Now we're going to talk about the problem that I called the One Guy problem. Unlike in Enron, and WorldCom, and FIFA, and the other examples that we read about, where we saw compliance failures that were systematic. That arose because there was something wrong in the organization culture. That was marked by weak internal control or a tolerance for unethical or even criminal corporate behavior. Now, all compliance failures look like that, some of them arise from one corporate wrong, by one guy or gal. Sometimes the bad acts of one person can cause a major compliance issue for a company that would otherwise be an exemplary organization. Let's take export control violations. Like most countries, the United States has laws controlling the exports a sensitive equipment, or software, or technology for national security and foreign policy purposes. Export licenses issued by the government might be required while certain countries, people, and organizations are subject to even strong restrictions. Export controls laws cover more than just exports leaving the United States, they also apply to deemed exports. These are technology that's released to a foreign national living in the United States. In that case, the technology is deemed to be an export to the foreign nationals home country. And export licenses can be obtained and must be obtained from the Bureau of Industry and Security for the export to be legal. Avoiding a deemed export is a significant compliance issue that's faced by many conducting scientific research. Let's take an example that occurred at the University of Tennessee in 2012. At that time, John Reece Roth, a professor of electrical engineering at the University in Knoxville, began serving a four-year prison sentence for illegally exporting military technology. Dr. Roth, one guy, was working under a subcontract with Atmospheric Glow Technologies, a commercialization firm that was awarded a contract with the US Air Force. Dr. Roth had represented an air force documents that he wouldn't be sharing expert control technical data with foreign nationals. But in fact, he did recruit graduate students from China to his team. And in doing this, he violated the terms of his grant, but also the law prohibiting exports, including the deemed export of control technology. Dr. Roth also traveled to China with documents containing controlled information under export control laws. Roth claimed he was unaware of the regulations, but the court record showed the University council had warned him about the legal risks of his activities. This one guy problem implicated one corporation, AGT. It didn't implicate the University because they weren't actually party to either the agreement in which the violations took place. At the same time, universities have looked long and hard at this case. And have considered it very seriously because of a connection of a faculty researcher with export controls violations. Another export controls case affected the University of Massachusetts in Lowell. In this case, the University paid $100,000 suspended fine for exporting an atmospheric sensing device, antenna, and cables to Pakistan's Space and Upper Atmosphere Research Commission or SUPARCO. The violation occur because SUPARCO is on the restricted entity list. So a license was required for the export and that license wasn't obtained. This is another one guy problem and it did reach the University. How does an organization engage in hundreds or thousands of separate activities, manage to keep every single one of its members fully compliant with every single law? Should an organization be held to that level of accountability? If you are the compliance officer for a large multifaceted organization, how would you prepare for? And how would you manage the risks that every single employee, volunteer, contractor, or affiliate may present? This shows one lens in which to consider the rising importance and challenge of the modern-day compliance program.
