Institute for Business Ethics Issues Survey Results on British Public’s Attitude Toward Business Ethics

On December 13, the London-based Institute for Business Ethics (IBE) issued its Attitudes of the British Public to Business Ethics 2018 report.  As it has done for the last 15 years, the IBE surveyed the British public for its views on how ethical British business is.  This report provides an instructive counterpoint to the IBE’s series of country- and region-specific Ethics at Work surveys for 2018 — including Europe (July 2018), the United Kingdom (September 2018), Australia, New Zealand, and the United Kingdom (November 2018), Portugal (November 2018), and France (December 2018) – that focus on employees’ views of ethics at work.

This report contains a number of significant findings about the British public’s attitudes:

  • General View of Business Ethics: The IBE reported that public trust in business “is at its highest since the survey began in 2003.” Sixty-two percent of those surveyed responded that they believe British business generally acts ethically, compared to 30 percent who believe it generally behaves unethically.  On this issue, there are notable difference between three age groups.  While 35 percent of Baby Boomers (55+) believe business behaves unethically (virtually unchanged from 2017), 31 percent of Generation Xers (35-54) share that belief (a 4 percent decrease from 2017) and only 24 percent of Millennials (25-34) have that belief (a 12 percent decrease from 2017).
  • Issues Needing Addressing: The top issues that respondents said needed addressing included the following:
    • Corporate tax avoidance (33 percent). This issue had the most support in all three age groups: Baby Boomers (41 percent), GenXers (35 percent), and Millennials (25 percent).
    • Executive pay (24 percent).
    • Environmental responsibility (24 percent).
    • Work-home balance for employees (23 percent)
    • Exploitative labor (21 percent).
    • Protection of customer data/data privacy (18 percent). This issue reflected the highest level of interest among Baby Boomers (23 percent), followed by GenXers (18 percent) and Millennials (15 percent).
    • Employees being able to speak out about company wrongdoing (15 percent). This issue, for which the percentage of public support consistently declined since 2006, prompted the IBE to remark that “[v]iewed in light of the findings of the IBE 2018 Ethics at Work survey that a third of UK employees who were aware of misconduct at work did not speak up about it, this change raises some serious concerns.”

Note:  In addition to the decline of interest in speaking up about company wrongdoing, it is interesting to observe that despite the highest-ever reported level of public trust in British business, respondents also rated corporate tax avoidance highest among issues that need addressing.  It is not clear from the IBE’s public documents whether respondents do not regard corporate tax avoidance as an ethical issue, or do see it as an ethical issue but consider it less egregious than other types of unethical business behavior (e.g., bribery or environmental pollution).

In any event, corporate-compliance officers in United Kingdom corporates should consider incorporating these findings into their corporate ethics training and highlighting some of the findings in briefing materials for senior management.  Further details are available in the survey report, as well as an IBE deck and infographic (available from the IBE).

Brazilian Prosecutors’ “Operation Car Wash” Investigations of Leading Oil Trading Firms Intensify With Criminal Charges

Since December 5, a series of actions related to Brazil’s long-running “Operation Car Wash” shows that Brazilian prosecutors are aggressively pursuing three of the world’s leading oil trading firms – Trafigura Group Pte, Vitol Group, and Glencore – for alleged bribery connected with the Brazilian state-owned oil company Petrobras.  These actions occurred shortly after a November 2018 report by non-governmental organizations Global Witness and Public Eye that the three firms had “links to men accused or convicted of involvement in the [Petrobras] bribery scandal.”

First, on December 5 the Financial Times reported that all three firms were under investigation on suspicion of paying bribes to Petrobras employees in exchange for contracts. Brazilian prosecutors said that “there are suspicions” that between 2011 and 2014, all three companies paid more than $15.3 million related to more than 160 operations “of purchase and sale of oil products and rental of storage tanks.”  Still other, unnamed companies were reportedly also being investigated for paying a similar bribe amount to Petrobras employees.

