Tag Archives: due diligence

Reputation Risk for Start Ups

During a decade-long stretch of speaking with successful leaders seeking online reputation management (and being engaged by many), I’ve observed that the effect of reputational harm can be most acute when it threatens a new business venture.

When you are preparing to launch a start-up, you’ve often spent years developing an app, service or product. You have brilliant partners, a gifted team and the prospect of serious VC interest. During an immersion into preparing your new venture, what you may not anticipate is the amount of scrutiny you (and everyone associated with you) may face by prospective investors and partners, much of which you are not aware of.

Among the red flags they are looking for are signs or accusations that you (or your college-aged former self) have participated in behavior that may threaten the business in the future, including:

·         Racist, sexist, or discriminatory language or acts, even as a joke

·         The dissemination of sexually explicit material

·         Threats  of violence

·         Other behavior that may be viewed as inappropriate by people vetting you

Not just you, either. Your whole team, as well as any partners.

Investors Avoid Reputation Risk

In today’s world, investors can’t afford to be associated with anyone with a record of those red flags. Their fear of potentially being liable in any lawsuit that may result from your past behavior, or your potential future behavior, is chief among their concerns. They don’t want the reputation risk, either.

We have seen tragic consequences for clients who have been perceived as being inappropriate in their language or behavior during college, upon graduation or later in their career. In more than one instance, clients have been named in baseless lawsuits, filed against them and later dropped by a party with malice, which still show up online. Some have also been cancelled or fired with no investigation or proof. This can happen over any number of perceived wrongdoings, and even if they did nothing wrong the harm to their reputation is the same as if they had engaged in the behavior of which they were accused.

High Cost of Perceived Wrongdoings

In these and other cases, high-caliber leaders were either unable to find a job or lost a job and could not attract a new one, despite years or decades of expertise in their industry. (Men, in my view, are especially vulnerable to such issues. In my article, The Reputation Risk of Being Male, I cite how even a simple misunderstanding can have grave professional and reputational consequences. But women are by no means immune from baseless allegations of wrongdoing.)

Deep-dive due diligence is increasingly done using AI and big data. Searches of you go back years, as long as the internet has been used, and once-buried information such as legal notices that were published in a long-dead newspaper, can suddenly become digitized and available online. Those pictures of you on college break 5, 10 or 20 years ago; the messy divorce; all your social media postings, litigation history, and complaints filed with regulatory authorities – literally anything you’ve done wrong can be unearthed and become a cause for concern.

For investors who are considering backing your venture, for potential partners whose reputation will be tied to yours, and for everyone you’ll lean on for help while you build your venture toward success, any cause for concern is one too many. New ventures are always a risk. A reputational challenge puts that risk outside nearly every appetite.

How to Prepare

However, if you have such issues and are preparing to launch a new venture, there are many ways to prepare. Even if you aren’t aware that you have these issues, approaching your personal online brand as if you do is the best positive publicity you can create for your business.

The first is to initiate a personal branding campaign to position positive, credible information about yourself and your achievements online. Next, if you are on social media, vet it to assess if it positions you for where you are now…and where you want to be. Making sure the Internet reflects all the positive things you accomplish – awards you win, important achievements, etc. – creates impressions that help to instill trust at the moment a potential client comes in contact with your brand.

Invest in the Same Reputational Deep Dive in Yourself that Potential Investors Will Do

Provide information as a thought-leader. Whether you’re a business or an individual in a professional space, you possess knowledge that potential clients need. Sharing that knowledge through articles and blog posts helps to establish credibility, and it is an easy way to allow clients to get to know you. It’s also an effective way to increase the volume of information available about you on the Internet. The more present you are, the more seriously partners and potential clients will take your new venture.

Finally, invest in the same reputational deep dive in yourself that potential investors will do. Find every negative piece of information, every rumor, every half-told story that paints you in a negative light. Those can be confronted through a multifaceted online reputation management strategy, and it’s always possible that there’s something out there that you don’t even know exists.

Reading my firm’s article, The Essentials: Online Reputation Management FAQs, is a good place to learn more about how an online reputation can be threatened and how to manage those threats. It is a highly ranked article on Google that provides step-by-step actions for ensuring your brand is top and center on Google, where the world (and AI) vets you.

 
 
Crisis management

The popular TV program Jeopardy recently found itself in a crisis after selecting long-time producer Mike Richards as the late Alex Trebek’s replacement without fully vetting him.

