RosettiStarr’s Managing Director and General Counsel, Andrew Gentin, recently spoke at the American Bar Association Criminal Justice Section’s White Collar Crime Institute in San Diego.

Andrew participated in the panel “Three Lenses on Compliance Effectiveness: Government, In-House, and Outside Counsel Perspectives in an Evolving Enforcement Environment,” which examined how prosecutors evaluate corporate compliance programs, how in-house teams demonstrate program effectiveness, and how outside advisers help companies prepare for regulatory scrutiny, internal investigations, and remediation.

The discussion also addressed the growing role of artificial intelligence in compliance, including its use in monitoring, investigations, document review, and culture assessment, as well as considerations related to privilege, accuracy, and responsible adoption.

The ABA White Collar Crime Institute is widely regarded as the nation’s leading conference for white-collar practitioners, bringing together lawyers, judges, academics, and enforcement officials to discuss developments shaping the field.

Learn about the event at: ambar.org/WCCI

RosettiStarr is pleased to share that our Managing Director and General Counsel Andrew Gentin spoke at the 10th edition of the Annual Investigations Meeting DC hosted by Global Investigations Review.

The conference, which took place March 5, 2026 at the Paul Hastings offices in Washington, DC, brought together senior general counsel, compliance leaders, and leading private practitioners for substantive discussions on the latest developments in corporate investigations and white collar enforcement.

The Annual Investigations Meeting has become an important forum for professionals navigating complex investigations, regulatory risk, and cross-border enforcement issues.

Learn more about the event here:

https://events.globalinvestigationsreview.com/girliveaimdc2026/10589841?ref=SPKRCARD-H

#GIRLive #AnnualInvestigationsMeetingDC #WhiteCollarCrime #Investigations

6 principles, 10 elements, 1 flowchart — but the math on compliance programs is surprisingly consistent

The compliance world loves its frameworks: DOJ’s three fundamental questions, France’s risk mapping requirements, the UK’s “adequate procedures” standard. But strip away the bureaucratic packaging and something interesting emerges — these disparate approaches share much of the same DNA. Former DOJ prosecutor Andrew Gentin joined World Bank senior counsel Joseph Mauro, former OECD legal director Nicola Bonucci and Paul Hastings’ Corinne Lammers, led by moderator Nathaniel Edmonds of DLA Piper, to dissect what works across jurisdictions, at the SCCE’s 2025 compliance and ethics institute.

Compliance with the panoply of international rules and regulations is among the central preoccupations of daily life for professionals in multinational corporations. And while the task is no doubt a complex one, many governmental and nongovernmental organizations have sought to clarify what it means to have an effective corporate compliance program.

By examining principles outlined by regulators and enforcers like the DOJ in the US, the Serious Fraud Office in the UK and the AFA in France as well as non-enforcement international bodies like the OECD and World Bank, it’s clear there are overlapping themes and consistent principles.

Those principles and themes were the topic of discussion in the general session Sept. 16 to start the second full day of SCCE’s 2025 compliance and ethics institute, hosted this year in Nashville.

Whether their guidance comes in the form of six principles, 10 elements or a flowchart, international bodies are making it clear that effective compliance programs share common DNA, and, perhaps, a common mission that extends beyond individual corporate protection.

“We really don’t see compliance as what one company does for itself,” said Joseph Mauro, senior counsel at the World Bank. “It’s what all companies do together to make it a more clean business environment.”

Where guidance overlaps

While the specifics of international bodies’ guidance for corporate compliance programs varies — and sometimes dramatically — they all seem to have a common fundamental foundation, the panelists said: risk.

In the DOJ’s “Evaluation of Corporate Compliance Programs,” the most recent update of which was announced at last year’s SCCE event, poses three fundamental questions, the first being whether the compliance program is well-designed, and the first subsection under that question is “risk assessment.” Risk mapping and risk management account for two of the three pillars of the AFA’s anticorruption framework, and risk assessment is one of six principles outlined in the UK Bribery Act, which requires companies to have adequate compliance programs. Meanwhile, the OECD and World Bank both emphasize a risk-based approach tailored to the company’s unique circumstances.

“When companies present to [the] DOJ, you’ve always gotta start with an explanation of [how] you designed the program the way you have, and that needs to go back to the risk assessment,” said Andrew Gentin, managing director and general counsel at RosettiStar, who until a few weeks ago, was chief of the Fraud Section’s corporate enforcement & compliance unit. “The program needs to be really tailored to the actual risks impacting the company.”

Indeed, tailored risk assessments are encouraged pretty much across the board, though implementation of requirements varies. France, for example, takes a more direct approach than American authorities.

“When you look at risk assessment in France, they take a pretty prescriptive view of the type of risk mapping that needs to be conducted,” said Corinne Lammers, chair of the compliance & regulatory counseling practice at Paul Hastings. “What that entails is actually documenting both the inherent risk, as well as the residual risk in quite a number of areas.”

Policy is one thing, though; making risk assessment requirements a reality is another, Lammers acknowledged, due to limited resources.

“It’s always the case there are more risks than you have time to do a deep dive on, so you have to prioritize,” Lammers explained. “I have yet to meet the compliance officer who tells me that they have more than enough resources and headcount and dollars to get everything done that they want to on the list.”

Other common threads of global compliance guidance include:

• Senior management commitment and tone at the top: The DOJ’s second fundamental question asks whether programs are “adequately resourced and empowered,” with management commitment as the first consideration, while France’s AFA lists senior management commitment as one of its three key anticorruption pillars.
• Third-party due diligence and oversight: The DOJ’s evaluation criteria include an entire section on “third party management.” The World Bank’s integrity guidelines flow “all the way down the supply chain to the lowest sub-subcontractor,” Mauro explained, while Nicola Bonucci, former legal director of the OECD, noted that intermediaries represent “80% of all transnational bribery cases,” calling third parties “the biggest difficulty” for compliance practitioners.
• Testing, monitoring and demonstrating effectiveness: The DOJ’s third fundamental question asks whether programs work in practice through “continuous improvement, periodic testing & review.” France’s risk management pillar focuses on detection systems and whether companies are “taking corrective action when issues arise,” and the World Bank requires companies to show “a demonstrated record of implementation,” not just policies on paper.
• Training and communication tailored to roles: The DOJ guidance emphasizes that training should be tailored to employees’ roles and risks. “The salesperson in China is gonna get a lot different training than the domestic employee,” Gentin noted, recounting incidents where companies present statistics like training “98% of employees” without ensuring the content matches job functions.
• Confidential reporting and investigation processes: The DOJ explicitly lists “confidential reporting structure & investigation process” as a key element of well-designed programs, while France’s guidance asks whether companies “have a whistle-blowing system.”