The Brazilian prosecutors stated that evidence of the alleged corruption activities, which involved Petrobras offices in Houston and Petrobras headquarters in Rio de Janeiro. “shows that there was a scheme in which the investigated companies paid bribes to Petrobras’ employees in exchange for favours, more advantageous prices, and gaining contracts more frequently.”   Although they did not provide precise information about the total amount of the bribes by the three named firms, they noted that between 2004 and 2015, Trafigura conducted approximately 966 commercial operations with Petrobras that totaled approximately $8.7 billion.   At the time of the December 5 statement, Brazilian federal police reportedly had arrested 11 individuals and were seeking another 26 individuals for questioning.

In addition, according to the Wall Street Journal, the prosecutors said that “they have ample documentary evidence, implicating top executives at the targets of the probe, that the companies bribed Petrobras employees to win more contacts to trade oil and derivatives and to win better prices on those contracts, among other things.”  One prosecutor stated in a press conference that “[t]he early stages of the investigation are revealing only the tip of the iceberg,” and that “[t]he main executives of the trading companies had total and unmistakable knowledge” of the deals.

Second, on December 14 the Wall Street Journal reported that Brazilian prosecutors had charged two former Trafigura executives with paying bribes totaling approximately $1.5 million to Petrobras employees in return for contracts.  Brazilian prosecutors said that the charges against those two defendants, a former senior executive and a country representative, “were the first of many to come” against the three firms.

Third, on December 20 Brazilian prosecutors reportedly charged 12 individuals, including former Petrobras employees and middlemen who allegedly “worked directly with top executives at Vitol,” with participation in a Petrobras-related scheme involving at least $2.85 million in bribe payments.  The charging document that prosecutors filed said that two Vitol senior executives for the United States and Latin America and the Caribbean “had full knowledge of the scheme.”

Note: These actions by Brazilian prosecutors, though certainly significant in their own right, appear to be part of a larger international initiative by anti-corruption prosecutors to probe alleged corruption involving Trafigura, Vitol, and Glencore.  In their December 5 statement, the prosecutors said that the three firms would “face legal repercussions in other jurisdictions,” but did not specify which jurisdictions.  In July 2018, however, Glencore disclosed that it had received a subpoena from the U.S. Department of Justice “with respect to compliance with the Foreign Corrupt Practices Act and United States money laundering statutes,” seeking documents relating to Glencore’s business in Nigeria, the Democratic Republic of Congo [(DRC)], and Venezuela from 2007 to the present.  In addition, there were unverified reports in May 2018 that the United Kingdom Serious Fraud Office is investigating Glencore for alleged corruption in the DRC, though the SFO stated at the time that it would not comment on the reports and to date has made no further public statements regarding Glencore.

While the Brazilian prosecutors’ statements indicate that they are far from done, the three firms are already feeling the repercussions of the Brazilian investigations.  On December 20, the Financial Times reported that shortly after the announcement regarding the Vitol charges, Petrobras, which has been cooperating with law enforcement authorities, announced that it had “temporarily suspended the commercialisation of oil with the three companies, either to buy or sell.”  Petrobras’s statement said that based on the latest news related to the investigations, it needed to “analyse and verify the information contained in the investigation.”  It also stated that Petrobras had asked the three firms what measures they had taken regarding the bribery allegations that pertained to investigating “irregularities” and the “accountability of individuals.”  Given the pace of the Brazilian prosecutors’ actions in these investigations so far, it is reasonable to expect that still more repercussions will be felt very soon.

FinCEN, SEC, and FINRA Impose $15 Million Penalties and Fines on UBS Financial Services, UBS Securities for 13+-Year Failure to Implement Adequate AML Program

On December 17, in a coordinated set of announcements, the U.S. Financial Crimes Enforcement Network (FinCEN), Securities and Exchange Commission (SEC), and FINRA imposed civil penalties and fines totaling $15 million on broker-dealer UBS Financial Services Inc. (UBSFS) and UBS Securities LLC (UBSS) for willful violations of the Bank Secrecy Act (BSA).