Sony Pictures Entertainment apparently failed to conduct a deep-dive audit of Richards’ social media posts, podcast and other appearances, which, reporter Claire McNear discovered, had plenty of the type of red flags virtually all due diligence agencies now look for.

Jeopardy isn’t alone in this omission. Google landed in the same position this year when the Washington Free Beacon discovered an antisemitic blog post written in 2007 by Kamau Bobb, its global diversity lead. Google quickly reassigned Bobb from the diversity team, but the revelation caused offense to many of Google’s employees. In this case, as in the case of Sony Entertainment’s evaluation of Richards, a review of the prospective employee’s past statements would have uncovered the offensive material and avoided the reputational damage.

Thousands of organizations now routinely conduct deep-dive background checks that focus on blogposts, social media posts and other types of commentary that can be found online by anyone…with some digging. But thousands don’t. That can lead to a major reputational crisis.

Valital Technologies is a Canadian-based company, helping organizations manage reputation risks. With Valital’s AI-powered platform, organizations can stay ahead of unexpected reputation risks by monitoring and analyzing adverse online news on potential and current business stakeholders. Valital believes organizations need to “verify, then trust” in order to make better, more confident decisions about the people with whom they choose to do business.  We checked in with Ronny Aoun, Valital founder and CEO (shown below), to get the latest on how AI is being used to vet clients, business partners, third-party service providers or any individual a business is hoping to work with. 

Ronny Aoun

Q: Why do you think companies like Sony Pictures Entertainment fail to conduct due diligence for such high-profile hires?

RA: Many executives take people’s track records, experience and reputation for granted, especially if they’re star performers or well known within an industry. In the case of Jeopardy, Mike Richards had already proven himself as an executive producer for two well-loved game shows: The Price Is Right and Let’s Make a Deal. There’s a certain level of complacency involved. You often see this in more benign situations, such as in the promotion of a long-time employee into a new, more high-profile role. Some managers subscribe to a one-and-done approach in that instance; that is, if the person has been vetted once before — even if it was years ago— that person is OK. That’s a very naive and potentially brand-damaging way of thinking, as Sony found with Mike Richards.  

Q: Have you helped companies that have had such crises?

RA:  We work with organizations that have run into things like this at one point or another. Luckily, most are never as high-profile as the Jeopardy case. The reason we exist is to help these organizations make better, more confident decisions about who they choose to do business with. Our job is to help them avoid such situations. We don’t give them advice on who to engage with; we make no kind of assessment or evaluation. All the decision-making is in their hands. What we do is provide them with information that will give them a fuller picture of the individual stakeholder.

Q: Do most HR and legal departments of major organizations understand the ways AI are now being used by agencies like Valital? If not, why don’t they?

RA: Based on our experience, people are generally aware of AI and the fact that it can be a gamechanger in so many ways. They don’t necessarily understand the full extent of one powerful aspect of AI, which is Natural Language Processing or NLP. NLP is a form of AI that enables computers to extract language from unstructured text. In Valital’s case, our AI learns human language and uses content and context to perform real-time search and pulse analysis of online media, blogs and tweets, flagging misconducts related to universally recognized misbehaviours: discrimination, fraud, harassment, violence and abuses. We also find that many organizations, even ones that are large and extremely profitable, are still highly reliant on doing adverse news monitoring manually.  They don’t quite appreciate just how much more efficient an intelligent platform can be. They will get far more information, more quickly and consistently. When people are performing manual searches, you will find that in the same team, one person might stop at page 2 of his search engine results page, while another goes further. NLP eliminates the inefficiencies, freeing up resources to focus on more high value work within their organizations.

Q: How is your platform set up to use AI to vet assigned individuals…and do they know they are being vetted?

RA: First, it’s important to note that we see Valital as part of an organization’s integrated risk management efforts. It’s not intended to be the only tool in a team’s arsenal. Many organizations do standard background checks on individuals via databases. Databases are important and will continue to be so. Valital adds another layer to this by scouring the internet for fast-moving, dynamic open-source intelligence (OSINT) to flag universally recognized misconducts.

Valital is a Saas-based platform, requiring virtually no implementation. An organization determines how many validations they need to perform annually as part of their KYC process or third-party verification process, for example. There are no unwieldy and expensive licensing agreements to adhere to, and we encourage organizations to use the platform across the organization’s functions that will benefit from being able to better assess potential business relationships. Because the AI simply gathers and categorizes publicly available information, there’s no concern about breaching people’s privacy. Our AI is simply able to find more information faster, better and more efficiently than a human can.

