Crypto Giant Binance’s $4.3 Billion Fine and the Need for Taking Compliance Seriously

Binance Holdings Limited, branded Binance, the world’s largest cryptocurrency exchange, agreed to pay an approximate $4.3 billion settlement, the largest in history, according to a press release by the U.S. Treasury Department on November 21, 2023. The company plead guilty to charges by the Treasury’s Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC), and IRS Criminal Investigation (CI) of engaging in anti-money laundering (AML), unlicensed money transmission, and sanctions violations. 

The settlement is part of a global agreement concurrent with Binance’s resolution of related matters with the Department of Justice (DOJ) and the Commodity Futures Trading Commission (CFTC). The resolution also includes criminal charges against Changpeng Zhao, known as CZ in the industry, founder and Chief Executive Officer (CEO) of the crypto exchange giant who “issued guidance to ‘appear’ compliant, while knowingly allowing the apparently violative activity to continue.” 

As noted in the CFTC’s complaint, “Binance and Zhao’s ethos of prioritizing profits over legal compliance” underscores how Binance’s business was run—"Its Compliance Program Was Just “For Show”.” The staggering settlement and CZ’s criminal charges are strong warnings for companies to take their own compliance programs and ethical practices seriously.

The Treasury also announced that the settlement with Binance resolves:

 “Violations of the Bank Secrecy Act (BSA) and apparent violations of multiple sanctions programs. The violations include failure to implement programs to prevent and report suspicious transactions with terrorists — including Hamas’ Al-Qassam Brigades, Palestinian Islamic Jihad (PIJ), Al Qaeda, and the Islamic State of Iraq and Syria (ISIS) — ransomware attackers, money launderers, and other criminals, as well as matching trades between U.S. users and those in sanctioned jurisdictions like Iran, North Korea, Syria, and the Crimea region of Ukraine.”

FinCEN’s settlement agreement imposes a five-year monitorship, assesses a civil monetary penalty of $3.4 billion, and requires significant compliance undertakings, including ensuring Binance’s complete exit from the United States” (from which it had been banned in 2019). 

OFAC assessed a $968 million penalty and the settlement agreement require Binance to “abide by a series of robust sanctions compliance obligations, including full cooperation with the monitorship overseen by FinCEN.”

The Treasury further stated: 

“Binance willfully failed to report well over 100,000 suspicious transactions that it processed as a result of its deficient controls, including transactions involving terrorist organizations, ransomware, child sexual exploitation material, frauds, and scams.”

Binance Ongoing Legal Issues

CZ's settlement with the DOJ includes a penalty of $50 million. He stepped down as CEO of Binance and is forbidden to have any involvement in the company. 

The settlement also includes prohibitions against his making any direct or indirect public statements that contradict his admission of guilt and acceptance of responsibility. CZ faces a possible 10-to-18-month prison sentence and his request to visit his family in the UAE has been denied twice. 

Since the settlement, the SEC has submitted a notice of supplemental authority to the court presiding over its case against Binance, highlighting similarities with the Terraform Labs case whose co-founder Do Kwon legal faced legal action for purportedly conducting unregistered securities offerings and fraudulent activities in relation to its tokens. The court ruled on December 28th in the Terraform case in favor of the SEC, finding specific tokens qualified as securities, principally because they were investment contracts. This has future implications for how crypto asset securities are assessed in the U.S.

Failing to Comply

On January 19, 2022, Binance lauded their company’s efforts in "security, regulation, and compliance,” on their company blog, announcing they had "increased our security and compliance team’s headcount by 500%, drawing in some of the industry’s best talent.” They further stated their commitment to conducting over “70 law enforcement workshops on topics related to crypto, blockchain, and combatting digital financial crime" and that they were "the first blockchain and crypto organization to join the National Cyber-Forensics and Training Alliance (NCFTA),” along with implementing key upgrades to our identity verification (know-your-customer, or KYC) processes.”

Yet, rather than leading the way in “security, regulation, and compliance,” Binance actively and intentionally failed in all regards, behaving as “bad actors” in their pursuit of profit and growth.

In September 2021, Tigran Gambaryan, a former special agent of the Internal Revenue Service—Criminal Investigation (IRS-CI) joined Binance as VP of Global Intelligence and Investigations. Tigran, whose background includes over a decade as a special agent has investigated numerous cases involving "national security, terrorism financing, identity theft, distribution of child pornography, tax evasion, and bank secrecy act violations during his award-winning career" and who led "multi-billion-dollar cyber investigations, including the Silk Road corruption investigations, BTC-e bitcoin exchange, and the Mt. Gox hack," according to Binance's own website.

Gambaryan was quoted as saying “Compliance is the first line of defense. We will work closely with our colleagues in compliance to identify criminals and refer them for prosecution…. Our goal is to increase trust in cryptocurrency by establishing Binance as the leading contributor in the fight against human trafficking, ransomware and terrorism financing. I want to educate the worldwide law enforcement community on how Binance is a partner in the fight against the illicit use of cryptocurrency.…”

So, what happened?

CZ, Binance’s founder and CEO set the tone. 

Samuel Lim, Binance’s first and former Chief Compliance Officer (CCO) is also charged in the CFTC’s complaint which states, “Zhao, and Lim have all chosen to ignore those requirements and undermined Binance’s ineffective compliance program by taking steps to help customers evade Binance’s access controls.” 

Company employees, “Binance officers, employees, and agents have acknowledged that the Binance platform has facilitated potentially illegal activities” and even joked about it, according to the CFTC’s filing. In 2019, Lim “explained to a colleague that terrorists usually send “small sums” as “large sums constitute money laundering” after receiving information “regarding HAMAS transactions” on the company platform. A coworker’s response: “can barely buy an AK47 with 600 bucks.”  In 2020, concerning certain clients Lim said in a chat: “Like come on. They are here for crime.” The response from Binance’s Money Laundering Reporting Officer (MLRO)? We see the bad, but we close 2 eyes.”