Divergent approaches

International programs and guidance, of course, are not carbon copies of each other, and expectations and approaches diverge in several important ways. Among the most meaningful is the extent to which enforcers and regulators have laid down strict rules governing corporate compliance programs.

In France, companies with more than 500 employees and annual revenue exceeding €100 million are obligated to implement anticorruption compliance programs under the Sapin II framework, while the UK Bribery Act mandates businesses in the UK have compliance programs adequate for the prevention of bribery. Their counterparts at the DOJ make no such requirement, though the presence of the ECCP guidance strongly suggests that such a program can reap rewards in the form of reduced penalties or even declinations.

Its nature as a nongovernmental organization is one thing that separates the World Bank, but its unique rule around collective action is another, Mauro said: “It’s actually a requirement when companies are working with us and building a compliance program that they engage in some kind of collective project outside their own company to advance compliance in their industry, in their community.”

That requirement has a ripple effect throughout local communities around the world, Mauro said.

“One of the most fulfilling parts of this job is a lot of the companies that have been through our processes, started with a sanction, didn’t know anything about compliance, maybe were in a jurisdiction where compliance is not something that’s common,” he said. “But they go through our process, they learn about compliance, they build a well-tailored compliance program. And now they are the biggest promoter of compliance in their own area.”

Scope and focus is another area of divergence with France taking a narrower approach than the US or UK. The AFA’s guidance is focused entirely on anticorruption; in fact, this past March, French authorities established a cross-border anticorruption task force along with the UK and Switzerland.

“It’s purely anti-corruption risk mapping,” Bonucci noted about the AFA’s requirements. “They are not really interested in the global risk mapping that any company is doing.”

The presence of overlapping principles doesn’t mean a compliance program builds itself, the panelists noted. Compliance professionals still face the practical challenge of building and testing compliance programs that satisfy multiple regulatory or organizational expectations, often with scant resources.

“I think you can’t just ignore that gap because it’s gonna come up,” Gentin said, referring to the potential that a compliance officer will need to defend their program in multiple countries. “What you want to do is put together a holistic compliance program, which is gonna work before all these jurisdictions. And it could be that the US emphasizes one thing, the French emphasize another.”

Panelists also emphasized the importance of maintaining internal ownership rather than outsourcing everything to external providers, especially when it comes to the essential risk assessment functions.

“If you externalize everything, I don’t think you will convince any law enforcement authority that you are doing really a good job,” Bonucci said. “There are tools, there are platforms, there are ways in which you can externalize, but at the end of the day, you need to have someone responsible who takes the ultimate decision.”

Gentin reinforced this point, warning that companies building risk assessments relying entirely on outside help could have some tough moments when called before the DOJ to defend their programs.

“When the chief compliance officer comes in, [they’re] gonna ask who did the work, and it could be that they used a third party consultant to do some of that.” Gentin said. “But they better be damn sure [at least] that people at the company helped design it, conducted the risk assessment and then actually followed up afterward to make the changes.”

Panelists offered other practical solutions, like integrating compliance into business operations from the outset rather than treating it as a reactive problem-solving function and focusing on demonstrating that programs actually work in practice rather than just existing on paper.

Complying with multiple overlapping international requirements has never been easy, but this year’s whipsaw-style federal enforcement changes in the US have added even more complexity, the panel acknowledged.

Fighting the good fight still matters, Bonucci said.

“This is the time for companies to decide why they’re doing compliance — and that cannot be only because they’re responding to regulatory pressures,” Bonucci observed, “because the regulatory pressures in the future may go in different directions, may even be contradictory.”

DOJ corporate enforcement chief Andrew Gentin joins as Managing Director & General Counsel to lead RosettiStarr’s global investigations and compliance practices.

WASHINGTON, DC, September 4, 2025 (Newswire.com) – Intelligence and investigations firm RosettiStarr announced today that Andrew Gentin, a top Justice Department corporate enforcement and compliance official, has been appointed as a Managing Director and the firm’s General Counsel.

A two-decade veteran of the Justice Department’s Fraud Section, Gentin will oversee RosettiStarr’s expanding global investigations and compliance practices. Since 2021, he has been the Chief of the Fraud Section’s Corporate Enforcement and Compliance Unit, where he was responsible for all corporate enforcement, compliance, and monitorship matters.

Earlier, Gentin was a prosecutor in the Fraud Section’s Foreign Corrupt Practices Act (FCPA) Unit for 12 years, where he investigated and prosecuted many of the Justice Department’s most notable foreign bribery cases. He is an expert on the structural, monetary, and compliance components of FCPA, securities fraud, procurement fraud, health care fraud, money laundering, and sanctions resolutions.

“Andrew Gentin is one of the most well-respected corporate enforcement prosecutors in Washington and an expert in fraud and foreign bribery investigations,” said RosettiStarr President and CEO Richard Rosetti. “He brings a unique and expansive perspective to RosettiStarr, informed by his knowledge of the Justice Department’s enforcement and compliance priorities and processes. We are thrilled to welcome him to our firm.”

Gentin contributed significantly to the development of the Justice Department’s corporate enforcement and compliance policies, and he was a member of the Deputy Attorney General’s Corporate Crime Advisory Group. He also represented the Justice Department at the OECD’s Working Group on Bribery in Paris and chaired the Law Enforcement Officials Group, consisting of leading anti-corruption prosecutors and investigators from the 46 member nations.

