  eastern border of Europe by establishing a permanent US presence within its borders that can  also provide rotational support in the region.  

However, Poland has recently indicated that the country has stopped sending arms to Ukraine  and has indicated a shift to arming its own military. This is clearly a sign that resources are  dwindling, and concerns of a larger European war are increasing.  

Emerging Threat from Belarus  

Poland’s commitment to defending the EU’s and NATO’s eastern flank could not come at a  more opportune time. Over the past several months, Belarus has increased its military operations,  which are now directed by the displaced Wagner mercenaries along its borders with Lithuania  and Poland.  

In response to increased activity along the border with Belarus and an incursion of Belarusian  aircraft into Polish airspace last week, Poland’s defense ministry has sent an additional 1,000  troops to the border to help deter further unwanted military activity in the area. Most of the provocative military exercises, which Belarusian officials have insisted are drills to teach troops  about Russia’s special military operation--the Russian term for its invasion of Ukraine, have  taken place in the Grodno region of Belarus, an area close to the Suwalki Gap

The Suwalki Gap is the area that divides Belarus from the Russian exclave of Kaliningrad  (formerly German and Polish territory). This area is separate from the Russian mainland and  allows Russia to maintain a strong presence on the Baltic Sea.  

Putin’s response to the Polish decision to shift troops to the area included a baseless claim that  Poland was attempting to annex territories in Belarus and Ukraine as well as a threatening  statement implying Poland’s existence was tied directly to Russian generosity and that it would  remind Poland of its debt to Russia. These claims are reminiscent of some Russian  disinformation campaigns that preceded the invasion of Ukraine and can be viewed as a tool of Russia’s hybrid warfare.  

Path Ahead 

Poland’s existence in the arena between established and emerging political leaders within the EU presents a unique dilemma for establishing a unified approach to the Ukraine war.  

Importantly, Poland has garnered sway as an influential broker of defense deals in the region,  able to apply pressure on the larger EU and NATO members to mobilize arms and troops and  facilitate support to the Baltic region. Businesses looking to take advantage of the defense  market in the area will find several opportunities for deals with Poland and NATO in the region  as it races to defend against mounting pressure from Russia.  

For companies looking to invest in a potentially up-and-coming European power, Poland may be  the perfect choice, especially as the center of gravity in the EU seems to be slightly shifting away  from Western Europe and into Central Europe, where Poland is undoubtedly a strong point of the  region. 

Of further significance, Poland has recently seen rapidly shifting political winds, including a  change in political leadership. It will be important for any company doing business in the region  to understand the recent political trends, as this can dramatically impact defense spending and  the larger regulatory landscape. In addition, a thorough understanding of the sanctions regimes in  place is necessary, given the geographic proximity to Russia and Belarus.

To learn more about risk management and how Infortal can help you identify, assess, and mitigate risks, reach out today. 

Europe at War: Cybersecurity Threat

Cybersecurity Threats

In 2022, Europe was overrun by war for the first time since World War II due to Russia’s invasion of Ukraine. Though Russia’s onslaught has featured all the trappings of conventional warfare, like heavy artillery, ballistic missiles, and the mobilization of troops, it has also revolutionized the role of the cyber realm in armed conflict. 

In the time since it invaded Ukraine --and, according to cybersecurity reports, the time shortly before the invasion-- Russia has become the poster child for what NATO has dubbed “hybrid warfare.” 

Hybrid Warfare

Hybrid warfare employs traditional and unconventional methods, including cyber warfare, to subdue and subvert power, complicating the familiar zero-sum structure of military conflict. Russia’s invasion of Ukraine has showcased its mastery of the concept, skillfully utilizing cyberattacks and disinformation campaigns with typical military strategies. 

Russia’s extensive cyber presence and commitment to the dissemination of disinformation is present in all corners of the world, especially as it focuses on shoring up support in Latin America, Africa, and Southeast Asia. Still, the most significant cyber threats from Russia about the war in Ukraine remain its cyberattacks on European institutions and its aggressive campaign of disinformation in the Baltic region. 

Cyberattacks and the EU

To combat the onslaught of Russian cyberattacks and disinformation campaigns on the European continent, the EU has recently taken significant measures to bolster its security measures against malicious cyber actors. 

According to a report from the European Commission, cybercrime--specifically ransomware--accounts for nearly ten terabytes of stolen data each month, which costs almost 5.5 trillion euros yearly and has only increased since 2020. 

The Commission further identified distributed denial of service attacks, malware, social engineering threats, data and internet threats, misinformation and disinformation, and supply chain threats as its major concerns for cybersecurity. 

