The FCPA Compliance Report is the longest running podcast in the in compliance and business ethics. Join its award-winning host, Tom Fox, the Voice of Compliance as he visits with top compliance practitioners, key figures from business, the government and law firms in the top podcast dedicated to all things compliance.
Unlocking Financial Gains Through Proactive Compliance: Insights with Nicholas Tollet
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox cross post the first episode of a new podcast series from Nicolas Tollet, partner at Hughes, Hubbard and Reed
In this episode, Tollet delves into the substantial financial benefits stemming from robust compliance measures. Tollet recounts a company’s journey through two deferred prosecution agreements (DPAs) related to bribery and corruption allegations in Africa and Brazil, detailing how proactive compliance actions saved the company approximately $100 million. He emphasizes the crucial role of an independent monitor and in-depth compliance reviews in identifying and mitigating misconduct. Tollet explores the implementation of compliance policies and training programs, drawing comparisons with high-profile cases like Walmart’s FCPA settlement, to illustrate the long-term financial stability and operational integrity gained through early compliance investment.
Highlights in this Episode:
The First Deferred Prosecution Agreement (DPA)
The Second DPA and Lava Jato Investigation
Compliance as a Competitive Advantage
Detecting and Addressing Misconduct
Remediation and Strengthening Compliance
Financial Benefits of Compliance
Comparing with Walmart FCPA Case
Resources:
Nicolas Tollet at Hughes Hubbard & Reed
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.
Check out the full 3-book series, The Compliance Kids on Amazon.com.
For an audio/video version of the Compliance Kids book, Speaking Up is AWESOME, contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/21/2024 • 22 minutes, 33 seconds
October 14, 2024-the Do GC’s Face Peril Edition
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.
· TD Bank fined $3bn (WSJ)
· Moog settles FCPA claim. (WSJ)
· Deloitte fooled by fraudster in Texas (Houston Chronicle)
· Is routine legal advice risky? It is if you advise paying a bribe. (Law360)
For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.
Check out the full 3-book series, The Compliance Kids on Amazon.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2024 • 6 minutes, 42 seconds
From Inputs to Outputs: Roxanne Petraeus and Susan Divers on Rethinking Compliance
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, in this episode, host Tom Fox is joined by Roxanne Petraeus and Susan Divers from Ethena to discuss innovative perspectives on compliance training, specifically focusing on the 2024 update to the Evaluation of Corporate Compliance Programs.
Roxanne, drawing from her military background, emphasizes the importance of practical and effective compliance training that resonates with employees rather than traditional 'check-the-box' methods. Susan highlights the shift towards emphasizing outputs over inputs, urging for compliance programs that are not just on paper but practiced and understood by all employees.
The discussion delves into the new expectations from the DOJ regarding the use of AI and data analytics in compliance, positioning compliance officers as pivotal to maintaining organizational justice and fairness. They also explore strategies for persuading senior management to prioritize compliance through emphasizing organizational culture and reputation. The conversation concludes with the role of leadership in fostering a compliant culture and practical steps for reaching out to Ethena for further insights.
Highlights in this Episode
· Deep Dive into the 2024 Compliance Program Update
· Roxanne's Journey and Ethena's Mission
· Susan's Transition to Athena
· Outputs Over Inputs: A New Compliance Focus
· The Role of AI in Compliance
· Leadership and Compliance Strategy
Resources
Roxanne Petraeus on LinkedIn
Susan Divers on LinkedIn
Ethena
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.
Check out the full 3-book series, The Compliance Kids on Amazon.com.
For an audio/video version of the Compliance Kids book, Speaking Up is AWESOME, contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2024 • 34 minutes, 15 seconds
Jag Lamba on Integrating AI with Existing Compliance Systems
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, I welcome back Jag Lamba from Certa AI, the sponsor of this podcast to consider the integration of AI into your overall compliance framework.
Our discussion emphasizes the importance of using great software to effectively integrate AI into existing processes, systems, and teams. For successful implementation, the software should be both flexible and scalable to suit different organizational needs and volumes. Moreover, the incorporation of guardrails is crucial in areas like third-party compliance due to AI being a relatively new technology. These guardrails function as a framework to prevent excessive autonomy similar to the limitations set on a new coworker. It is fascinating look at the cutting edge use of AI in compliance.
Highlights in this Episode
· Integrating AI with Existing Systems
· The Human in the Loop
· Flexibility and Scalability in Software
· Key Elements: Guardrails in AI
Resources
Jag Lamba on LinkedIn
Certa AI
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/7/2024 • 24 minutes, 55 seconds
Vince Walden on Leveraging Data Analytics for Effective Compliance Monitoring
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this edition of the FCPA Compliance Report, Tom Fox welcomes back Vince Walden, founder of KonaAI. Vince reports on the 2024 Update to the Evaluation of Corporate Compliance Programs. (Today’s episode is a cross-posting from Data Driven Compliance.)
Walden, a distinguished expert in compliance data analytics, actively participates in industry forums such as the Society of Corporate Compliance and Ethics annual summit in Grapevine, Texas. He advocates for compliance professionals to have ample access to relevant data sources, enabling them to monitor and test policies, controls, and transactions effectively. Walden stresses the importance of AI developers being vigilant about potential biases and public harm, aligning with the Department of Justice’s stance on accountability. He advises compliance practitioners to collaborate with internal audit and finance teams to ensure they have the necessary transactional data for comprehensive risk assessments, highlighting successful, cost-effective implementations like those at Albemarle as models for gradual, data-driven compliance program adoption.
Highlights in this Episode
Data-Driven Compliance for Cost Savings
Enhancing Compliance through Advanced Data Analysis
Identifying High-Risk Areas for Data Analytics
Proactive Risk Mitigation through Real-Time Monitoring
ROI-driven Compliance Programs with Data Analytics
Resources:
Vince Walden on LinkedIn
KonaAI
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/30/2024 • 29 minutes, 56 seconds
Jon May Critiques the DOJ Whistleblower Financial Incentive Program
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, I welcome back the well known white collar defense practitioner and contrarian, Jon May as we take a deep dive into May’s concerns with the new DOJ Whistleblower Financial Incentive Program.
Jon May is a renowned legal expert known for assisting fellow attorneys in developing innovative solutions for complex cases. With extensive experience, May has authored papers critiquing the Department of Justice's Corporate Whistleblower Program, arguing that it is fatally flawed due to the DOJ's inherent hostility towards whistleblowers and lack of enforceable rights for them. He highlights significant practical issues within the program, such as the stringent requirement for complete cooperation and the misconception that whistleblowers are solely motivated by monetary rewards. By drawing attention to these critical flaws, May advocates for necessary reforms to make the program more effective and fairer.
Highlights in this Episode
· Flaws in DOJ's Whistleblower Reward System
· Unfair Reward System for Whistleblowers
· Financial Hurdles in SEC Whistleblower Program
· Risk and challenges of DOJ whistleblower cooperation
· Whistleblower rewards in corporate enforcement policies
Resources
Jon May
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/23/2024 • 45 minutes, 53 seconds
Kevin Carroll on The Trump Superseding Indictment
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcomes back Kevin Carroll to discuss the latest developments in the Trump Jan 6th case, including the Special Prosecutor’s Superseding Indictment.
In this week’s episode, Tom Fox is joined by Kevin Carroll to discuss the latest developments in one of the Trump trials. Jack Smith’s Superseding Indictment in the January 6th case in Washington, D.C., is dissected. Carroll explains the concept of a superseding indictment and its implications for the charges and defendants involved. The conversation also covers the impact of the Supreme Court’s decision on official acts and how it intersects with Trump’s legal strategies. Carroll provides insights into the procedural aspects of the case, potential trial timelines, and the broader ramifications of the court’s rulings on other ongoing cases involving Trump.
Highlights in this Episode:
The Superior Indictment
Supreme Court’s Impact on the Indictment
Trump’s Conversations with Pence
Trial Within a Trial Concept
Impact on Other Trump Trials
Election Proximity and Legal Actions
Resources:
Kevin Carroll on LinkedIn
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/16/2024 • 15 minutes, 55 seconds
Spotlight on Executive at Risk: Latest Updates on The DOJ, OFAC, FCPA, and AML
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this edition of the FCPA Compliance Report, Tom welcomes back Mill & Chevalier attorneys Executives at Risk team, including Lauren Briggerman, Katherine Pappas, Ian Herbert, and their newest colleague Laura Deegan.
We dive into key compliance and enforcement topics such as the new DOJ whistleblower initiative, recent OFAC sanctions and export controls, key FCPA enforcement actions focusing on individual liability, and notable AML developments, particularly within the cryptocurrency sector. The discussion highlights the evolving landscape of corporate compliance and the increased need for robust internal reporting and proactive compliance measures.
Highlights in this Episode:
DOJ Whistleblower Initiative
OFAC Sanctions and Export Controls
FCPA Enforcement Actions and Developments
AML Developments and Binance Case
Resources:
Miller & Chevalier Chartered
Lauren Briggerman
Katherine Pappas
Ian Herbert
Laura Deegan
Executives at Risk, Summer 2024
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/9/2024 • 36 minutes, 19 seconds
Exploring DOJ's New Whistleblower Incentive Program with Mary Inman
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, I welcome back Mary Inman, Partner at Whistleblower Partners LLC to discuss the new DOJ Whistleblower Incentive Program.
Tom and Mary discuss the DOJ's New Whistleblower Incentive Program's aim to fill gaps in existing reward programs and its focus areas, including financial institution violations, foreign and domestic corruption, and healthcare offenses. Mary highlights some criticisms of the program, such as lack of a reward floor and the cap on rewards, and the potential challenges and impacts on corporate compliance. They also talk about the interplay between whistleblowers, DOJ, and corporate investigations, and the potential for adaptation of the program based on stakeholder feedback.