Q: What advice do you have for executives responsible for determining whether a new business relationship is worth pursuing? 

RA: Here’s the truth: Reputation can either drive value or destroy it. It’s Warren Buffet who says it best, “It takes 20 years to build a reputation and five minutes to ruin it.” Effectively managing reputation risk is not an option; it’s an imperative. And that means deploying real-time information and processes by using the right tools and technologies that will build reputational resiliency across the organization. This means investing in rigorous due diligence, especially around these nuanced misconducts that we monitor for.

Behaviour that used to be tolerated in the past is often not acceptable today, and you want to have access to all the publicly available information about an individual before you decide. That’s why we’re constantly talking about verifying first, then trusting. The old adage of “trust, but verify,” doesn’t cut it in today’s world, because trusting the wrong business stakeholder can damage brands, sink stock prices, erode shareholder value and make organizations non-compliant with regulators, thereby incurring hefty penalties. It pays to do proper due diligence, and Valital helps organizations do it better.

This is part of our continuing series of interviews with experts whose work relates to reputation management.

 
 
Craig Wolson Esq

Attorney Craig Wolson specializes in derivatives, structured finance/securitization, complex finance, securities (especially securities fraud) and legal malpractice matters.

Craig WolsonAs a transactional attorney he has been an Associate, Special Counsel or Partner at several of the leading transactional law firms in the United States, including Shearman & Sterling; Mayer, Brown & Platt; and Cadwalader, Wickersham & Taft. As an expert witness and/or consultant, he has worked with many of the preeminent litigation firms, and litigation departments of full-service firms, including Berger Montague; Chapman and Cutler; Kirby McInerney; Labaton Sucharow; Patterson Belknap; Robbins Geller; Scott + Scott; and Williams & Connolly. 

With these credentials in mind, we asked him what due diligence precautions consumers and investors can take before they commit themselves to deals that have substantial risks to fail.

Your case studies share a common thread: that a lack of due diligence by clients of banks and investment firms can result in lawsuits.

That’s not quite right.  What leads to lawsuits in the securities area is investors losing money on securities they have bought.  The actual common thread in cases I have worked on is that the relevant issuer of the securities involved and the principals of the issuer have failed to disclose everything that would be “material” to a reasonable investor and/or have set forth the information in the offering materials in an inaccurate or misleading manner. Often the situation could have been ameliorated had the underwriters or placement agents for the securities taken reasonable steps to make sure that the information in the offering materials was complete, accurate and not misleading.

It is true that, in some cases, investors could have avoided their losses by doing some “due diligence” of their own. However, this is often too time-consuming and expensive a process for an investor to undertake.  Moreover, even if an investor had the time and money to do a thorough investigation of the issuer, there is no guarantee that the company would give the investor full access to its books and records and/or would not deliberately mislead the investor. 

There is no requirement that an investor do his/her/its own investigation/due diligence of an issuer before buying securities of the company.  The issuer and/or the principals of the company and/or the relevant underwriters or placement agents may try to use the fact that the investor did not do this as a defense to minimize their own potential liability. However, I am not aware that this defense has ever succeeded.  Nevertheless, it would obviously be helpful for an investor to do his/her/its own investigation of the issuer to the extent that the investor has the time and money to do so.

What can investors do to protect themselves from risks in specialized investments like derivatives, which they often do not understand?

This one is easy.  They should go to a professional–an investment banker, an investment advisor, or an attorney–who has a clear understanding of how derivatives and other specialized investments work and the potential risks that the investor may face, to have these things clearly explained to the investor. One should allow ample time to find such professionals inasmuch as only a small percentage of investment bankers, investment advisors and attorneys themselves understand these things.

Warren Buffett–the “Sage of Omaha”–has stated continually over the years that, if he does not understand what a company does, then he won’t invest in it.  Similarly, my advice would be that, if an investor does not understand how derivatives and other specialized investments work, and the potential risks that they entail, even after speaking to a professional, the investor should not invest in these things.

How can investors check the reputations of advisors and firms to avoid the type of “Bernie Madoff”-like misrepresentations that each decade seems to feature?