The tone at the top sets the tone for a company’s ethics (or lack thereof) and culture. In Binance’s case, this tone was set by “bad actor” senior executives.  Compliance and ethical behavior must always be a priority for businesses of any size. 

TAKE AWAYS

Binance believed that adhering to compliance and legal strictures would impede growth and cause a loss of customers and revenue. 

Binance is not the only company that views compliance this way and from the crypto exchange’s continuing legal and criminal entanglements, the lesson should be obvious. But this does not seem to be the case. Some companies consciously choose to perform the bare minimum of compliance. They either fail to note its vital importance, or resent the financial and time investment needed for successful compliance endeavors, often seeking to ignore or off-shore their compliance responsibilities to countries such as India, forgetting that the majority of FCPA and other violations involve subsidiaries in foreign jurisdictions. 

Internal departments within a company may also be resistant to following, reporting, and adhering to compliance strictures thinking it is a strain on their time, productivity, and staff. This is incorrect thinking. Compliance needs to be part of the culture of all companies and needs to start at the top. Trying to get compliance managers or staff to encourage or cajole executives and others to follow through on compliance initiatives should not be the norm. It should be expected that executives lead the way and see it as something critical to the company’s success. This “tone” needs to come from the top and be reinforced at all levels within the company in order to be effective. Compliance needs to be built in to corporate departments responsibilities and tasks rather than viewing it as an external burden.

This should also be inherent in hiring executives, starting with a Tier III due diligence investigations at regular intervals. Due diligence investigations are designed to detect hidden and undisclosed information that is not readily available in standard background checks. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues. 

Open Source Intelligence (OSINT) investigations are an important source of information in addition to publicly available records. Partnering with a third-party, non-biased global security and risk management company, is one of the integral pieces in making sure that risk is mitigated both externally and internally within a business. 

Integrity in business is key to continued success. As Deputy Attorney General Lisa Monaco stated in her remarks announcing Binance and CEO guilty pleas to federal charges in the $4 billion resolution: “Some say the key to success in the tech sector is to “move fast and break things.” Today’s actions show that if what you break is the law, there will be consequences.”

Unveiling the FTX Scandal: Unraveling Fraud and Financial Misconduct in the Cryptocurrency World

The FTX Saga Continues

 

On November 2, 2022, the news website CoinDesk published an article that left many people wondering just how solvent the cryptocurrency trading platform FTX truly was. With questions about other companies founded by FTX CEO Sam Bankman-Fried, many who held FTT, the platform’s cryptocurrency token, began selling their tokens. Within about ten days, the company had lost a significant amount of money, had their assets frozen in the Bahamas, filed bankruptcy, had Bankman-Fried replaced by a new CEO appointed by the court, and reported an alleged massive data breach. 

By the end of 2022, Bankman-Fried had been arrested and many investors in FTX had launched lawsuits against the platform, though most recognized that they would likely never recoup all of their money.

With FTX gone and Bankman-Fried out on bail awaiting trial after being extradited to the United States, most expected the worst of the scandal to be over with. However, that turned out to not be the case when Bankman-Fried’s massive $250 million bail bond was revoked and he was arrested on August 11, 2023, just a few months before his trial was expected to begin in October.

Let’s take a brief look back at the FTX saga and what Bankman-Fried did to end up in jail. Along the way, we’ll discuss how Infortal can protect investors from becoming victims of fraudulent companies like FTX.

 

A Summary of the FTX Scandal up to August 2023

 

FTX fell apart over the course of about a week and a half following the CoinDesk article. This article outlined how Alameda Research, a testing firm that Bankman-Fried also ran, had about $5 billion dollars’ worth of FTT tokens. The investment foundation associated with Alameda also had a large amount of money in FTT. This raised a number of questions about these companies’ solvency and what else Bankman-Fried may have failed to disclose.

Four days later, Binance (a company that later faced its own scandal revolving around shady payments) announced that it was pulling out of FTX and would sell all of its FTT tokens which were worth around $530 million. Binance’s CEO stated that they had conducted a risk management analysis on FTX and had decided to liquidate their investment. 

The Binance announcement set off alarms for other investors, and within a few days, requests for withdrawals totaling over $6 billion had been made from FTX investors. Bankman-Fried had no way of making these payouts. After considering several options, he reached out to Binance itself for a bailout. Unfortunately, although the two did come to an initial agreement, Binance later revoked their offer after a due diligence investigation brought to light a variety of additional issues with FTX’s management, including potential fraudulent behavior and the mismanagement of funds.

This type of due diligence assessment is something Infortal often does for our clients. We can help you assess risks in investments, mergers, acquisitions, and even C-suite hiring, enabling you to avoid the pitfalls and reputation damage that working with the wrong business partners may bring. 

Without the bailout, the securities regulations branch of the Bahamas, where FTX’s FTX Digital Markets subsidiary was headquartered, stepped in. They froze all assets in the Bahamas. 

The same day, California launched an investigation into the platform. A few days later, on November 11, Bankman-Fried resigned as FTX’s CEO and was replaced by a court-appointed interim CEO to see the company through the bankruptcy process. FTX filed bankruptcy that day, revealing that around 130 other subsidiaries and assets would be a part of the bankruptcy case.

After claims of being hacked, lawsuits from investors, and additional actions by the Bahamas, Bankman-Fried was arrested on fraud charges. He was then indicted by the U.S. government on a number of charges, including securities fraud, money laundering, violating anti-bribery laws,  and conspiracy. 

The appointed interim CEO stated before a US House committee that FTX had little to no financial records or bookkeeping documents. 

On December 22, 2022, Bankman-Fried was released on bail. His bail was set at $250 million, the highest bail amount in U.S. history. He moved in with his parents in California, but he was ordered to wear a monitoring device and instructed to remain within a specific area in Northern California. He was set to face eight criminal counts in federal court on October 2, 2023. He had pleaded not guilty to all of these counts on January 3, 2023.