Highlights in this Episode
· DOJ Whistleblower Incentive Program Overview
· Four Focus Areas of the New Program
· Challenges and Criticisms of the Program
· Concerns About Reward Mechanisms
· Race to DOJ: Whistleblowers vs. Corporations
· Implications for Corporate Compliance
Resources
Mary Inman on LinkedIn
Whistleblower Partners
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2024 • 33 minutes, 18 seconds
The Boeing Plea Agreement - Culture is The Key
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. We take things in a different direction today as Tom Fox reposts the recent webinar with Sam Silverstein and Mike Volkov, where we took a deep dive into the Boeing Plea Agreement, the Monitorship, and why culture is the key to a Boeing turnaround.
We explore the recent plea agreement filed by Boeing, the outrage among victims’ families over the proposed penalties, and the appointment of an independent compliance monitor. Key issues discussed include the necessity of a culture overhaul at Boeing, the implications of excluding court jurisdiction over the monitorship, and the role of the board in fostering a culture of compliance and safety. The discussion highlights the critical need to focus on values, accountability, and transparent processes to rebuild trust and ensure long-term organizational integrity.
Highlights of this episode:
Details of the Plea Agreement
Compliance Monitor Appointment and Transparency
The Importance of Culture
The Role of Compliance Monitors
Board Involvement and Accountability
Victims’ Families and Organizational Accountability
Resources:
Sam Silverstein
Mike Volkov
The Culture Audit
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/5/2024 • 58 minutes, 51 seconds
Bob Tarun and Peter Tomczak on The FCPA Handbook, Part 2
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this edition of the FCPA Compliance Report, Tom Fox conclude this two-part episode with Bob Tarun and Peter Tomczak from Baker & McKenzie who discuss the latest edition of their book the Foreign Corrupt Practices Act Resource Handbook.
This episode provides an in-depth exploration of Delaware law’s Caremark duties and their evolution, particularly in anti-corruption compliance. The discussion highlights the challenges boards face in implementing and overseeing compliance programs. Additionally, it delves into the intricacies of defending FCPA investigations, with insights into recent high-profile cases such as those involving Walmart, Glencore, and Goldman Sachs.
The conversation also covers the international trends in anti-bribery and corruption enforcement, particularly focusing on regions like China, Southeast Asia, and the Middle East. Key compliance strategies and the importance of cross-border data privacy considerations in investigations are discussed, along with a critical look at the DOJ’s sophistication in evaluating corporate compliance programs.
Highlights in this Episode:
Introduction to Caremark and Delaware Law
Key Strategies for FCPA Investigations
Challenges in FCPA Trials and Compliance
International Anti-Corruption Trends
Future of FCPA Enforcement
Resources:
Foreign Corrupt Practices Act Handbook
Bob Tarun
Email: [email protected]
Phone: 312-714-0225
Peter Tomczak
LinkedIn
Baker & McKenzie
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/29/2024 • 24 minutes, 59 seconds
Bob Tarun and Peter Tomczak on The FCPA Handbook, Part 1
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcomes Bob Tarun and Peter Tomczak from Baker & McKenzie in Part 1 of a two-part podcast series to discuss the latest edition of their book, The Foreign Corrupt Practices Act Handbook.
The conversation covers their professional backgrounds, motivations for updating the book, and significant changes in FCPA enforcement and compliance practices. Bob and Peter provide detailed insights into their writing process and some of the key defenses for FCPA investigations. Key trends in international anti-bribery and corruption enforcement, the evolving role of corporate compliance programs, and strategies for dealing with DOJ expectations are also addressed. The episode concludes with discussions on future prognostications for FCPA enforcement and how listeners can connect with the authors.
Highlights in this Episode
Meet the Authors: Bob Tarun and Peter Tomczak
Updating the FCPA Handbook: New Challenges and Insights
Key Chapters and Practical Advice in the FCPA Handbook
DOJ Policies and Corporate Compliance
For the Board: The Pitch Count Policy Caremark Duties
Defending FCPA Investigations: Strategies and Trials
International Anti-Bribery and Corruption Trends
Resources:
Foreign Corrupt Practices Act Handbook
Bob Tarun
Email: [email protected]
Phone: 312-714-0225
Peter Tomczak
LinkedIn
Baker & McKenzie
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2024 • 27 minutes, 15 seconds
Erica Salmon Byrne on Closing The Speak Up Gap
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcomes back Erica Salmon Byrne to discuss the recently released Ethisphere 2024 Ethical Culture Report: Closing the Speak Up Gap.
They explore the genesis and findings of the report, focusing on the eight pillars of ethical culture and significant insights derived from data collected since 2020. Key topics include the importance of equipping managers to handle employee concerns, generational and tenure-based discrepancies in reporting misconduct, and the persistent issues of retaliation and employee dissatisfaction with the current reporting mechanisms. Additionally, Erica shares practical strategies for compliance teams to address these challenges and enhance their ethical culture.
Highlights in this Episode
Genesis of the 2024 Ethical Culture Report
The Eight Pillars of Ethical Culture
Key Insights: Closing the Speak Up Gap
The Role of Managers in Compliance
The Tenure Smile: Willingness to Speak Up
Strategies for Improving Reporting
Ethisphere’s Future Plans and Masterclass
Resources:
Erica Salmon Bryne on LinkedIn
2024 Ethical Culture Report: Closing the Speak Up Gap
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/15/2024 • 25 minutes, 39 seconds
Jonathan Armstrong on Sweeping Changes in The UK Government: Insights on Compliance
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcome Jonathan Armstrong to discuss the seismic shift in the UK’s political landscape following the election last week.
The election was literally one for the ages. It led to a significant Labor victory over the Conservatives. They delve into the implications for compliance and governance in both the UK and globally. Topics include the new government’s proactive approach, anticipated shifts in bribery enforcement, and fiscal policies.
They also explore potential changes in AI regulation, employment law, data protection, and international relations, especially concerning Russia and China. The conversation highlights Labor’s balanced strategy, aiming for sensible, centrist policies while addressing key issues like corruption, AI, and data privacy.
Highlights in this Episode:
An election result for the ages
Impact on Bribery and Corruption Enforcement
Trade Sanctions, Russian Oligarch’s and Forced Labor
AI and Beyond
Data Privacy and Data Protection
Labor and Employment Rights
Resources:
Jonathan Armstrong on LinkedIn
UK General Election 2024 – What Might This Mean for Compliance?
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/8/2024 • 36 minutes, 59 seconds
Adrienne Bellehumeur on Design - Centric Approaches to Internal Controls
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this edition of the FCPA Compliance Report, Tom Fox welcomes back Adrienne Bellehumeur, a chartered accountant and expert in internal controls and documentation.
Adrienne discusses her recent article on design-centric internal control and emphasizes the importance of focusing on design as the foundation for effective control programs. She outlines five key principles for improving control design and details her approach to challenging processes and governance systems. The conversation also touches on the necessity of continuously updating controls to adapt to evolving business and regulatory environments.
Adrienne shares tips on fostering better design through workshops, effective interviewing, and continuous improvement, while also addressing new developments such as AI and ESG. The episode finishes with insights into how internal controls can support whistleblower programs and the importance of back-to-basics documentation and information management.
Highlights in this Episode:
Professional Background
Design-Centric Approach to Internal Controls
Challenges and Importance of Good Design
Principles for Improving Control Design
Back to Basics: Adapting to New Business Developments
Whistleblower Programs and Internal Controls
Resources:
Adrienne Bellehumeur on LinkedIn
Risk Oversight
New Approaches to Control Design
Tom Fox
Instagram
Facebook
YouTube
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2024 • 31 minutes, 52 seconds
Brad Hibbert on Prevalent’s 2024 Third Party Risk Management Report
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, I have a take a deep dive into the Prevalent 2024 Third Party Risk Management Report with Brad Hibbert, the Chief Strategy Officer and COO at Prevalent.
Hibbert drives Prevalent’s product vision and strategy development, which draws from the Third Party Risk Management Report. The Prevalent Report outlines the complexities of managing third-party vendor relationships, highlighting the various phases involved such as onboarding, contracting, and offboarding. It examines the inefficiencies and risks that arise from fragmented processes and technologies handled by different teams. Our conversation explores how these challenges impact risk visibility and resource management, emphasizing the downstream effects on program scalability and decision-making.
Highlights in this Episode
· Introduction to Vendor Relationship Phases
· Challenges in Managing Vendor Relationships
· Inefficiencies and Risks in Vendor Management
· Impact on Risk Visibility and Decision Making
· Pressure on Teams and Resource Implications
Resources
Brad Hibbert on LinkedIn
Prevalent
Prevalent’s 2024 Third Party Risk Management Report
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/17/2024 • 25 minutes, 34 seconds
Evie Wentink on Making Compliance Training Practical
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this edition of the FCPA Compliance Report, Tom Fox has a fascinating visit with Iveta (Evie) Wentink, a 15-year compliance veteran. Evie has worked in the public and private sectors and has expertise in compliance training, hotlines, government contract compliance, data privacy, reporting, & due diligence.
Evie has one of the most unique opening lines for hotline training, which is ‘Do You Know Your Hotline Number?” This simple yet incredibly important question encapsulates Evie’s approach to compliance training: make it simple, direct, and practical for the listeners. (Or, as Carsten Tams would say, ‘It’s all about the UX’).
Our conversation focuses on the critical role of hotline numbers in corporate compliance programs, emphasizing the need for employees to know and trust the hotline. Evie shares insights from her career, highlights the significance of marketing compliance hotlines effectively, and discusses the broader culture of compliance and non-retaliation in organizations. She shares practical tips for improving hotline awareness and usage, making this episode a valuable resource for compliance professionals and organizations alike.