This is difficult to answer.  Madoff and people similar to him often have sterling reputations before their misdeeds are caught.  Madoff, in particular, was a highly respected businessperson and securities regulator before (and for a long time after) he began engaging in criminal activities.  Nevertheless, many of the people who invested money with Madoff realized that he was probably doing something illegal because his returns were just too high year after year to be possible.  However, because they were getting such good returns, they decided to close their eyes and not check into what was really going on. My advice would be to keep in mind those old cliches “buyer beware” and “if something seems too good to be true, it probably is”.

In terms of checking reputations of people one doesn’t know, I would suggest the following:

1.  “Google” the individual’s name.  If he has a criminal record or previously engaged in fraudulent activities, this will probably show up.

2.   Check with the securities commission of the state in which you reside and see if there have been any complaints or investigations relating to the individual.

3.   Check with the U.S. Securities and Exchange Commission for the same types of things.

4.   Check with other securities professionals and see if they are aware of or are willing to check if there have been any negative reports or investigations of the individual.

5.  Trust your instincts. If you are suspicious of the individual or feel he can’t be trusted, then stay away from him.

Last, how can consumers check the reputations of law firms to avoid those that have been proven to commit malpractice and possibly been the focus of other credible lawsuits?

This question is relatively easy to answer.  I would do any or all of the following:

1.  Ask a lawyer you know and trust what he or she knows or can find out about the other law firm.

2.  “Google” the name of the law firm and see if it has ever been accused of malpractice or if any actions, by clients or agencies, have ever been brought against it for violations of legal ethics and duties.

3.  Check with the Ethics Committee (or committee with similar functions) of the State Bar Association of the state in which you live to find out if any complaints have been filed against the law firm or if any disciplinary actions have been taken against it.

4.  Check with the Attorney General of your state to see if any complaints have been filed against the firm or if any legal actions have been taken against it.

5.  Make similar investigations in the state where the firm is based (which may not be the state where you live).

6.  In a big city like New York, you can also check these kinds of things with the local bar association.

7.  If you have any reason to feel suspicious of or have reservations about trusting the firm, don’t use them.

This is part of our continuing series of interviews with experts whose work relates to online reputation management.

 
 
Reputation Risks Facing High Net Worth Families

In a digital world, everyone faces reputation risk. But high-net-worth families (HNWFs) and individuals face special scrutiny. 

Having served victims of such issues for a decade, Reputation Communications has organized a briefing to provide HNWFs with my own insight, as well as credible information from colleagues who are experienced in helping such families.

Please click here for full details and registration links.

Reputation Communications: Reputation Risks Facing High Net Worth Families

 

 

 
 
Reputation Communications: Reputation Risks Facing High Net Worth Families

Reputation Communications: Reputation Risks Facing High Net Worth Families

3-Part Briefing, August 5, 12 & 19, 2020

A three-part series of live, 30-minute briefings with reputation management, Internet law, investigations, due diligence and risk mitigation experts will take place on August 5, 12 and 19, 2020. Registration is free and may be made via the links below. The program will be held on Zoom.

Focusing on reputation risk facing high-net-worth families (HNWFs), the program is hosted by Reputation Communications and moderated by its founder and CEO, Shannon Wilkinson.

Participants include Don Aviv, President of Interfor International; Tim Murphy, President & CEO of Consortium Networks; David Niccolini, Co-Founder of TorchStone Global; Christine Rafin, Associate General Counsel – Media and Compliance at American Media in New York City; Dan Shefet, Individual Specialist to UNESCO, and Adviser to the Council of Europe on the Internet Ombudsman;  and an expert in Internet law; and Arun Rao, President of IGI.

“In a digital world, everyone faces reputation risk,” says Shannon Wilkinson. “But high-net-worth families and individuals face special scrutiny and a dangerous loss of privacy both online and off. Online personal and reputational attacks, threats and disparagement, unfounded allegations, disinformation campaigns, impersonation schemes, disturbing online threats, extortion, and harassment are some examples. These risks can impact all areas of their professional and personal life. Having served victims of such issues for a decade, I want to provide HNWFs with my own insight, as well as credible information from colleagues who are experienced in helping such families.”

Program details follow.

Wednesday, August 5: Alert: The Reputation Risk Setting Now.

Shannon Wilkinson will introduce the program and summarize the types of reputation risks HNWFs face, including generational ones, from family leaders to teens and college students.

David Niccolini will provide an overview of the current environment contributing to the aforementioned threats, examples of the types of risks HNWFs encounter now, and the importance of situational awareness.

Tim Murphy will introduce cybersecurity threats that are increasingly common and unique to HNWFs, including account takeover and ransomware attacks.