Over the past several months, prosecutors have dropped several charges against Bankman-Fried, including the charge of conspiracy related to illegal campaign contributions. The reason for the modified indictment was that the government is required to receive permission from the Bahamas for any charges due to Bankman-Fried being extradited from the island country. Previously, the prosecution had also dropped a charge related to violating anti-bribery laws.

 

The Saga Continues  - Bankman-Fried’s Arrest in August 2023

 

As investors worked to recover whatever money they could from the smoldering remains of FTX, Bankman-Fried seemed to keep a low profile while waiting for his trial. 

However, that all changed on August 11, 2023, when federal prosecutors petitioned a judge in New York, where the case was being tried, to revoke bail. They alleged that Bankman-Fried had engaged in witness tampering

Bankman-Fried did request that his arrest be delayed until his appeal of the charges was heard, but the judge in the case denied this request. If his appeal is denied, he will remain in prison until his trial in October. 

The judge stated that his denial was based on the conclusion that there was probable cause for the witness tampering charges. In fact, he stated that the evidence suggested that Bankman-Fried had tried to influence witnesses at least twice while out on bail. Rather than have Bankman-Fried detailed in the Metropolitan Detention Center, federal prosecutors requested that he remain in custody in Putnam, New York. The reasoning for this request was that he would need internet access to prepare for his defense, something that was limited at the detention center.

 

What Led to these Charges?

 

Over the summer, federal prosecutors and Bankman-Fried had participated in a number of pre-trial hearings. These hearings mainly focused on Bankman-Fried’s interaction with the press. Prosecutors claimed that some of his press exchanges could be categorized as witness tampering and that some of his actions counted as attempts to evade the conditions of his bail. The judge had already warned Bankman-Fried that he needed to cease these actions.

Prior to his bail being denied, several members of the press had sent letters expressing their belief that Bankman-Fried’s actions should be considered an exercise of free speech. He was also supported by some legal professionals who felt that his First Amendment rights were being violated. Finally, his legal team expressed that Bankman-Fried would be unable to fully prepare for his October trial if he were in jail. Prosecutors expressed their willingness to agree to have Bankman-Fried held at a facility with full internet access, hence their request for detainment in Putnam, New York.

 

The Evidence Against Bankman-Fried

 

According to the prosecution, Bankman-Fried had sent more than 100 emails over the summer to various people in the media. He had also made more than 1,000 calls to reporters and other members of the press. Following these actions, Bankman-Fried’s bail conditions were modified to include restrictions on his internet access and smartphone use. 

The final act that led to the request to revoke his bail came when Bankman-Fried released the diary of Caroline Ellison, his ex-girlfriend. Ellison had served as the CEO of Alameda Research and had pled guilty to her own criminal charges in December of 2022. She has also cooperated with federal prosecutors and is expected to testify in Bankman-Fried’s trial.

The judge directly addressed Bankman-Fried’s release of the private diary entries as a tactic aimed at discrediting Ellison as a witness while also hurting her reputation. The prosecutors and the judge saw this as indirect witness intimidation via the press. 

As of August 17, Bankman-Fried is in custody and his trial remains set for October 2, 2023. 

 

Infortal Can Help You Avoid Investing in Corrupt Businesses

 

No matter what happens to Bankman-Fried and the others involved in the FTX scandal, numerous people and companies lost money by investing in FTX. Whether it was a small amount or millions of dollars, many investors will never fully recoup the money they had in FTT tokens. 

What can you do to avoid making the same mistake as these investors? Know who you’re working with. Infortal can assist you with deep dive due diligence and risk assessment. This will help you fully understand what risks you’re about to take. We will look into the key executives and the company’s past, including any past criminal actions, questionable business practices, conflicts of interest, interactions in foreign countries and overseas subsidiaries and numerous other issues that will inform your decision making. 

You may also find that the risks are much more severe than you expected them to be and that may affect the value of the transaction. By avoiding these costly mistakes, you may end up saving not just a large amount of money but your reputation and even your company’s very existence. Contact Infortal today to learn more about our deep dive due diligence services.

 

Truth or Dare? 

What are you willing to risk in conducting executive background checks?

As many know, truth or dare is a popular social game, especially among children and adolescents. Two or more players are given the choice to either answer another player’s question truthfully, or perform a “dare,” chosen by their opponent.

Neither the question, nor the dare, is known in advance, and switching from one to another afterwards is not allowed. Players must answer the question or accomplish the dare, and quitting to avoid one or the other is not permitted.

While it can be an innocent game, there are many stories of the possible dangers in playing it, running from dangerous, and sometimes deadly stunts, to oversharing and humiliation. So, when it comes to business, do you pick truth, or dare?

Why do some businesses risk their company’s reputation, finances, public trust, and stock values by not seeking the truth about those working with them or for them? Why don't companies take a closer look at suppliers and conduct executive background checks and basic due diligence on those suppliers?

Even when a background check is performed, is it only done initially when on-boarding? Events change. Circumstances intervene. The same people may not be making the same choices. What about due diligence investigations before M&A proceedings; making sure the executive team has no serious issues or the business itself? And board members? As many as 20% of executives have serious issues in their backgrounds; most of these are not revealed through routine employment type background checks.  This si where due diligence becomes essential to retaining the best executive teams; free of corruption and other issues.

Perhaps the issues Goldman-Sacs is facing with their alleged involvement in the recent 1MDB scandal —possibly the largest global scandal in history— could have been mitigated if they looked more closely at the backgrounds of some of their top executives.

What is the IMDB Scandal?

1MDB, or 1Malaysia Development Berhad, was a state-owned development firm focused on driving long term-economic goals for the nation. It was headed by then Prime Minister of Malaysia, Najib Razak.