“I am excited to be joining RosettiStarr, where I will be surrounded by extremely talented professionals with deep investigative and intelligence experience. I was attracted by the firm’s global reach, premier fact-finding and intelligence analysis, entrepreneurial spirit, and people who are passionate about delivering superior results to the firm’s clients,” Gentin said.

A veteran prosecutor with contacts around the world, Gentin has overseen or conducted investigations in numerous countries. He was one of the lead examiners of Turkey’s foreign bribery enforcement review last year, and of Italy’s review in 2022. He has overseen enforcement resolutions with several financial services companies and spoken widely on corporate enforcement, compliance, and monitorships at conferences.

“Andrew Gentin’s breadth of experience, global contacts, leadership ability, and investigative and compliance experience adds a strong new dimension to our team,” said RosettiStarr Chief Operating Officer Michael Starr. “His arrival will allow us to continue our growth, expand into new areas, and propel us forward with a sharp focus on what matters-delivering impactful investigative, intelligence, and compliance resources to our clients.”

Gentin holds a B.A. from Amherst College and a J.D. from Georgetown University Law Center. He clerked for a judge on the District of Columbia Court of Appeals before joining the White Collar Defense Groups at two Washington law firms. He then worked as a trial attorney at the Justice Department’s Office of International Affairs before moving to the Fraud Section.

About RosettiStarr

RosettiStarr provides intelligence, investigations, corporate risk, and security services to attorneys, management teams, and investors worldwide. Headquartered in Washington D.C., the firm’s 100 professionals serve multinational businesses, global law firms, and leading private equity firms and hedge funds that collectively manage more than $2.2 trillion in assets. RosettiStarr has partnered with over 60 of the Am Law Top 100 Law Firms and successfully executed engagements in 100+ countries. For more information, visit www.rosettistarr.com.

Source: RosettiStarr

The recent decision by senior officials in the Trump administration to use Signal, an encrypted communications app, for discussions about a sensitive military operation has placed a massive spotlight on Signal itself, and more generally on commercial encryption platforms. A group, dubbed “Houthi PC Small Group Chat” was created to discuss forward-looking and real-time information about missile strikes against a key Houthi Leader and his associates.

While Signal turns out to have been an embarrassingly poor choice for such a sensitive discussion, the incident gives rise to some interesting lessons about the strengths and shortcomings of Signal and other encrypted messaging apps. What follows is a brief analysis of the recent incident and some guidance for those seeking to further secure their communications.

Human Error and Operational Security

An old security maxim goes something like “the more people that know, the less secure you are.” And that’s exactly what happened here, when a journalist was inadvertently added to a group chat that ultimately included 18 other parties. This single decision permanently and irrevocably obviated all the confidentiality protections Signal could otherwise afford.

Even if the journalist had not been invited, including 18 other chat participants dramatically increases the likelihood that a chat will be seen or shared by an unauthorized party. Keeping sensitive communications groups as small as possible limits these risks and increases the likelihood that an unauthorized party’s presence will be detected.

Here are the key Signal Vulnerabilities

Other key lessons from this incident can be drawn from Signal’s selection by the senior officials, from how it works, and from the mismatch between its capabilities and the security needs of the chat participants. In hindsight, it is clear they had a poor understanding of Signal’s nuances, including the inherent risks when using its text-messaging features.

There is no question that Signal is an easy way to secure your conversations. It is a free, intuitive app that works well with your native device, and we suspect it was selected for these reasons. For audio calls, RosettiStarr and other corporate security professionals still consider it to be secure. Unfortunately for the Houthi PC Small Group, their discussion was a text chat and not a call.

The problems with text messages are twofold and have been documented by the U.S. intelligence community and researchers in the private sector. The first issue comes with Signal’s ability to link a user account to multiple endpoints, i.e. mobile phones and computers. State actors have discovered ways to exploit this capability and have been documented surreptitiously gaining access to these endpoints so they can monitor the de-encrypted accounts of encrypted chats. This is a critical security breach but does not mean Signal’s encryption has been broken.

Signal – and many other secure messaging apps – also has potential issues with data backups. In some contexts, decrypted or plaintext Signal chat histories can be backed up and stored in cloud environments.  To be clear, Signal’s native backup service is encrypted, but downloaded copies of unencrypted data could migrate to a cloud environment, which may not be encrypted by default. Sensitive data should always be encrypted, including while “at rest” in all storage formats. This is why RosettiStarr suggests taking steps to limit the number of places where sensitive data is replicated.

Signal and other encrypted messaging apps offer ephemeral messaging, meaning a sender can determine how long a message will be viewable on a recipient’s device. That can be a valuable security feature over the long term but does not preclude screenshots or photos of sensitive information from being taken in the meantime. Users should also be aware that ephemeral messaging can run afoul of certain court orders, recordkeeping laws, or other regulatory requirements, and as a result should use it sparingly.

The best practice – which eluded the participants in the Houthi raid discussion – is to avoid texting extremely sensitive information over Signal.

Personal Devices for Business or Government Use

The final, and perhaps most alarming aspect of this story is that many chat participants were evidently using their personal devices. The phone numbers tied to these devices are easily discoverable, rendering them vulnerable to sophisticated hacking as well as leaks of sensitive personal data through various apps or services. In the case of chat participant National Security Adviser Mike Waltz, his Venmo app settings allowed anyone to see his “friend list.” According to “Wired,” a Venmo account tied to Waltz had a 328-person, publicly viewable friend list that included White House chief of staff Susie Wiles and National Security Council staffer Walker Barrett.

More sophisticated actors could track a user’s location or introduce malicious software via targeted phishing messages. In short, the “attack surface area” of a personal communications device like an Iphone, or a Pixel or Galaxy, is exponentially greater than a restricted-use, secure communications device.