Highlights in this Episode:
Enhancing Trust through Active Compliance Reporting
Promoting Reporting Culture Through Creative Marketing
Ethical Culture: Encouraging Compliance Reporting Safely
Enhancing Compliance Programs Through Anonymous Hotlines
Resources
Evie Wentink on LinkedIn
Evie’s Top 10 Compliance Back to Basics
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/10/2024 • 23 minutes, 28 seconds
Andy Spalding on Transforming Global Sports
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, I welcome Professor Andy Spalding, an expert in anti-corruption law, to discuss his extensive work with the Paris Olympic Committee in preparation for the 2024 Olympic Games.
Spalding shares insights about his involvement with the French Anti-Corruption Agency (AFA) and elaborates on how anti-corruption and human rights reforms are being integrated into the Olympic preparations. The discussion also delves into the historical significance of these reforms and their potential to leave a lasting positive impact. Furthermore, Fox and Spalding explore the groundbreaking work done by Qatar during the FIFA World Cup and its implications for future mega sporting events. The episode concludes with thoughts on how the accumulated knowledge and best practices from different countries could shape the future of global sporting events, emphasizing the importance of collaboration among stakeholders.
Highlights in this Episode
· Involvement with Paris 2024 Olympics
· Role and Impact of French Anti-Corruption Agency (AFA)
· Innovative Compliance Measures for Paris Olympics
· Comparison with Qatar's World Cup Reforms
· Future of Anti-Corruption in Mega Sporting Events
Resources
Andy Spalding at University of Richmond – School of Law
CCI Webinar on A New Era in Megasports Anti-Corruption
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2024 • 23 minutes, 52 seconds
Kenyen Brown on Preventing DOJ Intervention Through High Policing Standards
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this special edition of the FCPA Compliance Report, welcome back fan favorite Kenyen Brown, now at his new firm, Thompson Coburn LLP.
Kenyen Brown joins Tom Fox to discuss his experience reviewing the Mobile AL Police Department use of force on behalf of his client, the City of Mobile.
Kenyen Brown is a renowned legal expert with a wealth of experience in investigations and legal work concerning constitutional standards in the use of force. His perspective on this topic is heavily influenced by his extensive background in various roles, such as US Attorney and counsel for Senate and House ethics committees, which has allowed him to deeply understand the intricacies of law enforcement and constitutional standards.
Brown firmly believes that police departments ought to adopt proactive measures, including independent third-party oversight, to align their practices with constitutional standards, particularly in the utilization of force. His experiences, notably his review of the Mobile Police Department’s use of force incidents, have led him to advocate for proactive, independent oversight to improve community relations and prevent deadly force incidents.
He underscores the necessity of reevaluating and enhancing general orders, principles, and training to ensure law enforcement officers’ compliance with constitutional standards, thereby reducing the likelihood of deadly force incidents and potential civil rights violations.
Highlights in this Episode:
Preventing DOJ Intervention Through High Policing Standards
Community-Led Oversight: Enhancing Police Department Practices
Constitutional Standards for Use of Force
Public Involvement in Police Accountability and Transparency
Controversial Police Practice: No-Knock Raids
Resources :
Kenyen Brown on LinkedIn
Thompson Coburn LLP
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2024 • 32 minutes, 29 seconds
Mary Inman on The DOJ Whistleblower Incentive Initiative
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this special edition of the FCPA Compliance Report, we welcome back fan favorite Mary Inman, now at her new firm, Whistleblower Partners LLP, a firm dedicated to assisting whistleblowers navigate various reward programs.
Mary joins Tom Fox to discuss what we know so far about the DOJ Whistleblower Incentive Initiative.
Mary has a positive perspective on the Department of Justice’s (DOJ) White Collar Whistleblower Program. She acknowledges the gaps in existing whistleblower reward programs across multiple agencies and sees the DOJ program as a crucial opportunity to fill these lacunae. Inman’s expertise, particularly in the SEC program, allows her to identify specific gaps, such as the lack of financial protections for whistleblowers reporting Foreign Corrupt Practices Act violations involving companies not publicly listed on US exchanges.
From her perspective, the DOJ program will address serious financial crimes, including domestic corruption. Inman also anticipates that the DOJ will establish its own office of the whistleblower, mirroring similar initiatives in other agencies, hence providing both confidential and anonymous reporting avenues.
Topics Covered in This Episode:
Specialized Law Firm for Whistleblower Reward Programs
Financial Crime Reporting Enhancement Initiative
Establishing a Central Office for Whistleblowers
Championing Transparency: Grassley’s Whistleblower Advocacy
Wellness Fund Support for Whistleblowers
Resources:
Mary Inman on LinkedIn
Whistleblower Partners LLP
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2024 • 30 minutes, 57 seconds
How Boeing Can Make a Cultural Comeback
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.
In this special edition of the FCPA Compliance Report, welcome Sam Silverstein. They take a deep dive into how Boeing can begin to overhaul and reform their toxic culture, which led to the 2024 compliance and ethics failures. They discuss the power of the Culture Audit™, which is the sponsor of this podcast.
Sam Silverstein is a seasoned professional with over three decades of experience in corporate culture. Silverstein believes that a strong leadership role is crucial in driving culture change within an organization. His philosophy is that action follows belief, stressing that leaders must genuinely prioritize creating a culture of quality, compliance, and safety for it to truly thrive.
Silverstein maintains that the CEO’s primary role is to protect the organization’s culture, while the COO should ensure operations align with the board and CEO’s strategic plan. His experiences, particularly his insights drawn from Boeing’s situations, have shaped his belief that prioritizing culture over short-term profits, along with a culture audit and specific implementation plan, can help address systemic issues and foster a high-performance workplace culture.
Topics Covered in This Episode:
Transition from Safety to Profit Culture at Boeing
Measuring Organizational Culture through Employee Engagement
Creating Accountable Leaders for Organizational Culture Transformation
Cultivating Sustainable High-Performance Organizational Culture
Cultivating Employee Trust Through Genuine Leadership Efforts
Rewarding Ethical Behavior for Organizational Integrity
Data-Driven Organizational Culture Enhancement Process
Recognition and Amplification through Personalized Engagement
Resources:
Sam Silverstein
Sam Silverstein on LinkedIn
Sam Silverstein
The Culture Audit™
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2024 • 54 minutes, 11 seconds
Ron Karr on Influence, Trust and Persuasion
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special edition of the FCPA Compliance Report, Tom welcomes Ron Karr, long time thought leader in the art of leadership, persuasion and influence. They take a deep dive into the science of influence and persuasion and help the compliance professional understand how they can use this science to move the compliance ball forward in an organization.
Ron Karr is a speaker, and author with over three decades of experience in the sales and consulting industry. His career saw its inception in retail, later transitioning to the computer industry, and eventually culminating in the establishment of his own consulting business. Karr’s perspective on the “Velocity Mindset”, as detailed in his book, revolves around the concept of speed with direction, where goals and aspirations are the key drivers of actions.
His belief that self-imposed limitations can hinder our progress is deeply rooted in his experiences, leading him to emphasize the importance of self-evaluation, proactive approach adjustments, and reshaping our narratives to facilitate our goals. Karr underscores the value of networking and learning from others, seeing it as a vehicle to expedite success and achieve professional velocity.
Topics Covered in this Episode
Purposeful Reflection for Effective Decision-Making
Neurochemical Impact on Influencing Others Successfully
Propelling Success through Adaptive Strategies
Empowering Personal Growth Through Story Rewriting
Enhancing Professional Success Through Peer Engagement
The Velocity Mindset: Achieving Success Through Networking
Resources:
Ron Karr on LinkedIn
Company
Blog
The Velocity Mindset
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2024 • 35 minutes, 15 seconds
DOJ on AI and Data/Intellectual Property Protection
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special edition of the FCPA Compliance Report, Tom welcomes Jessica Nall, a partner at Baker McKenzie who leads the firm’s West Coast investigations and compliance practice and Maria Piontkovska, a Senior Associate in the same practice group.
We take a deep dive into their article about the recent series of speeches by Department of Justice representatives at the ABA White Collar Conference in the areas of the new DOJ whistleblower program, AI, and the areas of data protection and intellectual property protection.
Jessica Nall and Maria Piontkovska are prominent legal professionals specializing in white-collar defense and corporate investigations. Nall, a seasoned attorney with over 20 years of experience, leads Baker McKenzie’s white-collar practice in California. Maria is alongside Piontkovska, a skilled attorney originally from Ukraine.
Both regard the ABA White Collar Conference as an essential platform for the defense bar, government investigators, and compliance leaders to gather for discussions and networking. Nall sees the conference as vital for disseminating new compliance expectations and enforcement trends announced by government officials, while Piontkovska highlights the importance of the direct line of communication with these officials, providing insights straight from the source.
Their perspectives on the conference are shaped by their extensive experiences in the field and drive their contributions to the discussions and policies related to white-collar defense and compliance.
Topics Covered in This Episode:
Key Figures Discussing Trends in Compliance
Corporate Transparency Incentive Initiative
Financial Incentives for Anti-Corruption Self-Disclosure
Navigating Risks: AI in Corporate Compliance
Data Mapping for International Data Security
Resources:
Jessica Nall on LinkedIn
Maria Piontkovska on LinkedIn
Compliance Steps After ABA White Collar Crime Conference
United States: Department of Justice announces new corporate compliance directives for AI along with increased penalties for AI-related misconduct
Baker McKenzie
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2024 • 32 minutes
Ethics Madness 2024 Returns
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special edition of the FCPA Compliance Report, Tom welcomes back Jason Meyer, founder of LeadGood LLC. In this episode, Jason Meyer and Tom Fox continue the annual tradition begun by Jason of Ethics Madness, a show where we look at the intersection of sports and ethics during March Madness.
