Author: Jonathan J. Rusch

Within the past week, rulings by Quebec judges in two separate cases have further blighted the efforts of Canadian prosecutors in their pursuit of alleged foreign corruption by Canadian engineering and construction firm SNC-Lavalin.  Both rulings involved determinations that there had been unreasonable delays in bringing the cases to trial.

First, on February 15, Quebec Superior Court Justice Guy Cournoyer stayed proceedings in an obstruction-of-justice case against a former SNC-Lavalin executive vice president, Sami Bebawi, and Bebawi’s tax lawyer, Constantine Kyres.  That case involves allegations that Bebawi and Kyres had offered a CDN $10 million bribe to have another former SNL-Lavalin executive change his testimony in a separate fraud and corruption case against Bebawi.

Second, on February 19, Quebec Superior Court Justice Patricia Campagnone stayed proceedings in a fraud and bribery case against former SNC-Lavalin vice president and controller Stéphane Roy.  That case involves allegations of fraud and bribing a foreign public official in relation to SNC-Lavalin’s business with the regime of the late Libyan Prime Minister, Moammar Gadhafi.

In both cases, the basis for the justices’ rulings was the 2016 Canadian Supreme Court decision in R. v. Jordan.  That decision, which criticized “the culture of complacency towards delay that has pervaded the criminal justice system in recent years,” established a new framework for compliance with subsection 11(b) of the Canadian Charter of Rights and Freedoms, which requires a person charged with an offense “to be tried within a reasonable time.”  Jordan established a presumptive ceiling of 30 months between laying of charges and the end of trial for Superior Court cases, “beyond which delay becomes presumptively unreasonable.”

In Bebawi’s and Keyes’s case, both defendants were charged in 2014, and the charges were reinstated by direct indictment in May 2018 after proceedings were stayed in February 2018 (due to certain evidence being ruled inadmissible).  Trial on the reinstated charges had not begun as of February 2019, and would not have concluded until more than 60 months after charges were laid.

Justice Cournoyer wrote that even after the Jordan decision, the case against Bebawi and Kyres “remained forgotten” for more than 11 months.  “The prosecutors,” he observed, “were unable to explain what happened in the year that followed the Jordan decision. . . . The file seemed to have been abandoned like a ship without a captain that is drifting slowly, but inexorably, towards a reef.”  He also ruled, according to the Globe and Mail, that “Crown prosecutors did not show that the delays in the case were reasonable.”

In Roy’s case, Roy was also charged in 2014, and his trial was scheduled to begin in late May 2019.  Justice Campagnone stated that delays that the prosecution had created were “an example of the culture of complacency that was deplored by the Supreme Court” in Jordan.

The Crown reportedly stated that it would take time to decide whether to appeal Justice Cournoyer’s decision, and that it would study Justice Campagnone’s decision.  In the meantime, Bebawi is still scheduled for trial in April 2019, on charges that include fraud and bribery of a public official involving SNC-Lavalin’s engagement with the Gadhafi regime.

Note:  These two rulings have been overshadowed by more sensational allegations that officials in the office of Canadian Prime Minister Justin Trudeau sought to pressure then-Attorney General Jody Wilson-Raybould to resolve the corporate-bribery prosecution of SNC-Lavalin with a deferred prosecution agreement.  While the long-term effects of these allegations on the administration of Canadian Prime Minister Justin Trudeau are not yet clear, the Jordan rulings in Bebawi’s, Kyres’s, and Roy’s cases should strongly influence Canadian prosecutors’ future decisionmaking about the timing of laying of charges and trial preparation.  As appellate courts are unlikely, in the light of Jordan, to overturn the Justices’ rulings in those latter cases, prosecutors can only hope that they will be able to avoid dismissals in other Superior Court cases in which the delays exceeded the Jordan 30-month time limit by fewer than five years.

