Author: Jonathan J. Rusch

In her August 28 CNBC column on leadership, Ruth Umoh highlighted several prominent present or former executives who have touted the virtues of fear in motivating themselves and their employees.  The dominant message – as reflected in the column’s headline – was Amazon founder Jeff Bezos’s 1999 statement that “I constantly remind our employees to be afraid, to wake up every morning terrified.”  Umoh also asserted that “[u]sing fear as a motivator is a strategy that has also worked well for others,” citing author and investor Tim Ferris, who said in 2017 created a written exercise that he called “fear-setting”, like goal-setting, for himself “to make a lot of [the hard choices] easier.”

While fear may help certain CEOs to motivate themselves, any message that corporate executives and employees should incorporate fear into their daily decisionmaking and actions should be deeply worrisome to compliance officers.  For compliance professionals, who are expected to develop and foster a culture of compliance within their organizations, fear – particularly businesspeople’s fear of failure to “grow” the business with sufficient speed or to meet sales or production quotas – can prove toxic to that culture of compliance.  It may not only influence the cognitive process of decision-making in general, but have powerful effects on the ability of executives to make ethical decisions as part of that process.

In a 1996 article, Ethical Leadership and the Psychology of Decision Making, two leading authorities on business ethics, Professors David Messick and Max Bazerman, powerfully argued “that unethical business decisions may stem not from the traditionally assumed trade-off between ethics and profits or from a callous disregard of other people’s interests or welfare, but from psychological tendencies that foster poor decision making, both from an ethical and a rational perspective.”  Those tendencies arise in three aspects of business decision making:

1. Theories about the world. As Professors Messick and Bazerman noted, “Successful executives must have accurate knowledge of their world. If they lack this knowledge, they must know how to obtain it. One typical challenge is how to assess the risk of a proposed strategy or policy, which involves delineating the policy’s consequences and assessing the likelihood of various possibilities. If an executive does a poor assessment of a policy’s consequences, the policy may backfire and cause financial as well as moral embarrassment to the firm and the decision maker.” Emphasizing fear as a primary motivator for colleagues is highly likely to undermine executives’ theories of the world, by distorting three aspects of those theories:
   • Their consideration of possible consequences (e.g., underestimating the importance of a risk or concealment of a corporate decision to avoid adverse public reaction);
   • Their judgment of risk (e.g., denying uncertainty, framing of risks in ways that prompt executives to avoid economic loss, systematically failing to account for the full spectrum of consequences associated with decisions, or systematically erring in assessing the probabilities associated with the consequences); and
   • Their perception of causes (e.g., most people’s tendency to blame a person rather than look for alternate explanation such as defective equipment or procedures, and the inclination to treat failures to act as less culpable than positive acts).
2. Theories about other people. Our theories about other people can be molded by ethnocentrism (not only based on racial, ethnic, or national affiliations), especially in “[i]ntensely competitive situations”, and by stereotyping.
3. Theories about ourselves. People’s judgments about themselves tend to be flawed in at least three ways:
   • A person’s illusion of superiority, which can encompass an unrealistically positive view of the self and an illusion of control over random events;
   • Self-serving fairness biases, which can involve a conflict between a person’s interest in fairness and his or her interest in performance and success; and
   • Overconfidence in their knowledge of facts and their risk assessments.

To counteract these tendencies and improve ethical decision-making, Professors Messick and Bazerman proposed that executives focus on improving three qualities:

1. Quality, by “ensuring that all the consequences of actions are considered,” ”having accurate assessments of the risks associated with possible strategies and being attuned to the pitfalls of egocentric biases.”
2. Breadth, by taking into account “the full range of consequences that policies may entail” for all stakeholders.
3. Honesty, by looking candidly at whether a proposed course of action would, if publicly disclosed, “stand the light of day or the scrutiny of public opinion,” and by “learn[ing] to calibrate ourselves to judge risk . . . [and to] examine our motives in judging others.”

So how should compliance officers who learn of business leaders’ invocations of fear within their organizations address these concerns about the toxic effects of fear on corporate compliance?  One starting point would be to have a series of discussions with C-level executives that raise specific concerns about the effects of broadbased invocations of fear on compliance, along the lines of the preceding discussion.  In addition, compliance officers need to point out that while fear can provide a potent message to employees, as Professor David G. Myers wrote in Exploring Social Psychology (1994), “[i]f you don’t tell people how to avoid the danger, frightening messages can be too much to cope with” (p. 156). As reflected in a variety of social psychological studies, providing guidance about what positive or protective strategies executives can follow in response to a fear stimulus – such as fear of economic loss, fear of public criticism or reputational harm, or fear of adverse government action — can make for more effective intracorporate communication, and can assist executives in thinking through the potential risks of particular decisions more comprehensively and mindfully.

