Our new regular feature at Compliance Week puts a snarky spotlight on individuals, companies, and governments that “Failed It” in the areas of ethics and compliance this week and gives out kudos to those that “Nailed It.” If we missed any or if you have any nominations for next week, let us know on Twitter (@ComplianceWeek) or in the comments section below.

Nailed It


Social media giants: When it comes to risk management, there’s no risk that needs to be understood and planned for more than the spread of misinformation around the most divisive, complicated election of our lifetimes. That’s why Silicon Valley social media competitors Facebook, Google, Twitter, and Reddit are joining forces to develop strategies for combatting false information disseminated deliberately to deceive Americans or create conspiracy theories intended to sow discord and social unrest at a time when the future of U.S. leadership hangs in the balance. And they’re not just “war-gaming” with each other around November’s election, they are involving the intelligence community as well, according to reports. The chances of delays in election results are high due to the volume of expected mail-in voting in the midst of a pandemic, which makes it all the more important for social media companies to have policies and procedures in place for thwarting misinformation during this highly volatile time. Good for them for both recognizing the risks and coordinating potential responses in advance. —Dave Lefort

Californians For Consumer Privacy: We’ve been saying for nearly a year now we thought real legislative change on data privacy in the United States was much more likely to come on the state level than at the federal level, and California continues to prove us correct. The group that helped usher in the California Consumer Privacy Act (CCPA) is back at it, throwing its support behind an even more powerful data protection law, the California Privacy Rights Act (CPRA), or “Prop 24,” which residents can vote up or down on the November ballot. The Californians for Consumer Privacy have even brought on board Andrew Yang, the progressive former presidential candidate who’s backed initiatives like basic universal income to offset technological advancements and advocated for consumers in a $650 million Illinois class action settlement against Facebook over the use of biometric information. If passed in November, the CPRA would expand the data rights of Californians starting in 2023. —Dave Lefort

Herbalife: FCPA violations aside, Herbalife deserves a nod for the transparency and cooperation it showed in remediating the misconduct that led to its $123 million settlement with the Department of Justice and Securities and Exchange Commission announced late last week. While being investigated, the dietary supplement maker offered multiple updates on the status of the probe and the enhancements it was making in response. Indeed, the DOJ noted a 25 percent reduction to its fine for cooperation and deemed an independent compliance monitor at Herbalife to enforce its deferred prosecution agreement was unnecessary. When a company owns up to what it did wrong and seriously commits itself to improvement, that’s a win for compliance. —Kyle Brasseur

Apple, Google: The tech titans said this week they would make it easier for states to use their new COVID-19 tracing technology, which detects phones that come in close contact with one another and can notify users who may have been exposed to the coronavirus. This contact tracing technology, first announced in April, will not compromise user privacy and security as it does not collect personal health details or track users’ locations, contrary to other digital surveillance tools. That said, Google can still collect users’ locations, according to a New York Times story from July. Plus, it still requires apps to be created to actually make use of that tech, something that isn’t being done at a scale nearly large enough to truly be effective. —Aly McDevitt 


Failed It


McDonald’s: The Golden Arches is being sued this week for alleged discrimination against Black former franchisees, the Wall Street Journal reports. Several dozen former Black franchise owners are accusing the fast food giant of selling them restaurants destined to fail. The lawsuit accuses Mickey D’s of misleading Black franchisees about stores’ financial information to entice them to buy restaurants in “undesirable” inner-city neighborhoods, only to leave them unsupported when the stores required renovations or armed security guards. The National Black McDonald’s Operators Association has been requesting more support from the fast food chain since the late ‘90’s … you know, back when McDonald’s apple pies were still the new cool thing. —Aly McDevitt 

Angela Merkel: The fact that German parliament has launched a probe into the government’s failure to uncover the accounting scandal at Wirecard could serve as blemish on the record of the German chancellor. In their investigation, lawmakers are expected to focus on why Merkel promoted Wirecard to Chinese officials last fall even as her office was aware of financial irregularities at the company. In short, parliament is determined to get to the bottom of what has been an embarrassing and damaging saga for the country, and Merkel, whose run as chancellor is set to end after 16 years next year, won’t be able to escape scrutiny. —Kyle Brasseur

Credit Suisse: The Swiss bank is under investigation by Switzerland’s financial regulator for spying on two of its employees, including one who was leaving the company to join a rival bank. The physical surveillance was first spotted by the bank’s former international wealth management head, Iqbal Khan, who was being followed on the orders, apparently, of Credit Suisse’s now-terminated chief operating officer. Credit Suisse’s compliance department regularly monitors its employees’ work calls and emails, but insists it draws a line at physical surveillance outside of work and that this incident is the action of a rogue COO and “not part of the culture at Credit Suisse.” The bank learned of the spying after Khan reported it to the board of directors, who ordered an independent investigation. The scandal has already cost the CEO his job, and now that the regulator is involved, expect things to get worse for Credit Suisse before they get better. —Dave Lefort

Securities and Exchange Commission: Is the Commission ever going to discuss proposed changes to its mostly successful whistleblower program? It’s been over two years since the SEC first rolled out its proposed tweaks, which include weakening retaliation protections and limiting large awards. In 2019, the Commission canceled a meeting to vote on the changes, and then canceled another one this week. Maybe the SEC is reconsidering the changes, or maybe it wants to allow brand-new Commissioner Caroline Crenshaw to get up to speed? Here’s what we do know: Since 2012, tips to the program have led to $2.5 billion in sanctions against companies committing fraud, returned $750 million to harmed investors, and paid $510 million in awards to whistleblowers. If the SEC can’t find time to discuss the proposed changes in over two years maybe it should just discard them. —Aaron Nicodemus