A lawsuit filed by the United States Department of Justice (DOJ) in 2016 alleges up to US$3.5 billion was stolen from the 1MDB fund and spent on lavish lifestyles by several high-level officials and their associates on luxury real-estate, a yacht, rare works of art, extravagant jewelry, and funding the Hollywood move, “The Wolf of Wall Street,” which, ironically, is about fraud. The ongoing case involves prosecutions across multiple countries.

Goldman Sachs Involvement in the 1MDB Scandal

Officials from 1MDB met with Goldman Sachs in 2012 to discuss a bond deal. According to Reuters, between 2012 and 2013, Goldman raised US$6.5 billion in three bond sales for 1MDB and earned almost US$600 million, or 9% of the total, for the three deals, a commission said to far exceed the normal 1-2% fees expect by a bank in aiding bond sales. The Malaysian government is seeking “well in excess” of the allegedly misappropriated US$2.7 billion, and the fees earned by Goldman Sachs. In 2018, the Malaysian government filed criminal charges against the three of the bank’s units in connection with their role as underwriter and arranger for the bond deals.

In their filed charges, they state that Goldman Sachs had made “untrue statements and omitted key facts in offering circulars for the bonds it sold for the Malaysian state fund 1MDB.” The bonds themselves, in 2014, once worth US$12billion dropped to junk status as questions arose about the status of the funds.

In 2016, the FBI began investigating ties between Tim Leissner, one of Goldman Sachs’ top executives and former Prime Minister Najib Razak. Leissner stepped down from Goldman Sachs after being put on leave by the company and has since pleaded guilty in the U.S. to conspiracy relating to bribery and money laundering. The DOJ states that Leissner paid “bribes to various Malaysian and Abu Dhabi officials…circumventing the internal accounting controls of the Financial Institution while he was employed by it.” Leissner was ordered to forfeit $43.7 million for his criminal activity. Allegedly, Leissner used bribes and connections to Malaysian officials to further interests of Goldman Sachs in the Malaysia.

Leissner was not the only executive charged FCPA violations in the 1MDB scandal. Ng Chong Hwa, also known as, Roger Ng, another former Goldman Sachs executive is also being charged with money laundering.

The Malaysian government has also charged Leissner and Ng with corruption, money laundering, and violating anti-bribery laws. They are indicting, as well, former 1MDB employee Jasmine Loo Ai Swan and fugitive Malaysian financier, Jho Low. Leissner is cooperating with the FBI. The central bank in Singapore has issued a lifetime prohibition against Leissner, and Leissner could face a 10-year prison sentence under the Malaysian-filed charges.

Goldman Sachs was charged in a lawsuit, in November 2018, by the International Petroleum Investment Company (IPIC) and subsidiary Aabar Investments. The court summons states they are seeking “damages and other appropriate relief for the significant financial exposure and loses …suffered as a result of fraudulent and illegal acts,” and accuse Goldman of international conspiracy to embezzle millions from 1MDB. Goldman Sachs is contesting the claim. Billions of dollars in loans issued by 1MDB and arranged by Goldman Sachs were guaranteed by IPIC who claims the fund defaulted on $1.1 billion in repayments. Malaysian’s prior government agreed to repay the UAE investment, but the new Malaysian government has challenged settlement.

In December 2018, Malaysian authorities filed criminal charges directly against Goldman Sachs alleging involvement in a US$2.7 billion money laundering conspiracy. While Goldman claims the charges are “misdirected,” investment analysts suggest that confidence in the bank could once again be shaken after years spent rebuilding its reputation after the financial crisis.

Goldman Sachs stock value has fallen twice in lieu of the 1MDB scandal and Malaysian criminal charge filing. Down 34% in December 2018.

As the 1MDB scandal continues to unfold, Goldman Sachs has taken multiple hits due to the alleged criminal behavior of some of its top executives.

“In line” with Broader Culture?

Former Goldman Sachs’ executive Tim Leissner is cooperating with the U.S. government, according to court unsealed documents.

In a guilty plea in August 2018, according to New York Times, “[Leissner’s] decision to hide his actions from Goldman’s compliance department was ‘very much in line’ with a wider culture at the firm.” He told Judge Brodie, “I and several other employees of Goldman Sachs at the time also concealed that we knew that Joh Low was promising and paying bribes and kickbacks to foreign officials to obtain and retain 1MDB business for Goldman Sachs.” According to Leissner’s charging document another Goldman- Sachs’ executive was described as co-conspirator in the bribery scheme. People familiar with the matter, identify the person as Andrea Vella, who was suspended from Goldman Sachs a week earlier.

The New York Times further notes “Goldman had sought to portray its role as that of a victim of the actions of Mr. Leissner, whom the bank had cast as being a rogue employee.”

Truth - How do You Protect Your Business?

While the DOJ and cooperating, foreign authorities sort out the whole 1MDB scandal and piece together all the pieces, Goldman Sachs took multiple hits. As of a few days ago Goldman announced losses related to ongoing lawsuits could potentially be in excess of its US 1.9 billion reserve for legal matters. Reuter’s notes, “The bank added $844milion to its legal and regulatory provisions last year, more than four times what they set aside in 2017.”

But while you may or may not have the spending power or international reach of Goldman Sachs, it doesn’t mean you are safe from possible internal corruption or safe from the hazards of potential less than above board business partners. And any loss of related to FCPA violations or criminal activities is a cost too high. So, how can you protect yourself and mitigate any potential issues for your business? By knowing the truth.

What This All Means for You

While not all FCPA violations are intentional, executives are not released of responsibility if, unknown to them, someone within their organization is involved in a business partnership or acquisition in violation of the FCPA.

Cautionary Statistics

Recommended Practices

All companies should implement a strong compliance program, exercise regular executive due diligence and board due diligence, and perform company due diligence prior to any M&A proceedings.

Preventative practice is best.

Ongoing transparency should be the norm, in addition to creating a built-in and on-going  FCPA program within their organization and partnering with an expert, third-party global security and risk management firm.