On August 17, the United Kingdom Home Office published terms of reference for an Independent Review of the Modern Slavery Act 2015, the first national legislation to address modern slavery by providing a legal framework to do so.  The Act, in pertinent part, established a series of criminal offenses pertaining to slavery, servitude, forced labor, and human trafficking, provided law enforcement with various powers, and established a requirement that commercial organizations that supply goods or services and have a total turnover of not less than an amount prescribed by the Secretary of State disclose annually what action they have taken to ensure there is no modern slavery in their business or supply chains.

According to the terms of reference, the aim of the review is to report on the operation and effectiveness of, and potential improvements to, provisions in the Act.  The review is to be conducted by a team of three independent reviewers (including two Members of Parliament), who will gather evidence and seek views from relevant stakeholders. The Home Office noted that this process “could include a call for written submissions, evidence sessions on particular aspects of the legislation, and interviews with representatives from civil society, business, law enforcement and other interested bodies.”

The following provisions of the Act will be considered in the review:

• Section 3 – The Meaning of Exploitation: This section, which sets out the meaning of exploitation for the purposes of the section 2 offense (arranging or facilitating travel with a view to the victim’s exploitation), defines “exploitation” broadly to include slavery, servitude, forced or compulsory labor, sexual exploitation by reference to conduct specifically covered in certain other laws, exploitation in the context of trafficking for organ removal or for the sale of human tissue by references to offences in the Human Tissue Act 2004, and all other types of exploitation where a person is subject to force, threats or deception which is designed to induce him into providing a service of any kind, providing a person with benefits or enabling another to acquire benefits.
• Sections 8 to 10 – Reparation Orders: These sections involve the making and issuance of slavery and trafficking reparation orders, which direct persons convicted of a slavery or trafficking offence to make reparation to victims.
• Sections 40 to 44 – The Independent Anti-Slavery Commissioner: These sections provide for the establishment and powers of the Independent Anti-Slavery Commissioner.
• Section 45 – The Statutory Defense: This section provides for a defense for slavery or trafficking victims who commit an offence that they were compelled to do so.
• Section 48 – Independent Child Trafficking Advocates: This section establishes a duty on the part of the Secretary of State “to make such arrangements as the Secretary of State considers reasonable so that specialist independent child trafficking advocates are available to support and represent children who there are reasonable grounds to believe may be victims of trafficking.”
• Section 54 – Transparency in Supply Chains: This section requires a commercial organization over a certain size “to publish a slavery and human trafficking statement each year which sets out the steps it has taken to ensure there is no slavery or trafficking in its supply chains or its own business, or states that it has taken no such steps.”

The Home Office also stated that the reviewers “will report on the evidence they gather and submit recommendations to the Home Secretary in March 2019.”  The Home Secretary is then to lay the report before Parliament.

The Home Office announcement followed closely on the heels of two reports about the extent and effects of modern slavery.  First, in July the Home Office issued a research report, The economic and social costs of modern slavery.  That report set forth numerous findings, such as:

• The estimated total costs of modern slavery in the United Kingdom – comprising anticipation, physical and emotional harm, lost output and time, health services, victim services, law enforcement costs, and suspected victims — are between £3.3 billion and £4.3 billion.
• The estimated unit costs (cost per victim of exploitation in the UK) for each type of modern slavery are (1) labor exploitation, £318,810; (2) sexual exploitation, £319,500; and (3) domestic servitude, £390,080.
• “The fact that the unit cost of crimes of modern slavery is second only to homicide justifies treating this crime type as a priority due to this high level of harm to society.”

Second, on July 19, the Walk Free Foundation issued the 2018 Global Slavery Index.  The 2018 Index contains a number of key findings:

• Incidence and Prevalence of Modern Slavery: The Foundation reported that “[t]he number of people falling victim to modern slavery in developed countries is far higher than previously thought.” The United States reportedly has 403,000 people living in modern slavery in the US — 1 out of 800 Americans – seven times higher than previous estimates, and the United Kingdom has 136,000 people in modern slavery — nearly 12 times higher than previous figures.  (It should be noted that the Home Office’s 2018 report summarized above estimated the total number of modern slavery victims to be only 10,000 to 13,000 (pp. 6 and 8).)
• Total Enslaved People: 40.3 million people worldwide were in modern slavery: 24.9 million in forced labor, and 15.4 million in forced marriages. 71 percent of enslaved people are women, a large proportion of whom are in forced marriages.
• Total Amount and Largest Importers of “At Risk” Products: The Foundation reported that developed countries “are heavily exposed to the risk of slavery within their supply chains,” with. G20 countries annually importing more than $US354 billion in “at risk” products. The United States is by far the largest importer of at-risk products ($US144 billion), followed by Japan ($US47 billion), Germany ($US30 billion), the United Kingdom ($US 18 billion), and France ($US16 billion).
• National Responses to Modern Slavery:  Eight G20 nations — Australia, Brazil, China, France, Germany, Italy, the United Kingdom, and the United States – “have all introduced or are taking steps to introduce laws that would tackle modern slavery,” but the other 12 nations have not yet formally enacted laws or policies to stop businesses sourcing goods from forced labor.