FinCEN stated that

[a]s described in the assessment, UBSFS failed to develop and implement an appropriate, risk-based anti-money laundering (AML) program that adequately addressed the risks associated with accounts that included both traditional brokerage and banking-like services.  UBSFS failed to implement appropriate policies and procedures to ensure the detection and reporting of  suspicious activity through all accounts—particularly for those accounts that exhibited little to no securities trading.  The firm did not adequately structure its AML program to address the use of securities accounts for the purpose of moving funds rather than trading securities.

As a full-service broker-dealer subject to the BSA and FinCEN regulations, UBSFS is required to establish and implement an AML program, and to perform periodic reviews of its correspondent accounts for foreign financial institutions.  FinCEN, however, “determined that from 2004 to 2017, UBSFS failed to implement an adequate AML program and failed to implement an adequate due diligence program for foreign correspondent accounts.”

FinCEN also stated that “UBSFS failed to provide sufficient resources to ensure day-to-day AML compliance.  Inadequate staffing led to a significant backlog of alerts and decreased UBSFS’s ability to timely file suspicious activity reports (SARs).”  Moreover,

[o]ver several years, UBSFS processed through certain of its brokerage accounts hundreds of transactions that exhibited red flags associated with shell company activity.  UBSFS failed to adequately monitor foreign currency-denominated wire transfers—amounting to tens of billions of dollars—that were conducted through its commodities accounts and retail brokerage accounts.  UBSFS’s AML monitoring system failed to capture critical information about these foreign currency-denominated wires, including sender and recipient information and the country of origin and destination.  As a result, it was unable to identify and investigate potentially suspicious transactions based on the presence of important risk factors, such as jurisdiction and the involvement of politically exposed persons.

The SEC stated in its order that

UBS, in addition to offering its customers the ability to buy and sell securities, offered customers with brokerage accounts various bank-like, money transfer services such as wire transfers, journal-entry transfers, and check writing. . . . [B]y offering these additional money transfer services, UBS was susceptible to risks of money laundering and other illicit financial activity associated with these services.

Although broker-dealers, like other financial institutions, are required to file Suspicious Activity Reports (SARs) for transactions that are suspected to involve fraud or with no apparent lawful purpose., the SEC also stated that “from at least 2011 to 2013, UBS failed to file SARs on certain suspicious movements of funds through its customers’ accounts,” and that “UBS did not properly review suspicious transactions flagged by its internal monitoring systems and failed to detect suspicious transactions involving the movement of funds between certain accounts in suspicious long-term patterns.”

FINRA made two related sets of findings.  First, it found

that, from January 2004 to April 2017, UBSFS processed thousands of foreign currency wires for billions of dollars, without sufficient oversight. UBSFS’s AML surveillance systems failed to reasonably monitor billions of dollars in foreign currency wires flowing through customer accounts, including hundreds of millions of dollars in foreign currency wires to and from countries known to be at high risk for money-laundering. For example, for foreign currency wires to and from certain accounts, UBSFS’s AML surveillance systems did not capture the number and identity of customers, the number and dollar value of the transfers, whether the transfers involved third parties and whether the transfers involved countries known for money-laundering risk. UBSFS’s failure to monitor these high-risk transactions went undetected for more than eight years until discovered in 2012, and the firm failed to implement a reasonable system until April 2017.

Second, it found with respect to UBSS that

from January 2013 to June 2017, the firm failed to reasonably monitor penny stock transactions that its Swiss parent routed to UBSS for execution through an omnibus account. During this time, UBSS facilitated the purchase or sale of more than 30 billion shares of penny stocks valued at over $545 million through the omnibus account for undisclosed customers.

The three sets of penalties and fines, in effect, were equally divided between the three agencies:

  • SEC: UBSFS agreed to pay a $5 million civil penalty to resolve the SEC’s charges.
  • FINRA: FINRA fined UBSFS $4.5 million in relation to high-risk transactions including foreign currency and UBSS $500,000 in relation to high-risk transactions in penny stocks.
  • FinCEN: FinCEN stated that it imposed a total penalty of $14.5 million on UBSFS, but specified that $5 million of that total would be paid to the U.S. Department of the Treasury and the remainder “will be concurrent with” the penalties and fines to be paid to the SEC and FINRA.