It is vital to procure the expertise of an external and impartial firm whose business is to perform deep due diligence investigations at both the individual and company level with global-spanning resources. Lack of a due diligence program or relying solely on routine (limited) background checks exposes a company to issues ranging from money laundering, fraud, racketeering, bribery, and numerous other malfeasant acts.

The following investigative practices should be provided by the investigative firm:

All Executive Background Check Programs are Not the Same - What You Need to Know

The most common type of background checks run on executive hires are routine pre-employment type background checks. These searches are usually performed through one or more multi-jurisdictional databases containing vast collections of accumulated data. Characteristically, these checks are limited to a 5-component review of:  education verification, social security validation, employment verifications, criminal records, address verification, and sometimes credit history. These types of background checks are the same as those performed on any level of employee. Such a limited background is not suitable at the executive level as many serious issues will be missed completely.

“Statewide” and “nationwide” criminal searches, typically done in routine background checks, usually miss up to 75% of all criminal convictions. Many people think that there is a database containing all information about a person’s background. This is not true. Additionally, records still need to be retrieved in person to assure the correct information is reported about that specific person, rather than someone else with the same name.  Since criminal records do not usually contain a person’s social security number, they must be searched using date of birth.

Standard background checks are often inexpensive to conduct and quick to turn around. But relying solely on them is especially dangerous when hiring corporate executives.

There are many issues with routine background checks; including: widely varying quality and availability of information, bad search criteria resulting in no results found when there is information, and results being returned on persons with the same or similar name being mistaken for the searched candidate. The standalone use of national databases for background checks may, also, not be in compliance with the U.S. Fair Credit Reporting Act and state laws too.

Standard background checks deliver incomplete “snapshots” of an individual’s information in the public records domain.  By contrast, executive due diligence backgrounds examines over 30 different components of public record data, a deep internet search, and in-depth reviews of news sources and media.

Some of the components looked at in executive due diligence are: federal criminal history, financial and legal issues, reputation, misrepresented education, different identities covering up other serious issues, behavioral history, civil litigation matters, conflicts of interest, and adverse or undisclosed matters.

This is not to say routine background checks are not important. But what it does mean is they are not sufficient in uncovering all the critical information to protect a company and its board from fiduciary exposure and possible shareholder law suits if adverse information comes to light after hiring, or after an M&A deal has closed.

High quality executive background checks can reveal vital information, undisclosed in a routine standard background check. Things that could be uncovered included: signs of malfeasance, misconduct (with or without criminal conviction), litigious behavior, media and/or social media negatives, IP theft, interstate bankruptcy, hidden aliases hidden business and board level involvement, undisclosed business ownership, significant numbers of name changes, manslaughter, murder, signs of misconduct, bribery, racketeering, con-artistry, financial pressures, money-laundering, and other negative matters.

Good executive background checks also include reference interviews. In the hands of a highly trained interviewer, they can reveal persistent character and behavior patterns indicative of various issues including corruption.

When should a company do an executive due diligence background?

When:

Should investors do executive background checks on the executive and board members of a company they want to invest in? The latest news with 1MDB is proof positive you should.

Dare. So What are You Willing to Risk?

When it comes to business, you shouldn’t play games. What decision will you make when you choose how you protect your company and business interests? Will you pick regular executive background checks for high-level employees? Board members? Potential business partners? Do you know who the other players really are? Or, who really is on your team?

Is the firm doing your background checks doing a deep enough dive? Do they give you enough information? Do they protect against false-positives and false-negatives?

So, truth or dare? The truth can save your company money, time, reputation, and even its future. Is the money you save by not setting up a strategic in-depth due diligence program worth the money it it might cost you if you don’t? Will you choose to know the truth?

Pick truth. I dare you.

Know your Customers. Know your Business Partners. Know your employees.

Protect your Company.

Spotlight on FCPA Violations

Doing business globally can increase the risk of FCPA violations

Doing business globally is increasingly complex, from establishing international locations, establishing and maintaining intricate sourcing, supply-chain and manufacturing processes, exploring mergers and acquisitions of international entities, and making foreign investments. While these efforts have many advantages such as improved opportunities for diversity and collaboration, lowering costs, and greater opportunity for innovation, there is also the potential to significantly increase business risks.

As a result of these increased risks, there has been a significant rise in the number of violations of the Foreign Corruptions Practice Act (FCPA).

FCPA violations can have consequences for both the individual and the enterprise

These are basic guidelines, other additional penalties that may be imposed include:

Best Practices

Fourth Quarter 2018 FCPA Highlights

Vantage Drilling International (11/19/2018): The Houston based company agreed to pay $5 million to settle charges against its precursor, Vantage Drilling Company, for failing to develop an internal accounting controls system in regards to transactions with its former external director, biggest shareholder, and exclusive supplier of drilling assets and for failing to properly enact internal accounting controls relating to use of third-party marketing agents.

Vantage Drilling failed to devise a system of internal accounting controls with regard to Vantage's transactions with a former outside director who was the largest shareholder in Vantage and its only supplier of drilling assets, the SEC said.  The unnamed director is described in the order as a "Taiwanese shipping magnate."   What is most surprising is that Vantage had not even conducted basic levels of due diligence investigation of this key shareholder and director

Vantage had an ineffective anti-corruption compliance program when the violations occurred and didn't conduct any due diligence on the director before "relying on him as its sole source of drilling equipment and appointing him to its board of directors," the SEC said.

Because of the internal control failures, Vantage provided funds and reimbursements to the director who used the money to pay bribes to officials at Petrobras in connection with a 8-year, $1.8 billion drilling services contract.

Stryker Corporation (9/29/18): The medical device company, located in Michigan, agreed to pay a penalty of $7.8 million for inaccurate books and records and insufficient accounting controls.

Petroleo ⦁ Brasileiro⦁ S.A. (9/27/2018): This Brazil based oil and gas company agreed to pay a $7.8 million penalty in a global resolution resulting from a massive bid-rigging and bribery scheme.

