From antitrust and privacy concerns in the tech world to compliance officer liability in the pharmaceutical industry to unethical practices in the banking and accounting professions, more than a dozen companies made Compliance Week’s list of the biggest compliance fails in 2019.

Big Tech

The year was yet another trying one for Big Tech, which continues to face a firing squad of regulatory scrutiny and enforcement actions, both in the United States and abroad.

In March, the European Commission hit Google with a €1.49 billion (U.S. $1.7 billion) fine—the third in three years for the internet giant—for breaching competition rules. In that case, the Commission fined Google for blocking rival online search advertisers from getting a foothold in the market.

In the States, Facebook was facing regulatory troubles: After a year-long investigation prompted by the Cambridge Analytica scandal, the Federal Trade Commission in July slammed the social media giant with a groundbreaking $5 billion penalty for deceiving users about their ability to control the privacy of their personal information. It was the largest fine ever handed out for violating consumers’ privacy and nearly 20 times more than the largest penalty related to data privacy or security ever imposed worldwide.

Join the Compliance Week community

Receive the latest in corporate governance, risk, and compliance news from Compliance Week. Become a new member and get a one-year print & digital subscription for just $8/week.

Learn more

More impactful than the penalty amount was the FTC’s 20-year settlement order, which imposes significant structural reforms on how Facebook must do business moving forward, including greater corporate accountability and more rigorous compliance monitoring.

Both actions were just a precursor of more to come. At least 47 state attorneys general are now investigating whether Facebook’s dominance in the industry stifles competition and puts users at risk. The FTC has launched a separate investigation into Facebook over antitrust concerns, while Google, too, faces further investigations by U.S. and EU antitrust regulators over its data collection practices.

On an industry-wide level, the Justice Department’s Antitrust Division announced it is closely reviewing “whether and how market-leading online platforms have achieved market power and are engaging in practices that have reduced competition, stifled innovation, or otherwise harmed consumers.” And all of this is happening at a time when the House Judiciary Committee has announced a bipartisan investigation into competition in digital markets, promising a “top-to-bottom review of the market power held by giant tech platforms,” including the likes of Facebook, Google, Apple, and Amazon.

And that’s not even taking into consideration the mess Facebook made out of its attempted foray into the cryptocurrency arena with Libra. Launched in June, the initiative came under heavy regulatory scrutiny from a Congress that clearly did not trust Facebook to venture into the relatively unregulated territory. Libra initially began with 28 partners, but many—including Visa, Mastercard, PayPal, and eBay—backed out when the initiative was met with fierce skepticism.


Opioid drug manufacturers and distributors

This year also revealed the pharmaceutical industry has a serious drug problem, following several significant enforcement actions against drug makers, including:

  • A $1.4 billion settlementReckitt Benckiser Group reached with the Justice Department and FTC in July to resolve a long-running investigation concerning the sales and marketing of its opioid addiction treatment drug, Suboxone.
  • A $225 million global resolutionInsys Therapeutics reached in June to resolve separate criminal and civil investigations concerning deceptive marketing and distribution of its opioid drug, Subsys, before subsequently filing for bankruptcy.
  • A $700 million potential settlement Novartisannounced in July in a protracted lawsuit over allegations the Swiss drug maker paid hundreds of millions of dollars in kickbacks to doctors to induce them into prescribing drugs to patients to boost their sales.

Late in the year, four state attorneys general proposed a global, $48 billion settlement with five companies—drug manufacturers Johnson & Johnson and Teva Pharmaceutical Industries and distributors Cardinal Health, McKesson, and Amerisource Bergen —involved in the opioid crisis. Those efforts, however, fell short over a lack of support.

It’s not just drug makers and distributors being targeted. Chief compliance officers who have failed in their compliance responsibilities have also been charged for their individual roles in the opioid epidemic.

In July, the Justice Department announced charges against pharmaceutical distributor Miami-Luken and two of its former executives, including its former compliance officer James Barclay, for “conspiring to distribute controlled substances.”

Rochester Drug Co-Operative, one of the 10 largest pharmaceutical distributors in the United States, and its former chief compliance officer, William Pietruszewski, were also among those to face criminal charges for “knowingly and intentionally” violating federal narcotics laws by distributing opioids to pharmacy customers that it knew were being sold and used illicitly.