Note: What is most remarkable about this multiagency resolution is not the total amount of the financial penalties, which is quite moderate compared to other AML enforcement actions this year, but the fact that UBSFS failed, for more than 13 years, to develop and implement an appropriate AML program.  Regrettably, the agencies’ public statements give no indication of how it was that senior management at HBSFS, UBSS, and UBS Holding Company evidently paid no meaningful attention to, and provided no effective support of, a key financial-crimes program for well over a decade.

FinCEN included in its release an acknowledgement

that UBSFS has made significant investments in BSA/AML staffing and technology, demonstrating its commitment and ability to correct the issues listed in the assessment through significant remedial efforts, including an upgraded AML surveillance monitoring system, enhanced oversight of its AML monitoring, enhanced training for AML compliance staff, and the implementation of a new quality assurance system.

That acknowledgement indicates that current UBS management appears to have put AML compliance on the right track.  In any event, financial-institution compliance officers should make use of the collective agency statements and actions in this case to benchmark their own AML programs – and to remind their own senior management about the potential consequences of persistent neglect of financial crimes compliance.

Cybercriminals Target Save the Children Federation and the Wellcome Trust

Two recent reports have highlighted cybercriminals’ targeting of charitable institutions for cyberfraud schemes.  On December 14, The Register reported that the Save the Children Federation disclosed to the U.S. Internal Revenue Service (IRS) that in 2017 it had lost nearly $1 million to a cyberfraud scheme.  According to the IRS Form 990 tax return that Save the Children filed in August 2018,

IN APRIL 2017, AN UNKNOWN CRIMINAL HACKER OR HACKERS POSING AS A SAVE THE CHILDREN EMPLOYEE FRAUDULENTLY INDUCED THE ORGANIZATION TO TRANSFER $997,400 TO AN ENTITY IN JAPAN ON THE FALSE PRETEXT THAT THE FUNDS WERE NEEDED TO PURCHASE SOLAR PANELS FOR HEALTH CENTERS IN PAKISTAN. BY THE TIME THAT THE FRAUD WAS DISCOVERED, IN MAY 2017, THE TRANSFERRED FUNDS COULD NOT BE RECALLED, BUT SAVE THE CHILDREN WAS SUBSEQUENTLY ABLE TO RECOVER $885,784 FROM ITS INSURANCE CARRIERS TO MITIGATE THE FINANCIAL LOSS. IN ADDITION, SAVE THE CHILDREN COORDINATED WITH THE FBI, AND THROUGH THEM, JAPANESE LAW ENFORCEMENT TO ASSIST IN CRIMINAL INVESTIGATIONS RELATED TO THIS INCIDENT, AND WE HAVE TAKEN STEPS INTERNALLY TO STRENGTHEN CYBERSECURITY AND OTHER PROCESSES TO PREVENT CYBERFRAUD.

IN A SEPARATE INCIDENT, SAVE THE CHILDREN WAS PROVIDED WITH FALSE BANK ACCOUNT INFORMATION FOR A VENDOR, RESULTING IN A DIVERSION OF $9,210 TO AN ACCOUNT IN BENIN. FORTUNATELY, THIS DIVERSION WAS DISCOVERED IN TIME FOR SAVE THE CHILDREN’S BANK TO RECALL $9,090 OF THE FUNDS FROM BENIN, RESULTING IN A LOSS OF ONLY $120.

On December 19, The Times reported that the Wellcome Trust, a major funder of medical and other scientific research in the United Kingdom, disclosed details of two phishing attacks in its 2018 Annual Report.  The technique in this case was a classic spear-phishing attack: four Trust senior executives received emails that purported to be from a colleague, but opening the emails enabled criminals to have access to their emails for a number of months.  While the attacks reportedly did not result in financial losses, the Trust reported the breaches to the United Kingdom Information Commissioner’s Office and Charity Comission and stated that it was taking a number of mitigating actions
for this and other kinds of cyber threats.

