Today we sent out our December newsletter, entitled “Managing Reputation and Risk.” If you didn’t receive it, you can read the full text below (and be sure to click here to sign up for future newsletters).
As the holidays approach, I’ve begun to reflect on K2 Global’s first full year in business. The model of a pioneering organization that Jules and I envisioned—a lean investigative team that combines old-school skills with new technology and a global reach—has really come to fruition.
Throughout 2010 our focus was on getting our firm launched. In 2011, we concentrated on filling out our team with a group of experienced and well-connected investigators, case managers, intelligence analysts, technology and legal experts. In fact, we’ve been so good at attracting talent, our London office recently relocated to a new, larger space and our headquarter office in New York is ready to burst.
A lot of hard work has also begun to bear fruit this year. The most gratifying part has been re-connecting with old friends and building strong new client relationships.
In the many conversations I’ve had over the last year, I and my colleagues and have noticed a number of issues that keep cropping up. All of these of these issues revolve around risk – not just financial risk but reputational risk too. This risk is introduced by the parties you do business with, the actions of your employees, and the data your company generates. Most of the solutions we offer to manage that risk involve using a combination of our investigative expertise and the technologies at our disposal.
The biggest is issue is uncertainty. I recently spoke to the Financial Times (check out the whole article, “Risk and Reward“, over at FT.com.) about how “volatility is the new norm.” I don’t think I’ll get an argument from you about the truth of that statement. But I do believe that many of our clients don’t fully understand that they already possess a lot of the information that can help manage that vulnerability and risk. And though many of the lurking threats to your business come from outside of your enterprise, a surprising number may already be present within your business.
For example, in recent years we’ve seen the emergence of a global effort to crack down on business practices that were once conveniently tolerated. That includes increased scrutiny from regulators; new laws in the form of the UK Bribery Act and stepped up enforcement of the Foreign Corrupt Practices Act; as well as more government prosecution of insider trading cases. We’ve obviously thought a lot about these issues, and our Head of Compliance, Jason Golub, has written quite a bit about them on our blog. In Europe, Matteo Bigazzi, who has been recently promoted to head our London office, has also posted on the UK Bribery Act.
All this boils down to your need to develop a “First-to-Know” policy about your own company’s risks and vulnerabilities. Much of this knowledge lies within the data you’re already collecting about your communication, transactions and products, To that end, we’ve spent much of the last year building and acquiring technologies that help us interrogate massive data sets. These new tools allow us to help you detect outlier activities (and non-obvious relationships) before they get out of hand.
We can apply these data analysis technologies to outside data sources as well – for example, a number of our clients look to us to understand how they are portrayed by traditional media, how users of social networks perceive them, and whether the larger Web holds information that can reveal lurking threats or notable opportunities.
We’ve written more about “big data” analysis and our approach to understanding cyber threats on our blog as well, but we invite you send us a note or call us at 212-694-7000 if you’d like to get a greater understanding of our considerable technical capabilities.
After the roller coaster of 2011—and the prospects for more of the same in 2012—I’m sure we’re all ready to take a breath, enjoy the holidays and get ready for the New Year. I want to wish you, your colleagues and all of your families the best.
Beyond Compliance: Building a First-to-Know Defense Against International Bribery and Corruption Risks
by Jason N. Golub
The best way for a corporation or investment fund to inoculate itself against the risks created by increased enforcement of the United States’s Foreign Corrupt Practices Act and the advent of the United Kingdom’s new Bribery Act is to perform a rigorous audit.
Our experience is that control programs must go beyond compliance. They must deal effectively with large corruption and small, gain the support of employees and focus on identification of the highest risk individuals and entities. Who makes potentially corruptive decisions? How are they documented and monitored? What constitutes effective monitoring?
In many instances, violations of bribery laws occur because entities fail to properly train officers and employees to understand and appreciate the nature of relationships in the context of the FCPA and UK Bribery Act. While all employees must be trained and educated, training will be only be effective if the culture of compliance is set from the top.
In the event that a company learns of a potential FCPA or UK Bribery Act issue, it must act promptly and efficiently to minimize the impact on its business and investors. The company should obtain assistance on a range of issues including developing adequate policies and procedures, assessing books and records and training employees. In addition senior officials should understand how to conduct an internal investigation and what remedial actions to take if a violation is identified.
Overall, bribery and corruption risk must be integrated into all parts of an organization’s culture in order to be effective. With an increasingly aggressive set of regulators focusing on bribery it behooves any company to be the “first to know” when bribery becomes an issue, and thereby stay ahead of any potential risk issues.
K2 Global can help organizations combat bribery. Our efforts can broadly address the following areas:
- Teach staff research and reporting skills on why and how corrupt forces may operate in areas you do business
- Evaluate and draft procedures relating to due diligence and hiring of intermediaries that are best in class
- Help build and maintain effective relationships with intermediaries
- Help comply with all laws and regulations
- Surpass the minimum “adequate procedure” required by the UK Bribery Act with best practices
- Investigate actual transactions and potential situations
- Conduct due diligence on potential business partners, acquisitions and intermediaries
- Incorporate training that is practical and applicable to real situations rather than legalistic
- Mentor compliance staff and provide ongoing support and guidance
- Draft Operations Manual for bribery accounting policies, oversight, procedures and response
“The Justice Department has been vigorously enforcing the Foreign Corrupt Practices Act and achieving strong results,” Associate Attorney General Lanny A. Breuer said in a speech earlier this month in Washington, DC. “We are in the middle of our fourth FCPA trial of the year – more than in any prior year in the history of the Act. And just two weeks ago, we secured the longest prison sentence – 15 years – ever imposed in an FCPA case.”
