Diamondback Shows the Value of Cooperation and Due Diligence

Posted on February 1st 2012, by Jason Golub

There’s no doubt that the government’s nonprosecution agreement with Diamondback Capital Management demonstrates the value of a hedge fund’s willingness to pursue a “first-to-know” strategy. Despite having two employees indicted in the Dell insider trading ring, Diamondback was able to keep it’s doors open by disgorging profits, paying a penalty and admitting some wrongdoing. That’s a far cry better than being run out of business:

Here’s Dealbook with the details of the settlement:

Under the terms of its agreements with the Securities and Exchange Commission and the federal government, Diamondback will forfeit $6 million in ill-gotten gains and pay a civil penalty of $3 million.

In a departure from the S.E.C.’s historical practices, Diamondback’s pact with the S.E.C. does not include language that the fund “neither admits nor denies” any wrongdoing in the case.

How did Diamondback do it? They proved to the government that they had done their own investigation, knew the scope of the problem remained with the two indicted employees and were willing to cooperate.

“We believe that the proposed settlement appropriately sanctions the misconduct while giving due credit to Diamondback for its substantial assistance in the government’s investigation and the pending actions against former employees and their co-defendants,” George Canellos, the head of the S.E.C.’s New York office, said in a statement.

Diamondback Avoids Criminal Charges in Insider Trading Case (Dealbook)

Federal Prosecutors Sting Google, Snare Page

Posted on January 30th 2012, by Jeremy Kroll

The new law enforcement environment for the business community isn’t confined to the financial markets. Google just paid a record-setting $500 million fine for accepting prohibited ads for pharmaceutical drugs. But the importance of the story isn’t that the size of the fine or the fact that Google seems to have opened itself up to taking greater responsibility for the actions of its advertisers, something it has been loathe to do up until now.

As the Wall Street Journal points out, there’s another headline in this story which is the lengths the government was willing to go to make this case. To begin with, prosecutors enlisted a real con artist to front their sting on Google. They found David Whitaker in a Federal prison and set him up as an illegal pharmacy:

Mr. Whitaker was arrested in Mexico in March 2008 for entering that country illegally and returned to the U.S. to face charges of wire fraud, conspiracy and commercial bribery in the iPod case. Mr. Whitaker told U.S. authorities about the alleged role Google played in helping his Mexico-based pharmacy.

Federal prosecutors, seeking to test the allegation, set up a task force in early 2009 with Mr. Whitaker’s help. On weekdays, he was escorted from the Wyatt Detention Facility in Central Falls, R.I., to a former school department building in North Providence, R.I. There, under the watch of federal agents, he set a snare for Google.

Posing as the fictitious Jason Corriente, an agent for advertisers with lots of money to spend, Mr. Whitaker bypassed Google’s automated advertising system to reach flesh-and-blood ad executives. Federal agents created www.SportsDrugs.net, designed to look “as if a Mexican drug lord had built a website to sell HGH and steroids,” Mr. Whitaker said in his account of the sting.

Google first rejected it, along with an anti-aging website called www.NotGrowingOldEasy.com. But the company’s ad executives worked with Mr. Whitaker to find a way around Google rules, according to prosecutors and Mr. Whitaker’s account.

The undercover team removed a link to buy the drugs directly instead requiring customers to submit an online request form and Google approved it. “The site generated a flood of email traffic from customers wanting to buy HGH and steroids,” Mr. Whitaker said.

To pay Google’s fees for the growing online traffic, undercover agents made payments every two or three days with a government-backed credit card.

Not every case will get this kind of high-profile treatment. But government’s willingness to mount a complex, sustained sting operation against a company like Google suggests law enforcement views business as one its main theaters of operation.

Con Artist Starred in Sting that Cost Google Millions (Wall Street Journal)


WSJ Reveals Low-Cost Hacking for Hire

Posted on January 30th 2012, by Jeremy Kroll

The Wall Street Journal ran a story about two Kuwaiti brothers engaged in a long-running feud over their family assets. What makes the story more than a simple soap opera is how it reveals the low cost of hiring computer hackers willing to gain access to sensitive online information like email accounts:

Although the brothers’ feud involves big money, documents filed in two civil cases in September 2009 suggests just how simple and affordable online espionage has become. Computer forensic specialists say some hackers-for-hire openly market themselves online. “It’s not hard to find hackers,” says Mikko Hyppönen of computer-security firm F-Secure Corp.

One such site, hiretohack.net, advertises online services including being able to “crack” passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password’s complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.

An unfortunate byproduct of the internet has been the ease with which highly specialized services like hacking are made available. What’s frightening about this story is to see just how cheap hacking talent is to hire and that it can be hired on an hourly or project basis.