Patricio ⦁ Contesse⦁ González (9/25/18): The Chilean-based chemical and mining company’s once-CEO, Sociedad Química y Minera de Chile S.A., agreed to pay $125,000 to settle charges that he violated the FCPA during his leadership.

United Technologies (9/12/18): The Connecticut company agreed to pay almost $14 million to resolve charges of unlawful payments used to facilitate sales of elevators and aircraft engines.

Joohyun⦁ Bahn (9/6/18): The New Jersey real estate broker agreed to settle charges in the amount of $225,000 for attempting to bribe a foreign official while brokering a high-rise commercial building sale on behalf of a private foreign issuer.

Best Practices

Businesses should implement a healthy and robust compliance program. This includes implementing regular board and executive due diligence, and performing due diligence prior to any M&A proceedings.

Preventative care and ongoing transparency is a company’s best practice. Not only is it important to create a built-in, on-going FCPA program within an organization, it is critical to partner with an external, third-party global security and risk management firm who can perform deep due diligence investigations at individual and company levels.

International Due Diligence Investigations Episode 5 – Global Investigations and Innovation

Innovations-in-Global-Due-Diligence-Investigations

We have considered aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. Candice Tal helps us through the maelstrom to find useful and actionable information for your compliance program. In this concluding Part V, we consider how the changing nature of international anti-corruption compliance programs, through data privacy laws such as General Data Protection Regulation (GDPR), and technical innovations, such as Artificial Intelligence (AI), are prompting innovation in global investigations and investigative due diligence.

The rules around data privacy outside the US changed significantly when GDPR went live in May 2018. Now the state of California has passed data privacy legislation and many are lobbying the US government to enact a national standard. Issues in this arena are playing out literally in real-time. It is changing the manner in which information is obtained and transmitted. The most significant aspect for investigative due diligence is “how we will investigate criminal activity”. This is because of GDPR’s right to be forgotten which is most often used by the criminal element to attempt to rescind data online. She noted that if there is a criminal conviction, such information may be prevented from being “forgotten” but if there is only a guilty plea or other resolution or simply a civil allegation, a fraudster or other nefarious actor may be able to hide the information by having it removed online.

We next turned to AI in investigative due diligence. Candice Tal believes that AI will be a “game changer” in compliance. Massive data sets require some type of AI to sort through and analyze the information. She said this is particularly important for internal controls and accounting books and records provisions to identify massive fraud. This is yet another area which is still developing. Tal stated, “I’ll frame that by saying at least in the next few years, there will still be a need for the traditional investigative approach that the boots on the ground, one where an investigator goes out and physically checks on facilities. Artificial intelligence is going to have limited ability to do that.” While drones may become part of an investigators tool kit, Tal believes that AI will be used “in a similar way to most data aggregators today. They find about 80% of the information. Yet there will always be the remaining 20% which they cannot find and you will need human intervention on the investigative side.”

Looking down the road to the veiled land of the future, Tal sees continued innovation facilitating investigative due diligence. While AI is more than simply on the horizon she said it “is a tried and tested methodology that has existed for many years, in terms of how do you look for and locate shell companies.” It is also true about finding information about people who are trying to deliberately hide information. The bottom line is some of these investigative techniques involve old-fashioned shoe leather or simply hard diligent investigative work and “that’s not new”. Yet AI and other technological tools can make investigations more efficient and more cost effective, while giving better results. At the end of the day, AI can be used to sharpen and hone the due diligence process.

Yet with all of this information, many compliance professionals become somewhat bewildered with data overload. They often receive a substantial amount of information but are not certain of what it might mean or even how to use the data. Tal responded that one of the things Infortal provides is both a summary of the factual findings and recommendations based on Infortal’s investigative experience. It consistently helps a Chief Compliance Officer (CCO) to shape the data into their compliance program for continuous improvement. Further, one area of ongoing concern is conflicts of interest, in terms of both third parties and senior executives and even Board members.

Tal concluded by returning to a place we began earlier in this series. A Level 1 due diligence investigation simply does not provide you enough actionable information, in many circumstances. Even if a CCO is cost-constrained, there are ways to move forward to a more rigorous due diligence investigation without breaking the bank.


In this 5 part series, Tom Fox and I have been discussing various aspects of due diligence investigations. Tom Fox, the Compliance Evangelist, is a widely respected attorney in the compliance field and author of the comprehensive compliance guide: The Compliance Handbook. He is a well-known and frequent speaker on issues related to compliance and ethics, and is founder of The Compliance Podcast Network. For the full podcast click here.

International Due Diligence Investigations - Episode 4 Innovation and Continuity


Unlocking the secrets in M&A transactions for greater transparency and risk mitigation

I recently had the honor of speaking about various aspects of due diligence investigations with Tom Fox, The Compliance Evangelist. We explore issues ranging from deal volatility, succession liability and reputational damage in M&A transactions, to due diligence nightmares and how to prevent them. Unlocking hidden and undisclosed information that may sink the deal, cause volatility, or damage the buyer's reputation is key. Episode 4 addresses innovation and continuity in international due diligence investigations and improving results for regulatory compliance.

There are typically three levels of due diligence. The three levels are typically Level I, the basic level which typically looks only at a global watch lists for sanctions, politically exposed persons (PEPs), anti-terrorist lists, anti-money laundering (AML) and similar government produced lists. Level I generally provides a summary of the beneficial owners of a company, its corporate structure, perhaps some financial information and the Global Watch lists. Many companies use that as their primary tool for risk ranking. A Level II due diligence investigation is an intermediate between Level I and Level III. Level II takes a deeper dive looking at every aspect of public records information in addition to areas that are not necessarily in the public record. It encompasses items like a deeper dive of executive backgrounds. 