What You Can Do to Stay Secure

The first step in keeping your communications secure is identifying what you are trying to protect and from whom. Suppose you are trying to secure trade secrets, intellectual property, or details of an upcoming acquisition. If so, RosettiStarr can help quantify your risk and identify a proportional encryption solution. Whether you need basic encryption or a completely closed-circuit network, we can work with you to tailor a secure solution for your unique use case. We support short- term and long-term deployments and have a deep understating of the risks associated with mobile communications domestically and abroad.

George McCloskey brings deep experience to RosettiStarr after leading several corporate security operations in Silicon Valley

WASHINGTON, DC / ACCESSWIRE / September 20, 2023 / RosettiStarr – an international intelligence, investigations, and security services firm – today announced that global security services expert George McCloskey has joined the firm as a senior advisor.

McCloskey has been the chief security officer at Stripe, Inc., a premier financial services company based in San Francisco, and before that, was the chief security officer and head of trust and safety at the global payments firm Square, Inc. He is presently a senior vice president for risk and safety at Impossible Foods, Inc., based in Redwood City, Calif.

RosettiStarr is experiencing rising demand for its security consulting practice worldwide. McCloskey has created corporate security programs from scratch, and at Stripe developed and maintained a security program as they expanded to 38 countries. At Impossible Foods, he has kept the firm’s workforce safe, compliant, and resilient to supply chain and security-related disruptions.

McCloskey is the latest experienced professional to support RosettiStarr as an advisor to help expand and strengthen its physical and cyber security services teams. RosettiStarr currently provides consulting services on physical facilities protection, threat assessment, travel advisory, secure communications, and cyber security management. In some instances, it manages these functions for clients seeking an outsourced alternative.

In April, William “Bill” Halliday joined RosettiStarr as senior director of security consulting after leading global security operations at Marsh McLennan, a professional services firm with more than 85,000 employees. Halliday had earlier worked as a vice president, safety and security, at Morgan Stanley and as a consultant to numerous corporations.

RosettiStarr co-founder and CEO Richard Rosetti said, “We are delighted to add Mr. McCloskey as an advisor to our team, in order to take advantage of his counsel and experience in expanding this part of our global portfolio. Our clients will benefit from his ideas and extensive experience in corporate security.”

Earlier in his career, McCloskey was the chief security officer at Pixar Animation Studios in Emeryville, California. He is a Certified Protection Professional (CPP) through ASIS International and serves on the board of the International Security Management Association.

About RosettiStarr

RosettiStarr provides intelligence, investigations, corporate risk, and cyber security services to attorneys, management teams, and investors worldwide. The firm regularly services corporate enterprises with global operations and major private equity firms and hedge funds with a combined $650 billion in assets under management. RosettiStarr has worked with more than 60 of the AmLaw Top 100 Law Firms and has had successful engagements in 46 countries. For more information, visit www.rosettistarr.com.

Contact Information

Faith Apt
Media Contact
fapt@rosettistarr.com
(301) 299-1931

The first post in this series [The Santos Scandal: A Deep Dive into Deception (Part 1)] detailed evident false statements by George Santos about his employment history and education, as well as problematic information regarding his financial assets in 2022 and odd patterns in his congressional campaign’s financial accounting. This post will examine how public records have revealed the questionable corporate ties Santos had while running for Congress.

The Company We Keep

Financial regulatory records at the state and federal level also waved a further series of red flags for anyone that might have looked. In January 2020, Santos joined Harbor City Capital Corp. as a Regional Director in New York. Harbor City’s CEO Jonathan Maroney welcomed Santos in a press release. “I’ve known Mr. Devolder for several years professionally and have always had a lot of respect for how he conducts himself in business,” he said. “When we had the opportunity to welcome him to our team I was delighted. He’s a perfect fit.” The press release included erroneous information from Santos about his previous employment at Goldman Sachs and CitiGroup. Santos also listed his new position at Harbor City Capital on his Twitter account.

Harbor City Capital Corp. described itself as “an alternative investment manager specializing in the implementation of time-tested, proven arbitrage strategies to generate reliable yield from the high growth +$200B Internet advertising sector.” The company made exuberant claims of high yields on individuals’ investments.

Santos also touted claims of zero risk investments and hefty returns for those that invested in Harbor City Capital Corp. claiming an individual’s principle would be “100% secured” by a Standby Letter of Credit (SBLC) held by major institutions. However, by early June 2020, some cracks in this visage were becoming publicly evident:

Regulatory scrutiny soon followed. On June 25, 2020, the Alabama Securities Commission issued a “cease and desist order prohibiting” Harbor City Capital Corp. and its CEO Jonathan Maroney “from offering or selling securities in the state.” The commission found that Maroney and his affiliated companies were offering 18% annual returns on investments and the commission found that they “caused unrealistic claims of investment performance and unrealistic predictions of market profitability to be displayed on their web site in order to induce investors to purchase their securities in violation” of the law. The Alabama Securities Commission did not mince words in its press release regarding its cease-and-desist order against Harbor City Capital Corp.:

On April 19, 2021, the Securities and Exchange Commission (SEC) pursued its own actions against the company, filing an “emergency action to stop an ongoing, fraudulent Ponzi-scheme victimizing hundreds of investors across the United States” that was being perpetrated by Harbor City Capital Corp., its related entities, and its CEO Johnathan Maroney. The SEC alleged that starting in May 2015, or before, Maroney and the entities he controlled raised more than $17 million “through a series of unregistered fraudulent securities offerings….” and that “Maroney used investor money to enrich himself and his family, and to perpetuate the Ponzi scheme by making payments of fictitious returns to existing investors using other investor funds.” He used part of the money to buy a Mercedes Benz, a waterfront home, and to pay more than $1 million in credit card bills, according to the SEC filing:

In April 2021, the same month the SEC issued its enforcement action against Harbor City Capital Corp., George Santos left the company. He has not been implicated in the Harbor City Capital Corp. case. Maroney was the only individual named in both the Alabama and the SEC suits.