Note: Law firms and companies that focus on Modern Slavery Act compliance issues should track developments with the Independent Review, including potential opportunities for written submissions to the reviewers and evidence sessions on the issues that the Review identified.

On August 22, the Australian Payments Network, Australia’s self-regulatory body established by the payments industry, issued its Australian Payment Card Fraud Report for calendar year 2017.  Highlights of the report included the following findings:

• The overall value of card transactions in Australia for 2017 was AU$748,110,632,702, a 5 percent growth over 2016. Paralleling this growth, the value of fraudulent card transactions in Australia for 20167 was AU$561,408,226, a 5 percent growth over 2016.
• For Australian cards, the average value of a fraudulent transaction decreased from AU$188 in 2016 to AU$157 in 2017.
• Related to the global move to EMV card technology, counterfeit/skimming fraud dramatically decreased 47.8 percent, from AU$59.2 million in 2016 to AU$30.9 million in 2017. With regard to all Australian cards used, fraud decreased domestically by 36 percent to AU$16.5 million and internationally by 57 percent to AU$14.4 million.
• Card-not-present (CNP) fraud accounted for 84.5 percent of all card fraud. Online card fraud increased by 13.9 percent, from AU$418.1 million in 2016 to AU$476.3 million in 2017.  With regard to Australian cards used, fraud increased domestically by 29 percent to $227.5 million and internationally by 3 percent to AU$248.9 million.
• The increase in online fraud is due to three factors: (1) “fraud migrating online as chip technology provides strong protection for face-to-face fraud”; (2) “large scale data breaches, which capture sensitive card data”; and (3) “identity theft, which often includes the theft of sensitive card data.” Online fraud schemes “continue to use a variety of techniques, such as “malware and phishing attacks to capture sensitive card data or cardholder passwords, and masking tools to try and bypass the risk-based rules used in fraud analytics products.”

The report also noted that implementation of the Australian payments industry’s framework for reducing CNP fraud is expected to begin in late 2018.

Australian financial institutions will need to pay close attention to the report’s data, particularly regarding CNP fraud and the role of large-scale data breaches, because of new legal obligations under the Privacy Amendment (Notifiable Data Breaches) Act 2017.  That law established the Notifiable Data Breaches (NDB) scheme in Australia, which took effect February 22, 2018.  Under that scheme, entities with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act) (including Australian Government agencies) are required to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm, including recommendations about the steps that individuals should take in response to the breach, and to notify the Australian Information Commissioner of eligible data breaches.

In an August 9, 2018 speech, U.S. Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco set out a number of what he termed “some brief benchmarks” in FinCEN’s approach to regulating virtual currency and emerging technology:

• As “virtual currency has the potential to be exploited for money laundering and other illicit finance,” “[c]ompliance with our anti-money laundering (AML) and countering the financing of terrorism (CFT) framework is critical to protecting our financial system and safeguarding the incredible innovations within the FinTech space.”
• FinCEN has provided leadership in AML/CFT regulation and supervision of virtual currency since 2011. Today it works closely with other federal regulatory agencies, including the Securities and Exchange Commission and the Commodity Futures Trading Commission (CFTC), “for coordinated policy development and regulatory approaches, including addressing risks . . . [that] include potential illicit finance and fraud surrounding Initial Coin Offerings (ICOs).”
• FinCEN, and its partners at the SEC and CFTC, “expect businesses involved in ICOs to meet all of their AML/CFT obligations.” That expectation extends to “individuals and entities engaged in the business of accepting and transmitting physical currency or convertible virtual currency from one person to another or to another location”, as well as businesses that provide anonymizing services when they accept and transmit virtual currency.  It also extends to “domestic and foreign-located convertible virtual currency money transmitters, even if the foreign located entity has no physical presence in the United States, as long as it does business in whole or substantial part within the United States.”
• Since 2014, FinCEN and the Internal Revenue Service (IRS) have examined more than 30 percent of all registered virtual currency exchangers and administrators, but have focused “on both registered and unregistered exchanges.” Those examinations “have included a wide array of virtual currency businesses:  virtual currency trading platforms, administrators, virtual currency kiosk (or ATM) companies, crypto-precious metals dealers, and individual peer-to-peer exchangers.”
• With regard to FinCEN’s 2017 $110 million civil penalty assessed against BTE-e – its first against a foreign-located money services business and its most recent against a virtual-currency business – BTE-e “lacked even basic controls to prevent the use of its services for illicit purposes” and “fail[ed] to establish policies and procedures to handle transactions going through anonymizing services like bitcoin mixers, and offering the anonymity-enhanced cryptocurrency Dash.” In addition, SAR filings and supporting documentation by both banks and other virtual currency exchanges “played a critical role” in the investigation of the case. That information “included beneficial ownership information, additional activity attributed to the exchange of which we were previously unaware, jurisdictional information, and additional financial institutions we could contact for new leads.”
• FinCEN is “sharing experience on cryptocurrency with foreign partners through the Egmont Group of Financial Intelligence Units (FIU) and other international forums.” In addition, FinCEN is “in the process of setting up a virtual currency-focused FinCEN Exchange program with the private sector and law enforcement.” That program is expected to provide a platform “for all of us to engage with industry developments, concerns, and share risks and threats that we are seeing.”

