Downtrend in ethics hotline reporting creating questions on “corporate culture”
With far greater attention being paid to maintaining consistent business ethics as a general “best practice” across the financial realm over the past decade or so, putting these practices into play has been far more challenging than corporate executives could have anticipated. This has been compounded by the increasingly aggressive nature of the financial sector with respect to meeting various sales and service targets and maintaining a competitive edge over their counterparts, both domestically and abroad. In the recent past, we have seen several cases involving high-profile financial institutions inflating their sales figures and distorting performance management systems to appear more productive than they truly are, while breeding an atmosphere susceptible to continued illicit and unethical behavior. However, newly released data from risk and compliance management firm Navex Global Inc. has shown that the number of filed reports on corporate ethics hotlines from employees of various firms dropped off significantly in 2020 – this while the degree of potential impropriety stayed mostly consistent.
Citing Navex’s findings, the Wall Street Journal notes that altogether, “third-party managers of the hotlines saw a drop in the total number of reports last year, with 54 million employees lodging more than 1.3 million internal reports, a roughly 7.1% decrease from 2019.”4 These results are significant to say the least, specifically when considering the fact that due to the Covid-19 pandemic, it was expected that there would have been a notable uptick in the reporting of health and safety complaints at the very least. However, the article continues, noting that the decline in reports has also included decreases in tips related to financial crime, including bribery and possible fraudulent activity.4 For many years, ethics hotlines have been the most common reporting system that companies have relied upon to make sure their ethical standards are maintained and the concerns of their employees are heard. These systems most often allow for anonymous entries via online forums or phone lines where employees can report bad behavior while protecting themselves from potential retaliation from executives and/or co-workers. The information attained from these outlets can often include (but are not limited to) matters such as workplace bullying, discrimination, sexual harassment, or financial abuse and misconduct. Over the past year, it appears that employees who do wish to report wrongdoing have mostly opted to go directly through government agencies versus their own company protocols, as reporting figures in general reached unprecedented levels across the United States in 2020. Reports regarding concerns or potential wrongdoing related to the environment, health and safety increased by 47% in wake of the novel coronavirus pandemic, according to data from Navex, with the Labor Department’s Occupational Safety and Health Administration (OSHA) also received an 11.5% increase in complaints in the 2020 fiscal year as compared to 2019.
These findings have led to a great degree of speculation as to why whistleblowers are opting to forgo direct internal reporting procedures and instead report wrongdoing directly to federal agencies. Analysts believe that the stark economic conditions and sharp increase in unemployment/furlough figures seen during the pandemic is perhaps the largest contributing factor. While the shear number of business closures has likely contributed to the drop-off in reporting numbers, the fear of blowing the whistle on an employer’s misconduct and potentially facing repercussions and job loss without many alternative options for subsequent employment available has also undoubtedly factored into these findings. Carrie Penman, the chief risk and compliance officer at Navex has her own theory on these developments, which focuses on the increase in employees working remotely. Employees being physically distant from their employers may make them feel more disconnected from their firms as a whole, and as such less likely to report potential issues internally. Jane Norberg, the U.S. Securities and Exchange Commission (SEC) whistleblower office chief, seems to support this theory. She states, “They’re not seeing their boss every day that they might have talked to, or maybe they didn’t feel like they have the same access to their internal hotline or whomever else they would report to within the company, and then perhaps they started coming to us.”4 It also doesn’t hurt that government agencies such as the SEC and the Internal Revenue Service (IRS) have begun to offer major financial compensation to individuals providing these entities with original and credible information that can lead to successful enforcement action against individuals and organizations engaging in financial misconduct. Whistleblower awards can range anywhere from 10% to 30% of the total funds collected when monetary sanctions exceed $1 million. To date, the SEC alone has awarded more than $750 million to 136 whistleblowers since issuing its first award in 2012, all while protecting the identities of those filing reports. The chance of receiving a substantial financial reward versus no compensation for reporting directly to one’s own company cannot be overstated as a major element in this recent shift.
As the remote operations of many financial institutions are set to continue for the foreseeable future, employers will need to seek new ways to engage with their employees to keep them feeling involved and open to returning to reporting matters internally. Institutions and their executives at the helm would be wise to take note of this downtrend and make a greater effort to amend their own ethics reporting protocols, while actively taking steps to improve and build the comprehensive corporate “culture” that many businesses boast about.