Ties That Bind

Tracking corporate filings can provide critical insight into both business entities and individuals, as well as a window into who they have chosen as business associates. Several of the individuals that worked at Harbor City Capital quickly moved on after the SEC’s April 19, 2021, enforcement action to start their own companies. In 2019 Jesse McMinn was hired as a videographer at Harbor City Capital Corp. Fifteen days after the SEC’s action, he incorporated Red Strategies Video Inc. in Florida as its President. Paul Nicolini – the Regional Director of the Investment Professionals Divion at Harbor City Capital Corp.–incorporated Paul Nicolini and Associates Inc. on the same day. Red Strategies LLC, USA was also established at the same time.

On May 11, 2021, six days after these three companies were incorporated, George Santos established Devolder Organization LLC., a group that Florida Secretary of State records show was linked to five companies established by Harbor City Capital Corporation personnel. Three were established 15 days after the SEC filed suit against Harbor City Capitol Corp., and all three were administratively dissolved for failing to file their annual financial reports on the very same

day in late September 2022, two weeks after Santos filed his second financial disclosure report with Congress. Two of the other companies were voluntarily dissolved on January 25, 2023, after the New York Times published its initial investigative story on Santos. (The Devolder Organization also appears to have failed to file its annual financial report at the beginning of 2022 and became inactive in Florida. However, on December 20, 2022, it filed paperwork and was reinstated by the Florida Secretary of State’s office. It is currently the only entity out of the five other companies listed below that still has an ‘active’ status, according to Florida Secretary of State records.)

Connect the Dots

Santos kept company with interesting characters. The Redstone Strategies annual report filed in Florida on January 14, 2022, listed George Santos, Paul Nicolini, Jayson Benoit, Jessee McMinn, and Devaughn Dames as officers, all of whom worked at Harbor City Capital Corp. but none of whom were specifically named in the SEC’s enforcement actions against the company and its CEO Jonathan Maroney.

In addition, one of the corporate officers of Red Strategies USA, LLC, R.I.A. Concepts Holding, provided its address as 47 Flintlock Drive, Shirley, New York 11967. That address is the home of Nancy Marks, who worked as a treasurer for both Santos’ 2020 and 2022 congressional campaigns.

Interestingly, the Devolder organization was registered in 2021 by a claimed financial consultant named DeVaughn Dames, who served as a treasurer for another Republican candidate in 2022 Tina Forte (she lost). During the 2022 election cycle Tina Forte’s campaign made 77 separate payments to Red Strategies USA, for a total of $110,320.05 under the rubric of “Digital Consulting and Fundraising” services. Red Strategies included Santos’ Devolder Organization LLC, and others associated with Harbor City Capital Corp., as corporate officers.

In August 2019, Dames became the Chief Financial Officer at Harbor City Capital. Through his own company, D&D International Investment Services Inc., he ended up becoming the registered agent for five of the six companies cited above.

In 2015, D&D International Investment Services Inc. and Devaugh Dames were cited in a court case initiated by the Brevard County Tax Collector in Florida for owing nearly $3,000 in back taxes. Those taxes appear to have been repaid by July 2015.

Last year, in July 2022, Credibly of Arizona LLC, a retail capital company, won two separate judgements in a lawsuit it filed against Devaughn Dames in the amount of $118,352.72 and $363.09 in a case that was brought in Arizona’s Maricopa County Superior Court.

More recently, in March 2023, Wells Fargo sued Devaughn Dames’ company D&D International Investment Services, Inc. for debt recovery to “foreclose a mortgage on real property” regarding its offices at 336 N. Babcock Street in Melbourne, Florida. This is the address provided for five of the six companies listed above. In 2009, Wachovia issued the original Note to D&D International Investment Services for nearly $1.2 million, but it was taken over by Wells Fargo when the two companies merged. Wells Fargo alleges in the suit that D&D has been delinquent on its payments and owes it a total of more than $400,000.

On May 23, 2023, the Eighteenth Judicial Circuit Court for Brevard County, Florida set a trial date of March 22, 2024, for this case.

Pulling business records, identifying corporate addresses, and compiling court cases can often help weave together a collage of the friends, colleagues, and business associates of the individual you are investigating. Our previous post revealed red flags about Santos’ claimed employment, education, and finances. Our third and final post will highlight his previous brushes with the law and unresolved questions about the origin of his finances. Taken together, this information can help paint a clearer picture of the individual’s character and potential avenues to pursue further.

The congressional candidate’s website said he briefly attended an elite private school in the Bronx, New York. His campaign literature said he worked at Goldman Sachs and Citigroup. In a required financial disclosure form filed five months before his failed 2020 election attempt, he claimed his earned income in 2019 consisted of a $55,000 salary. It listed no assets, bank or checking accounts, investments, or properties. Somehow, however, according to his filings with the Federal Election Commission (FEC), he loaned his campaign $23,850 in 2019 and an additional $57,400 in early 2020.

The following year, in April 2021, a company he started working at in January 2020 was hit by the Securities and Exchange Commission (SEC) with an “emergency action to stop an ongoing, fraudulent Ponzi-scheme victimizing hundreds of investors across the United States.” By 2022, according to a Congressional filing related to his second election bid, his financial wellbeing had nonetheless improved tremendously. His annual salary had risen to $750,000, and his “unearned” income leapt to between $1 million and $5 million for that year, while his assets had skyrocketed to between $2.6 million and $11.3 million.

George Anthony Devolder Santos (“George Santos”) is now well known, and the target of a 13-count criminal indictment by the Department of Justice that includes seven counts of wire fraud, three counts of money laundering, one count of theft of public funds, and two counts of making materially false statements to the U.S. House of Representatives. He has pleaded not guilty. However, his past appears to be catching up with him.

It should have happened much sooner. The falsehoods, distortions, and trail of misconduct surrounding Santos should have resulted in an avalanche of scrutiny well before it did. While a glimmer of the troubles surfaced in the local Long Island, New York, newspaper, the North Shore Leader two months before the 2022 election, the gravity and scale of his falsehoods did not come to light until one month after the election, when the New York Times published a detailed account of his fabrications. In short, the press, both main political parties, and public officials all failed to conduct a proper due diligence probe of him before the November 2022 election.

