Toward the end of every week, Compliance Week puts a snarky spotlight on individuals, companies, and governments that “Failed It” in the areas of ethics and compliance during the week and gives out kudos to those that “Nailed It.” If we missed any or if you have any nominations for next week, let us know on Twitter (@ComplianceWeek) or in the comments section below.

Nailed It


Bank of America: One of the more interesting suspicious activity reports (SARs) unveiled as part of the blockbuster “FinCEN Files” reports that dropped this week was a curious case of one bank investigating another. The SAR was filed in 2016 by Bank of America (BoA) compliance officers regarding suspicious Russian and Baltic state transactions flowing through Deutsche Bank to BoA customers. BoA wanted answers about the source of the money, so it went directly to Deutsche Bank to find out. They were stonewalled at every turn, according to the SAR, with Deutsche Bank allegedly even turning away BoA officials who flew from New York to London to talk to a Deutsche Bank executive who sent them away without even a conversation. Kudos to BoA for taking it a step further than “observe and report” and doing a little probing of their own, even if they were ultimately unsuccessful. And it was certainly a bad look for the already troubled Deutsche Bank to turn away another bank looking for answers. —Dave Lefort

BMW: It’s rare that we applaud a company that’s just been slapped on the wrist, but we’re making an exception for BMW this week. The automaker and two of its subsidiaries settled with the SEC for disclosing inaccurate and misleading information about retail sales volume in the United States, agreeing to pay $18 million. Notable in the SEC’s press release announcing the deal was this line regarding the company’s cooperation in the investigation: “The SEC’s order notes BMW’s significant cooperation during the investigation amid challenges posed by the COVID-19 pandemic, including travel restrictions, work-from-home orders, and office closures, and that this cooperation was taken into account in imposing a penalty.”  Kudos to BMW for not making a bad situation worse by misleading a regulator, and kudos to the SEC for once again showing it’s willing to reduce penalties for companies that cooperate. Good examples, both. —Dave Lefort

“Brokerage Firm A”: The SEC charged two men this week for orchestrating an insider trading scheme that was apparently ferreted out by alert compliance folks at an unnamed brokerage firm. The scheme was allegedly launched by Yinghang “James” Yang of Flushing, N.Y., who used inside information about which public companies’ stock listings were being added or dropped from a “widely recognized stock index” managed by Yang’s employer. (Companies whose stock Yang traded included, Etsy, Grubhub, Las Vegas Sands, and T-Mobile, according to the complaint). Yang earned $900,000 in illicit profits in five months of trading on an account opened by his friend, novice investor and sushi restaurant manager Yuanbiao Chen. The pair put a pause on their scheme in 2019, however, “after they became concerned about certain questions that Chen was asked by Brokerage Firm A about his occupation and sources of wealth.” Chen filled the form that Brokerage Firm A requested with lies about his ability to pick stocks so profitably, but never traded in the account again. This has all the hallmarks of a compliance department identifying fraudulent trading and then acting to stomp it out. Huzzah, Brokerage Firm A. You know who you are. —Aaron Nicodemus


Failed It


Wells Fargo CEO Charlie Scharf: At this point, we here at CW can just reserve a weekly spot in Failed It for Wells Fargo. Scharf, who was hired last year to lead Wells Fargo through its fake accounts scandal and out the other side, apologized for a comment related to the bank’s attempt to diversify its hiring. His offending comment in the Wall Street Journal: “The unfortunate reality is that there is a very limited pool of Black talent to recruit from with this specific experience.” In a subsequent letter to employees, he wrote he was sorry for his “insensitive comment reflecting my own unconscious bias.” Here’s another thought, Charlie. Maybe “Black talent” isn’t leaping at the chance to join your dysfunctional organization. Did that ever cross your mind? —Aaron Nicodemus

Gilead Sciences: Willful deceit will always get you on CW’s naughty list, as is the case this week with pharmaceutical company Gilead Sciences. The California-based firm agreed to pay $97 million to settle allegations it used a charitable foundation as a conduit to pay the copays of thousands of patients taking one of Gilead’s drugs. According to the Department of Justice, the company set the price of its pulmonary arterial hypertension drug so high as to make it unaffordable. To ensure Medicare patients would still be able to get the drug, Gilead illegally funded it with contributions purportedly going to a charity—a practice known in compliance circles as a kickback. “When pharmaceutical companies deceitfully employ the charitable donation process as an instrument to subsidize copays for their own drugs, it subverts a critical safeguard against the excessive inflation of drug costs,” said one DOJ official of the practice. —Dave Lefort

Town Sports International: The parent company of Boston Sports Club (BSC) filed for bankruptcy earlier this month, citing “unprecedented economic volatility and uncertainty” due to the pandemic. The company owes more than $23 million mostly in unpaid rent and carries debts with as many as 25,000 creditors. While no one can fault the company for buckling under the strain of COVID-19, there’s a reason this company gets a “failed it” this week: Its gyms continued to collect members’ fees—up to $120 per month—while gyms were closed per state-mandated public health guidelines. The company faces lawsuits in New York, Boston, and Washington, D.C., from thousands of members’ improperly charged fees. We’re not sure what the purported rationale was for charging members while facilities were closed, but it turns out you can’t get people fit by robbing them … but you can get them to pitch a fit that way. —Aly McDevitt 

Vodafone España: While the world awaits the first fines against tech giants like Facebook and Twitter under the EU’s General Data Protection Regulation, Vodafone’s Spanish operations continue to rack them up. The subsidiary received a €60,000 (U.S. $69,771) fine for insufficient legal basis for data processing on Sept. 17—its 24th fine for violating the privacy law, according to the GDPR Enforcement Tracker. Most of the penalties have been for data processing or general instances of noncompliance (e.g., sending a contract with personal data to the wrong address), and the largest of the fines was for €120,000 ($139,543) earlier this year. Only four other countries (Germany, Hungary, Italy, and Romania) have handed down more total fines than what Vodafone has received in Spain alone, according to the tracker. —Kyle Brasseur