US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy

The US Department of Justice has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ in its pursuit of corrupt and criminal activities within corporations that "Threaten the public safety and national security, [and] wrongfully divert money into the pockets of criminal actors" at a mid-January event at Georgetown University's Law Center. Polite described how in 2022 the division's fraud section secured convictions of more than 250 individuals, of which 50 were convicted via trial. Seven corporations entered "Criminal resolutions" with the DOJ and there were two declinations. While the Money Laundering and Asset Recovery Section convicted more than 24 individuals and had two corporations enter guilty pleas, including a "Financial institution" which agreed to forfeit $2 billion. CISOs and CSOs are well-positioned to spot anomalies. This is of import to CISOs and CSOs, as their teams are often in a position to observe signs of anomalous behavior within their own infrastructure and the changes within the Enforcement Policy clearly reward those who self-report and cooperate. Polite emphasized that the DOJ's job is not just the prosecution of crime, but also to deter and prevent crime. The DOJ needs "Corporations to be our allies in the fight against crime," Polite said. Two examples were shared of companies whose cooperation resulted in a declination of prosecution or a deferred prosecution agreement. The first example involved French aerospace company Safran, which uncovered FCPA violations post-acquisition due diligence. Safran uncovered years of bribes having been paid to a Chinese consultant which had occurred from 1999 to 2015. Safran made a full disclosure, put in place remediation steps, and "Agreed to disgorge the ill-gotten gains of its US subsidiary." The second example involved Swiss tech company ABB. Polite notes that ABB, who had prior FCPA resolutions from 2004 and 2010, had discovered corrupt business practices in South Africa. ABB scheduled a meeting with the DOJ to self-disclose. Though the media broke a story that highlighted the fraud occurring within ABB. Polite emphasized that the company helped itself when it could "Demonstrate intent and efforts to self-disclose prior to and without any knowledge of the media report" and the DOJ entered into a deferred prosecution agreement, with two subsidiaries pleading guilty and paying a fine of more than $315 million. When companies don't cooperate with the DOJ. The emphasis on the outcome corporations and individuals may expect when they decline to self-disclose or cooperate fully with a DOJ investigation was clear. Polite shared the case of the Belfour Beatty Communities military housing fraud plea, noting that there was no voluntary self-disclosure, cooperation was "Lackluster," and their efforts were at the bare minimum, so they did not earn any reduction in fines. He then shared another instance where the Toronto-based Bank of Nova Scotia received little reduction as the "Company's compliance function contributed to the misconduct." The bank was fined more than $127 million in 2020. His third and final example was that of Swiss mining firm Glencore, which in fact did receive a slight reduction as they failed to fully cooperate, take timely actions with respect to the individuals involved, and were fully aware of the criminal activity, "Which was pervasive." Glencore pleaded guilty and was fined more than $1.1 billion in May 2022. The bottom line: self-reporting misconduct under FCPA is key. The bottom line, directly from Polite: "When a company has uncovered criminal misconduct in its operations, the clearest path to avoiding a guilty plea or indictment is voluntary self-disclosure. It is also the clearest path to the greatest incentives that we offer, such as declination with disgorgement of profits." He continued that the DOJ is forthright about the potential incentives to self-report and cooperate to hammer home the point that corporations that fall short of the department's expectations do so at their own risk. "Make no mistake-failing to self-report, failing to fully cooperate, failing to remediate, can lead to dire consequences."

This Cyber News was published on www.csoonline.com. Publication date: Wed, 01 Feb 2023 10:11:02 +0000