The George Santos saga thus provides a valuable lesson not only for politics but for investigative practices – and in particular, how public records can help reveal red flags. This is the first of three posts to be published in the coming days that will detail how such a review would have been able to unmask the mirage Santos projected before the November 2022 elections. Scrutinizing available public records would have revealed:

• Falsehoods in Santos’ public educational claims, by checking his educational record;
• Fabrications in his stated professional experience, through a review of public sources;
• Serious questions about the origin of the more than $700,000 he personally loaned his own campaign in both the 2020 and 2022 election cycle, based on FEC records;
• Questions regarding his unexplained sudden personal financial success in 2022, based on Congressional financial disclosure documents;
• Clear connections between Santos and multiple individuals who started companies in Florida days after the SEC’s “emergency action” against his former employer.

Part 1: A Litany of Lies

George Santos announced his first run for Congress in November 2019, as a Republican candidate. He lost the election to Thomas Suozzi the Democratic incumbent of New York’s 3rd congressional district, but he ran again in the 2022 election cycle. From the very start, his campaign website listed distortions and fabrications that could have been quickly and easily verified to be false.

An annotated version of his resume, first released by the New York Times, was published by Business Insider, and is provided below.

Whether you are vetting a potential employee, senior executive, or attempting to learn more about a competitor or political candidate, resumes are a critical starting point for an investigation. Vetting claims can help to identify exaggerations, outright falsehoods, and character issues that provide key insights and future paths for further analysis.

Financial Flimflam

Records that show an implausible personal trajectory are among the most obvious red flags. On May 11, 2020, for example, Santos filed a required financial disclosure report to the House Committee on Ethics. Under the “Earned Income” section, he indicated that his salary, commission, and bonus at LinkBridge Investors in 2019 was $55,000.

Although required to be fully disclosed, under “Assets and “Unearned” Income,” “Earned Income” and “Liabilities,” he wrote: “None disclosed.”

On September 6, 2022, during his second run for Congress, Santos filed his second Congressional financial disclosure report. In the span of a little over two years, Santos claimed he had acquired an apartment in Rio de Janeiro, Brazil worth between $500,000 and $1 million. He accumulated more than $1 million in his savings account and at least $100,000 in his checking account. He incorporated in Florida a New York City-based consulting firm called the Devolder Organization LLC, in which he claimed a 100% interest worth between $1 and $5 million. His annual salary there was $750,000 and his “Unearned” income – based on dividends from the company – was between $1 million and $5 million. He also went from having no declared assets in 2019 – as reported in his May 11, 2020, financial disclosure report – to assets ranging from $2.6 million to $11.3 million in his 2022 financial filing. His financial situation went from meager to materially substantial virtually overnight.

Excerpts from Santos’s financial disclosure report to Congress filed on September 6, 2022, are pasted below.

This sort of unexplained financial bonanza in such a relatively short period of time should have set off investigative alarm bells.

Pay Thyself

Odd personal financial dealings can also signal potential character issues and shortcomings in trustworthiness. According to the FEC, candidates for federal office are permitted to use unlimited amounts of their own “personal funds” for campaign purposes. There are also no limits on “loans” made from candidates’ personal funds to their campaigns. In addition, a candidate may choose to forgive “all or a part of a loan from his or her personal funds to the campaign.” However, a candidate must file a signed statement indicating that he or she forgives the loan.

Santos, according to his FEC disclosures, during his 2020 and 2022 election races personally loaned his campaigns a total of $786,250. Red flags were apparent in these disclosures early on that should have drawn more scrutiny. On March 31, 2020, he personally loaned his campaign $50,000, nearly his entire salary from the previous year. Additional loans for that election totaled $31,250, eclipsing his entire 2019 salary. His personal loans to his campaign during the 2022 campaign increased dramatically to $705,000, nearly matching his claimed salary of $750,000, as reported in his September 2022 financial disclosure report to Congress.

The FEC defines personal funds this way:

For the $81,250 Santos loaned his campaign during the 2020 election, his campaign repaid him $31,200 in November and December 2020. So far, his campaign has not repaid any of the $705,000 Santos personally loaned his campaign for the 2022 election. An example of the FEC records citing the “personal funds” that George Santos loaned to his campaign is provided below.

A $199.99 (Miraculous) Coincidence

Sometimes records speak volumes through their omission of details or simply their unlikely veracity. According to records filed with the FEC between January 1, 2021, and December 31, 2022, the Devolder-Santos for Congress campaign listed 37 separate expenses for exactly $199.99, without any reasonable accounting. These purchases included an office supply run to Staples on December 27, 2021, and also on the following day. Each purchase totaled $199.99.

Two separate shopping trips to BJ’s Wholesale two months apart in August and October 2021 cost exactly $199.99, as did three trips to Best Buy over a four-month period.

Despite the fact that the price of airline tickets frequently fluctuates due to gas prices and other factors, four separate flights on Delta Airlines from August to December 2021 each cost the Santos campaign exactly $199.99. From October to December 2021, the campaign reported five separate Uber rides, all in California, that each cost exactly $199.99. Miraculously, Santos campaign officials also appear to have ordered the same items from the menu when they frequented the Il Bacco Restaurant on Northern Blvd. in Little Neck, Queens, in Santos’ congressional district seven times, with each visit producing an expenditure of precisely $199.99.

As Politico reported in January 2023:

Campaigns rack up millions of dollars in expenses and thousands of line items per campaign, but it is rare for them to notch even one $199 expense, according to a POLITICO review of campaign finance records. FEC data shows more than 90 percent of House and Senate campaign committees around the country did not report a single transaction valued between $199 and $199.99 during the 2022 election cycle.

Santos reported 40 of them.

In fact, his campaign accounted for roughly half of all expenses by all campaigns that cost exactly $199.99 — a statistical improbability.

In listing these amounts, Santos evaded the FEC’s requirement regarding documentation for these expenses because they fell under $200 by a single penny, as outlined here:

A sampling of the $199.99 expenses reportedly incurred by the Santos campaign that they reported to the FEC are provided below.