On February 18, Australian Prime Minister Brian Morrison delivered a statement to the Australian House of Representatives reporting that “the Australian Cyber Security Centre recently identified a malicious intrusion into the Australian Parliament House computer network” and that “the networks of some political parties – Liberal, Labor and the Nationals – have also been affected.”  Prime Minister Morrison stated that “our cyber experts believe that a sophisticated state actor is responsible for this malicious activity.”

The Prime Minister’s announcement took place nearly two weeks after initial reports that Australian security agencies were investigating a cyber breach of the Parliament’s computer network.   At the time of those initial accounts, the Australian Broadcasting Corporation (ABC) reported that their sources said “that the hackers were caught in the early stages of gaining access to the computer network.”

Prime Minister Morrison assured the House that “there is no evidence of any electoral interference.”  He added that “[w]e have put in place a number of measures to ensure the integrity of our electoral system,” and that he had “instructed the Australian Cyber Security Centre to be ready to provide any political party or electoral body in Australia with immediate support, including making their technical experts available.”

To date, the Australian Government has refrained from naming any country as responsible for the attack.  Some media reporting indicated that analysts deemed China, Russia, and Iran the most likely state actors behind the cyberattack, while the ABC and other media services have focused their suspicions squarely on China.

Note: This cyberattack should be of great concern to companies and government agencies because of its technical sophistication.  According to the New York Times, one government cybersecurity expert observed that the attack involved the use of hacker tools ”that had not previously been seen,” which was one factor that made it difficult to identifying the cyberattackers.  The Times of London reported that intelligence sources “told The Sydney Morning Herald that it bore the ‘digital fingerprints’ of Beijing and the sophistication was ‘unprecedented’.”  The Times’s account also cited a story by the Australian Financial Review that “quoted an intelligence official as saying the attack had used new techniques to penetrate networks. ‘It’s been a long time since we’ve been faced with an actor with this level of sophistication,’ they said. ‘This trade craft is good. This actor is good’.”

Regardless of which state actor – China, Iran, North Korea, and Russia all being plausible candidates – is behind the attack, Chief Information Security Officers (CISOs) and Chief Compliance Officers (CCOs) should draw two lessons from this incident.  First, they need to take it as further confirmation that their companies and agencies need to harden their cybersecurity defenses substantially.  Second, they need to make the case to their Chief Executive Officers and boards that their companies’ cybersecurity programs need sufficient human and financial resources to meet the latest generation of sophisticated cyberthreats.

Unfortunately, many companies fall far short of that standard.  As the recent Ponemon Institute survey of cybersecurity professionals stated, 44 percent of the experts surveyed responded that they were not confident that their organizations could avoid a data breach and 23 percent responded that they were only “somewhat confident,” and 67 percent said that “they do not have the time and resources to mitigate all vulnerabilities in order to avoid a data breach.”  Any CISO or CCO who shares those views needs to state them immediately and plainly (and repeatedly, if necessary) to senior management, if their enterprises are to reduce the odds of future calamity from increasingly sophisticated cyberattackers.

Two recent developments involving violence to anticorruption activists demonstrate yet again the high degree of danger that anticorruption activists can face in countries with high bribery and corruption risks.  First, on February 13, Radio Free Europe/Radio Liberty (RFERL) reported that on the evening of February 11, Dmitry Gribov, a Russian anticorruption activist, was beaten by men wearing masks and wielding baseball bats, and died hours later.  On the day of the attack, Gribov, who led a branch of the Center for Action Against Corruption in the Moscow region, reportedly had attended a local court hearing involving a previous attack on him.  According to one of Gribov’s colleagues, four years earlier unidentified assailants had attacked Gribov and burned his car.  The colleague also stated that he “consider[ed] the crime to be connected to Gribov’s public and anticorruption activities.”

Second, on February 15, RFERL reported that Ukrainian authorities arrested Vladyslav Manher, head of the Kherson regional council in Ukraine, for his alleged role in organizing the killing of Ukrainian anticorruption activist Kateryna Handzyuk.  In July 2018, Handzyuk, an anticorruption activist and advisor to the Mayor of Kherson, suffered burns over 30 percent of her body when an unnamed attacker or attackers splashed a liter of sulfuric acid on her head.  Over the next three months, Handzyuk was hospitalized for 11 surgeries and numerous skin grafts, but died on November 4 from complications from her wounds.

