The global demonstrations that gathered under the banner “Je Suis Charlie” had special meaning for us at the University of Miami as we offered the second iteration of our undergraduate Compliance Boot Camp.
As reported in a post here on last year’s effort, the students signed up out of sheer interest, investing their vacation time in this four-day, non-credit workshop. When the horrific news from France reached us, we had been discussing the “network against network” view of compliance and enforcement. On one side are the institutions of normal society: multi-national companies, banks, and their enforcement and compliance professionals. Lined up on the other side are organized criminal networks: drug cartels, human trafficking enterprises, and syndicates for money laundering and terrorist financing.
Teaching optimistically inclined young people can be uplifting. In the case study, the students were asked to analyze a medical supply company with a ruthless CEO who dominates his chief ethics and compliance officer (CECO). His extraordinary income stream looks inflated by bribery, money laundering and price-fixing. It is not clear who are his real business partners.
Most students decided that both the CEO and his CECO should be retained after rigorous compliance training. After all, the company was profitable and a job-creator. The mock (and volunteer) Board, played by a consultant, a compliance lawyer and a CECO, took a decidedly hard-nosed approach. But all three agreed that after exactly four days of compliance training, the students did a remarkable job of spotting red flags, even if their remediation had youth’s hopeful cast.
On the other hand, when it came to financial crimes, the students had something to teach us. This year, in response to a request from UM’s CIBER Institute, we added basic banking regulation to the FCPA foundation. The banking world has tough procedures for KYC (know your customer) and enhanced due diligence (EDD) to prevent corruption, a parallel universe to that created by the FCPA. We also added a new focus on spotting financial crimes like money laundering, terrorist financing and sanction evasion.
The students role-played compliance officers with years of bank experience who were evaluating a possible merger with the medical supply company from an FCPA compliance perspective. We wondered what they would make of the red flags of corruption and criminal activity in the case study, which mentions shady money going through the banking system to banks in off-shore locations and funds moved by odd third-parties to banks in big cities.
In doing their analysis, these young students quickly identified another red flag, one not even considered by us: Had the banks involved in these transactions informed enforcement authorities of this suspicious activity?
Banks must file a suspicious activity report (SAR) with enforcement agencies if a customer or a correspondent bank seems involved in financial crimes like moving bribery proceeds, laundering drug money or sending funds through a shell company or false-front charity to a terrorist cell. In all situations, a company or bank must know with whom they do business, including customers, business partners and third parties of all kinds. Bad attitudes like “How was I supposed to know?” or “It’s not my job to police the world” do not excuse companies or banks from doing their part under both the FCPA and banking regulations.
These students further surprised us by their insight into the policy question posed by the “Board”: Why spend time and money on compliance? After offering familiar responses regarding return on investment and protecting reputation, they added another: A company or bank that protects itself and its many stakeholders from misuse by money launderers and terrorist financing is doing something for all of us, everywhere. We all now live in a globally networked world. In a new way, we are all our brothers’ keeper.