Cyber News related to US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy

US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy - The US Department of Justice has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney ...
1 year ago Csoonline.com
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
10 months ago Theregister.com
What Is a Firewall Policy? Ultimate Guide - A firewall policy is a set of rules and standards designed to control network traffic between an organization's internal network and the internet. There are key components to consider, main types of firewall policies and firewall configurations to be ...
9 months ago Esecurityplanet.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
9 months ago Securityboulevard.com
The SAFE Act to Reauthorize Section 702 is Two Steps Forward, One Step Back - Section 702 of the Foreign Intelligence Surveillance Act is one of the most insidious and secretive mass surveillance authorities still in operation today. The Security and Freedom Enhancement Act would make some much-needed and long fought-for ...
6 months ago Eff.org
How to create a cloud security policy, step by step - What's needed is a set of rules for how cloud security is managed, and the key to that is a cloud security policy. A cloud security policy contains detailed guidelines to help an organization ensure that it operates safely in the cloud. Because cloud ...
4 months ago Techtarget.com
Understanding the Implications of the Renewal of FISA Section 702 for CISOs - In today's world of constant connection, multinational companies are operating in and across multiple countries. Those doing business in the United States should be aware of Section 702 of the Foreign Intelligence Surveillance Act, which outlines the ...
1 year ago Csoonline.com
3 security best practices for all DevSecOps teams - It's been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. More organizations are looking to shift-left security to ensure that security is prominent in ...
10 months ago Infoworld.com
Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling - In the ever-evolving landscape of software development, it's become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle. Each of these have illuminated different vulnerabilities that can be exploited ...
9 months ago Securityboulevard.com
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
6 months ago Feeds.dzone.com
DevSecOps: Definition, Benefits and Best Practices - DevSecOps is an approach that focuses on the alignment of the three core pillars of DevOps — Development, Operations, and Security. It’s a combination of processes, tools and practices designed to enable organizations to adopt innovative and ...
1 year ago Heimdalsecurity.com
EU Reaches Agreement on AI Act Amid Three-Day Negotiations - The EU reached a provisional deal on the AI Act on December 8, 2023, following record-breaking 36-hour-long 'trilogue' negotiations between the EU Council, the EU Commission and the European Parliament. The landmark bill will regulate the use of AI ...
10 months ago Infosecurity-magazine.com
2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS - Threat actors were observed launching cyberattacks and collecting information during the 2022 mid-term election in the United States, but there is no evidence of significant impact, according to a joint report published on Monday by the Justice ...
9 months ago Securityweek.com
Digital Security: How the FBI & DOJ Took Down the Hive Ransomware - Recently, the FBI and the Department of Justice (DOJ) have taken down the Hive ransomware that has been previously terrorizing digital networks for months. They have managed to enter the hacker’s systems and spend months inside investigating the ...
1 year ago Therecord.media
'Defunct' DOJ ransomware task force raises questions, concerns | TechTarget - "The Office of the Deputy Attorney General (ODAG) memorandum that established the Ransomware Task Force also contained several strategic areas, including directing the Ransomware Task Force to design and implement a strategy to disrupt and dismantle ...
1 week ago Techtarget.com
DoJ Breaks Russian Military Botnet in Fancy Bear Takedown - The Department of Justice has disrupted a botnet used by Russian military intelligence for widespread cyber espionage. The network was made up of hundreds of individual small office/home office routers that the Russian Military Unit 26165 was able to ...
7 months ago Darkreading.com
Microsoft Breach - How Can I See This In BloodHound? - On January 25, 2024, Microsoft announced Russia's foreign intelligence service breached their corporate EntraID environment. We reviewed the information Microsoft's team provided in their post which contained details significant enough to explain ...
8 months ago Securityboulevard.com
Create Highly Secure Applications in Mule 4 - Accessibility Control/Access Management Use Anypoint Access Management to create your Anypoint Platform account or configure a federated External Identity. Environment Management Anypoint Platform enables you to create and manage separate deployment ...
8 months ago Feeds.dzone.com
My Yearly Look Back, a Look Forward and a Warning - 2023 saw cybersecurity and privacy law arrive at a crossroads, especially with regard to the regulatory landscape. This is the time of year when it is traditional to look back at the past year and extrapolate forward to make predictions for the year ...
9 months ago Securityboulevard.com
Is the Justice Department Even Following Its Own Policy in Cybercrime Prosecution of a Journalist? - Following an FBI raid of his home last year, the freelance journalist Tim Burke has been arrested and indicted in connection with an investigation into leaks of unaired footage from Fox News. The raid raised questions about whether Burke was being ...
7 months ago Eff.org
The House Intelligence Committee's Surveillance 'Reform' Bill is a Farce - Earlier this week, both the House Committee on the Judiciary and the House Permanent Select Committee on Intelligence marked up two very different bills, both of which would reauthorize Section 702 of the Foreign Intelligence Surveillance Act-but in ...
10 months ago Eff.org
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
1 week ago Securityaffairs.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
The Pentagon Tried to Hide That It Bought Americans' Data Without a Warrant - United States officials fought to conceal details of arrangements between US spy agencies and private companies tracking the whereabouts of Americans via their cell phones. Obtaining location data from US phones normally requires a warrant, but ...
8 months ago Wired.com
Congress Should Give Up on Unconstitutional TikTok Bans - TAKE ACTION. TELL CONGRESS: DON'T BAN TIKTOK. As a first step, H.R. 7521 would force TikTok to find a new owner that is not based in a foreign adversarial country within the next 180 days or be banned until it does so. If deemed a national security ...
6 months ago Eff.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)