Topics Covered in this Episode
· College Athletes' Earning Opportunities in NCAA
· Adapting to Evolving Sports Rules for Success
· Temple Basketball: Impact of Sports Betting
· Balancing Player Safety and Sporting Entertainment Ethics
· Ethical Compliance Protocols in Sports Organizations
· Embracing Neurodiversity: Athletes' Personal Stories
· Sports Ethics: Second Chances and Compliance
Resources
Jason Meyer on LinkedIn
LeadGood LLC
Anthem for this Podcast
Winning by Santana
Compliance Anthem of the Week Playlist on Spotify
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/1/2024 • 56 minutes, 17 seconds
Mary Inman on DOJ Whistleblower Bounty Program
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom welcomes back Mary Inman, partner at the newly formed Whistleblower Partners LLP. They talk about the new Department of Justice (DOJ) initiative to pay a bounty to whistleblowers.
Mary Inman is a well-recognized authority in the realm of whistleblowing programs. In this episode, she focuses on DOJ whistleblower program. Her perspective on the program is cautiously optimistic, acknowledging the potential gains in encouraging whistleblowers to disclose information about financial crimes and corruption. However, she has expressed concerns about certain aspects of the program’s design, such as excluding culpable whistleblowers and limiting the type of information that can be provided.
These viewpoints stem from her extensive experience and deep understanding of the complexities involved in implementing effective whistleblower programs. Drawing from her expertise, Inman also emphasizes the need for confidentiality and anonymity for whistleblowers, similar to the SEC program, suggesting that while the DOJ program is a positive step, careful consideration and potential revisions are required to ensure its effectiveness and fairness.
Key Highlights:
Financial Crime Whistleblower Reward Initiative
Promoting Transparency Through Compliance Officer Resignations
Whistleblower Protection for Mental Well-being
Resources:
Mary Inman on LinkedIn
Whistleblower Partner LLP
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2024 • 17 minutes, 14 seconds
Jonathan Wilson on the NSBU Decision
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance.
In this edition of the FCPA Compliance Report, Tom welcomes back Jonathan Wilson, one of the country’s top experts on the Corporate Transparency Act. We dissect the court decision in the case of the National Small Business Union, which invalidated the CTA and what it might mean for the law going forward.
Jonathan Wilson is a well-respected figure in corporate transparency and has established an impressive body of work around the Corporate Transparency Act. He is the founder of FinCEN Report, a company that helps businesses and others comply with the CTA.
Wilson’s perspective on the Act hinges on his understanding of its legal implications and practical considerations, warning companies that, despite a recent district court decision, they are still required to meet filing obligations. We take a deep dive into the court opinion, how it applied (or misapplied) US law and explain the need for continued compliance with the law.
Even with this court decision, Wilson’s advice is clear, companies must continue with compliance efforts and fulfill their reporting requirements, as delays will not alter the facts or obligations of the Act. The invalidation of the CTA is only applicable to the named plaintiff in the Northern District of Alabama so all others must continue to comply with the law.
Key Highlights:
CTA Overturned—Is Interstate Commerce Affected?
What is the US National Security Interest?
Beneficial Owner Disclosure in Money Laundering
Senate Ratification of International Treaties
Navigating Legal Compliance in Competitive Business Environment
Resources:
Jonathan Wilson on LinkedIn
FinCEN Report
National Small Business Union decision
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2024 • 21 minutes, 32 seconds
Mike Lindsey on the CTA and NSBU Decision
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom welcomes back Mike Lindsey to discuss the Corporate Transparency Act. In a first for the FCPA Compliance Report, after the episode was recorded but before it was posted, the CTA was declared unconstitutional by a Trump appointed US District Judge. We recorded an addendum to consider this court decision invalidating the law.
Mike Lindsey, a distinguished corporate and transactional lawyer based at Steinbrecher & Span, has built a solid reputation as an authority on the CTA. Lindsey's insights into the CTA are influenced by his emphasis on privacy and data security, highlighting the risks correlated with a centralized database potentially accessible via the dark web. From his perspective, the CTA serves as a critical federal law designed to increase transparency around beneficial ownership of corporations to inhibit illegal activities such as money laundering, tax evasion, and fraud. However, Lindsey also questions its effectiveness in disclosing ownership by entities like the Iran Revolutionary Guard. Despite this, he sees the CTA as a ground-breaking move for privately-held companies, requiring them to report beneficial owners, something uncommon among small businesses in the United States. Ultimately, Lindsey views the CTA as an essential measure towards impeding financial crimes and enhancing accountability in corporate structures.
We also discuss the trial court decision in the case of National Small Business Union which invalidated the CTA and what it might mean for the law going forward.
Key Highlights
· Beneficial Ownership Disclosure Law
· Key Players in Corporate Decision-Making
· CTA Compliance Impact on Small Businesses
· Federal Database Security Concerns
· Illicit Financial Activities and National Security Measures
· National Small Business Union decision
Resources
Mike Lindsey on LinkedIn
Steinbrecher & Span
National Small Business Union
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/11/2024 • 32 minutes, 35 seconds
Erica Salmon Byrne on 2024 World’s Most Ethical Company Awards
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special Thursday edition of the FCPA Compliance Report, Tom welcomes back Erica Salmon Byrne, Chief Strategy Officer and Executive Chair, at Ethisphere to discuss announcement of the 2024 World’s Most Ethical designations and the new Ethics Premium.
Erica Salmon Byrne is a renowned figure in the realm of ethical business practices, recognized for her significant role in the annual announcement and recognition of the world's most ethical companies list. Byrne views this list as a crucial acknowledgment of companies globally that are making a positive impact, with representation across 20 countries and 44 industries. Her experiences in leading changes to the program's methodology, such as the introduction of a third-party management category and a heightened focus on governance and culture, have shaped her perspective on the continuous evolution and improvement of the evaluation process. She sees the list as a valuable tool for companies to demonstrate their commitment to ethics and compliance, and as a source of inspiration for others in the compliance community to strive for ethical excellence.
Key Highlights
· Global Recognition for Ethical Business Practices
· Enhanced Scoring System Emphasizing Governance and Culture
· Global Representation of Ethical Industry Leaders
· Ethics Quotient Evaluation for Recognized Companies
Resources
Erica Salmon Byrne on LinkedIn
Ethisphere
World’s Most Ethical Companies for 2024
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2024 • 21 minutes, 48 seconds
Seth Whitelaw on Navigating Life Sciences Compliance
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Seth Whitelaw who has worked in life sciences compliance for over 30 years.
Seth Whitelaw is a seasoned lawyer and compliance officer with a specialization in drug law, particularly within the life sciences industry. He has a unique perspective on regulatory guidance updates in healthcare compliance, shaped by his experiences in developing compliance programs and teaching law. Whitelaw believes that despite technological advancements in healthcare compliance, the role of compliance officers remains crucial. He views them as a necessary check and balance within companies, akin to the role of government in society. Whitelaw emphasizes the importance of addressing industry criticisms and regulatory updates to prevent distractions and ensure companies can focus on their primary objectives. He is a strong advocate for compliance officers, recognizing their vital role in helping companies bring safe and effective products to market, thereby adding value to the companies they serve.
Key Highlights
· Tailored Compliance Consulting for Mid-Sized Companies
· Evolutionary Alignment for Effective Compliance Programs
· Data-Driven Healthcare Compliance Updates and AI Integration
· Enhancing Life Science Compliance with AI
Resources
Seth Whitelaw on LinkedIn
Whitelaw Compliance Group
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2024 • 24 minutes, 36 seconds
Tom Fox and Mike Volkov Look at Incentives for Self-Disclosure
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes back Mike Volkov as they take a deep dive into the ABB, Albemarle and SAP FCPA enforcement actions to try and unpack the DOJ’s pivot away from heavy penalties for recidivists to prioritizing self-disclosure above all else.
Volkov's perspective on the Department of Justice's (DOJ) FCPA enforcement actions is both critical and analytical, shaped by his extensive experience. He underscores the necessity of transparency and explanation in the factors considered by the DOJ, highlighting its significance to practitioners in the field. Volkov also recognizes the shift in DOJ policy towards data-driven compliance, requiring companies to provide data to substantiate their conclusions and demonstrate their compliance efforts. He further notes the evolving landscape of voluntary disclosure and remediation, suggesting these areas are now pivotal in the DOJ's enforcement approach. Volkov's insights reflect a nuanced understanding of the changing dynamics in FCPA enforcement and the imperative for companies to adapt to these shifts.
Key Highlights
· Importance of Cooperation in Corporate Enforcement Cases
· Incentivizing Self-Disclosure in DOJ's FCPA Enforcement
· Increased Penalty Reduction for Voluntary Self-Disclosure
· DOJ's Evolving Approach to Corporate Penalties
· Benefits of Voluntary Self-Disclosure in Enforcement
Resources
Volkov Law Group
Corruption, Crime and Compliance
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/26/2024 • 42 minutes, 14 seconds
Nick Gallo on The Ethics and Compliance Optimization System
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Nick Gallo, co-CEO at Ethico, to discuss its Ethics and Compliance Optimization System.
