Skip to content


The Integrity Agenda: Compliance news

By Matt Kelly

Binance Begins a Long Rehabilitation

Cryptocurrency trading giant Binance pleaded guilty in November to ignoring U.S. anti-money laundering laws and agreed to pay $4.3 billion in penalties. Now the company faces a long period of rebuilding its compliance program and working under the scrutiny of independent compliance monitors.

As impressive as the guilty plea and the huge penalty are, that’s the real news here for compliance professionals: that Binance will undergo a long period of independent compliance monitors, outside consultants, and progress reports submitted to regulators as the company overhauls its compliance program and business conduct.

The independent monitor was imposed by FinCEN, the primary anti-money laundering regulator in the United States. This is the first time FinCEN has ever imposed a monitor as part of a settlement, and the five-year term is considerably longer than the three-year monitorships we typically see when the Justice Department takes such a step.

Moreover, Binance will also need to hire two outside consultants: the first to review the company’s Suspicious Activity Reporting (SAR) program, the second to review its AML compliance program. Those consultants won’t directly work for the compliance monitor, but the monitor will have authority to decide who the consultants are and will work with them closely.

In addition to the FinCEN monitor, Binance’s former chief compliance officer, Samuel Lim, has reached a settlement with the Commodity Futures Trading Commission. Lim will pay a $1.5 million penalty and agreed to meet tough new performance standards for any compliance job he might hold in the future. (The CFTC and other regulators produced ample evidence to show that Lim was very much involved in the scheme to evade U.S. anti-money laundering laws.)

Altogether, these sanctions send a clear message to the cryptocurrency world that U.S. regulators are perfectly willing to use an array of punitive measures to bring scofflaw operators to heel. The Justice Department has already used those tools many times in other types of corporate misconduct, such as enforcement of the Foreign Corrupt Practices Act; now the government will do the same for the cryptocurrency world.

Justice Department Talks Up Analytics Again

A senior official at the U.S. Justice Department last week warned companies yet again that they should improve their proficiency at data analytics, since the department is improving its own analytics skills to uncover cases of corporate misconduct directly.

Nicole Argentieri, acting assistant attorney general for the Criminal Division, spoke last Wednesday at an FCPA conference in Washington. “The Criminal Division has long been an innovator in using data to enhance its investigations and prosecutions,” she said. “I am proud to announce that we are taking that experience and expertise with data analysis and applying these tools to our FCPA investigations.”

So far the department hasn’t announced any analytics-driven FCPA cases against corporations, although Argentieri did cite one case against an individual (a government minister in Bolivia) which prosecutors unearthed by sifting through financial records. That doesn’t mean none are in the pipeline, however, and Argentieri’s next words were the more important point for the larger compliance community anyway.

“Just as we are upping our game when it comes to data analytics,” she said, “we expect companies to do the same.”

That message isn’t new (Justice Department officials have harped on it for years), but it does carry an important implication: the better your company is at data analytics, the more pressure you will feel for voluntary self-disclosure.

Think about it: better data analytics means better ability to identify potential compliance violations at your firm — and once you can identify violations more easily, management won’t be able to “un-know” the issues that analytics brings to light. Your company will have to do something with that knowledge.

In theory, management could decide to keep quiet about the violations it discovers. But that course of action ignores the risk that internal whistleblowers might report the misconduct to regulators anyway, or that regulators will discover the misconduct themselves (perhaps due to their improved analytics efforts). Then your company will face pointed questions about why it didn’t report and will lose any potential credit for voluntary self-disclosure.

Quite simply, better data analytics must go hand-in-hand with a strong commitment to ethical conduct and voluntary self-disclosure. One won’t do much good without the other.

Another Audit Firm Cheating Scandal

The U.S. Public Company Accounting Oversight Board, which oversees the conduct of audit firms, has fined the Hong Kong and China subsidiaries of Big 4 firm PwC for employees’ widespread cheating on training exams.

PwC China and PwC Hong Kong will pay a total of $7 million for the misconduct, which happened from 2018 into 2020. According to the PCAOB’s settlement order, more than 1,000 employees at the two firms engaged in several types of cheating, such as sharing answers to mandatory online tests or using unauthorized software programs.

In Washington, this news is notable because it’s the first time the PCAOB has ever imposed a sanction on audit firms in China. For years that country had refused to allow the PCAOB to inspect any audit firms there, until U.S. and Chinese audit regulators reached a detente over the issue in 2022.

For the audit industry and the ethics community as a whole, however, the enforcement action is notable because it’s the latest in a long line of sanctions against Big 4 audit firms for employee cheating on training exams. KPMG has been fined for cheating scandals in the United States and Australia; EY was fined in 2022 for employee cheating on CPA exams and failing to be forthcoming about that misconduct to the Securities and Exchange Commission. Deloitte’s Netherlands branch sacked its chief people officer in October for employee cheating there.

The firms have promised to improve their controls over testing and training, and in several instances have parted ways with senior-level firm managers who were either involved in the misconduct or turned a blind eye to it. Still, given the sheer size of the Big 4 firms across the globe, we’re likely to see more audit firm cheating scandals in the future.

Regulators also have harsh words for audit firms whenever these scandals erupt, because auditors are supposed to be gatekeepers — that is, people responsible for assuring that the organization is trying its best to behave in an ethical manner. So when the gatekeepers themselves engage in unethical conduct, that makes the offense all the worse. It’s a lesson every ethics and compliance professional should take to heart.

Banking Regulator Mired in Culture Turmoil

The Federal Deposit Insurance Corp., one of the primary banking regulators in the United States, is now struggling with its own scandal of a dysfunctional corporate culture that has lingered over the agency for years.

A Wall Street Journal investigation earlier this fall exposed a long-running toxic culture at the FDIC: allegations of sexual harassment and assault, wild party scenes at office functions, retaliation against those who tried to speak up, and more. Under particularly close scrutiny is FDIC chairman Martin Gruenberg, who has served as a senior FDIC official, including stints as chairman and acting chairman, since the mid-2000s.

Now Gruenberg is trying to rectify the agency’s dysfunctional culture. At the start of December he released a 13-page memo to FDIC staff, outlining steps that senior agency officials would take to change course. Those steps include a new task force to support women in the FDIC workplace, a hotline to report misconduct, support groups for sexual harassment victims, and a new conduct policy for the FDIC’s hotel in Virginia, the site of many excessive parties and sexual misconduct.

Whether any of that will work remains to be seen. Numerous employees have reportedly said they would like Gruenberg to resign, and he’s also under close scrutiny from Congress.

The FDIC’s troubles are not unique, of course; plenty of large organizations have been riven by accusations of toxic culture and senior leaders who took no action to address the culture until it reached a crisis point. Across all those many examples, two recurring themes emerge.

First is the importance of board oversight. Boards always need to make a healthy, ethical corporate culture a priority, monitoring the health of the culture in various ways (say, tracking incomplete auditing findings or reports of retaliation) and pushing senior executives to take prompt action.

Second is the importance of internal reporting systems, so that senior executives know when the culture is drifting into the wrong direction. Those systems should cross-reference with other important metrics, such as employee turnover or complaints aired anonymously on websites such as Then management can understand the extent of the problem.

Or, if it operates blindly for too long, it winds up in predicaments like the FDIC’s, with a ton of remedial work in front of it.

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.

We respect your privacy. Your data will be kept confidential and will not be sold or shared with third parties. For more information, please see our Privacy Notice.