Manher, who was charged with organizing a contract murder with “special cruelty,” was ordered by a district court in Kyiv to be held in pretrial detention until March 3 or pay the equivalent of $91,000 bail.  According to RFEFL, Ukrainian Prosecutor-General Yuriy Lutsenko posted a document on Facebook indicating that Manher “felt ‘personal enmity’ toward Handzyuk because of her efforts to expose ‘illegal deforestation’ in the region.”  Lutsenko also said that the investigation of her attack found that attackers has received at least $4,000 for the attack.

Handzyuk reportedly had been working to report on the recent increase in the number of assaults on anticorruption activists in her country.  Rights activists stated that in 2018, at least 50 activists had been attacked in Ukraine, most of them related to conflicts with corrupt officials.  In a video interview from her hospital bed, Handzyuk herself referred to more than 40 activists who had been attacked, but for whom no one who ordered the attacks had been identified.

Note: Anti-bribery and corruption (ABC) compliance officers who oversee their companies’ and agencies’ risk-assessment processes should ensure that reports such as these are factored into their companies’ and agencies’ ABC risk-assessment processes, along with internal data and external top-down statistical data from the Corruption Perceptions Index (CPI) and the TRACE Bribery Risk Matrix.  It is not enough simply to note that, for example, the most recent CPI ranked Russia 138^th, or Ukraine 120^th, of 180 countries.  The extent to which a country’s public officials not only perpetuate widespread corruption, but direct, sanction, or turn a blind eye to physical assaults on anticorruption advocates in civil society should be a critical indicator of bribery and corruption risks associated with doing business in that country.

As corporate-compliance experts pay closer attention to the field of behavioral sciences, one of the concepts that has particularly drawn their attention is the concept of “nudges.”  A “nudge,” as Professors Richard Thaler and Cass Sunstein defined it,

is any aspect of the choice architecture that alters people’s behavior in a predictable way without forbidding any options or significantly changing their economic incentives.  To count as a mere nudge, the intervention must be cheap and easy to avoid.  Nudges are not mandates.  Putting the fruit at eye level [in a school cafeteria] counts as a nudge.  Banning junk good does not.  (Richard H. Thaler and Cass R. Sunstein, Nudge 6 (2008))

“Nudges” have become broadly popular in many companies and government agencies as a technique for modifying individuals’ behaviors without overt compulsion.  That popularity has carried over to the corporate-compliance world.  Because companies “have a significant interest in preventing unethical and illegal behavior,” as Professor Todd Haugh wrote, “[t]he use of private nudges to foster prosocial behavior seems particularly attractive in the context of corporate compliance.”

But Professor Haugh also warned that behavioral ethics nudging in corporate contexts “must be implemented with caution” for three reasons:

• “Fit” in the Corporate Context: Because public-policy nudges, which involve alignment of individual choice and rational self-interest, ”are much different than behavioral ethics nudges, which attempt to prevent people from acting self-interestedly,” imposing public policy-style choice architecture in a corporate environment may be “wholly ineffective as a compliance strategy.”
• Challenge to Personal Autonomy: Behavioral ethics nudging may “violate employees’ deeply held normative notions of personal autonomy,” particularly when nudges play on people’s cognitive irrationalities to steer ethical choice, and thereby raise the question whether such nudges are ethically appropriate.
• Unintended Consequences: “[C]ompanies that get behavioral ethics nudging wrong may actually undermine their larger corporate compliance efforts, thereby increasing unethical behavior and amplifying compliance risk.”  For instance, if a company employs “behavioral ethics nudges that could be perceived by employees as ineffective or unethical,” and the employees “view their compliance programs as failing to align with their values,” employee reactions could include resentment or even “an “us-versus-them” perception of management.  In addition, “if not done with care, attempting to reduce compliance risk through behavioral ethics nudging may create behavior that undermines the entire compliance effort.”