Nick Gallo, co-CEO of Ethico, is a seasoned professional with a robust background in ethics and compliance, and a key player in the development and promotion of Ethico’s ethics and compliance optimization system. Gallo’s perspective on the topic of ethics and compliance optimization systems is shaped by his belief in a comprehensive, integrated approach to managing compliance efforts. He sees this system as a next-generation tool that interacts with other data pools, generating more analytics and insights. His experience has led him to advocate for a centralized repository for various types of business information, which can be accessed by compliance teams for better visibility across all data silos within an organization. Gallo also stresses the importance of automation and integration to eliminate manual and repetitive tasks, allowing compliance professionals to focus on more strategic and value-added activities.
Key Highlight:
Creating a centralized system for streamlining ethics and compliance
Why compliance needs a centralized data system for compliance professionals
The prevalence of retaliation in organizations
Leveraging data for proactive risk mitigation
Resources:
Nick Gallo on LinkedIn
Ethico
Ethics and Compliance Optimization System
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/19/2024 • 16 minutes, 52 seconds
Navigating DOJ Investigations: Insights from Joshua Drew
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Joshua Drew, a Member of Miller & Chevalier who practices in the firm’s white collar and FCPA practice areas.
Joshua Drew, a seasoned attorney with a rich background in the Department of Justice (DOJ) and the Foreign Corrupt Practices Act (FCPA), recently joined the litigation group at Miller & Chevalier. His perspective on joining the firm is largely influenced by his admiration for the team’s expertise, having interacted with several of the firm’s lawyers during his tenure at Vimple.com, now Veon. He also found the firm’s practice areas, particularly FCPA work and general litigation, to be in perfect alignment with his experience. Moreover, he appreciated the firm’s smaller size, strategic focus, and subject-matter expertise, making his decision to join Miller & Chevalier a no-brainer.
To learn more about Joshua Drew’s journey and his insights, join Tom Fox and Joshua Drew on this episode of the FCPA Compliance Report.
Key Highlight:
Drews’s extensive Compliance and Litigation Experience
Streamlining Investigations and Improving Compliance at HP
Life under the monitor at Veon
Impressive Team and Strategic Focus at Miller
Incentivizing Disclosure and Cooperation in Mergers
Resources:
Joshua Drew on LinkedIn
Miller & Chevalier Chartered
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/12/2024 • 34 minutes, 41 seconds
Dr. Karen Jacobson on Bridging Cultural Divides for International Success
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, I visited Dr. Karen Jacobson, a renowned expert in organizational leadership and communication. She provides guidance for compliance professionals around leadership.
Dr. Karen Jacobson is a seasoned professional with a rich background in healthcare, public speaking, and business consulting. Her perspective on effective leadership and communication in diverse workplaces is shaped by her experiences in war, the military, healthcare, and even her time as a competitive amateur ballroom dancer. Jacobson believes that effective leadership requires understanding and adapting to the needs of different audiences, tailoring communication to resonate with them, and being culturally aware. She emphasizes the importance of leaders adapting their language and communication style based on the audience’s behavior style, emotions, and level of understanding and learning about the customs, language, and etiquette of the cultures they interact with.
Join Tom Fox and Karen Jacobson on this episode of the FCPA Compliance Report to delve deeper into this insightful perspective.
Key Highlights:
The Power of Active Listening in Leadership
The Art of Navigating Generational Communication
Bridging Cultural Divides for International Success
Developing Middle Managers through Targeted Training
Understanding Generational Values and Communication Styles
Resources:
Karen Jacobson
Website
LinkedIn
Facebook
Twitter
YouTube
Instagram
Tom Fox
Instagram
Facebook
YouTube
Twitter
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/5/2024 • 30 minutes, 34 seconds
Karen Woody on Officers Duty of Oversight
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Professor Karen Woody and they take a deep dive into the Segway case from Delaware.
The bottom line is that proving bad faith and breaching the duty of oversight remains a challenging task. The conversation delved into the fiduciary duties of directors and officers, specifically the duty of care and the duty of loyalty. The duty of care requires fiduciaries to be well-informed about material information and exercise prudence in decision-making. On the other hand, the duty of loyalty necessitates undivided interests towards the corporation, with no conflicts of interest or self-dealing.
The duty of oversight, derived from the landmark Caremark case in 1996, is an extension of the duty of loyalty. It requires the establishment of information reporting systems and compliance programs to inform senior management and the board about potential issues. There are two prongs to bring a duty of oversight claim: the systems or information prong and the red flag prong. The former focuses on the absence or ineffectiveness of systems, while the latter deals with the conscious disregard of red flags.
However, proving bad faith and breaching the duty of oversight is a high bar to clear. The Caremark standard is challenging to meet, and most cases are dismissed on a motion to dismiss. The recent Segway case, following the McDonald's case, indicated a pushback against lowering the bar for officers compared to directors. The interpretation of the duty of oversight remains stringent, emphasizing the need for strong evidence of bad faith.
The conversation concluded by acknowledging the importance of context and the specific facts of each case. While there has been a slow march of weakening the Caremark standard in some cases, the facts in those instances were particularly egregious. The recent cases discussed in the episode did not exhibit the same level of egregiousness, leading to a retraction and a reaffirmation of the high bar set by the Caremark standard.
Resources
Karen Woody on LinkedIn
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/29/2024 • 13 minutes, 5 seconds
Jay Rosen on SAP’s Road to FCPA Compliance
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Jay Rosen who discusses the recent FCPA enforcement action involving the software giant SAP.
Jay Rosen is a seasoned compliance professional with a deep understanding of the SAP FCPA enforcement case. His perspective on the topic of SAP’s FCPA enforcement case and the importance of cooperation and self-disclosure is shaped by his belief that self-disclosure is paramount in any FCPA investigation or enforcement action. He points out that SAP did not initially self-disclose, but began to cooperate only after investigative reports were made public in South Africa. Despite this, Rosen acknowledges SAP’s commendable efforts in providing regular, prompt, and detailed updates to the fraud section, producing relevant documents, and undertaking extensive remediation actions. He underscores the importance of conducting a root cause analysis, implementing data analytics, and enhancing compliance programs and internal controls, asserting that companies can recover if they follow these steps and use data-driven analytics to counterbalance any negative facts. Join Tom Fox and Jay Rosen as they delve deeper into this topic on this episode of the FCPA Compliance Report.
Key Highlights:
The facts and underlying bribery schemes
Lack of self-disclosure and what it means
Extensive cooperation
Extensive remediation
A superior result achieved
Resources
Jay Rosen on LinkedIn
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/22/2024 • 13 minutes, 15 seconds
Frank Orlowski on Navigating Challenges in Operating in Emerging Markets
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Frank Orlowski.
Frank Orlowski is a seasoned professional with a wealth of experience in managing emerging markets in the pharmaceutical industry, having spent over 25 years at Pfizer Pharmaceuticals. His extensive knowledge, particularly in South America, Middle East Asia, and Eastern Europe, where he faced difficulties in compliance, controls, and adhering to US accounting regulations, has shaped his perspective on managing emerging markets. Orlowski emphasizes the importance of understanding different cultures, regulations, and geopolitical issues when working in these markets. After retiring from Pfizer, he founded the Ation Advisory Group, where he leverages his expertise to assist companies in commercializing products in the life science industry. Join Tom Fox and Frank Orlowski on this episode of the FCPA Compliance Report podcast to gain more insights into managing emerging markets in the pharmaceutical industry.
Key Highlights:
Frank Orlowski’s Global Financial Expertise
Navigating Unique Obstacles in Emerging Markets
Navigating Cultural Differences in Emerging Market Compliance
Creative Employee Rewards and Engagement Strategies
Enhancing Healthcare Through Medtech Innovations
The Integrated Legal Division at Pfizer
Resources:
Frank Orlowski on LinkedIn
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/8/2024 • 31 minutes, 17 seconds
John Gebauer and John Van Der Wal on Implementing Comprehensive Strategies for Regulatory Rule Compliance
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes John Gebauer, Chief Regulatory Officer at COMPLY, and John Van Der Wal, Senior Director, Compliance Advisory at COMPLY.
John Gebauer and John Van Der Wal are seasoned professionals in the financial industry, each with over three decades of experience and a focus on regulatory changes and compliance challenges. Gebauer believes that there is a need for stricter controls and requirements in the ESG space. He emphasizes the importance of firms having the necessary documents and procedures to back up their claims of being ESG advisors. Van Der Wal shares a similar perspective. He stresses the need for more controls and requirements in ESG advising, the importance of vendor due diligence, and the potential of AI and machine learning technologies in preventing inappropriate activity. Both Gebauer and Van Der Wal highlight the importance of staying up-to-date with changing rules and regulations in the financial industry. Join Tom Fox, John Gebauer, and John Van Der Wal on this episode of the FCPA Compliance Report to delve deeper into these insights.
Key Highlight:
Compliance Consulting Expert: John Gebauer
Private Fund Reform Rule: Addressing Industry Concerns and Improving Practices
Comprehensive Approach for Rule Implementation
Cybersecurity Measures to Prevent Insider Trading
The Impact of Cybersecurity Regulations on Finance
Resources:
John Gebauer on LinkedIn
COMPLY
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2024 • 36 minutes, 25 seconds
Carrie Penman with Insights from The SEC's Office of The Whistleblower Annual Report
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Carrie Penman from Navex with insights from the SEC’s Office of the Whistleblower Annual Report.
Carrie Penman is a seasoned compliance professional and writer with a profound understanding of the surge in whistleblower reports and concerns in the SEC’s office. Penman’s perspective on the topic is that the significant rise in whistleblower tips being reported to the SEC is due to high-profile cases where whistleblowers have received substantial financial awards, which has raised awareness among employees and encouraged them to utilize the whistleblower program.