This is the first of three posts examining how a diligent review of public records could have shed light on questionable behavior by George Santos and raised serious questions about his veracity before the November 2022 election.

COMMENTARY

By R. Jeffrey Smith

Managing Director, RosettiStarr LLC

(A version of this article was published on March 26, 2023 in Barron’s.)

Everything looked ideal, until it didn’t. A supposed whiz kid with MIT branding who had made a small fortune in currency-price arbitrage invited investors to make much larger fortunes, using a special trading sauce whipped up for a hot new financial arena. He set up a workplace offshore—but wasn’t everyone working remotely anyway? He had a cherub’s face, an earnest demeanor, and an impressive family pedigree.

Sam Bankman-Fried even looked the tech-guru part, dressing in classic sweats and cultivating a reputation for long office hours and ascetic living. He claimed, moreover, to be earning huge sums of money mostly to help others and make the world a better place. He spoke inspirationally about how his trading company would soon become accepted as a repository of savings and a venue for low-cost transactions. Its revenues were reported to have jumped from $90 million in 2020 to more than a billion dollars in 2021.

Bankman-Fried’s firms—FTX and Alameda Research—imploded spectacularly after a nine-day downward spiral in November that wiped out billions of investors’ dollars, led to his arrest, and forced him to surrender control. Bankman-Fried has pleaded not guilty, and the courts will decide his liability. But as far as investors are concerned, the FTX saga is hardly the first time investment assets have evaporated on this scale amid plentiful signals that mischief was afoot, a lesson that hasn’t fully sunk in and could easily be missed again.

Bernie Madoff’s Ponzi scheme defrauded thousands of investors out of tens of billions until he was arrested in 2008. Bankman-Fried’s operation echoes one set up 17 years earlier by a Texan named Allen Stanford, who set up trading operations on an island, hired his former college roommate as an executive, arranged off-books loans from his firm, and went on to fleece thousands of investors out of roughly $7 billion, some of which he spent on real estate and other lavish perks. Stanford was convicted in 2012 of defrauding customers and sentenced to 110 years in prison.

Watching another big scandal unfold—followed by congressional investigations amid hand-wringing about regulatory distraction—prompts fresh wonder about whether the financial system is so rickety and reliable corporate data so spare that ambitious investors are simply doomed to periodically lose their shirts. Investors looking at recent crypto losses have reason to ask whether the FTX fiasco could have been foreseen, and whether the problems that are now dogging Bankman-Fried are lurking elsewhere.

A third of the members of Congress—who recent tallies indicate took in roughly $93 million in political donations from FTX employees over the past two election cycles, funds they were asked to return by the end of February—clearly did not ask those tough questions. But a close look at FTX’s history makes clear there were red flags that could have sowed alarm for potential investors, regulators, and politicians, if only they’d conducted a serious research effort and paid attention to the results.

To start with the basics, Bankman-Fried was candid long before his indictment about his weak preparation for creating Alameda at the age of 25. His undergraduate degree was in physics. He wrote on Twitter in August 2020 that he’d had trouble in school and “spent most of my life learning to be ok-but-not-very-good” at online gaming. At FTX, he was well-known, in fact, for gaming during business meetings, including during a digital February 2022 appearance at the Economic Club of New York. His habit abetted his reputation as an oddball savant but should have been seen instead as a signpost of inattentiveness to fundamentals—an impactful shortcoming for someone forging a new path in an unregulated economic sector.

Bankman-Fried admitted in the same 2020 Twitter thread that a year after founding Alameda the company was beset by internal conflicts, producing “some really shitty times. A management dispute I didn’t know how to resolve boiled over and a bunch of employees left in early 2018.” One of those who left was Tara Mac Aulay, an Alameda co-founder who said in a November Tweet that the resignations were “in part due to concerns over risk management and business ethics.” In all, at least sixty-six FTX employees left the company before September 2022 and posted resumes on LinkedIn, creating a reservoir of information about the firm that potential investors could have exploited.

The staff that remained at FTX and Alameda after these departures was noticeably young and inexperienced. As an April 9 report to the bankruptcy court by FTX debtors noted, they had no previous exposure to “risk management or running a business, [yet] controlled nearly every significant aspect of the FTX Group.” The ambience was more like that of a college fraternity than a multi-billion-dollar business. Company expenses were approved by emojis in a Slack channel. FTX’s head of engineering, Nishad Singh, was a high school friend of Bankman-Fried’s younger brother, and Singh’s girlfriend was the FTX human resources chief; Singh took out a $543 million loan from Alameda, according to court filings. Singh has pleaded guilty to multiple criminal charges.

In 2021, the first year that FTX pulled in more than $1 billion in revenue, FTX and Alameda co-founder Caroline Ellison, 28, tweeted that there is “nothing like regular amphetamine use to make you appreciate how dumb a lot of normal, non-medicated human experience is.” Alameda, which she ran, persistently lost money during its brief existence, accounting for its eventually fatal dependence on FTX bailouts. None of this should have been a surprise. “We tend not to have things like stop losses,” she said in a podcast in May 2022. Stop losses are tools to manage trading risk. In a private, internal communication, Bankman-Fried called Alameda “unauaditable” due to the absence of reliable transaction records, a circumstance he actually described as hilarious.

When speaking in a Jan. 2022 conversation with George Mason University economics professor Tyler Cowen published as a podcast two months later, Bankman-Fried also made clear that his personal tolerance for risk was extraordinarily high. But journalists as well as analysts ignored that flash of dangerous candor, and Sequoia Capital – a firm with $85 billion under management – in September published an article by a contract business writer that called Bankman-Fried “instantly lovable” and a “trader’s trader”; it also extolled his “daring feat of arbitrage” at the outset of his career and his accumulation of “more wealth in a shorter period of time than anyone else, ever.” Neither the author of that article nor the head of digital asset research at Forbes Magazine, which celebratorily featured Bankman-Fried on its Oct. 2021 cover, noted – as the debtors report eventually did – that the FTX head was functioning throughout this period in a vacuum of “independent or experienced finance, accounting, human resources, information security, or cybersecurity personnel or leadership.”