A newly published study of nudges by seven Israeli researchers identifies another potential concern with the application of nudges in corporate environments: that a nudge may conflict with preexisting group norms.  Taking account of prior research showing “that the concept of ‘one nudge fits all’ is not tenable  . . . due to the myriad individual differences between people,” the researchers sought to explore whether “minorities might react differently to a nudge because it promotes a goal that, while desirable among the majority of people, is incongruent with their group’s norms and beliefs.”

To that end, the researchers conducted an opinion survey, based on a representative and random sample of the Israeli population that included representatives of two minority groups: Israeli-Arabs and Ultra-Orthodox Jews.  The respondents were asked to express their opinions about 15 public-policy nudges applicable to Israeli society, such as (1) health care providers’ automatically pre-scheduling patients to appointments for age-recommended heath tests, (2) credit companies’ sending email or text warnings to customers approaching their credit limits, (3) asking drivers receiving or renewing their driver’s licenses whether they would be willing to join the organ donation program, and (4) making the default setting for uploading new content to social network sites that the content would be visible to friends only.

The researchers’ findings for both minority groups suggested “that it is mostly nudges that stand in contradiction, at least to a degree, to a group’s social norms that are less favorable”:

• “Israeli Arabs objected most to nudges that were aimed at changing behaviors that could be considered as more typical of their group’s held norms and habits (such as pre-appointments and credit card limit alerts). Even more strongly, Ultra-Orthodox Jews most objected to nudges that relate to issues in which they hold distinctly different beliefs than the majority, including organ donations and online privacy.”
• “Ultra-Orthodox Jews were much more in favor of pro-self nudges (compared to pro-social ones) than the majority group. We did not find support for that account among the Israeli Arabs when considering the overall difference between pro-self and pro-social nudges. However, closer examination of the ratings suggests that the small difference between pro-self and pro-social nudges among Israeli Arabs, compared to a much higher difference among Ultra-Orthodox Jews, could actually be attributed more to the lower support most proself nudges received among Israeli Arabs.”

The researchers concluded that “[i]f  nudges are defined as a means with which to improve decisionmaking and society welfare . . ., then for this to be achieved, the views of minority groups should be further explored and incorporated in any discussion about the design and implementation of nudges in particular, and behavioral public policy in general.”

Note: Because this study focused on the tension between nudges in behavioral public policy and group norms for two particular minority groups in Israel, the researchers deserve credit for exploring a topic that has potential ethnic and religious sensitivities. While its focus is on behavioral public policy and nudges, it raises a number of intriguing issues that future research on intracorporate behavior will need to explore, and that compliance officers will need to take into account before incorporating certain nudges into their corporate compliance programs.  However vigorously corporate policies state their opposition to bribery and corruption, for example, different cultures may regard bribery either as not corrupt or as corrupt for reasons different from those embodied in criminal statutes (e.g., its adverse effect in a particular culture on the building of relationships).

The more countries and cultures in which a company is doing business, then, the more it important it will be for that company to consider the extent to which nudges may be effective in influencing behavior by their employees and third parties in those countries and cultures, and to take pains to craft nudges carefully to improve their effectiveness for compliance purposes when they appear to conflict with norms and beliefs of various groups in those countries and cultures.

On February 5, the U.S. Department of Justice announced that on February 4, after a three-week trial, a federal jury in the Southern District of Florida convicted Jack Kachkar, former Chairman and Chief Executive Officer of Inyx Inc., on eight counts of wire fraud affecting a financial institution (18 U.S.C. §1343), for his role in a $100 million scheme to defraud Westernbank of Puerto Rico (Westernbank).  That scheme, according to the Department, set in motion a series of events that led to Westernbank’s insolvency and ultimate collapse.  Kachkar’s conviction also  included a $3 million scheme to defraud Mellon United National Bank of Miami (Mellon Bank).