Click here to register for the August 5th briefing.

Wednesday, August 12: Alarm: Your Internet Legal Rights in the U.S. & Abroad.

Shannon Wilkinson will introduce the program and highlight the differences between American Internet and privacy laws and those in Europe and other countries.

Christine Rafin will summarize why consumers have so few Internet legal rights in the U.S., and address common questions relating to the removal of negative, defamatory and/or infringing material from the Internet.

Dan Shefet will explain how the “Right to Be Forgotten” law operates in Europe and Argentina; provide examples of the types of content that is removable on Google; and describe the privacy laws in Europe, which are far stronger than in the U.S. He will briefly address similar online privacy laws in other countries.

Click here to register for the August 12 briefing.

Wednesday, August 19: Adapt: Double-Due Diligence & Expert Intel.

Shannon Wilkinson will introduce the program and why the issues of due diligence and investigations are relevant in high-net-worth reputation risk cases.

Don Aviv will provide inside examples of the types of threats that due diligence has revealed, especially on the personal rather than organizational side of HNWFs.

Arun Rao will share insight into the types of reputation risk issues facing prominent public figures like elected officials, candidates for public office, entertainers, and high-profile executives. Key issues include investigating and addressing false allegations and “fake news.”

Click here to register for the August 19 briefing.

About the Speakers

Don Aviv: As president of Interfor International, Don has managed, led, and coordinated teams on thousands of due diligence and investigative cases, many with complex aspects and multinational reaches. He directly supports chief security officers and general counsel of some of the world’s leading corporations, financial institutions, and family offices.

Tim Murphy: Tim is a recognized leader in global cybersecurity and intelligence. In his previous role as Deputy Director of the FBI, and now as CEO of Consortium Networks, a cyber network and solutions firm, his experience covers all operational aspects of counterintelligence, criminal, cyber, and intelligence programs. He has experience in ensuring the technological and cybersecurity of companies, high-net-worth individuals and their family offices.

David Niccolini: David Niccolini co-founded TorchStone in 2010. The company has won numerous awards and has been featured in Forbes, The Wall Street Journal, CNN, the Washingtonian, and the PBS News Hour. Over the years, David has directed security, consulting, and investigative operations across six continents on behalf of families (to include Forbes 400) and multinational corporations (to include Fortune 50).

Christine Rafin: As Associate General Counsel – Media and Compliance at American Media, LLC, Christine advises on defamation, privacy, intellectual property and publicity issues for a wide range of brands, including podcasts, online publications and magazines from National Enquirer to US Weekly. Christine has extensive experience representing high net worth individuals in federal and state civil, commercial and regulatory matters. She is an expert in the rapidly-evolving fields of Internet law, digital marketing law, and data privacy and security law.

Arun Rao: As the President of IGI, Arun draws on his experience at the Department of Justice, the White House, and the New York County District Attorney’s Office to advise clients on crisis and risk management. Arun and his team provide concierge-level assistance to elected officials, candidates for office, entertainers, and other prominent individuals facing reputational attacks, threats, and disparagement.  As Principal of The Lenzner Firm (IGI’s affiliated law firm), Arun also provides counsel on potential legal remedies.

Dan Shefet: A French lawyer based in Paris, Dan Shefet holds a Philosophy Degree and a Law Degree from the University of Copenhagen. Specializing in European Law, Competition Law as well as Human Rights in general and in the IT environment in particular, he is a noted public speaker on IT Law, Data Privacy and Human Rights on the internet. In 2014 he founded the Association for Accountability and Internet Democracy (AAID) the main objective of which is to introduce a general principle of accountability on the internet.

Shannon Wilkinson: As the founder of Reputation Communications, one of the first firms in the online reputation management space, Shannon has advised numerous high-net-worth clients, including CEOs, business leaders, luxury brands, public figures, philanthropists, Forbes 400 and Forbes 500 clients, entertainment industry icons, FinTech leaders, tech founders, venture capitalists, and others. Reputation Communications is based in New York.

 
 
Katherine Lemire, Partner, StoneTurn

The #MeToo movement has sparked a national conversation about sexual harassment. We asked Katherine Lemire about the investigations used by organizations in response to harassment and criminal behavior.

A Partner at StoneTurn, former Federal prosecutor and previously Counsel to New York City Police Commissioner Raymond W. Kelly, Katherine and her team of experts assist businesses, government agencies, nonprofit organizations, and individuals in compliance, investigations, due diligence, risk mitigation, and dispute resolution.