The European Commission indicated that in 2022, up to 60 percent of impacted organizations may have paid ransom demands, and upwards of 15 percent of Ukraine’s internet infrastructure was damaged in some form or another by Russia or hackers affiliated with Russia. In response to this jarring data, the EU has quickly adopted new policies and created new agencies to deal with the new cybersecurity demands. 

As of June 2023, the EU has adopted a certification framework that involves standardized rules, security requirements, technologies, and evaluation, and it has created a new cybersecurity agency, the European Union Agency for Network and Information Security (ENISA), to effectively stay ahead of increasing cyber threats. 

The adoption of these increased security measures could not have come sooner, considering that in 2023 alone, the Center for Strategic and International Studies (CSIS) has identified upwards of 30 major cyberattacks on the US and European continent independently. 

Hallmarks of Russian Disinformation 

In addition to the destructive malware and ransomware that characterize Russia’s malicious cyberattacks, according to the Cybersecurity and Infrastructure Security Agency, Russia also employs a sophisticated approach to spreading disinformation worldwide. This approach relies on various mediums to spread overlapping stories, which allows for plausible deniability for the Russian state and a media multiplier effect-- increasing the reach of the disinformation being distributed across platforms. 

During the time leading up to and after the Russian invasion of Ukraine, sources with ties to Russia were disseminating wild propaganda across social media, news outlets, and other channels. These false narratives are particularly damaging in the Baltic region, which historically has close ties to Russia and Russian-based media outlets. 

In addition, the U.S. Department of State has identified five pillars of the Russian disinformation and propaganda ecosystem that can be used to help identify and classify the various methods of dissemination: 

  1. Official government communications:
  1. State-funded global messaging:
  1. Cultivation of proxy sources:
  1. Weaponization of social media:
  1. Cyber-enabled disinformation:

When these pillars work in conjunction with one another, it allows Russia to send out nuanced and subtle propaganda in addition to the less elegant hacking that can prove challenging to recognize for states, corporations, and individuals alike. 

Implications for US Businesses

Companies operating in the region must update cybersecurity policies and procedures to protect the firm’s assets and avoid the Russian threat. 

According to the European Council, nearly 82 percent of data breaches involved a human element. This means that training for your firm's team is necessary to ensure team members can recognize cyber threats and misinformation.

Importantly, Russian disinformation campaigns and cyberattacks can and do take place in the United States as well. This means that domestic cybersecurity policies and procedures should also be considered in the context of the Russian cybersecurity threat.    

To learn more about risk management and how Infortal can help you identify, assess, and mitigate risks, reach out today. 

Demystifying Risk Management

Risk Management

In today's interconnected world, the global landscape is constantly evolving and presenting new challenges. These challenges arise from various factors, including economic fluctuations, social dynamics, and regional conflicts. Understanding and navigating these dynamic landscapes is crucial for businesses and decision-makers. It allows them to anticipate and adapt to changes, mitigate risks, and seize opportunities. By analyzing the complex interplay of factors that shape our world, organizations can gain insights into how different regions and markets are interconnected, identify potential risks and opportunities, and develop strategies to effectively operate in diverse environments.

Implementing a robust risk management process is crucial for protecting your company's reputation and financial stability. Failing to address environmental and cybersecurity risks can have detrimental effects on your ESG score and customer loyalty. To successfully implement risk management, conducting thorough research, assessing potential damages, and developing mitigation and contingency plans are essential.

Defining Risks

Before we define risk management, we need to take a look at what constitutes a risk. There are many risks in business. Some people would say starting up a company is a risk, maybe even the biggest risk of all. But beyond that, risks typically come up when growing a business.

The International Organization for Standardization defines risks as anything that can have an “effect of uncertainty” on your business. This is fairly broad and can include hiring the wrong people, acquiring the wrong businesses, or moving into the wrong countries. Other risks are associated with the environment, your company’s reputation, or the materials you purchase. While you may share some risks with other businesses, you may also face some risks unique to your industry, location, or even your specific situation.

The first step in risk management is to list and define your geopolitical threats and risks. You should list all major and even some minor risks if you believe they could eventually have a large impact on your company. Then you want to define the scope of the risk and its potential outcomes. These outcomes may be fairly broad. For example, the risk of partnering with a vendor in another country could vary from “cultural miscommunications” to “the vendor engages in fraud, blackmail, bribery, and child labor.” With the former, the risk may be nothing more than a misunderstanding that can be discussed and cleared up. With the latter, however, you’re looking at facing potential sanctions and serious damage to your reputation.

What Does Risk Management Involve?