In a statement, DEA Special Agent in Charge Ray Donovan said the charges “should send shockwaves throughout the pharmaceutical industry, reminding them of their role as gatekeepers.” Compliance officers should heed the warning, particularly given that the Justice Department has indicated in its budget request for 2020 that fighting the opioid crisis remains a priority.

KPMG building


Among the Big Four, KPMG has had an especially embarrassing year, culminating in a $50 million settlement with the Securities and Exchange Commission over allegations that KPMG audit leaders not only stole confidential information belonging to the Public Company Accounting Oversight Board in an effort to improve the results of the PCAOB’s annual inspections of KPMG audits, but also cheated on internal exams that were intended to test whether they understood a variety of accounting principles and other topics of importance.

“These are two instances of misconduct with different but common themes—KPMG professionals compromising efforts to test their performance,” Steven Peikin, co-director of the SEC’s Enforcement Division, said in a conference call with members of the media. In the first case, “KPMG personnel literally stole the test,” he said. In the second instance, “KPMG professionals simply shared the answer key with one another or manipulated the scoring of exams.”

Several individuals were also charged for their role in the scheme, including Cynthia Holder, a former inspections leader at the PCAOB before later joining KPMG; David Middendorf, former national managing partner for audit quality and professional practice at KPMG; and David Britt, the former co-head of the Banking and Capital Markets Group within the audit group of KPMG’s Department of Professional Practice.


Source: Anthony Quinatno

Mobile TeleSystems

Russian telecommunications provider Mobile TeleSystems (MTS) in March reached settlements with both the Justice Department and the SEC to resolve violations of the Foreign Corrupt Practices Act relating to bribes paid to an Uzbek official who was related to the former President of Uzbekistan and had influence over the Uzbek telecommunications regulatory authority. During this scheme, MTS made at least $420 million in illicit payments, which enabled MTS to enter the telecommunications market in Uzbekistan and operate there for eight years, generating more than $2.4 billion in revenue.

What makes MTS one of the biggest compliance losers of 2019 is the brazen way in which the company attempted to conceal the bribery scheme by funneling the bribes to front companies controlled by the Uzbek official and then disguising them in MTS’s books as acquisition costs, option payments, purchases of regulatory assets, and charitable donations. “The company engaged in egregious misconduct for nearly a decade, secretly funneling hundreds of millions of dollars to a corrupt official,” said Charles Cain, chief of the SEC Enforcement Division’s FCPA Unit.

MTS was the third company operating in the Uzbek telecommunications market to reach a settlement with the SEC and the Department of Justice. In 2016, Amsterdam-based VimpelCom, a global telecommunication services provider, and its wholly owned Uzbek subsidiary, Unitel, reached a combined $795 million settlement with U.S. and Dutch prosecutors for paying bribes to a government official in Uzbekistan. And in 2017, Sweden-based telecommunications provider Telia Company and its Uzbek subsidiary, Coscom, reached a $965 million global settlement to resolve corruption charges, also arising out of a scheme to win business in Uzbekistan.


Banks that failed to heed compliance warnings

CW would be remiss not to mention the handful of banks that ignored the sound advice of their compliance officers. In one case, a Swiss Bank ignored recommendations made by its compliance officer to put controls in place to reduce the risk of helping bank clients evade U.S. taxes. Ultimately, the bank made no formal policy changes until two years later, when a grand jury indicted a Swiss asset manager for his role in the tax evasion scheme. The bank would pay $10.7 million to the DOJ to resolve the case.

JPMorgan Chase’s compliance department reportedly faced a similar issue when it recommended cutting ties with Jeffrey Epstein for being a problematic, high-risk client. Bank executives ultimately ignored that advice until years later.

There were also reports the Germany-based global reputational-risk committee of scandal-plagued Deutsche Bank had approved a $72 million Silicon Valley real estate deal with a Russian businessman, despite objections made by its U.S. reputational-risk committee. What’s notable is that the bank’s global reputational-risk committee approved the deal at a time when the bank faces investigations by both Congress and the Department of Justice over its lax AML compliance controls and its current relationships with Russian companies and oligarchs. According to the bank, the deal did not violate any money laundering or sanctions laws.

Such examples point to the real value prudent compliance officers and risk professionals bring to a company and why their sound advice should never be dismissed or ignored, unless the company is prepared to battle the legal, financial, or reputational consequences that result.