You have overseen investigations into allegations of employee harassment. How common are they and at what point in the situation are you brought in?

It is difficult to say how common such investigations are because a proper investigation should be conducted in a confidential manner to the extent possible.  If the facts uncovered in the course of an investigation do not support the allegations, it is of critical importance that the reputation of the accused employee remain untarnished.  Even in those cases which result in findings supporting harassment allegations, the accuser also may voice concerns that he or she is not identified as the basis for the investigation.

In the best case scenario we are brought in soon after the allegations surface.  Federal law requires a prompt, thorough, and impartial investigation into allegations in the workplace.  Statutory requirements aside, prompt investigations serve as a bulwark against the inevitable erosion of witnesses’ memories.  Acting in a rapid, thorough, and unbiased manner when responding to allegations can also serve to boost the morale of employees who might otherwise believe that management does not view these workplace issues in a serious manner.

You have said that organizations are becoming more proactive about weeding out potentially illegal and unethical conduct before and after the commencement of a criminal investigation. Is harassment considered “criminal?” If not, does it signal potential criminal behavior?

Harassment can be considered criminal if it rises to the level of conduct violating law.  In New York State, for example, repeated unwanted contact, including repeated phone calls, can result in criminal charges.

Many corporations as well as government and non-profit organizations know they have harassment issues in the workplace. How could they have avoided that before making an important new hire?

Due diligence may reveal aspects of a prospective hire’s history which could serve as warning signs.  A solid due diligence investigation might include, for example, a review of the candidate’s social media postings, litigation history, and complaints filed with regulatory authorities.

What type of internal investigations does StoneTurn recommend for organizations to minimize and prevent harassment and similar issues?

The key focus should be on a prompt and thorough investigation conducted in an impartial manner.  Stalling in response to complaints and failing to interview particular witnesses could expose an organization to liability.  Likewise, to insulate itself from charges of bias and failing to conduct the investigation in a thorough manner, organizations should engage a firm specializing in this work to conduct the investigation.

A Partner with StoneTurn, Katherine Lemire is a former federal prosecutor in the Southern District of New York, where she investigated complex federal crimes. She also served as a prosecutor in the Manhattan District Attorney’s Office where she investigated and prosecuted a broad array of criminal cases from grand jury proceedings through trial. As Counsel to Police Commissioner Raymond W. Kelly, she provided advice and counsel on a wide range of sensitive matters affecting the NYPD, while overseeing management initiatives. Katherine and her team joined StoneTurn in 2018 after successfully operating Lemire LLC, a New York-based certified woman-owned business enterprise (WBE) specializing in compliance, risk and investigative matters, which she founded in 2013. 

This is the seventeenth in a series of interviews with experts whose work relates to online reputation management.

 
 
Don Aviv, President, Interfor International

We turned to licensed investigator and certified protection specialist Don Aviv, the President of global corporate intelligence agency Interfor International, for insight on due diligence in personal and professional background checks. Interfor was founded in 1979 by a former intelligence officer. Over the past 40 years it has provided investigative and intelligence services for individuals, companies and major law firms in the United States and around the world.

What kinds of due diligence do your clients generally need?

Interfor’s clients generally require in-depth background information on persons and businesses. Our investigations have provided vital intelligence on principals, prospective employees, counterparties and joint venture partners, and we have assisted corporations, law firms and governments on a wide array of cases and controversies in every corner of the world. There are many types and levels of background checks and due diligence investigations: the scope of an investigation depends on the needs of the client and specific circumstances.

However, at minimum, a comprehensive examination in the U.S. should include a thorough litigation check, 50-state criminal check, bankruptcy check, verification of educational degrees and licenses, name screenings on government terrorist and criminal lists, country-wide media search and government regulatory agency checks. Many of Interfor’s due diligence investigations include reputation inquiries. In these cases, we canvass those who know, or may have worked with, the subject of investigation. Speaking with those individuals can provide a wealth of information, far more than any database-driven search.

How often do your clients or prospects decide against undertaking due diligence, even when you advise them that it is necessary?