She also notes a decrease in internal reporting on accounting-related issues, suggesting that organizations should further examine this trend. Penman emphasizes the importance of addressing retaliation issues and fostering a culture that encourages internal reporting. She advocates for training first-line managers and supervisors to properly handle and escalate whistleblower reports, viewing the increase in whistleblower reports as a long-term issue that requires a multi-pronged effort and cultural change within organizations. Join Tom Fox and Carrie Penman on this episode of the FCPA Compliance Report to delve deeper into this topic.
Key Highlight:
Increase in Whistleblower Tips and Rewards
The Discrepancy Between Internal and External Reporting
The Crucial Role of First-Line Managers and Supervisors in Addressing Employee Concerns
Building a robust culture of speaking up
Resources:
Carrie Penman on LinkedIn
Navex
Tom Fox
Instagram
Facebook
YouTube
Twitter
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/26/2023 • 22 minutes, 6 seconds
Sam Tate on The UK Economic Crime and Corporate Transparency Act
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Sam Tate, partner at RPC, who discusses the UK's Economic Crime and Corporate Transparency Act.
Sam Tate is a seasoned partner at RPC, an international law firm specializing in anti-corruption, compliance, and financial crimes. With a rich background in the oil and gas industry, including a stint as the head of anti-corruption at BP, Sam has a unique perspective on the UK's Economic Crime and Corporate Transparency Act and its role in enhancing corporate transparency and accountability. He believes that the Act is a significant development, particularly in its expansion of liability to senior managers and the introduction of a new failure to prevent fraud. These changes, he argues, necessitate a reevaluation and adaptation of companies' compliance programs to safeguard against potential offenses. Join Tom Fox and Sam Tate as they delve deeper into this topic on this episode of the FCPA Compliance Report.
Key Highlights:
Enhancing the Corporate Transparency and Accountability Act
Adapting to New Fraud Regulations and Compliance
The Evolution of Financial Crime Enforcement in the UK
Strict Liability for Company Fraud Offenses
The Extent and Impact of Fraud
Resources
Sam Tate on LinkedIn
RPC
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/18/2023 • 25 minutes, 34 seconds
FCPA Compliance Report- Ryan Lougheed on Teamwork and Communication: Lessons from Esports and GRC
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Ryan Lougheed.
Ryan Lougheed has over twelve years of experience in the Governance, Risk, and Compliance (GRC) field, currently serving as the director of platform at Onspring, a SaaS GRC platform and business process automation platform. Drawing from his background in esports, Lougheed believes that teamwork and communication are crucial in both the GRC space and the world of esports. He emphasizes the importance of effective and efficient communication, especially in high-stress situations, and believes that these skills can be carried over to a compliance-focused career.
In the context of esports, Lougheed explains that communication is vital in a team of five players, and that professional esports organizations provide resources such as physical trainers and sports psychologists to support their players' communication skills. He also notes that the esports industry is evolving, with larger companies creating brands around individual streamers and organizations acting as agents to help grow the streaming culture. Join Tom Fox and Ryan Lougheed on this episode of the FCPA Compliance Report podcast to delve deeper into the importance of teamwork and communication in GRC.
Key Highlights
· GRC Collaboration and Communication
· Streamlining compliance with Onspring's centralized platform
· Streamlining Communication in High-Stress Compliance Situations
· Leveraging Esports Skills for GRC Success
Resources
Ryan Lougheed on LinkedIn
Onspring
Tom Fox
Instagram
Facebook
YouTube
Twitter
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/11/2023 • 27 minutes, 36 seconds
The Culture Audit™ for Culture Assessments
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Sam Silverstein to talk about the new software product, The Culture Audit™ which allows a compliance professional to perform a culture assessment as required by the Department of Justice.
In the ever-evolving corporate world, the importance of assessing and improving corporate culture cannot be overstated. This is the focus of The Culture Audit™, a software tool that provides a comprehensive assessment of a company's culture, identifying potential risks and areas for improvement, developed by Sam Silverstein and the Accountability Institute. Tom views The Culture Audit™ as a valuable tool, especially in light of the Department of Justice's focus on corporate culture in white-collar enforcement actions. He sees culture as a risk that can be assessed, managed, and continuously improved.
Sam shares this perspective and with his extensive experience in accountability and leadership, he emphasizes the importance of regular culture assessments, which can lead to a better bottom line by fostering a culture of high ethics, employee engagement, and quality decision-making. To learn more about the Culture Audit and how it can benefit your organization, join Tom Fox and Sam Silverstein on this episode of the FCPA Compliance Report podcast.
Key Highlights
Culture Assessment and Risk Identification Tool
Multilingual Communication Tool for Global Organizations
Creating a Data-Driven Workplace Culture
The Culture Audit™: Assessing and Improving Workplace Culture
Measuring Relational Commitments for Organizational Success
Resources
Culture Audit
Set up a call to discuss the Culture Audit, click here
Sam Silverstein and the Accountability Institute
Sam Silverstein on LinkedIn
Tom Fox
Instagram
Facebook
YouTube
Twitter
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2023 • 29 minutes, 18 seconds
Alex Cotoia and Daniela Meléndez Communications Compliance
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Alexander Cotoia and Daniela Meléndez from the Volkov Law Group to discuss the challenges and legal implications of ephemeral messaging in business.
Cotoia's perspective emphasizes the significant risks ephemeral messaging poses for companies, particularly in terms of compliance and data preservation. He advocates for proactive measures, such as refining data preservation policies and monitoring all business-related electronic data. Similarly, Melendez, with her extensive knowledge and experience in conducting internal investigations, underscores the potential legal liabilities companies may face if they fail to secure relevant information. She cites real-world examples, like the Google case, to stress the importance of enforcing document preservation policies and educating employees on their responsibilities. Join Tom Fox, Alex Cotoia, and Daniela Meléndez as they delve deeper into this topic on the next episode of the FCPA Compliance Report podcast.
Key Highlights
· Ephemeral Messaging: Balancing Compliance and Risk
· Preserving Evidence and Compliance in Messaging
· Data Preservation Policies and Risk Assessment
· Paradigm Shift in Monitoring Business Communications
Resources
Alex Cotoia on LinkedIn
Daniela Melendez on LinkedIn
Volkov Law Group
Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/27/2023 • 20 minutes, 18 seconds
Compliance Lessons from Venice - Into The Lion's Mouth
In Part 3 of this special 3-episode series, we explore how Venice created the first modern hotline and whistleblower reporting system. Whistleblower and hotline reporting systems in compliance programs are crucial tools for organizations, providing a confidential platform for employees to report misconduct. Fox emphasizes the value of using an external hotline system, which offers an additional layer of anonymity and impartiality and can bring specialized expertise that may be difficult to match within an organization.
He also highlights the role of hotlines in collecting detailed information, which can provide greater insight into situations and help protect companies from accusations of negligence or wrongdoing. Furthermore, Fox underscores the need for hotlines to inspire employee confidence, offer on-demand support from subject matter experts, and provide inbuilt litigation support and avoidance tools. Join Tom Fox in this episode of the Compliance Lessons from Venice podcast to delve deeper into the significance of hotline reporting systems in compliance programs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/22/2023 • 10 minutes, 22 seconds
Compliance Lessons from Venice - Arsenale and Corporate Culture
In Part 2 of this special 3-part series, we continue our look at compliance lessons from Venice by reviewing the Arsenale and corporate culture. The Arsenale district in Venice, a significant maritime hub from the mid-1200s to mid-1400s, serves as a fascinating historical example of compliance program implementation. The district was renowned for its innovative shipbuilding techniques, which were zealously guarded as state secrets through strict regulations and severe punishments for violators.
Tom draws parallels between the practices of the Arsenale district and the guidance provided by the DOJ and SEC. He emphasizes the importance of a balanced approach to compliance, incorporating both incentives and discipline. Fox suggests that companies should provide job security, compensation for mishaps, and assistance to families as incentives for employees to remain loyal and compliant, while also using financial rewards, promotions, and acknowledgments as effective tools for incentivizing compliance. Join Tom Fox on this episode of the Compliance Lessons from Venice podcast as he delves deeper into the lessons that can be learned from the Arsenale district's historical example.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/21/2023 • 11 minutes
Compliance Lessons from Venice - Doing Compliance The Old Fashioned Way
Today we begin a special holiday podcast series on compliance lessons from Venice. In Part 1, we are doing compliance in the old-fashioned way.
The importance of compliance departments and the simplicity of compliance programs cannot be overstated. These elements are vital in maintaining ethical standards within an organization. An effective compliance program must have a compliance department that is adequately staffed with professionals who can handle the day-to-day compliance work. He argues that these departments should not only have the necessary headcount but also the expertise to answer questions and provide guidance to company personnel. Fox also underscores the significance of basic methods in compliance programs, likening them to the simple yet effective block-and-tackle pulley system used in Venice. Join Tom Fox as he delves deeper into this topic in the Compliance Lessons from Venice podcast episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/20/2023 • 9 minutes, 15 seconds
Billy Jacobson on Building a Boutique Law Firm
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Billy Jacobson, well-known to the compliance community, who recently opened a new boutique law firm, Jacobson Lopez. We talk about why he co-founded the firm, the type of work it takes on, and where he hopes it might grow.
Billy Jacobson is a seasoned attorney with a rich background in white-collar law and compliance, having served as a DOJ attorney and worked on high-profile fraud cases such as the Enron trials and as CCO at Weatherford. His perspective on Jacobson Lopez, a boutique law firm specializing in compliance and investigations, is shaped by his experience and expertise in AML, FCPA, and BSA practices. With his partner, Jonathan Lopez, Billy co-founded Jacobson Lopez, a boutique law firm offering specialized services in compliance work, internal investigations, government enforcement, and individual representation. They aim to provide big law firm expertise at more modest rates, with greater flexibility and no conflict issues, positioning their firm as an alternative to larger law firms. To gain more insights into Billy's perspective and the work of Jacobson Lopez, join Tom Fox and Billy Jacobsen on this FCPA Compliance Report podcast episode.