This story has an obvious implication: the threshold for hacking is much lower than previously thought. Most businesses view hacking as something conducted by specific groups for malicious ends. But the potential to hire hackers for to gain access to specific information during a lawsuit or competitive business situation raises the need for a broader range of businesses to have a regular security audit.

Hackers for Hire Are Easy to Find (Wall Street Journal)

Insider Trading Penalties Likely to Increase

Posted on January 30th 2012, by Jason Golub

The stakes around insider trading are about to get even higher as the government moves toward much longer prison sentences for insider trading. If these new rules go into effect, there will be even more incentive for lower-level defendants to cooperate with the government by providing information or, even, participating in investigations.

Dealbook, the New York Times financial industry blog, covered the proposed changes:

Section 1079A(a)(1)(A) of the Dodd-Frank Act requires the United States Sentencing Commission to review its guidelines for securities fraud offenses “in order to reflect the intent of Congress that penalties for the offenses under the guidelines and policy statements appropriately account for the potential and actual harm to the public and the financial markets from the offenses.” That is another way of telling the sentencing commission to bump up the recommended sentences for crimes like insider trading.

The government isn’t suggesting a gradual increase in sentences. What’s on the table is an outright doubling of sentences that would make the unprecedented 11 years given to Galleon’s Raj Rajnaratnam seem lax. Anthony Chiasson won’t face those new sentencing guidelines, if he’s convicted:

The Dodd-Frank Act requires most hedge funds to register with the Securities and Exchange Commission as investment advisers. That means any insider trading involving employees at firms like Level Global or the Galleon Group, the hedge fund Mr. Rajaratnam founded, will be subject to the proposed four-point increase.

If Mr. Chiasson were convicted of insider trading, the recommended sentence under the current sentencing guidelines would be 121 to 135 months, assuming no other enhancements applied. The amendments would increase that to 235 to 293 months, nearly twice as long. The potentially higher recommended punishment would only apply to insider trading that occurs after the amendment goes into effect, which would be later this year at the earliest if approved by the sentencing commission. The new guidelines would not apply to Mr. Chiasson’s case because the alleged insider trading occurred in 2008.

Greater Penalties for Insider Trading (Dealbook)

December Newsletter: Managing Reputation and Risk

Posted on December 19th 2011, by Jeremy Kroll

Today we sent out our December newsletter, entitled “Managing Reputation and Risk.”  If you didn’t receive it, you can read the full text below (and be sure to click here to sign up for future newsletters).

Dear Friend:

As the holidays approach, I’ve begun to reflect on K2 Global’s first full year in business. The model of a pioneering organization that Jules and I envisioned—a lean investigative team that combines old-school skills with new technology and a global reach—has really come to fruition.

Throughout 2010 our focus was on getting our firm launched. In 2011, we concentrated on filling out our team with a group of experienced and well-connected investigators, case managers, intelligence analysts, technology and legal experts. In fact, we’ve been so good at attracting talent, our London office recently relocated to a new, larger space and our headquarter office in New York is ready to burst.

A lot of hard work has also begun to bear fruit this year. The most gratifying part has been re-connecting with old friends and building strong new client relationships.

In the many conversations I’ve had over the last year, I and my colleagues and have noticed a number of issues that keep cropping up. All of these of these issues revolve around risk – not just financial risk but reputational risk too. This risk is introduced by the parties you do business with, the actions of your employees, and the data your company generates. Most of the solutions we offer to manage that risk involve using a combination of our investigative expertise and the technologies at our disposal.

The biggest is issue is uncertainty. I  recently spoke to the Financial Times (check out the whole article, “Risk and Reward“, over at FT.com.) about how “volatility is the new norm.”  I don’t think I’ll get an argument from you about the truth of that statement. But I do believe that many of our clients don’t fully understand that they already possess a lot of the information that can help manage that vulnerability and risk. And though many of the lurking threats to your business come from outside of your enterprise, a surprising number may already be present within your business.

For example, in recent years we’ve seen the emergence of a global effort to crack down on business practices that were once conveniently tolerated. That includes increased scrutiny from regulators; new laws in the form of the UK Bribery Act and stepped up enforcement of the Foreign Corrupt Practices Act; as well as more government prosecution of insider trading cases. We’ve obviously thought a lot about these issues, and our Head of Compliance, Jason Golub, has written quite a bit about them on our blog. In Europe, Matteo Bigazzi, who has been recently promoted to head our London office, has also posted on the UK Bribery Act.

All this boils down to your need to develop a “First-to-Know” policy about your own company’s risks and vulnerabilities.  Much of this knowledge lies within the data you’re already collecting about your communication, transactions and products,  To that end, we’ve spent much of the last year building and acquiring technologies that help us interrogate massive data sets. These new tools allow us to help you  detect outlier activities (and non-obvious relationships) before they get out of hand.