The final level, Level III, is also called a deep dive due diligence investigation. This level works to not to identify bad people or bad actors but also patterns of behavior which might tend to indicate a propensity for circumvention of internal controls or stepping over or even getting too close to the ethical line that indicates behavior that may turn criminal or turn in a direction that would hurt your business reputation going forward. There are behavioral issues that can be discovered through Level III due diligence. It can be through the online searching of media including newspapers, publications and digital media. A wide variety of information can come up in behavioral assessments in terms of what is the background of the executive or how they may have behaved in the past. Additionally there may be information available in a country that may not reach the rest of the press. So you may find that there are local issues that are well documented. Sometimes you can only find that information through local language searches online, other times Tal indicates you need to do in-country research.

Unfortunately most CCOs are working with limited information from their due diligence programs or due diligence providers. This means they do not have enough information to input into their risk assessment. As we previously explored, if a company is performing or having performed for them only a Level I due diligence, they may well only be uncovering up to 1% of the adverse information or raising the appropriate red flags. In a high-risk jurisdiction, Tal believes that if a company is not receiving up to 35% of the required information, they are really operating behind the 8-ball. 

Moreover, relying on computer searches raises an amount of concern for other reasons. These include both shell companies and front offices. There are still situations that without a physical drive by of the third parties facilitates, the address may simply be a local postal box. The problem of shell companies still exists far beyond the initial dump of information past the Panama Papers and Paradise Papers. Even with a real physical address, if your third-party shares an address of a flat in London that also houses some 1,500 additional corporations, this is a serious red flag that you are dealing with a shell company. That in and of itself is a red flag which, if not cleared, could lead to a serious legal violation and a significant reputational hit to your organization. 

The vast majority of FCPA enforcement actions over the past 10 years have involved some form of inadequate, insufficient or even a total lack of due diligence. We began by exploring how a company can perform sufficient due diligence without breaking the bank. Candice Tal noted that most companies perform Level I due diligence, which of course provides limited information. Typically in Level I, companies find less than 1% of the issues that are out there. When you couple that with the realization that 90% of FCPA enforcement actions are against companies who engaged third parties and third-party vendors, it leads Now if you add due diligence in the Supply Chain component where there can be 5,000 or even 10,000 companies, you can begin to see the daunting nature of getting your arms around these risks. 

Another key feature of almost all FCPA enforcement actions is that companies that sustained enforcement actions most usually had ‘check-the-box’ compliance programs. We considered this implication in the context of due diligence. To increase the percent of information about the troubling 1% figure Tal noted above, she said companies need to “start looking at incorporating deep media searches, into their due diligence.” Deep media typically looks at aggregated data from companies that amass millions and millions of digitized records, journals, newspapers, articles, periodicals or other similar information. Now overlay global watch lists, with some basic corporate financial information, and you might be able to move from finding only 1% to up to 5% of the corruption and bribery related issues that exist amongst the parties. However, when you further expand that and do a deeper level search on online, beyond simply adverse keyword searches, it can move your discovery rate up to as much as 35% of the corruption and bribery related information. 

Tal believes that AI will be a “game changer” in compliance. Massive data sets require some type of AI to sort through and analyze the information. This is particularly important for internal controls and accounting books and records provisions to identify massive fraud. This is yet another area which is still developing. Tal stated, “I’ll frame that by saying at least in the next few years, there will still be a need for the traditional investigative approach that the boots on the ground, one where an investigator goes out and physically checks on facilities. Artificial intelligence is going to have limited ability to do that.” While drones may become part of an investigators tool kit, Tal believes that AI will be used “in a similar way to most data aggregators today. They find about 80% of the information. Yet there will always be the remaining 20% which they cannot find and you will need human intervention on the investigative side.”

Looking down the road to the veiled land of the future, Tal sees continued innovation facilitating investigative due diligence. While AI is more than simply on the horizon, she said it “is a tried and tested methodology that has existed for many years, in terms of how do you look for and locate shell companies.” It is also true about finding information about people who are trying to deliberately hide information. The bottom line is some of these investigative techniques involve old-fashioned shoe leather or simply hard diligent investigative work and “that’s not new”. Yet AI and other technological tools can make investigations more efficient and more cost effective, while giving better results. At the end of the day, AI can be used to sharpen and hone the due diligence process. 

I know you will find this podcast series useful. A new episode will release daily on the FCPA Compliance Report. All episodes will also be released daily on JDSupra. If you want to binge listen they have all been released YouTubeiTunes, or on the new hosting platform of the Compliance Podcast Network, Panoply.

International Due Diligence Investigations - Episode 3, What Is and Is Not Working

In this 5 part series, I am visiting with Tom Fox, the Compliance Evangelist. We consider various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data.

We discussed ways through the maelstrom to find useful and actionable information for your compliance program. In Part 3, we consider what works and what does not work in due diligence investigations today.

Unfortunately most Chief Compliance Officers (CCOs) are working with limited information from their due diligence programs or due diligence providers. This means they do not have enough information to input into their risk assessment. As we previously explored, if a company is performing or having performed for them only a Level I due diligence, they may well only be uncovering up to 1% of the adverse information or raising the appropriate red flags. In a high-risk jurisdiction, Candice Tal believes that if a company is not receiving up to 35% of the required information, they are really operating behind the 8-ball. 

Moreover, relying on computer searches raises an amount of concern for other reasons. These include both shell companies and front offices. There are still situations that without a physical drive by of the third parties facilitates, the address may simply be a local postal box. The problem of shell companies still exists far beyond the initial dump of information past the Panama Papers and Paradise Papers. Even with a real physical address, if your third-party shares an address of a flat in London that also houses some 1,500 additional corporations, this is a serious red flag that you are dealing with a shell company. That in and of itself is a red flag which, if not cleared, could lead to a serious legal violation and a significant reputational hit to your organization. 

Tal pointed to another area which is often missed in due diligence investigations which is the extended relationships between people in Latin America, where you can see a lot of family run enterprises. Tal stated, “A Level I due diligence will not pick up on this where one company is a family which may run multiple businesses. Some other business may be corrupt and the question becomes how does that impact the primary relationship? This can be a very important red flag that is being missed as the US Company may not even know who the real owners are going forward.”