As the Department summarized the trial evidence, from 2005 to 2007, Kachkar served as Chairman and CEO of Inyx., a publicly traded multinational pharmaceutical manufacturing company:

Beginning in early 2005, Kachkar caused Westernbank to enter into a series of loan agreements in exchange for a security interest in the assets of Inyx and its subsidiaries.  Under the loan agreements, Westernbank agreed to advance money based on Inyx’s customer invoices from “actual and bona fide” sales to Inyx customers, the evidence showed.

The trial evidence further showed that Kachkar orchestrated a scheme to defraud Westernbank, by causing numerous Inyx employees to create tens of millions of dollars’ worth of fake customer invoices that were purportedly payable by customers in the United Kingdom, Sweden, and elsewhere.  Kachkar then

caused these invoices to be presented to Westernbank as valid invoices.   Kachkar made false and fraudulent representations to Westernbank executives about purported and imminent repayments from lenders in the United Kingdom, Norway, Libya and elsewhere in order to lull Westernbank into continuing to lend money to Inyx, the evidence showed.  In fact, these lenders had not agreed to repay Westernbank’s loan.  Kachkar made false and fraudulent representations to Westernbank executives that he had additional collateral, including purported mines in Mexico and Canada worth hundreds of millions of dollars, to induce Westernbank to lend additional funds, the evidence showed.  In fact, this additional collateral was worth barely a fraction of that represented by Kachkar.

During the course of his scheme, Kachkar caused Westernbank to lend approximately $142 million, primarily based on the false and fraudulent customer invoices.  The evidence also showed

that he diverted tens of millions of dollars for his own personal benefit, including for the purchase of, among other things, a private jet, luxury homes in Key Biscayne and Brickell, Miami, luxury cars, luxury hotel stays, and extravagant jewelry and clothing expenditures.

In or around June 2007, Westernbank declared the loan in default and ultimately suffered losses exceeding $100 million on the Inyx loans.  According to trial evidence, these losses later triggered a series of events leading to Westernbank’s insolvency and ultimate collapse.  At the time of its collapse, Westernbank had approximately 1,500 employees and was one of the largest banks in Puerto Rico.

With regard to the second scheme involving Mellon Bank, the trial evidence showed that Kachkar “knowingly deposited a $3 million check at Mellon Bank from the purported sale of his private jet.”  At the time of its deposit, he knew that the check was worthless, and in fact agreed to sell his plane to a different buyer.   After receiving a provisional credit for the check from Mellon Bank, Kachkar “wired out all of the provisional credit, including a $1 million wire to Kachkar’s personal account in Canada.  Upon Mellon Bank’s request to reverse this $1 million wire, Kachkar refused to do so, resulting in at least a $1 million loss to Mellon Bank, the evidence showed.”

Kachkar is scheduled to be sentenced April 30.

Note: This trial and conviction underscore the importance of financial institutions’ maintaining a robust fraud compliance program that addresses both internal and external fraud.  As the evidence at Kachkar’s trial showed, fraud schemes are still capable of bringing down financial institutions if management fails to conduct enhanced due diligence on major borrowers from their institutions, and fails to invest the necessary compliance resources to safeguard their institutions.

Kachkar’s own prior history should have caused any financial institution to regard him with the utmost suspicion.  In 2005, Kachkar reportedly

was banned from acting as a director of any companies in Ireland for five years after a judge found he had not acted responsibly in connection with a transfer of about $4 million (Canadian) from a floundering Irish company, part of the Miza Group, out of the country to other companies within the group. He appealed, and Ireland’s Supreme Court upheld the judgment of not acting responsibly, but noted “no question of dishonesty arose.”

Later, 2011 media reports stated that Kachkar was convicted of fraud and attempted fraud in France, in connection with his 2007 attempted purchase of a French football club, Olympique de Marseille.  According to French media reports, the French court imposed a 10-month suspended sentence and a €50,000 fine in relation to his failed purchase of the club in 2007, as well as a €500,000 payment to the family of the then-Olympique owner who had since died.