Unfortunately, as a full-service investigative firm, we often see the consequences of ineffective or inadequate investigations. Our litigation support and asset search services often sees those consequences when they are called on to investigate, analyze and track cases involving theft, financial fraud, embezzlement and duplicitous conduct. Failure to conduct adequate due diligence makes you and your company vulnerable to substantial losses and liabilities. In many situations a thorough due diligence investigation would have uncovered troubling facts and circumstances before the parties began their ill-fated relationship. The old adage ‘penny wise, pound foolish’ comes to mind. In addition to financial and reputational harm, the damage caused by these omissions may result in very uncomfortable confrontations with business associates, employees, boards, investors and shareholders. As we always tell our clients: who you work with is your business—making sure who they really are is ours.

What would you say to companies that don’t carry out thorough verifications?

In the old days, when you began a business relationship with a known company checking references was about all the background verification you would do. Bernie Madoff and his ilk have turned that standard on its head. The past 15 years have seen a steady stream of financial frauds, scams and Ponzi schemes. The sheer size of these schemes has been astounding. A few years back, a scam of several million dollars was noteworthy; now we are confronted with frauds in the billions. There is no substitute for thorough, comprehensive due diligence on every significant player in your life—from an overseas business partner to your local financial planner. “Trust” and “verification” are the watchwords of the 21st century.

In addition, client feedback suggests that the commoditization and automation of due diligence is turning out to be a short-lived trend. Ultimately, clients are realizing they prefer strong analytics and a human touch as opposed to mass-generated reporting or cut-rate services from providers who almost always miss subtle red flags, if not glaringly obvious ones as well.

We often see crises in the news that may have been prevented with due diligence. What are some that have struck you recently?

Many cases of financial fraud and misconduct could have been prevented with a thorough vetting of the offending party. Financial fraud can take many forms (e.g., investment schemes on the East Coast, high-return financial instruments in Florida, oil and gas drilling investments in the Southwest), but all have the same aim: to separate good and trusting people from their money. In our long experience, there has never been a shortage of aberrant behavior and conduct.

Just a few weeks ago, a security director at Borg Warner (a publicly traded US auto-parts manufacturer) was arrested in Russia on charges of espionage. While the true reasons for his arrest remain murky and geo-politically charged at this time, the coverage quickly yielded the fact that he had been dishonorably discharged from the military for larceny and fraudulent behavior. This was a surprise to not only the company, but also the individual’s family! It turns out the company only did a cursory background check, with a cut-off at 7 years of history. A policy which required a more thorough and comprehensive check would have saved them the bad publicity.

Other recent examples:

  • A U.S. money manager with a checkered past takes up practice in France, with activities including illegal stock promotion, securities fraud, wire fraud and money laundering.
  • A highly experienced and qualified scientist engages in misconduct including plagiarizing, falsifying, and fabricating information in a government study, resulting in his suspension.
  • A founding partner of a global money management firm is party to numerous lawsuits in the Russian Federation and subject to an international arrest warrant.
  • A managing director at a hedge fund hires an investment manager with a history of Securities & Exchange Commission (SEC) investigations and a long trail of bankruptcies and bankrupt companies.
  • A prospective employee is found to have a record of criminal violations, drug and alcohol convictions and robbery charges.
  • A hedge fund manager is discovered to have a history of hard drug use and an affinity for prostitutes–as well as what associates termed a nervous, unstrung, and unstable personality.

How do clients respond to due diligence findings?

Obviously, when potential problems or issues come to light at an early stage clients are relieved. When nothing untoward is turned up, there should be a huge measure of satisfaction knowing that the people you are hiring or working with are good, stable and qualified. Clients have a respect for the process of due diligence – that best practices now dictate that employees, partners and associates undergo a thorough and complete vetting. With that process comes the peace of mind from knowing that what should be done has been done.

We’re seeing clients who respect the value of comprehensive due diligence now opting to conduct periodic checks at standard intervals on existing employees with access to sensitive data, or after internal promotions. If someone has been with the company 10-15 years it’s important to know if there have been any significant incidents which may affect an employee’s suitability to handle certain information, such as customer data or trade secrets.

Are there any new services clients are requesting?

Yes, absolutely. There is a clear need in the market for real-time threat intelligence. In a world driven by social-media conversation, conspiracy theories or perceived injustices can quickly metastasize into violent action. Strikes, vandalism, and protest can materialize before a company or organization even realizes that the conversation has turned south. To meet this need, Interfor has developed a threat monitoring and intelligence program called Sentinel. It is designed to provide a continuous overwatch of open-source discourse, in order to provide actionable intelligence as it arises. This type of coverage can help prevent or mitigate security breaches, whether it’s for a specific event, foreign travel, or potential workplace violence. It’s also helpful for immediate incident alerts, in cases such as natural disasters or civil unrest. The response has been great.