She added that if you do not have good information to begin with on the basics, such as a company name, you cannot research a matter correctly. A  wrong company name can lead to a false negative. Due diligence investigations might come back with no information about the company or with information on a different company, “so that’s another type of issue for some Chief Compliance Officers to be concerned about.” Of course the physical issue of whether a company actually exists or actually have employees working there can still be a problem as well.

We next turned to a strategy which a CCO could employ to allow for a sufficient level of due diligence but with an eye towards doing so in a cost-effective manner. In other words, what should be your investment in due diligence? Tal said, “a very good strategy would be to do the Level I due diligence but consider adding to it by building in deep dives on media and the Internet.” With such deeper dives a compliance professional can increase their due diligence yield to up to 35% more information than Level I can provide. This approach also allows for a quicker and more expeditious uncovering of red flags that might warrant more focused investigations. It can then allow a quicker clearing of red flags to move forward. 

With a more long-term focus, a CCO needs to perform due diligence on an ongoing basis. Even if a company has done a basic due diligence investigation, feel they have a solid compliance program around their third parties, internal controls and accounting provisions, recent enforcement actions mandate more due diligence and a review of your third parties more than every two to three years. The Panasonic Avionics enforcement action made clear that due diligence should be viewed as an ongoing process. Additionally, there has been and will continue to be political instability in various areas of the world. This political upheaval can mean you find yourself in a country now having to do business in a completely different manner. Both South Africa and Malaysia have had peaceful regime changes impacting whom you may have done business with and with whom you are doing business, therefore ongoing monitoring is really vital to a solid compliance program.

Next, we will consider due diligence in the mergers and acquisition (M&A) context from the compliance perspective. 

To listen to the full podcast click here. 

International Due Diligence Investigations - Episode 2, Insights from Recent FCPA Enforcement Actions

Incomplete due diligence results lead to a fragmented view of risks

I recently spoke with Tom Fox, The Compliance Evangelist on The Compliance Podcast Network regarding insights from recent enforcement actions, where we considered various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. We looked at actions that help us through that maelstrom to find useful and actionable information for your compliance program. In Episode 2, we consider some recent Foreign Corrupt Practices Act (FCPA) enforcement actions wherein insufficient due diligence was a key takeaway.

Excerpted from Tom Fox’s blog: The vast majority of FCPA enforcement actions over the past 10 years have involved some form of inadequate, insufficient or even a total lack of due diligence. We began by exploring how a company can perform sufficient due diligence without breaking the bank. Candice Tal noted that most companies perform Level I due diligence, which of course provides limited information. Typically in Level I, companies find less than 1% of the issues that are out there. When you couple that with the realization that 90% of FCPA enforcement actions are against companies who engaged third parties and third party vendors, it leads Tal to opine, “I would say that you’re not finding the needle in the haystack most of the time you should be concerned.” Now if you add due diligence in the Supply Chain component where there can be 5,000 or even 10,000 companies, you can begin to see the daunting nature of getting your arms around these risks. 

Another key feature of almost all FCPA enforcement actions is that companies that sustained enforcement actions most usually had ‘check-the-box’ compliance programs. We considered this implication in the context of due diligence. To increase the percent of information about the troubling 1% figure Tal noted above, she said companies need to “start looking at incorporating deep media searches, into their due diligence.” Deep media typically looks at aggregated data from companies that amass millions and millions of digitized records, journals, newspapers, articles, periodicals or other similar information. Now overlay global watch lists, with some basic corporate financial information, and you might be able to move from finding only 1% to up to 5% of the corruption and bribery related issues that exist amongst the parties. However, when you further expand that and do a deeper level search on online, beyond simply adverse keyword searches, it can move your discovery rate up to as much as 35% of the corruption and bribery related information. 

We next turned to key executive searches for senior management and even Board members. Tal notes that most information suggests that between 10 to 20% of all such persons have adverse information in their backgrounds, which is often not reported and not uncovered. This means that if you have 100 senior managers and Board members, you can reliably estimate that 10 to 20% of that group has a red flag in their background which should be cleared before hiring or even promotion. If you have 1,000 such people in your organization, simply do the math. You may well have hundreds of senior executives with bribery related issues or issues in their backgrounds that you would not want to be responsible for causing nightmares for an organization down the road. 

Another issue which Chief Compliance Officers (CCOs) and compliance officers struggle with is the number of red flags. Tal said that a key element is to consider a deep dive of internet searches different from a deep dive due diligence. This is because the deep dive due diligence provides a much fuller and richer picture of a candidate’s background; whether that candidate be an entity or individual. When you couple this with risk ranking it can lead to a more cost-effective approach to due diligence. 

The regulators have made clear a check-the-box approach to due diligence is insufficient because it will not provide sufficient information as required by them. A company must rank its third parties based on a variety of factors such as where they are doing business, who they are doing business with, how they are doing business, financial strength and even political risks. The recent Vantage Drilling Co. FCPA enforcement actions drove home this need. The company’s largest supplier was a drilling ship supplier who was so important to the organization that he was not only put on the Board of Directors but was also granted so much stock he became the largest single shareholder in the organization. 

The problem was this supplier, Board of Director and shareholder, had lied to the company about his ability to deliver as he had no assets. A deep dive due diligence investigation was certainly in order for any of the roles he held during his relationship with the company. It would have revealed that he actually had no assets to provide to Vantage Drilling. Further, it would have also indicated a propensity to skirt ethical niceties such as not paying bribes in violation of the FCPA. The company paid a very high price for its due diligence failures. 

Episode 2 (audio) can also be found here. Next, we will consider what is and what is not working in due diligence investigations today. 

International Due Diligence Investigations: Episode 1 When Basic Due Diligence Is No Longer Enough