We can apply these data analysis technologies to outside data sources as well – for example, a number of our clients look to us to understand how they are portrayed by traditional media, how users of social networks perceive them, and whether the  larger Web holds information that can reveal lurking threats or notable opportunities.

We’ve written more about “big data” analysis  and our approach to understanding cyber threats on our blog as well, but we invite you send us a note or call us at 212-694-7000 if you’d like to get a greater understanding of our considerable technical capabilities.

After the roller coaster of 2011—and the prospects for more of the same in 2012—I’m sure we’re all ready to take a breath, enjoy the holidays and get ready for the New Year. I want to wish you, your colleagues and all of your families the best.

Best,

Jeremy Kroll
CEO and Co-Founder
K2 Global Consulting
www.k2global.net

Beyond Compliance: Building a First-to-Know Defense Against International Bribery and Corruption Risks

Posted on December 16th 2011, by Jason Golub

by Jason N. Golub

The best way for a corporation or investment fund to inoculate itself against the risks created by increased enforcement of the United States’s Foreign Corrupt Practices Act and the advent of the United Kingdom’s new Bribery Act is to perform a rigorous audit.

Our experience is that control programs must go beyond compliance. They must deal effectively with large corruption and small, gain the support of employees and focus on identification of the highest risk individuals and entities. Who makes potentially corruptive decisions? How are they documented and monitored? What constitutes effective monitoring?

In many instances, violations of bribery laws occur because entities fail to properly train officers and employees to understand and appreciate the nature of relationships in the context of the FCPA and UK Bribery Act. While all employees must be trained and educated, training will be only be effective if the culture of compliance is set from the top.

In the event that a company learns of a potential FCPA or UK Bribery Act issue, it must act promptly and efficiently to minimize the impact on its business and investors. The company should obtain assistance on a range of issues including developing adequate policies and procedures, assessing books and records and training employees. In addition senior officials should understand how to conduct an internal investigation and what remedial actions to take if a violation is identified.

Overall, bribery and corruption risk must be integrated into all parts of an organization’s culture in order to be effective.  With an increasingly aggressive set of regulators focusing on bribery it behooves any company to be the “first to know” when bribery becomes an issue, and thereby stay ahead of any potential risk issues.

K2 Global can help organizations combat bribery. Our efforts can broadly address the following areas:

  • Teach staff research and reporting skills on why and how corrupt forces may operate in areas you do business
  • Evaluate and draft procedures relating to due diligence and hiring of intermediaries that are best in class
  • Help build and maintain effective relationships with intermediaries
  • Help comply with all laws and regulations
  • Surpass the minimum “adequate procedure” required by the UK Bribery Act with best practices
  • Investigate actual transactions and potential situations
  • Conduct due diligence on potential business partners, acquisitions and intermediaries
  • Incorporate training that is practical and applicable to real situations rather than legalistic
  • Mentor compliance staff and provide ongoing support and guidance
  • Draft Operations Manual for bribery accounting policies, oversight, procedures and response
Government Pursuit of Global Corruption Creates Hidden Risks for Funds and Corporations

Posted on December 15th 2011, by Jason Golub

“The Justice Department has been vigorously enforcing the Foreign Corrupt Practices Act and achieving strong results,” Associate Attorney General Lanny A. Breuer said in a speech earlier this month in Washington, DC. “We are in the middle of our fourth FCPA trial of the year – more than in any prior year in the history of the Act.  And just two weeks ago, we secured the longest prison sentence – 15 years – ever imposed in an FCPA case.”

Breuer’s enthusiasm is echoed in statistics from 2010, a year that saw Justice bringing 46 new criminal cases and the SEC filing 26 actions of its own. All together, enforcement case rose 85% from 2009 to 2010—and investigations touched companies of all shapes and sizes from little-known firms to mainstays like Blackstone and Citigroup.

Rooting out bribery as a business practice around the world is no longer an American obsession. With the addition this July of the UK’s very stringent Bribery Act, there is a whole new level of risk for investments made in either direction. Sovereign Wealth Funds that have made investments in the United States are facing new levels of scrutiny—including having foreign employees considered government officials. And there are now greater risks for US firms that want to make investments abroad.

The Perils of a Public Persona

Posted on December 14th 2011, by Jeremy Kroll

As many more businesses are driven by the personality of an individual and that figure’s visibility through the press, social networks and the internet, K2 has seen a rise in the need to protect those individuals from potential physical and reputational threats created by becoming a public figure and the increased accessibility of internet age.

More exposure, as always, means more risk. The internet is an intemperate place where many individuals express their frustrations in a vacuum and many lose the grounding they would have in a physical context. Anonymity (or, the prospect thereof) dulls or negates many people’s sense of repercussions. At K2 we’re seeing a rise in cyber-aggression cases, and there is no single profile for those behind online threats and attacks.