Key Highlights
Boutique White Collar Law Firm in DC
Organic Growth and Strategic Partnerships in Law
Federal Prosecution Experience: Navigating Complex Legal Issues
Resources
Billy Jacobsen on LinkedIn
Jacobson Lopez
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/13/2023 • 16 minutes, 31 seconds
Susan Divers – 2023 LRN Global Standards Edition
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back LRN’s Susan Divers to discuss the second report 2023 from LRN on the LRN Ethics & Compliance Program Effectiveness Report, 2023 Global Standards Edition.
Susan Divers is a seasoned professional in ethics and compliance, working closely with Tom Fox and associated with LRN. She strongly believes in the significance of ethics and compliance programs in companies, emphasizing the need for continuous training and reminders to ensure employees understand and adhere to the rules and expectations. Susan has noticed a trend of integrating ethics and compliance considerations into HR systems, such as performance reviews and promotions, to hold individuals accountable for their actions. She advocates for a shift from rule-based to values-focused programs, emphasizing personal responsibility and implementing policies like Clawback to address misconduct and enforce consequences. Join Tom Fox and Susan Divers as they delve deeper into this topic on the next episode of the FCPA Compliance Report podcast.
Key Highlights:
Values-Based Ethics and Compliance Programs
Continuous Learning and Reinforcement for Ethical Behavior
A values-focused approach to Ethics and Compliance
Creating a Culture of Integrity and Accountability
Resources:
Susan Divers on LinkedIn
LRN
Ethics & Compliance Program Effectiveness Report, 2023 Global Standards Edition
Tom Fox
Threads
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/6/2023 • 25 minutes, 24 seconds
Marco Goldberg - Creating Trust with Comprehensive Solutions
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Marco Goldberg, Managing Director of EQS Group's North American Business, which assists organizations in navigating the complex world of compliance and building a culture of trust.
Marco Goldberg is a seasoned professional in corporate compliance and investor relations solutions, with a rich background in international industrial management and an MBA from the Berlin School of Business and Entrepreneurship. The EQS Group is a leading provider of corporate compliance and investor relations solutions, serving about 9,000 customers globally. He emphasizes the importance of trust in international organizations and sees EQS Group's mission as helping to create trusted companies through their solutions. His experiences in the industry and his active participation in hosting the ECEC, Europe's largest compliance conference, have shaped his perspective. Join Tom Fox and Marco Goldberg on this episode of the FCPA Compliance Report podcast to learn more about his insights and experiences.
Key Highlights:
Creating Trusted Companies with Comprehensive Solutions
IntegrityLine: Empowering Employees for Compliance
EU Whistleblower Protection Directive: Creating a Culture of Integrity
Centralizing Compliance Workflows with AI Technology
The Transformative Power of AI in Compliance
Resources:
Marco Goldberg on LinkedIn
EQS Group
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/30/2023 • 31 minutes, 21 seconds
Marco Goldberg - Creating Trust with Comprehensive Solutions
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Marco Goldberg, Managing Director of EQS Group's North American Business, which assists organizations in navigating the complex world of compliance and building a culture of trust.
Marco Goldberg is a seasoned professional in corporate compliance and investor relations solutions, with a rich background in international industrial management and an MBA from the Berlin School of Business and Entrepreneurship. The EQS Group is a leading provider of corporate compliance and investor relations solutions, serving about 9000 customers globally. He emphasizes the importance of trust in international organizations and sees EQS Group's mission as helping to create trusted companies through their solutions. His perspective is shaped by his experiences in the field and his active involvement in hosting Europe's largest compliance conference, the ECEC. Join Tom Fox and Marco Goldberg on this episode of the FCPA Compliance Report podcast to learn more about his insights and experiences.
Key Highlights:
Creating Trusted Companies with Comprehensive Solutions
IntegrityLine: Empowering Employees for Compliance
EU Whistleblower Protection Directive: Creating a Culture of Integrity
Centralizing Compliance Workflows with AI Technology
The Transformative Power of AI in Compliance
Resources:
Marco Goldberg on LinkedIn
EQS Group
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/30/2023 • 33 minutes, 47 seconds
Chip Jones on Record Keeping Requirements for Messaging Compliance
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Chip Jones to discuss the recent spate of enforcement actions in the messaging compliance arena.
Chip Jones, the Executive Vice President of Compliance at Global Relay, is an expert in e-communications archiving and compliance solutions for the financial services industry, focusing on instant messaging compliance and enforcement actions related to off-channel communications. Chip believes technology plays a vital role in regulating off-channel communications in financial services, emphasizing the importance of capturing and supervising all communications, including those on personal devices, to ensure compliance with SEC record-keeping requirements. He acknowledges that using personal devices for communication has been prevalent for years, but the pandemic has accelerated this trend. Chip suggests that technological solutions, such as the Global Relay app, can help financial professionals communicate compliantly, and he emphasizes the importance of education and tone from the top in promoting compliance. Join Tom Fox and Chip Jones on this FCPA Compliance Report podcast episode to delve deeper into this topic.
Key Highlights:
Compliant Communication Solutions for Financial Firms
Regulatory Enforcement of Off-Channel Communications
Failure Factors: Violation of Record-Keeping Requirements
Proactive Compliance and Cooperative Remediation in Financial Firms
Resources:
Chip Jones on LinkedIn
Global Relay
Tom Fox
Threads
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/23/2023 • 22 minutes, 37 seconds
Albemarle FCPA Enforcement Action-Holdbacks
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today Kristy Grant-Hart reviews the holdbacks on the internal controls failures and other areas identified in the SEC enforcement action.
In this episode of the FCPA Compliance Report podcast, we delve into the critical topic of clawbacks and consequence management in compliance programs, particularly in relation to the Foreign Corrupt Practices Act (FCPA). Our host, Tom Fox, brings a unique perspective to the table, expressing disappointment over the lack of clawbacks in a recent case, but emphasizing the importance of consequence management, such as withholding bonuses from employees involved in misconduct. Fox's insights are shaped by his extensive experience in the field, and he underscores the need for businesses to shift their models in response to investigations and compliance violations. He also highlights the significance of a proactive approach to addressing compliance issues and the need for a significant change in the business model. Join Tom Fox as he navigates the complex world of compliance in this enlightening episode of the FCPA Compliance Report podcast.
Key Highlights
· The Significance of Consequence Management in FCPA Investigations
· The Significance of Shifting Business Models
· Holdbacks going forward
Resources
Tom Fox blog post series on the Albemarle FCPA Enforcement Action.
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we have Karen Moore on the internal controls failures and other areas identified in the SEC enforcement action.
The recent FCPA enforcement action against Albemarle has sparked a lively debate in the compliance community, particularly regarding the company’s internal controls, imposed penalties, and the lack of monitorship. While Karen is surprised at this development, Tom believes it is consistent with the new DOJ FCPA policy.
One of the key takeaways from the episode is the importance of thorough due diligence and stronger measures to prevent corruption. The case highlights the need for compliance officers to operate beyond their comfort zones and ensure that the right people receive the right training to spot issues. It also raises questions about the credibility of messages about risk tolerance from senior leadership and the effectiveness of deal reviews. Join us as we dive deeply into these issues in this FCPA Compliance Report podcast episode.
Key Highlights:
Albemarle’s Penalties
Identifying Red Flags in Due Diligence
Including Monitors in Plea Deals for Compliance
Resources:
Tom Fox blog post series on the Albemarle FCPA Enforcement Action.
Tom Fox
Threads
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/17/2023 • 15 minutes, 1 second
Albemarle FCPA Enforcement Action – Overview
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we open with Matt Kelly, providing an overview.
The intriguing case of Albemarle, a chemicals company embroiled in a bribery scheme, is a stark reminder of the importance of compliance and timely remediation measures. Albemarle faced hefty fines and penalties, totaling over $218 million, for using intermediaries to sell chemicals to state-owned oil companies and funnel bribes to government officials. However, the company’s swift action in withholding bonuses during their internal investigation and implementing remedial measures, such as eliminating sales agents and adopting a direct sales approach, was recognized and credited.
We underscore the significance of Albemarle’s transformation of its business model as a positive remediation measure that effectively reduces corruption risk. We also emphasize the importance of timely self-disclosure and the benefits of initiating remediation measures before an investigation is complete. The fines and penalties imposed on Albemarle are among the largest FCPA settlements in 2023. Join us in this FCPA Compliance Report podcast episode as we dive deeply into the regulatory outcome, remediation efforts, and compliance lessons from Albemarle’s case.
Key Highlights:
Bribery Scheme with “Friend” Emails
Identifying and Addressing Control Gaps for Ethical Business Practices
FCPA Settlement and Corruption Risk Reduction
Resources:
Tom Fox blog post series on the Albemarle FCPA Enforcement Action.
Tom Fox
Threads
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/16/2023 • 14 minutes, 30 seconds
Jim Walton on LRN’s 2023 Code of Conduct Report
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Jim Walton to discuss LRN’s always great annual Code of Conduct Report.
Jim Walton is a well-known compliance professional with a background in engineering and a passion for assessing and improving corporate codes of conduct effectiveness. His perspective on this topic is shaped by his extensive experience, including his current role as a Director on LRN’s Advisory Services team, where he leads their code of conduct practice. Jim believes a company’s code of conduct should reflect its character, culture, and values, serving as a foundation for its ethical culture. He emphasizes the importance of the code being a useful resource for employees, providing guidance on ethical decision-making and access to detailed information and resources. Jim also acknowledges that there is always room for improvement in corporate codes of conduct, even among some of the largest companies in the world. Join Tom Fox and Jim Walton on this FCPA Compliance Report podcast episode to take a deep dive into Codes of Conduct.