Note: Information-security and compliance officers at nonprofit or charitable institutions of any kind should take note of these reports, and use them to educate senior officials and employees at their institutions about the willingness of cybercriminals – some of them the agents of North Korea and other state actors — to extort or defraud them, and in the process to risk causing them potentially costly damage.

Some people in the charitable and nonprofit sector might think that their organizations are unlikely to be targeted by cybercrime schemes, because their organizations are not profitmaking and are dedicated to helping others.  In fact, various cybercriminals have shown that they are indifferent to the charitable or beneficial purposes of an organization in conducting their cyberfraud or cyberextortion schemes.  If criminals are willing to inflict ransomware attacks on health-care entities, universities, and state and local governments to extort money from them, and as a consequence risk paralyzing critical operations at those institutions, foundations and charitable causes should not assume either that they are exempt from cyberattacks or that none of their counterparts are similarly being targeted.  As Save the Children and the Wellcome Trust have learned, for some cybercriminals the road to wealth is paved with good intentions.

U.S. Department of Justice Brings False Claims Act Case Against Three YRC Worldwide Subsidiaries for Systematically Overcharging for Freight Carrier Services

On December 14, the U.S. Department of Justice announced that it had filed a civil action on December 12 against three subsidiaries of YRC Worldwide — YRC Freight Inc. (YRC), Roadway Express Inc. (Roadway), and Yellow Transportation Inc. — alleging that these companies violated the False Claims Act by systematically overcharging the government for freight carrier services and making false statements to the government that hid their misconduct.

The Department alleged that, for more than seven years, from September 2005 to at least October 2013, the defendant companies defrauded the U.S. Department of Defense “by millions of dollars for shipments that were actually lighter, and thus cheaper, than the weights for which the defendants charged the government.  It also alleged that the defendant companies “knowingly made or used false statements concealing their overcharging practices to the Department of Defense.”  According to the Department’s release, the companies

reweighed thousands of shipments and suppressed the results whenever they indicated that a shipment was actually lighter than its original estimated weight.  Thus, instead of charging the Department of Defense for shipments based on the correct weight, the defendants knowingly billed the government (and their other customers) based on weights that they knew to be inflated.  The defendants also allegedly made false statements to induce the Department of Defense to use them as freight carriers and further knowingly made or used false statements to improperly avoid their obligations to correct inflated invoices and return overpayments.

While the complaint did not specify the amount of damages the government was seeking, it stated that

[a]ccording to the records the Defendants kept for their billings to DOD between June 2010 and October 2012, the Defendants submitted to DOD approximately 725 false claims per month. Based on an extrapolation of those false claims per month to the September 2005 to October 2013 period at issue, the Defendants submitted to DOD approximately 70,000 false claims predicated on weights that they knew were too heavy.

This case by the Department is an intervention in a private FCA action that a qui tam relator, who allegedly worked for YRC and Roadway for more than 40 years, had filed in 2008 under the FCA’s qui tam provisions.  Under the FCA, as stated in the complaint, the government’s remedies include treble damages for damages that the government sustains, as well as a civil penalty not less than $5,500 and not more than $11,000, for each violation of the FCA.

In response, on December 14 YRC Worldwide issued a release in which it deemed the government’s claims “totally without merit” and noted that its business with the Defense Department “currently represents less than one percent of YRC Freight’s annual revenue.”

Note: According to a senior Justice Department official, the FCA, including its qui tam provisions, is “one of the government’s most effective civil tools in protecting vital government programs from fraud schemes.”  In one sense, this case is a typical example of a systematic-overcharging FCA case, and is not the first case that the Department brought in 2018 against shippers for inflating the weight of shipments.

It is noteworthy, however, that the Department chose to intervene in a qui tam private action that the relator brought ten years ago.  Earlier this year, the Department’s Acting Associate Attorney General stated that because frivolous qui tam cases can “lead to bad case law, which can undermine enforcement of the False Claims Act generally,” the Department had instructed its attorneys “to consider whether moving to dismiss an action would be an appropriate exercise of the Department’s prosecutorial discretion under the False Claims Act.”  The fact that the Department intervened here, despite the relative age of the allegations, provides some indication of the Department’s confidence in its proof of the allegations.