Traditionally, when prominent or public figures have reached out to us with safety concerns, it was due to a physical threat. Over the years, we’ve honed our skills and built a network of contacts to help us keep our clients safe in these situations. But, the idea of security itself is changing.

Increasingly, our investigators see an overlap between traditional methods of safeguarding clients from unexpected threats and innovative new techniques for dealing with malicious campaigns that primarily take place online. K2 Global’s case managers and analysts have added an array of tools for dealing with the now-essential online component of a person’s (or business’s) reputation to our traditional methods of safeguarding your person or your reputation.

When called in to assess a client’s security, K2 Global’s team will generally begin with a physical assessment of a client’s place of business and possibly their residence.

A physical assessment typically includes:

  • An examination of entry and egress points
  • An estimation of existing security measures
  • A review of emergency plans

But now K2 also frequently performs a baseline sentiment analysis of the internet content related to our clients which helps define the pre-existing tone of comments and coverage of our clients.

Once our investigators have established this critical benchmark, they are in a better position to monitor the tone of online activity going forward. This is designed to allow the investigators to flag any potentially hostile sentiment before it escalates into violent or disruptive behavior.

If such behavior is detected, we’ve learned that going directly to law enforcement is not always the best course of action. Often times dealing with aggressive online behavior is more permanently resolved by making contact with—or through—an intermediary who is trusted by the aggressor.

In recent cases, K2 has identified friends, colleagues or associates of individuals presenting threats to our clients and developed strategies for how these people could become allies in dealing with the underlying causes for aggression.

However, if these “soft” tactics fail, K2 has vast experience in dealing with law enforcement at the federal and state and local levels, as well as industry specific regulatory bodies. When a hard plan of action is necessary, K2 partners with clients to guide them through this process with all necessary care and speed.

Where the threat is less focused, our investigators are still able to give our clients traction toward regaining a sense of security.

For example, K2 has been called in to determine the source of disparaging news leaks and misinformation that can become a threat to a client’s interests. Again, K2 has a wide array of tools and experts at our disposal that can help determine whether such information is coming from an abuse of trust within a company or an overtly hostile party on the outside. Once the nature of a leak was identified, we were able to design and implement security arrangements that efficiently and effectively mitigated the problem.

There is no one solution to the many problems that can arise in a world increasingly connected by social media, and in lives increasingly lived online. Our unique approach is to match the best traditional investigative methodology with the optimal technology solutions to provide our clients with a holistic sense of security in the digital age.

Our goal is always to keep clients safe. As a next-generation investigations firm, we know that this task has evolved from simply providing security in the face of physical threats to including ways to address all forms of cyber-aggression and online harassment.

Building a “First to Know” Capacity with Your Data

Posted on December 13th 2011, by Matt

If you run your own enterprise, you know you generate a huge amount of data every day, and chances are you allocate significant chunk of your marketing or research budget to  mining and interpreting these data.

Given the importance of big data today, it is surprising that most firms continue to view data analytics solely as a tactical tool. They overlook the advantage their data can provide as a risk management tool . At K2 Global, we advise our clients to get to know their data not only to find opportunities, but to understand and address their own vulnerabilities.

What does this sort data awareness mean in practice? It means you won’t be surprised by what your company’s e-mail servers, document archives, and phone records reveal to malicious actors who hack through your firewall . . . or those might already be working behind it.

It means that legitimate investigators and regulators will be less likely to surprise you if one of your employees turns out to be masking illegal or ill-advised behavior.

It means you are able to respond to public relations problems when competitors or the press publish out-of-context information about your company.

Pleading ignorance is no defense; you need to understand — and employ — the same methods that third parties would use to analyze your data.  You need to know the stories your records tell, the patterns your employees’ interactions reveal, and the ways in which that information might be used.

K2 has made it a priority to acquire and build the “military grade” technologies  that can interrogate these massive data sets. With these tools, we can tease the important narratives out of mass of data your company already possesses.

The results of these analyses can reveal:

  • Influential actors in communication networks via phone or e-mail record analysis
  • Anomalous behavior among members of online social networks
  • Suspicious trading, transaction or purchasing patterns
  • Conflicts of interest among executive and board members via extensive relationship mapping
  • Money laundering risks

By analyzing your data along these lines, you’ll be better prepared to design effective compliance programs, demonstrate your diligence to regulators, and counter the attacks of malicious actors. If you use technologies and research methods that are equal to or superior to those used by third-parties, as we do at K2, you can be confident that you’ll know your data better than anyone ever will.

Jeremy Kroll featured in the Financial Times

Posted on November 2nd 2011, by K2 Global New York Office

Jeremy was recently interviewed by the Financial Times for their “Executive MBA” series.  Check out the article, “Risk and Reward“, over at FT.com.

Previous »
« Next