Our new weekly feature at Compliance Week puts a slightly snarky spotlight on those compliance- and ethics-related individuals, companies, and government entities that “Failed It” this week and hands out pats on the back to those that “Nailed It.” If we missed any or if you have any nominations for next week, let us know on Twitter (@ComplianceWeek) or in the comments section below. 

Nailed It


3M: The manufacturer of all-important N95 masks in the battle against COVID-19 has taken steps to fight the fraud, counterfeiting, and price gouging that’s been rampant since the start of the pandemic. As of July 13, the company had filed 17 lawsuits and has a dedicated hotline for reporting bad actors. The best part of the effort is that the company is donating all damages received to COVID-19 related non-profits. — Dave Lefort

Wells Fargo: The embattled banking giant rarely does much worthy of kudos these days, but it deserves at least a golf clap for this: In the midst of a quarter in which it lost more than $2 billion (its first quarterly loss in more than a decade), it announced it was donating all of the proceeds it got from participating in the government’s PPP loan program (more than $400 million) to helping small businesses decimated by the pandemic. At least $28 million of those funds will be earmarked for community lenders serving Black entrepreneurs. — Dave Lefort

Google: CEO Sundar Pichai says the company will invest $10 billion in India as one step toward making the internet “affordable and useful” for a billion people. “This is a reflection of our confidence in the future of India and its digital economy,” Pichai said in a statement. The cynic in us also understands this is a good business deal as well, but Google gets points nevertheless for being good corporate citizens in an area of the world where nearly 50 percent of people can’t have access to the internet. — DeAnn Orie

Universal Health Services (UHS): Under siege from a slew of alleged violations of the False Claims Act (FCA), UHS leaned into its compliance program. As it worked to settle the FCA allegations with the Department of Justice (and agreed this week to pay $122 million without admitting liability), UHS said it “worked collaboratively with all involved government agencies and parties, including providing millions of pages of documents in response to all information requests,” while noting that many of the violations occurred under previous management at facilities UHS later purchased. The company also pledged to support a five-year Corporate Integrity Agreement (CIA) that involves a government-appointed monitor who will review UHS’ procedures for admitting behavioral health patients. — Aaron Nicodemus


Failed It


Twitter: The biggest hack in the history of the social media platform was perpetrated Wednesday night, as the accounts of politicians (presidential candidate Joe Biden, former President Barack Obama), prominent business figures (Bill Gates, Jeff Bezos, Elon Musk), major brands (Apple, Uber), and some celebrities (Kanye West, Kim Kardashian) were taken over in a ”coordinated social engineering attack” seemingly meant to fraudulently raise Bitcoin. The perpetrators reportedly gained access to Twitter’s internal systems, which should leave us all troubled—especially with the election just months away and the leader of the free world as the platform’s most prominent user. If Russia wasn’t behind this hack (and there’s no evidence it was), you can bet it was paying attention. — Dave Lefort

European Commission: The European Union’s second-highest court ruled Wednesday that Apple did not have to pay nearly $15 billion in taxes that the European Commission tried to force Ireland to collect from technology giant. The ruling certainly damages the reputation of the Commission as an enforcement body: It took 3 years to nothing its initial victory against Apple, and there are plenty of other corporate tax cases in the pipeline that will be impacted by this ruling. — Dave Lefort

European Data Protection Authorities: A third European DPA (Belgium, this time) dinged Google with a fine for a violation of the General Data Protection Regulation, but all the penalty did was just reinforce the perception of the GDPR as a regulation that has yet to live up to its billing as a game-changer for data privacy. More than 2 years after the regulation went into force, Google has been fined just over $65 million for GDPR violations, a mere drop in the bucket compared to what many predicted. The GDPR calls for maximum penalties of 4 percent of maximum global turnover for infringements, which for Google could potentially amount to $6 billion. Don’t expect tech giants to take this regulation seriously until it proves it can pack a punch. So far, we’re not impressed. — Dave Lefort

U.K. Serious Fraud Office: The SFO got a much-needed win with two convictions in its long-running Unaoil case, but the victory was sullied by some eye-opening behavior on the part of the agency’s director, Lisa Osofsky. Osofsky’s conduct is under review over how she led the case, particularly regarding “flattering” text messages she shared with a U.S.-based private investigator who was acting for the company’s owners but had no recognized legal role in the case. Osofsky’s reputation is on the line in the investigation, which is likely to hang over the SFO’s future pursuits until it’s resolved. — Kyle Brasseur

Punjab National Bank: One of India’s largest state-run banks has been victimized by its third multi-million-dollar fraud in as many years, according to a report in the Wall Street Journal. In this latest case, it was defrauded by a property lender to the tune of nearly $500 million. Combine that with schemes run by two jewelers (about $2 billion) in 2018 and a steel company ($550 million) in 2019 and the bank is out more than $3 billion. Punjab has grown in recent years as authorities merged smaller state banks, but this growth has also come with cost-cutting, which helps explain how these frauds could have gone undetected. — DeAnn Orie

PPP fraud: A Texas man is facing criminal charges from the Department of Justice for misappropriating more than $1.1 million in PPP loans. The man used money obtained on behalf of an entity known as Texas Barbecue to instead invest in a cryptocurrency account. Give the man a break if it was a play to try to bring back BeefCoin— Kyle Brasseur