Now that you have a better understanding of what risks you face, let’s look at how you manage those risks. Risk management is the process of identifying risks, evaluating their danger to you, and prioritizing which risks you need to mitigate. For example, you may identify two risks with a potential merger: the business may have questionable financials and it may have been involved in several court cases. With some research from Infortal, you learn that the business was only tangentially involved in the court cases and wasn’t the primary defendant. You may determine that there’s not much risk there. The questionable financial issues, on the other hand, may be much more serious.

It's important to note here that the goal of risk management is not to eliminate every potential risk. That’s simply not possible. There will always be risks involved in your decisions. Instead of trying to accomplish the impossible, risk management focuses on mitigating serious risks and bringing to light those risks that are so severe they should be avoided. For example, if you do your due diligence and uncover that a potential C-suite candidate has embezzled from previous jobs, you may not be able to mitigate the reputation fallout from hiring them. Instead, you avoid that risk by passing on the candidate. On the other hand, acquiring a business that uses manufacturing processes that damage the environment is a risk that could be mitigated by immediately replacing those processes.

One of the things you’ll need to decide is what your risk limit is. This limit, sometimes referred to as risk appetite, is how much risk you’re willing to take to accomplish your goals. Businesses that try to avoid all risks typically grow slower, but they’re also typically safer. Those that take on a lot of risks may reach their milestones faster or reap large rewards, but they also could quickly fall if they gamble on a risk and lose. Most companies settle somewhere in the middle, taking small risks that they find are worth the reward.

Risks Come in Two Types

Risks can be broadly classified into two different categories. There are risks associated with an action, such as hiring a new executive or partnering with a new vendor. These risks are often somewhat limited in that you both know the risks you’re facing and what you need to do to mitigate or avoid them. While there are some cases where this isn’t true, such as finding out about a new executive’s criminal past years after hiring them, in most cases, you do have a rough idea of these risks. With a deep due diligence report from Infortal, you’ll be able to make an informed decision on the various risks you face.

The other type of risk can be categorized more as the risk of doing business. These are risks that all or nearly all businesses face, and they’re ongoing. For example, every business that collects data is at risk of a cyberattack. Even with the best cybersecurity, you could still be hacked and have to deal with the fallout. Another type of ongoing risk is that of a natural disaster. Injury is another risk you can attempt to mitigate through safety regulations but can’t completely avoid.

Fortunately, for these risks, you can often mitigate the financial damage with insurance. Insurance can be seen as one of the earliest forms of risk management in that it helps you mitigate the cost of accidents. That said, you will still want to have disaster recovery plans for these ongoing risks as well as look at how you can reduce the damage they can cause.

The Financial Dangers of Risks

Why is risk management so important? It all comes back to money. If you take risks without mitigating them or preparing for the fallout, the result can cost you millions. Your business may even have to declare bankruptcy. These risks don’t just come from hiring someone who might embezzle funds or commit other types of financial fraud. If you decide to partner with a vendor that operates in countries that the U.S. has sanctions against, you can end up fined. For example, 3M agreed to pay nearly $10 million dollars in September 2023 after being found to be in violation of U.S. sanctions on Iran. This fine came after it was found that a 3M subsidiary sold a product through a German reseller to a company under the control of Iran’s law enforcement. While 3M is large enough to absorb this fine, smaller companies wouldn’t have been.

While some risks directly impact your finances, others do so indirectly by negatively impacting your reputation. Partnering with a company that is actively damaging the environment to cheaply produce materials is going to negatively affect your ESG (environmental, social, and governance) score. Customers who are proponents of green production methods may boycott your company. You may also find that companies that focus on the environment no longer want to partner with you. Likewise, failing to take cybersecurity seriously can result in a data breach, which in turn may result in customers abandoning you for competitors that are more focused on protecting data.

Even when you do manage your risk correctly, you may still face some financial consequences as a result of your actions. However, the fallout is typically much less. In fact, the 3M sanctions violation speaks directly to this. The original amount of the fine was over $27 million dollars. However, because the company made use of a risk-based compliance program and voluntarily self-reported, the fine was greatly reduced.

How Do You Implement Risk Management?

To implement a risk management process, you first need to do some research. You need to be able to identify the risks you’re facing and know how to properly assess the damage they may cause. You also need to be familiar with risk mitigation and contingency plans.

For a business that isn’t familiar with risk management, this may seem overwhelming. With the right partner, however, it’s a very manageable task. Infortal can provide you with everything you need to begin risk management. We have the resources necessary to perform global risk forecasts and do deep due diligence into individuals, companies, countries, and regions of the world. With the information we gain from this due diligence, we’re able to brief our clients on the largest risks they face and what the potential outcomes of those risks are.

To learn more about risk management and how Infortal can help you identify, assess, and mitigate risks, reach out today.