FinCEN has seen a “substantial increase” in virtual currency Suspicious Activity Report (SAR) filings “over the past few years.” It now receives more than 1,500 SARs per month “describing suspicious activity involving virtual currency, with reports coming from both MSBs in the virtual currency industry itself and other financial institutions.”

On August 13, Sheikh Khalifa bin Zayed Al Nahyan, President of the United Arab Emirates, issued Emiri Decree Number 2 of 2018, amending Federal Decree-Law no. (5) of 2012, the 2012 UAE Cybercrimes Law.  Decree Number 2 revises only Articles 26, 28, and 42 of the 2012 law.

Here are the provisions of Articles 26, 28, and 42 and the 2018 amendments thereto:

• Article 26: This Article criminalizes “establish[ing], manag[ing] or run[ning] a website or publishes information on the computer network or information technology means for the interest of a terrorist group or any unauthorized group, association, organization, or body with the intent to facilitate communication with their leaders or members or attract new members, or to promote or praise their ideas, finance their activities or provide actual assistance thereof or for the purpose of publishing methods for manufacturing incendiary devices or explosives or any other devices used in terrorism acts.”  The 2012 version set the penalties for an Article 26 violation at imprisonment for a period of at least five years and a fine not less than Dh 1,000,000  (US$272,294) and not more than Dh 2,000,000 (US$544,588).  The 2018 amendment increases those penalties to imprisonment of at least 10 years and not more than 25 years and a fine not less than Dh2,000,000 and not in excess of Dh4,000,000 (US$1,089,176).
• The Article 26 amendments also criminalize establishing, managing or running a website or publishes information on a computer network or information technology means with the aim to incite hate details, and sets the penalty at imprisonment for not more than five years and a fine of not less than Dh500,000 (US$136,147) and not in excess of Dh1,000,000 (US$272,294). In addition, for first-time offenders, a court may require an accused to be placed under electronic probation and monitoring, and prevent the accused from using information technology means during a period not more than the maximum penalty prescribed.
• Article 28: This Article criminalizes “establish[ing], manag[ing] or run[ning] a website or uses information on the computer network or information technology means with intent to incite acts or publishes or transmits information, news or cartoon drawings or any other pictures which may endanger the national security and the higher interests of the State or afflicts its public order.” The 2012 version set the penalties for an Article 28 violation at temporary imprisonment and a fine not in excess of Dh 1,000,000.  The 2018 amendment adds to the intent clause a provisions addressing attacks on any member of the judicial court system.
• Article 42: This Article authorizes a court to order deportation of a foreigner who is condemned in any of the crimes specified in the 2012 Law upon execution of the punishment adjudged.  The 2018 amendments provide that subject to the second paragraph of Article No. 121 of the UAE Penal Code, the court may order deportation of a foreigner who is convicted of any of the crimes specified in the 2018 amendments upon execution of the sentence adjudged.  Article 121 specifies that a court may order deportation for any felony or misdemeanor conviction and is sentenced to any term restricting the defendant’s freedom, but must order deportation “in crimes against honor.” It also permits a court to order deportation in lieu of sentencing the convicted defendant to a penalty restricting freedom applicable for misdemeanors.

These amendments reflect only relatively minor changes to the 2012 law, as to which one firm credited the UAE as “the first country in the Middle East to implement such a wide-ranging cyber crime law.”