Out With the Old, In With the New

New Year’s Eve is generally a time to reflect on the past and look forward to the future. For many it also involves an excessive amount of alcohol, an expensive dinner in a crowded restaurant, or a long wait for Chinese food delivery.

I’m sure there is a compliance story in there somewhere. But I’m just going to enjoy taking some time off. Enjoy the end of your year and the start of the next.

2009
Boston.com
iStockPhoto
iStockPhoto

Six Mistakes Executives Make in Risk Management

Harvard-Business-Review-October-2009-Cover

Nassim N. Taleb, Daniel G. Goldstein, and Mark W. Spitznagel discuss risk management and short comings in approaches in the October 2009 issue of the Harvard Business Review (subscription required).

They offer up six mistakes in the way we think about risk:

1.  We think we can manage risk by predicting extreme events.
2.  We are convinced that studying the past will help us manage risk.
3.  We don’t listen to advice about what we shouldn’t do.
4.  We assume that risk can be measured by standard deviation.
5.  We don’t appreciate that what’s mathematically equivalent isn’t psychologically so.
6.  We are taught that efficiency and maximizing shareholder value don’t tolerate redundancy.

Black Swan events – low-probability, high-impact events that are almost impossible to forecast— are increasingly dominating the economic environment. The world is a complex system, made up of a tangled web of relationships and other interdependent factors.  Complexity makes forecasting even ordinary events impossible. So, complexity increases the incidence of Black Swan events as we have a harder time seeing the relationship and connection. All we can predict is that Black Swan events will occur and we won’t expect them.

The authors propose a different approach to risk management:

“Instead of trying to anticipate low-probability, high-impact events, we should reduce our vulnerability to them. Risk management, we believe, should be about lessening the impact of what we don’t understand—not a futile attempt to develop sophisticated techniques and stories that perpetuate our illusions of being able to understand and predict the social and economic environment.”

The authors end up equating risk to ancient mythology:

“Remember that the biggest risk lies within us: We overestimate our abilities and underestimate what can go wrong. The ancients considered hubris the greatest defect, and the gods punished it mercilessly. Look at the number of heroes who faced fatal retribution for their hubris: Achilles and Agamemnon died as a price of their arrogance; Xerxes failed because of his conceit when he attacked Greece; and many generals throughout history have died for not recognizing their limits. Any corporation that doesn’t recognize its Achilles’ heel is fated to die because of it.”

That is a bit lofty for my tastes. After all, the danger of the black swan is that you don’t know that you don’t know about that risk. If you know about a risk, you can deal with it. If you know that you don’t know about risk, you can manage that also. It’s hard to be a victim of hubris when you don’t know the danger for your downfall even exists.

Nassim N. Taleb is the Distinguished Professor of Risk Engineering at New York University’s Polytechnic Institute and a principal of Universa Investments, a firm in Santa Monica, California. He is the author of several books, including The Black Swan: The Impact of the Highly Improbable. Daniel G. Goldstein is an assistant professor of marketing at London Business School and a principal research scientist at Yahoo. Mark W. Spitznagel is a principal of Universa Investments.

Perception, Dilbert and a Magical Management Necklace

Are your assumptions correct?

You get a new tool to help manage your processes and everything starts working better. Is everything actually working better? Or is the data just being manipulated to look better?

As is often the case, the pointy-haired boss can show us the problem.

Often the compliance officer is like the pointy-haired boss. Everyone is on their best behavior when you are around. But what’s happening when you aren’t looking?

Its a matter of perception.

In-House Counsel Sanctioned for Failing to Monitor the Preservation of Electronic Evidence

lotto killa sheriff's car

In the Swofford v. Eslinger case, the court sanctioned in-house counsel (but not outside counsel) for failure to preserve evidence. The attorney sanctioned was general counsel for a government entity, the Seminal County Sheriff’s Department. What was unique about this case was that the sanctions were brought against in-house counsel for spoliation of evidence even though he was not the attorney of record or a named party.

What Happened?

In April 2006, Robert Swofford, a recent multi-million dollar Florida state lottery winner, was shot in his backyard by two sheriff’s deputies in pursuit of burglary suspects. Mr. Swofford sued the sheriff and the two deputies for use of excessive force and unlawful entry onto his property.

Mr. Swofford’s attorney sent letters requesting that the sheriff’s office preserve all evidence within its possession related to the shooting, listing specific types of evidence, including firearms and electronic evidence. Separately, the sheriff’s office has an obligation to retain the evidence in question while the outcome of a law enforcement investigation is pending.

What Did They Do Wrong?

Nothing.

They had an obligation to do something, but did nothing instead. They never issued any directives or “litigation hold memos” to suspend all orders, practices, or policies that could lead to the destruction of evidence relevant to this case.

