Toward the end of every week, Compliance Week puts a snarky spotlight on individuals, companies, and governments that “Failed It” in the areas of ethics and compliance during the week and gives out kudos to those that “Nailed It.” If we missed any or if you have any nominations for next week, let us know on Twitter (@ComplianceWeek) or in the comments section below.

Nailed It


Securities and Exchange Commission: The U.S. regulator gets a win this week for leveraging internal data analytics tools to identify accounting violations. Interface, a modular carpet manufacturer, and Fulton Financial Corp., a financial services company, were each charged for violations resulting in the improper reporting of quarterly earnings per share. Both companies face hefty penalties: $5 million for Interface, $1.5 million for Fulton. If the SEC now has the ability to wade through the murky waters of accounting painlessly, companies won’t get to enjoy the benefit of hiding under the silt for much longer. —Aly McDevitt

SEC: The Commission makes our list a second time for its end-of-fiscal-year rush of whistleblower awards that brought its payout total for FY2020 to a record-setting $175 million. That total was nearly triple the amount it handed out in 2019 and is nearly a third of the total amount the program has awarded ($562 million) since its first payout in 2012. In a press release announcing the numbers, the Commission credited the “significant strides” it has made to streamline the process for evaluating and acting on whistleblower claims. Here’s hoping this trend continues into the next fiscal year. —Dave Lefort

Uber: After losing its London operating license twice in the past three years, the ride-hailing company cleaned up its act well enough to regain its transportation license across the pond this week, the New York Times reported. London regulators had threatened to ban Uber from the city’s streets for failing to meet safety standards. Less than a year ago, the city’s transportation regulator, Transport for London, revoked Uber’s taxi license for allowing unauthorized drivers to carry thousands of riders. Uber apologized for the misbehavior and said it has added new safety measures, including a new identification check for drivers. The company has been granted 18 months to prove it is on top of its safety game. —Aly McDevitt


Failed It


EY: The Big Four firm audited ill-fated Wirecard for more than a decade until the German payment processor filed for insolvency in June 2020, acknowledging a “prevailing likelihood” that it fraudulently booked $2 billion in assets. EY refused to sign off on the company’s 2019 financial report after “discovering” a gaping hole on its balance sheet. As it turns out, an EY employee internally blew the whistle on Wirecard in 2016, four years before the company collapsed, The Financial Times reports. It was only two weeks ago that Carmine Di Sibio, chairman and chief executive of EY Global, apologized in a letter to clients about the company’s missteps: “Even though we were successful in uncovering the fraud, we regret that it was not uncovered sooner,” Di Sibio said. So, does this actually mean he wishes the fraud had been uncovered “sooner” than four years ago? Given EY’s long-term dealings with Wirecard, the statement makes you wonder how far back the head-in-the-sand routine actually goes. —Aly McDevitt

JPMorgan Chase: Of particular note in the firm’s $920 million settlement with U.S. enforcement agencies for allegedly manipulating the precious metals markets with false trades was a nugget in the Commodity Futures Trading Commission’s order that this malpractice went on even after the compliance function was given a new surveillance tool in 2014, and even after “numerous red flags” were identified. It even continued, according to the order, after a JPMorgan trader came forward with allegations of misconduct that were apparently ignored or squashed. Worse, the CTFC order indicated JPMorgan’s initial response to the allegations was intended to mislead investigators. The company got credit from the regulator for later beefing up its compliance staff and revamping its policies, but while the company touts its commitment to change and focused its response on its program enhancements—and the fact the Department of Justice noted its improvements—we think the nearly $1 billion it agreed to shell out and the 3-year deferred prosecution agreement it got saddled with speak much louder. —Dave Lefort

H&M Germany: The regional German data protection authority that handed out one of the biggest GDPR fines on record ($41.3 million) to H&M Germany called the company’s monitoring of employees’ behavior “extensive,” but we’ll take it a step further and call it both intrusive and absolutely inexcusable. According to the Data Protection Authority of Hamburg, H&M team leaders would conduct “Welcome Back Talks” with employees after absences (vacations, sick leave, etc.) and would record details of those conversations that included their holiday experiences, symptoms of illness, and medical diagnoses. Not only does the content of those conversations cross a line, but storing the details of those conversations is next-level obtrusive, reckless, and irresponsible. —Dave Lefort