What besides radiant PR fumes gave FTX such impressive sales? It turns out that its marketing sometimes followed a notorious boiler-room model, a circumstance that escaped wide notice because no one appears to have talked to its customers. After the implosion, the New York Times revealed that when Bankman-Fried circulated specific investment opportunities to regular clients, he attached 24-hour deadlines to qualify for the best prices. As one investor told the newspaper, the terms of the offers seemed like “code for saying ‘no diligence.’”

No prescandal review appears to have rigorously compared Bankman-Fried’s public claims of personal privation and devotion to philanthropy with his actions. He told a reporter he planned to keep just 1% of his earnings. But the $190 million in total donations made by FTX’s charitable foundation through the end of 2022 were essentially a rounding error (seven tenths of one percent) for someone with a personal fortune—premeltdown—estimated at $26 billion to $32 billion. The gap was another sign that beneath Bankman-Fried’s claim to huge business acumen was a genuine talent for exaggerated self-promotion, a goal he has acknowledged in several postbankruptcy media interviews. A Feb. 8 court document filed in the Bahamas makes clear that FTX spent more on fancy properties and vehicles used by his employees—$257.4 million to be precise—than the FTX foundation funded by Bankman-Fried and his executives spent on philanthropy. Data of this kind is routinely recorded in retrievable public records.

Some of Bankman-Fried’s and FTX’s expenditures were not public, or reported, because his company, like Allen Stanford’s, chose to operate under much lighter disclosure rules than those governing firms in the United States or other industrialized countries. By itself, the offshoring of his work—first in Hong Kong and then in the Bahamas with retained Hong Kong connections—was a waving red flag, signaling that neither regulatory authorities nor the threat of public shame from adverse financial statements imposed real burdens on FTX for most of its existence. The absence of information, as any Sherlock Holmes devotee knows, can be significant. And at the FTX Group, there were, as the company’s bankruptcy trustee John J. Ray III has testified, virtually no “audited or reliable financial statements.”

Not everything alarming about the company was hidden; it was instead largely ignored. FTX’s U.S. branch had transparently bumpy relations with financial regulators, for example, including a clearcut conflict with the government about the company’s trust and credibility. Last August, the Federal Deposit Insurance Corporation publicly ordered FTX U.S. to cease claiming that its products or accounts were federally insured.

The company’s U.S. president Brett Harrison—whose statements were specifically cited by the FDIC complaint—said “we really didn’t mean to mislead anyone.” But the firm’s exaggerated claims could have been read as signposts of an unscrupulous corporate culture and a harbinger of shortfalls in its revenues and profits. In late September 2022, Harrison notably stepped down from his position as U.S. CEO position, claiming four months later that he did so because his “relationship with [SBF]… and his deputies had reached a point of total deterioration, after months of disputes over management practices at FTX.” He also called his former boss insecure, prideful, spiteful, and volatile. That level of dysfunction should certainly have been discoverable.

The FDIC’s letter, moreover, went to FTX’s president and its chief regulatory officer, Dan Friedberg, who had a noticeably blemished employment record. Friedberg had been a counsel to the online poker site UltimateBet in the mid-2000s as it attempted to cap payouts to customers cheated by the firm’s software. Although a recent version of his LinkedIn profile omitted mention of his work for the firm, that omission was itself another problematic signpost.

To recap, then, those bewitched by Bankman-Fried ignored or simply failed to search for evidence of his low qualifications, his team’s inexperience, the alarming qualities of its work habits, the large gaps between his promises and actions, the absence of any leavening executive influences or meaningful independent oversight, and a history of major clashes between Bankman-Fried and staff or regulators. All of this was discoverable before the bankruptcy.

Was FTX’s downfall predictable? You bet it was. And there’s plenty of reason to believe the next big downfall will also be predictable – so long as a careful search is made in advance for the right cues, and the results are heeded.

WASHINGTON, DC, April 13, 2023 (Newswire.com) – RosettiStarr—an international intelligence, investigations, and security services firm—today announced global security expert William “Bill” Halliday has joined the firm as Senior Director of Security Consulting.

Halliday comes to RosettiStarr after directing global security operations at Marsh McLennan, the world’s leading professional services firm in the areas of risk, strategy, and people, with more than 85,000 employees advising clients in 130 countries.

RosettiStarr is experiencing rising demand for its security consulting practice worldwide. Halliday’s addition will add depth and knowledge to its existing suite of services, which include physical facilities protection, threat assessment, travel advisory, secure communications, and cyber security management, providing key clients an outsourced security alternative.

In Halliday’s 19 years at Marsh McLennan, he established and implemented worldwide programs to ensure security, safety, and employee health. He earlier worked for nine years as a Vice President for security programs and screening at Morgan Stanley and for five years providing security consulting services for clients at Kroll Associates.

RosettiStarr co-founder and CEO Richard Rosetti said on Halliday’s hiring, “We are delighted to welcome Bill Halliday, who is one of the most experienced and respected security professionals in our industry. Our clients will truly benefit from his advice, as he has helped build and manage two leading security departments. His extensive knowledge and experience will further help us meet our clients’ growing and shifting security needs.”

Halliday said, “I am thrilled to join the talented team at RosettiStarr, and I look forward to building on the firm’s excellent reputation. Over the course of my career, I have taken great pride in creating and delivering world-class security solutions. I am eager to bring my knowledge and skill to RosettiStarr’s clients. From supervising day-to-day security operations for clients to complete security overhauls, our team will be available to respond to a range of physical and technical security issues.”

Halliday graduated with honors from the John Jay College of Criminal Justice and completed computer technology training at New York University.

About RosettiStarr

RosettiStarr provides intelligence, investigations, corporate risk and cyber security services to attorneys, management teams and investors worldwide. The firm regularly services corporate enterprises with global operations and major private equity firms and hedge funds with a combined $650 billion in assets under management. RosettiStarr has worked with over 60 of the AmLaw Top 100 Law Firms and has had successful engagements in 46 countries. For more information, visit www.rosettistarr.com.