“As admitted at the Hearing by David Lane, SCSO’s General Counsel since March 2006, the only action taken by anyone at the SCSO in response to the preservation letters was that Linda McDaniel, a paralegal in the General Counsel’s office, reviewed the letters and forwarded a copy of the letters to approximately six senior SCSO employees, including Sheriff Eslinger.”

None of the individuals did anything to see that the sheriff’s office employees did anything to comply with their legal obligations to preserve evidence. Even in the face of a motion for spoliation sanctions, filed in November 2008, the Office of General Counsel still had not, as of the hearing in June 2009, done anything to ensure that employees were properly complying with the preservation letters.

Emails were deleted. Laptops were recycled. Nearly all the evidence was lost.

Lotto Killa

One piece of evidence that was not destroyed was an instant message conversation between Remus, one of the deputies involved in the shooting,  and another officer.  In the  conversation, the other officer referred to Remus as the “Lotto killa.” Remus replied:  “I need to go to the sign shop and have them put that name on the side of the car.”

Apparently, the instant messages were on a different server than email. A server with a different procedure for deleting old messages.

At the time of that instant message conversation Mr. Swofford lay near death in the local hospital. He managed to survive.

Maybe this kind of sick humor was in those destroyed emails.

The Standard

“It is not sufficient to notify employees of a litigation hold and expect that the [employee] will then retain and produce all relevant information. Counsel must take affirmative steps to monitor compliance so that all sources of discoverable information are identified and searched [and in this case, preserved.]” Zubulake, 229 F.R.D. at 432.

Sanctions and Effect

In a blistering opinion, the judge specifically reprimanded the General Counsel for his “abject failure to comply with legal standards” by failing to issue a “litigation hold memo” and failing to ensure that employees subsequently complied with their preservation obligations.

The ruling provided for payment of Mr. Swofford’s legal costs related to the spoilation. The judge also used the nuclear sanction of creating a presumption that the evidence would have contained information detrimental to the sheriff’s office. The jury will be instructed:

  • “to infer that emails deleted from April 20, 2006, to April 2007 contained information detrimental to all Defendants in this case.”
  • “that the radios and their missing accessories would yield evidence adverse to Defendants’ case had they been produced.”
  • “that Remus’s laptop computer contained information detrimental to the SCSO’s and Remus’s defense of this case.”

Take-Away

The case is remarkable because of its sanction of the general counsel who was not involved in the litigation.That is a wake up call.

The facts of the case are particularly egregious. The general counsel did nothing to preserve the evidence. Reading the opinion, you see nothing but bad faith by the sheriff department.

The duty to preserve may be triggered upon filing of the suit and retention of counsel or otherwise be a duty that runs to both in-house and outside counsel. In-house counsel cannot ignore their preservation responsibilities.  Merely forward a preservation request is insufficient. In-house counsel must take affirmative steps to monitor compliance so that all relevant, discoverable information is identified, retained and made available.

References:

The Twelve Days of Compliance

Sing it with me:

On the first day of compliance,
my audit gave to me:
Madoff in a prison jumpsuit.
madoff
.
.
On the second day of compliance,
my audit gave to me:
Two legal frauds,
and Madoff in a prison jumpsuit.
dreier 2
.
On the third day of compliance,
my audit gave to me:
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
markopolos
.
.
On the fourth day of compliance,
my audit gave to me:
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
schapiro
.
.
On the fifth day of compliance,
my audit gave to me:
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
Charles Ponzi
.
.
On the sixth day of compliance,
my audit gave to me:
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
mozillo
.
.
On the seventh day of compliance,
my audit gave to me:
Seven black swans a swimming
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
black swan
.
.
On the eighth day of compliance,
my audit gave to me:
Eight bribes in billing
Seven black swans a swimming
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
blago
.
.
On the ninth day of compliance,
my audit gave to me:
Nine trades a-troubling
Eight bribes in billing
Seven black swans a swimming
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
troubling trades
.
.
On the tenth day of compliance,
my audit gave to me:
Ten laws a-changing,
Nine trades a-troubling,
Eight bribes in billing,
Seven black swans a swimming,
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
barney frank
.
.
On the eleventh day of compliance,
my audit gave to me:
Eleven accounting errors,
Ten laws a-changing,
Nine trades a-troubling,
Eight bribes in billing,
Seven black swans a swimming,
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
satyam
.
.
On the twelfth day of compliance,
my audit gave to me:
Twelve data breaches,
Eleven accounting errors,
Ten laws a-changing,
Nine trades a-troubling,
Eight bribes in billing,
Seven black swans a swimming,
Six governance lapses,
Five Ponzi schemes.
Four enforcement letters,
Three background checks,
Two legal frauds,
and Madoff in a prison jumpsuit.
data-theft
.
madoff

Social Networking is Serious Business

aiimnelogoIf you live in the Greater Boston area and have $45 lying around, I am speaking on social networking on January 15, 2010 hosted by the New England Chapter of AIIM.