Don Aviv is a Board Certified Protection Professional (CPP), a Board Certified Physical Security Professional (PSP), and a Board Certified Professional Investigator. He is also a licensed New York State Private Investigator. He holds a B.A. from the University of Rochester and an Alpha Phi Sigma M.S. in Criminal Justice from Suffolk University. Mr. Aviv is an Adjunct Professor at the University of Maryland University College and Vice Chairman of the Security Services Council of ASIS International. He also serves as an Advisor to Canary, a manufacturer of revolutionary home security products. This is the fifth in a series of interviews with experts whose work relates to online reputation management.

 
 
Kenneth Citarella

Cyber risk protection is a key aspect of reputation management for corporate leaders, high net worth individuals and their organizations. We interviewed Kenneth Citarella, Senior Managing Director, Investigations and Cyber Forensics at Guidepost Solutions to gain insight into the most common (and often surprising) threats they face. Guidepost Solutions LLC is a multinational investigations firm specializing in monitoring, compliance, international investigations, and risk management solutions. Mr. Citarella’s areas of expertise at the firm include computer crime and fraud.

What are some examples of cybercrimes you have seen that could have been prevented with better due diligence and proactive risk assessment?

We were retained to investigate problems at a firm after it had hired a new CFO to oversee the design and implementation of a new computer network. The new CFO hired a personal friend as a consultant on the project. Then they conspired to overbill the firm and monitor the emails of key personnel. Simple due diligence would have disclosed the relationship. Also, it is important to remember that due diligence on a third party vendor who will have access to your network must include their cybersecurity practices. One of the most publicly scrutinized attacks on a retail chain began through its HVAC vendor. Incidents such as these illustrate how important it is to be aware of your network’s vulnerabilities so you can identify and implement preventive practices.

How have the new technologies used by corporations changed due diligence methods — and where do you continue to see vulnerabilities?

Due diligence methods have not changed that much. Internet-based research has been around for years. But the objectives and scope have greatly expanded. For example, if you are acquiring a company, you are not only concerned with their profitability, personnel, facilities and other traditional qualities, but with their digital practices as well. Can your networks be integrated? Are data protection procedures equivalent? Are your BYOD polices the same? Questions like these have to be addressed so that you are at least aware of the risks you are assuming. These questions are as necessary as evaluating internal financial controls and inventory. The issues are similar when evaluating third-party vendors. They handle your data and access your network. Their cyber vulnerabilities become yours.

What are the most common cyber threats facing high net worth individuals and their families?

High net worth individuals and their families face all the same cyber risks as anyone else, but they are also more lucrative targets and often have higher Internet profiles—of which they may not be aware. For example, information about a prominent executive may exist on multiple websites, including those of his employer’s, a conference he attended, and a trade association he is involved with, as well as on public media platforms. In addition, the executive’s children may be active on numerous social media platforms, leaking details of family and parental activities. From these rich sources, a criminal can mine enough details to craft a carefully scripted approach targeting a specific person (which is known as spear phishing). Far more sophisticated than the more general shotgun attempts aimed at the unwary public, these attacks will reference details of the target’s professional or personal life that only a genuine associate would typically know. That is what makes them so hard to resist. Add the fact many high net worth individuals have personal administrators for their homes or offices who answer emails and the risk escalates. Modern communications have effectively created a due diligence obligation for high net worth individuals to know and control their Internet profiles in order to minimize their risks.

If you could give them one piece of preventive advice, what would it be?

Assume you are at risk. Get educated about your vulnerabilities, address them and periodically reassess.

Cyber risk is in the news daily (and many more incidents are not made public). Can you provide examples of the type of incidents that are most damaging to corporate and executive reputations?

Recent headlines provide all the examples we need. Multiple retail chains have been hurt because they cannot protect their customer data. If the public hesitates to shop at a store because of data breach concerns, sales, income and stock price can all fall. Intrusions have destroyed emails and corporate assets, exposed embarrassing internal communications and identified people looking for sexual affairs. Reputation repair for the individual and the organization may take an extended period of time—or may not happen at all. A high-profile corporate or personal life in the 21st century requires adequate cybersecurity at home and at work as well as a protected and controlled Internet profile. Highly qualified professional assistance to secure those objectives is a must.

This is the third in a series of interviews with experts whose work relates to online reputation management.