81st Edition / March 2017 CONTENTS From Garry’s Desk ............................................. 1 Feature Articles ................................................ 2 FROM GARRY’S DESK Upcoming Speaking Events ............................... 8 FINTRAC AND OTHER REGULATORS ............ 8 "The most difficult thing is the decision to act, the rest is merely tenacity." -Amelia Earhart ARTICLES OF INTEREST SECTION 1: MONEY LAUNDERING ............... 17 SECTION 2: CRYPTO CURRENCY & This has been an interesting month from many perspectives. The reveal- FINTECH………………………………..………..24 ing of the not-so secretive bank regulatory penalty in Canada serves as a CYBER CRIME ……………..…………………...31 wake-up call relative to ensuring all businesses are treated equally. The FRAUD ........................................................... 34 Ontario Auditor General’s report detailing the paving contract fiasco begs CORRUPTION .............................................. 49 for a Charbonneau type inquiry in Canada. Also, Kevin O’Leary’s open letter the to the Premier of Ontario detailing unimaginable abuses of the ORGANIZED CRIME ...................................... 55 public purse raise serious questions. TERRORISM .................................................. 60 We continue to witness massive regulatory penalties in the United States Gambling ........................................................ 73 whilst in Canada we are either next to perfect, have a weak regulator, or Strategic Partnerships .................................... 75 we are just being Canadian. Financial crime, inclusive of money launder- ing, cyber-crime, fraud and corruption continues unabated and yet we seem to be oblivious to the societal impact and overall loss of tax reve- nue. North America needs to recognize that bearer bonds, beneficial owner- ship and gatekeepers are all vehicles that are embraced by the criminal element, inclusive of terrorist organizations. It is time we took financial crime seriously and implemented the necessary controls to finally demon- strate measurable positive results. All of us need to hold our political masters to a standard and no longer accept mediocrity and public purse abuses. We also need to ensure they not only enact legislation and regulations but demand that gaps in our systems be dealt with in a timely and effective manner. Professional Associations & Certifications Examine the number of requests for resources by Compli- Feature Articles ance and Control functions that have been denied. How many audits did Internal Audit perform in an area MICHELE EDWARDS: DATA ANALYSIS UNDERLIES related to misconduct? For example, how many payments NEW DOJ GUIDANCE did Internal Audit flag because they demonstrated char- acteristics of bribery and corruption? How many new in- By Michele Edwards | Tuesday, February 28, 2017 ternal controls were implemented in response to Internal Audit findings surrounding bribery and corruption? The Justice Department's “Evaluation of Corporate Compliance Programs” outlines 11 topics and 119 ques- Examine the number of red flags identified as a result of tions that the Fraud Section commonly considers when due diligence on third parties. evaluating corporate compliance programs in the wake of criminal misconduct. How many third parties were suspended, terminated or Data lies at the core of the recent guidance. As the DOJ audited for compliance issues? For example, how many makes clear, compliance and legal professionals are ex- vendor relationships were terminated as a result of brib- pected to leverage data, metrics, and other objective evi- ery and corruption concerns? dence to demonstrate a compliance program is working effectively. Look at the number of third parties an acquisition target re-evaluated under the acquirer’s standards/policies. For Data analysis extends far beyond the basics. Training pro- example, how many consultants, distributors, or joint gram completion rates and code of conduct confirmation venture partners did the acquirer re-perform third-party statistics are no longer sufficient. Companies need to use due diligence on if the target’s third-party anti-corruption meaningful data to assess and remediate corporate com- due diligence procedures were deemed ineffective? pliance programs, as well as to prove program effective- ness. How many audits were conducted on acquired business units? The new guidance also makes clear that data ana- Here are examples of some compelling metrics to lytics and metrics are a critical part of the execution of a demonstrate the effectiveness of a compliance program corporate compliance program, including in areas such specific to criminal investigations of alleged FCPA viola- as: tions and related anti-bribery and anti-corruption