Social Networking is Serious Business
Newton Marriott Hotel
January 15, 2010
8:30 a.m. – 11 a.m.
$40 AIIM NE members/$45 non-members

I will be joining John Pepper, the CEO of Boloco and Russs Edelman the CEO of Corridor Consulting. Being the lawyer and compliance guy on the panel, I will be focusing on the regulatory, compliance and legal issues related to web 2.0 / social networking. That means I’m talking about the downside and the ways to get yourself in trouble.

In other words, I’m putting the emphasis on the “serious” part in the presentation name.

Register for Social Networking is Serious Business

COBRA Subsisdy Set to be Extended

recovery_gov

With the COBRA subsidy having expired, Congress has moved ahead to extend the subsidy.

Section 1010 of the Department of Defense Appropriations Act, 2010 extends the COBRA subsidy program for six more months, moving from a nine month subsidy to a 15 month subsidy.

It also extends the eligibility for workers from December 31, 2009 to February 28, 2010.

Since the change is included in the Department of Defense Appropriations Act for 2010 (military spending for the year), everyone expects President Obama to sign it shortly.

References:

Who Said Government Ethics Wasn’t Funny?

Office of Government Ethics Seal

You might think that the United States Office of Government Ethics would be overly serious and lack a sense of humor.

You would be wrong.

Check out the poem at the end of their Reminder about Holiday Gifts & Fundraising
(.pdf)

The holiday season – a time for good cheer!
For egg nog, for parties, for friends to be near.
But I must be careful
Lest I accept free
A gift not permitted, no matter how wee.

Part two six three five of the 5 CFR
Explains in detail the relevant bar.
It defines the term gift
To mean all things worth money.
That’s NBA tickets or jars full of honey.

Some gifts may be taken but some are verboten.
The source is the key – it’s the rule that I’m quotin’.
When from me or others
The source seeks some act,
I must find an exception or I could be sacked.

Check out the rest of the poem.

References:

Compliance Bits and Pieces for December 18

Here are some interesting stories from the past week:

“Mr. Ruehle, You Are a Free Man”: Judge Carney’s Dramatic Dismissal of the Broadcom Backdating Criminal Case by Kevin M. LaCroix in The D&O Diary

There has been widespread news coverage of the dramatic December 15, 2009 decision of Central District of California Judge Cormac Carney to throw out the options backdating related criminal charges against Broadcom co-founder Henry T. Nicholas III and CFO William Ruehle, based on prosecutorial misconduct.

It’s NOT Just a Fantasy: Company Fires Employees for Running Fantasy Football League, For Real by Daniel Schwartz on the Connecticut Employment Law Blog.

This week, it was reported that Fidelity Investments fired four employees (including relationship managers to various clients) who were running various fantasy football leagues. What was curious about the company’s statement for the rationale for the firing was not so much using company time and resources for the league but rather it’s designation of fantasy football as a form of “gambling”.

SEC Charges FCPA Compliance Officer with Violations by Thomas O. Gorman in SEC Actions

The SEC brought an FCPA action against Bobby Benton, the Vice President of Western Hemisphere Operations of Pride International, Inc. Mr. Benton was responsible for FCPA compliance in his region. Pride is one of the world’s largest offshore drilling companies. SEC v. Benton, Civil Action No. 4:09-cv-03953 (S.D. Tex. Filed Dec. 11, 2009).

Chief Compliance Officer Now a Full-Time Job By Melissa Klein Aguilar for Compliance Week

Two new studies confirm what those tasked with oversight of corporate compliance probably already know: More and more often these days, the chief compliance officer’s job is a full-time, stand-alone gig, rather than a secondary duty one handles while wearing some other title.
A poll from the Open Compliance and Ethics Group found that of 365 respondents, nearly 75 percent said their company has a chief ethics and compliance officer or someone in a similar role with top-level oversight of compliance. That’s up from only 10 percent in a similar poll from 2005.

Recent Opinion Sheds Light on the Relevance Of Due Diligence to the FCPA’s ‘‘Knowledge’’ Requirement(.pdf) by Kenneth Winer and Gregory Husisian of Foley & Lardner LLP

I admit that I included this article because they refer to me as a “prominent commentator.” See Footnote 3. (Referenced source:
Sounding Off About Third Party Compliance even though I did not make the quoted statement.

The U.S. District Court for the Southern District of New York recently issued an opinion that sheds important light on one of those elements – the ‘‘knowledge’’ requirement. The case underscores that while a failure to perform due diligence when entering into an arrangement with an intermediary (such as a consultant, joint venture partner, or distributor) may expose a company or individual to substantial reputational and legal risks, the FCPA does not require such due diligence.

Herrmann’s Farewell Post Mark Hermann is leaving the Drug and Device Law blog (and private practice)