Breuer’s enthusiasm is echoed in statistics from 2010, a year that saw Justice bringing 46 new criminal cases and the SEC filing 26 actions of its own. All together, enforcement case rose 85% from 2009 to 2010—and investigations touched companies of all shapes and sizes from little-known firms to mainstays like Blackstone and Citigroup.
Rooting out bribery as a business practice around the world is no longer an American obsession. With the addition this July of the UK’s very stringent Bribery Act, there is a whole new level of risk for investments made in either direction. Sovereign Wealth Funds that have made investments in the United States are facing new levels of scrutiny—including having foreign employees considered government officials. And there are now greater risks for US firms that want to make investments abroad.
As many more businesses are driven by the personality of an individual and that figure’s visibility through the press, social networks and the internet, K2 has seen a rise in the need to protect those individuals from potential physical and reputational threats created by becoming a public figure and the increased accessibility of internet age.
More exposure, as always, means more risk. The internet is an intemperate place where many individuals express their frustrations in a vacuum and many lose the grounding they would have in a physical context. Anonymity (or, the prospect thereof) dulls or negates many people’s sense of repercussions. At K2 we’re seeing a rise in cyber-aggression cases, and there is no single profile for those behind online threats and attacks.
Traditionally, when prominent or public figures have reached out to us with safety concerns, it was due to a physical threat. Over the years, we’ve honed our skills and built a network of contacts to help us keep our clients safe in these situations. But, the idea of security itself is changing.
Increasingly, our investigators see an overlap between traditional methods of safeguarding clients from unexpected threats and innovative new techniques for dealing with malicious campaigns that primarily take place online. K2 Global’s case managers and analysts have added an array of tools for dealing with the now-essential online component of a person’s (or business’s) reputation to our traditional methods of safeguarding your person or your reputation.
When called in to assess a client’s security, K2 Global’s team will generally begin with a physical assessment of a client’s place of business and possibly their residence.
A physical assessment typically includes:
- An examination of entry and egress points
- An estimation of existing security measures
- A review of emergency plans
But now K2 also frequently performs a baseline sentiment analysis of the internet content related to our clients which helps define the pre-existing tone of comments and coverage of our clients.
Once our investigators have established this critical benchmark, they are in a better position to monitor the tone of online activity going forward. This is designed to allow the investigators to flag any potentially hostile sentiment before it escalates into violent or disruptive behavior.
If such behavior is detected, we’ve learned that going directly to law enforcement is not always the best course of action. Often times dealing with aggressive online behavior is more permanently resolved by making contact with—or through—an intermediary who is trusted by the aggressor.
In recent cases, K2 has identified friends, colleagues or associates of individuals presenting threats to our clients and developed strategies for how these people could become allies in dealing with the underlying causes for aggression.
However, if these “soft” tactics fail, K2 has vast experience in dealing with law enforcement at the federal and state and local levels, as well as industry specific regulatory bodies. When a hard plan of action is necessary, K2 partners with clients to guide them through this process with all necessary care and speed.
Where the threat is less focused, our investigators are still able to give our clients traction toward regaining a sense of security.
For example, K2 has been called in to determine the source of disparaging news leaks and misinformation that can become a threat to a client’s interests. Again, K2 has a wide array of tools and experts at our disposal that can help determine whether such information is coming from an abuse of trust within a company or an overtly hostile party on the outside. Once the nature of a leak was identified, we were able to design and implement security arrangements that efficiently and effectively mitigated the problem.
There is no one solution to the many problems that can arise in a world increasingly connected by social media, and in lives increasingly lived online. Our unique approach is to match the best traditional investigative methodology with the optimal technology solutions to provide our clients with a holistic sense of security in the digital age.
Our goal is always to keep clients safe. As a next-generation investigations firm, we know that this task has evolved from simply providing security in the face of physical threats to including ways to address all forms of cyber-aggression and online harassment.
If you run your own enterprise, you know you generate a huge amount of data every day, and chances are you allocate significant chunk of your marketing or research budget to mining and interpreting these data.
Given the importance of big data today, it is surprising that most firms continue to view data analytics solely as a tactical tool. They overlook the advantage their data can provide as a risk management tool . At K2 Global, we advise our clients to get to know their data not only to find opportunities, but to understand and address their own vulnerabilities.
What does this sort data awareness mean in practice? It means you won’t be surprised by what your company’s e-mail servers, document archives, and phone records reveal to malicious actors who hack through your firewall . . . or those might already be working behind it.
It means that legitimate investigators and regulators will be less likely to surprise you if one of your employees turns out to be masking illegal or ill-advised behavior.
It means you are able to respond to public relations problems when competitors or the press publish out-of-context information about your company.
Pleading ignorance is no defense; you need to understand — and employ — the same methods that third parties would use to analyze your data. You need to know the stories your records tell, the patterns your employees’ interactions reveal, and the ways in which that information might be used.
K2 has made it a priority to acquire and build the “military grade” technologies that can interrogate these massive data sets. With these tools, we can tease the important narratives out of mass of data your company already possesses.
The results of these analyses can reveal:
- Influential actors in communication networks via phone or e-mail record analysis
- Anomalous behavior among members of online social networks
- Suspicious trading, transaction or purchasing patterns
- Conflicts of interest among executive and board members via extensive relationship mapping
- Money laundering risks
By analyzing your data along these lines, you’ll be better prepared to design effective compliance programs, demonstrate your diligence to regulators, and counter the attacks of malicious actors. If you use technologies and research methods that are equal to or superior to those used by third-parties, as we do at K2, you can be confident that you’ll know your data better than anyone ever will.