Ecuador’s State-Owned Oil Company Linked to Money Laundering
Last week, a former employee of international commodities trading house Gunvor Group Ltd. pleaded guilty to charges of conspiracy to commit money laundering in connection with a multi-faceted bribery scheme. Reports allege that the man in question, Raymond Kohut, and his superiors at the firm bribed Ecuadorean government officials with multi-million dollar payments in order to secure business contracts from the country’s state-controlled oil firm, PetroEcuador, between 2012 and 2020. Kohut operated as a Bahamas-based business development consultant and independent contractor for the firm over a 7-year period. The conviction in this case adds to a growing list of enforcement efforts taken by the United States against individuals and entities operating in the commodities trading industry that have participated in bribe payments made to South American officials
Bloomberg writes that Gunvor, one of the five-largest independent oil traders, is cooperating with the U.S. Justice Department’s probe, with a company spokesperson noting that the group “terminated its relationship with business-development agents involved in the case before learning of the investigation because of compliance issues.”2 Kohut and others were found to have funneled more than $22 million in total bribes to Ecuadorian officials working with PetroEcuador, with the defendant informing his bosses that these payments were nothing more than “consulting fees.”2 Kohut faces up to 20 years in prison for his central role in this unethical activity, while also agreeing to the criminal forfeiture of $2.2 million. A long-standing criminal probe led by the U.S. Justice Department into illicit financial activity occurring at PetroEcuador remains ongoing.
Singapore Joins Interpol Effort to Thwart Covid-19 Fraud Scams
After Interpol and the United States Homeland Security Investigations (HSI) unit joined forces earlier this year in warning the public against emerging Covid-19 related fraud efforts and other fraudulent activity occurring within their respective jurisdictions, other countries have begun to lobby to contribute to the cause. Last week, Singapore agreed to join the newly assembled global financial crime task force that has aimed to analyze the movement of illicit monetary flows across international borders and seek to promote ways by which countries can better combat illegal activity of this variety. Among the items on the coalition’s agenda is hindering the proliferation of fraud schemes seeking to profit off of Covid vaccine distribution efforts. Vaccines rolling out in mass quantities both in the United States and abroad has prompted an exponential increase in web-based immunization registration schemes, with fraudsters posing as legitimate national and world organizations in offering “pre-orders” for Covid-19 vaccines – preying on the vulnerabilities of unwary citizens across the world.3
Interpol has sought to assist international law enforcement bodies in identifying criminal groups and bad actors behind these ploys and subsequently bringing them to justice. The government of Singapore, as well as the country’s federal authorities, have received praise for contributing their financial intelligence and insights to this growing effort, and for establishing the country’s first ever national Anti-Scam Center. Among the unique resources Singapore will contribute to the global effort will include the specific crime typologies it has identified, how it has leveraged technology to facilitate speedier retrieval of information, and its close partnership with banks to enable prompt action to freeze bank accounts suspected to be used to receive and transfer proceeds of crime.3 In a statement released following the move, a spokesperson for the Singapore government noted that the country “hopes to bring down the number of cyber-enabled financial crimes at both the global and national levels, through the combined international effort of the task force, to disrupt criminal syndicates and recover illicit funds.”3
Hotel/Airline Booking Staple Fined Over Data Breach
Online reservation website Booking.com has been fined a reported €475,000 ($557,000 USD) by the Dutch Data Protection Authority (DDPA) for failing to disclose a significant data breach in a timely manner – a requisite task under the European Union’s General Data Protection Regulation (GDPR). Compliance Week writes that in December 2018, “cyber-criminals obtained the personal data of some 4,109 customers—including the credit card details of 283—by scamming employees based in some 40 hotels in the United Arab Emirates to hand over their Booking.com account login credentials.”1 The bad actors behind these crimes were able to directly obtain the personal and financial information of users of the Booking.com service, while later seeking to obtain additional payment card information of unsuspecting customers by using the credentials of actual Booking.com employees to contact customers regarding potential bookings and other matters.
Despite the magnitude of the breach that was discovered by the firm on January 13, 2019, Booking.com failed to notify the DDPA until February 7th – a whopping 22 days later than the 72 hour reporting requirement period under the GDPR. The DDPA’s fine is said to relate directly to the late notification on these transgressions versus any identified errors in security protocols contributing to the breach. While Booking.com ultimately apologized for its shortcomings in this regard, with the company also taking additional steps to improve its internal reporting controls, the reputational damage from the breach had already been done.
- Hodge, Neil. “Booking.com Fined $557K under GDPR for Reporting Data Breach Late.” Compliance Week, 1 Apr. 2021.
- Hurtado, Patricia, and Andy Hoffman. com, Bloomberg, 6 Apr. 2021.
- Mahmud, Aqil Haziq. “Singapore Joining Interpol-Led Global Financial Crime Task Force Looking into COVID-19 Vaccine Scams.”Channel News Asia, 3 Apr. 2021.
- Sun, Mengqi. “Reports on Corporate Ethics Hotlines Fell in 2020.” The Wall Street Journal, Dow Jones & Company, 5 Apr. 2021.