pro- grams. Analysis and remediation of underlying misconduct. A root cause analysis of identified misconduct is ex- Look at the number of transactions or deals that were pected. It is often the case that data analyses can be de- stopped, modified or more closely examined as a result of veloped to identify situations in which the root causes ei- compliance concerns. For example, how many payment ther would have prevented or detected the misconduct, transactions were more closely examined by Compliance and would be expected as part of the remediation pro- or Legal for bribery and corruption concerns? How many cesses. Establishing and testing the effectiveness of those new business deals were cancelled as a result of rejecting analyses requires multi-disciplinary skill sets. a prospective customer’s request for consideration be- cause it demonstrated characteristics of a bribe? . Risk assessment and continuous improvement, periodic testing and review. The DOJ guidance makes it clear that companies must collect data and metrics to help detect GARRY’S SIREN \ 2 potential misconduct as part of the information gathering Last week, I spoke with Shearman & Sterling partner and data analysis stage of risk assessments. In addition, monitoring, internal control testing and auditing should Philip Urofsky, a former federal prosecutor respon- collect and analyze compliance data in order to property monitor and audit for red flags. Tailored data analytical sible for investigating, prosecuting, and arguing the procedures must be applied in order to root out potential appeals in cases involving violations of the Foreign misconduct. Corrupt Practices Act. The DOJ has provided a roadmap, though not a checklist or “silver bullet,” on its anticipated evaluation of the ef- Urofsky leads the Shearman & Sterling team that fectiveness of corporate compliance programs. Data can prove extremely effective in helping compliance and legal produced the 2017 FCPA Digest, an annual compen- professionals to successfully make their case for the ef- dium of annual FCPA reviews of the prior year’s en- fectiveness of these programs and meet increasing levels of regulatory scrutiny. forcement actions and related issues. ____ We started our conversation looking at the new Michele Edwards is a Managing Director with StoneTurn head of the Securities and Exchange Commission in Chicago. Michele has more than 20 years of combined experience in fraud and compliance risk management and (SEC), Jay Clayton, a Wall Street lawyer. financial statement auditing. She specializes in assessing and implementing antifraud and compliance programs, risk assessments, fraud and compliance training, fraud "Clayton co-authored a report on the FCPA in 2011 detection and forensic investigations. that gives us some clues as to his thoughts on FCPA - See more at: http://www.fcpa- enforcement -- at least his thoughts at the time. blog.com/blog/2017/2/28/michele-edwards-data-analysis- underlies-new-doj-guidance.html#sthash.6rL20vQP.dpuf And he certainly believed the FCPA to be an overly burdensome law that put covered businesses at a disadvantage to those not subject to it," Urofsky THE FUTURE OF FCPA ENFORCEMENT: A DISCUS- SION WITH PHILIP UROFSKY said. By Julie DiMauro | Wednesday, February 8, 2017 at Whether his views will be tempered as the head of 8:22AM the SEC, and possibly influenced by his closest asso- ciates there -- such as the deputy of enforcement, etc. -- are open questions. Urofsky noted how Andrew Weissmann's proactive FCPA stance at the Department of Justice surprised some because he had formerly served at the busi- Just as the 2016 FCPA enforce- ness-friendly Chamber of Commerce. ment year left us plenty of topics to discuss, the new year brings many uncertainties, and the direc- Anything is possible. tion of the law’s enforcement is a matter of some debate. GARRY’S SIREN \ 3 Still, it's obvious looking at the last couple of "You cannot afford to be complacent -- other coun- months of 2016 and first weeks of 2017 that regula- tries are still enforcing their own foreign bribery leg- tors -- even the Serious Fraud Office in the UK -- islation. And it's unlikely either agency will say that were rushing to get some cases (like the one against small bribes are just fine -- or that you can calibrate Rolls-Royce) through before January 20. your compliance program to only permit small bribes." "The proactive posture of the securities regulator in terms of the number of enforcement actions and a "There are still over-arching, guiding principles of couple of huge dollar-value sanctions in the past corruption law that must be attended to, and brib- year might not be replicated in 2017," Urofsky said. ery showcases fault lines in a business's procedures to identify and control for