Key Highlights:
Evaluating the Effectiveness of Company Codes of Conduct
Codes of Conduct Evaluation and Best Practices
Comprehensive and User-Friendly Code of Conduct
Eight Dimensions for an Effective Code of Conduct
Resources:
Jim Walton on LinkedIn
LRN
LRN 2023 Code of Conduct Report
Tom Fox
Thread
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/2/2023 • 24 minutes, 12 seconds
Adam Pollock- Mission Driven Law: Serving the Greater Public Good
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Adam Pollock, co-founder of PollockCohen and Qui Tam/FCA expert.
Adam Pollock is an experienced lawyer with a unique blend of expertise in computer science and law. Having studied computer science at the University of Michigan before transitioning into law at the University of Pennsylvania, Pollock has spent over 15 years in the legal field, specializing in white-collar defense, Qui Tam cases, False Claims Act cases, whistleblower suits and public advocacy. His law firm's impactful public advocacy cases is rooted in a mission-driven approach, focusing on cases that serve a greater public good. He cites examples such as challenging the government over the regulation of menthol cigarettes, which disproportionately affect the African American community, and fighting for the rights of New York City retirees. Pollock's work is driven by a desire to create positive change and make a difference. Join Tom Fox and Adam Pollock as they delve deeper into these topics on this episode of the FCPA Compliance Report podcast.
Key Highlights
· How far back Qui Tam case go in history
· The intersection of Qui Tam, FCA and whistleblower cases
· Mission Driven Litigation
· Private Attorney Generals?
· The FCA at the Supreme Court
Resources
Adam Pollock on LinkedIn
PollockCohenLLP
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/25/2023 • 34 minutes, 9 seconds
Carlos Munoz on Implementing Effective Compliance Programs in Latin America
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcome Carlos Munoz, Chief Compliance Officer at CMPC in Chile. We discuss operationalizing compliance at CMPC and in Latin America.
Carlos Munoz is a seasoned Chilean attorney with decided experience in implementing and advancing compliance programs in Latin America. His perspective on the subject is shaped by his extensive experience and understanding of the unique challenges in the region. Munoz identifies two major hurdles in implementing effective compliance programs in Latin America: the need to tailor programs to both global and local contexts due to cultural nuances and differing perceptions of corruption, and the pressing issue of money laundering, fueled by illegal activities such as corruption, drug trafficking, and human trafficking. He believes that Latin America lags in anti-money laundering efforts, which are crucial in combating corruption, and advocates for compliance programs that address these issues while considering cultural differences. Join Tom Fox and Carlos Munoz as they delve deeper into these topics and more in this episode of the FCPA Compliance Report podcast.
Key Highlights
· CMPC's Compliance Program Addressing Antitrust Infringement
· Navigating Cultural Nuances and Money Laundering: Compliance Challenges in Latin America
· CMPC's Comprehensive Compliance Training Program
· The Rise of Technologically Savvy Compliance Experts in Chile
· Dynamic Networking Opportunities for Compliance Professionals
Resources
Carlos Munoz on LinkedIn
The FinCEN Report Company
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/18/2023 • 30 minutes, 40 seconds
Dottie Schindlinger on Corporate Governance and the Diligent Institute
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Dottie Schindlinger, Executive Director of the Diligent Institute.
The Diligent Institute, the governance research arm of Diligent Corporation, is on a mission to promote governance excellence by providing valuable resources and support to board members and senior leaders. Through research, thought leadership, podcasts, web shows, and certification programs, the institute addresses topics such as climate leadership, ESG, cyber risk, strategy, and AI ethics. Programs like the Next Gen Board Leaders Program and Director Network software facilitate peer-to-peer networking and board opportunities.
The Diligent Academy offers e-learning certification programs for directors, while the Diligent Forum provides a platform for directors to discuss specific themes with guest speakers. The conversation emphasizes the importance of empowering board members with the right information and insights to make informed decisions. It also discusses the changing role of directors in today's business landscape, with a focus on digital transformation, cybersecurity, and customer satisfaction. The Diligent Institute aims to be a trusted resource for directors, providing valuable knowledge and understanding of their needs.
Key Highlights:
· Diligent Institute: Empowering Board Leaders
· Diligent Academy and Forum
· ESG Momentum
· ESG Views and Director Confidence
· The Changing Role of Directors
Resources
Dottie Schindlinger on LinkedIn
The Diligent Institute
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/11/2023 • 24 minutes, 26 seconds
Jason Patel on Leveraging and Protecting Data
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Jason Patel as they delve into the critical aspects of go-to-market security, market intelligence security, and customer privacy enforcement in today's digital world.
They discuss the importance of protecting businesses and customers' experiences, leveraging data for security and marketing strategies, and ensuring compliance with privacy legislation like GDPR and CCPA. They highlight the services offered by Cheq.ai, a company specializing in go-to-market security, and stress the need for real-time compliance and a transparent approach involving various stakeholders. The conversation also explores the risks of relying solely on vendors for compliance and the impact of opt-in and opt-out strategies in data privacy. Looking ahead, they predict data privacy to be a leading issue, emphasizing the need for clear and explicit internet regulations to protect businesses and consumers.
Key Highlights
· Check: Go-to-Market Security and Customer Privacy Enforcement
· Designing GDPR-compliant controls
· Real-time compliance in data tracking
· The Impact of Opt-In vs Opt-Out Strategies
· The Future of Internet Regulations
Resources
Cheq.ai
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/28/2023 • 24 minutes, 16 seconds
Jonathan Wilson on Simplifying Corporate Transparency
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcome Jonathan Wilson, lawyer and co-founder of the FinCEN Report Company which will simplify the process of filing beneficial ownership reports under the Corporate Transparency Act.
The Corporate Transparency Act, a bipartisan law passed in 2020 to combat corporate anonymity and money laundering in the US. The law requires companies to disclose personal information about individuals with ownership stakes or substantial control. The Finsen Report Company offers an online filing engine for secure and easy report submission. This new tool facilitates collaboration between attorneys and clients, ensuring authorized access to information. The Corporate Transparency Act aims to protect the integrity of the financial system and prevent illicit activities by creating a database accessible to banks and law enforcement. Although the law's implementation has been delayed, businesses need to prepare for initial beneficial ownership reports. The law is crucial in combating money laundering globally, aligning the US with Western Europe in anti-money laundering efforts and promoting international cooperation.
Key Highlights
· The FinCEN Report: Simplifying Corporate Transparency
· Corporate Transparency Act and Law Firm Collaboration
· Corporate Transparency Act Implementation
· Challenges of Identifying Beneficial Owners
· The Corporate Transparency Act: Combating Money Laundering
Resources
Jonathan Wilson on LinkedIn
The FinCEN Report Company
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/21/2023 • 25 minutes, 13 seconds
Mike DeBernardis on the Cognizant Investigation Ruling
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back fan favorite Mike DeBernardis, partner at Hughes Hubbard Reed. We take a deep dive into the trial court ruling in the Coburn and Schwartz claim that the Cognizant internal investigation which identified them was run by the DOJ and should be tossed for the lack of federal criminal procedural protections.
A recent district court decision on an FCPA case has significant implications for future investigations. The trial court emphasized the importance of a fully developed record and provided guidance for companies conducting internal investigations while cooperating with the government. The episode emphasizes the need for independent investigations, the distinction between government-directed investigations and cooperation with the DOJ, and the timeline of events that shows the importance of self-disclosure by the company. It also discusses the significance of independent decision-making in corporate investigations and the importance of documenting investigations to build a strong record. The restrictions placed on employee interviews during investigations are also addressed, with a suggestion for clear guidelines and procedures to ensure fair and effective interviews. Overall, the episode highlights the practical implications of the court decision and sets a standard for future investigations in FCPA cases.
Key Highlights
· FCPA Pretrial Work
· Importance of Independent Decision-Making
· Importance of Documenting Investigations
· Restrictions on Employee Interviews
· Investigation world cases
Resources
Mike DeBernardis
Hughes Hubbard Reed
Court Opinion in US v. Coburn
Tom Fox
Instagram
Facebook
YouTube
Twitter
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/14/2023 • 23 minutes, 44 seconds
Fighting Forced Labor with Supplier Due Diligence
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Ragini Bhalla, head of content and PR for Creditsafe, focusing on the North American region, and Steve Carpenter, Country Manager for Creditsafe in Canada. Their discussion centers around a new Canadian law designed to combat human trafficking forced labor, and child labor within supply chains. Throughout the conversation, they shed light on the practices of various multinational corporations, emphasizing the need for cohesive anti-slavery reporting and measures across different jurisdictions. It becomes evident that addressing these critical issues requires collaboration and comprehensive efforts from all parties involved.
A key to compliance with ethical sourcing and compliance with this new Canadian law is through a company’s Supply Chain. Companies must ensure their supply chains are free from forced labor and child labor, and Credit Safe provides services to help. The Canadian Forced Labor Law and the UK’s Modern Slavery Act are steps toward making companies accountable for their actions, but governments must also work with countries like India, Bangladesh, and China to create real change. Non-compliance can lead to fines, customer trust loss, and potential stock dips, and due diligence checks and audits are necessary for companies to protect the integrity of their supply chains. Ethical sourcing is a complex issue requiring collaboration between governments, companies, and experts.
Creditsafe is in a unique position to assist companies comply with laws making illegal human trafficking, forced labor, and child labor. In this podcast, you will learn how to investigate your suppliers in a way that enhances your business operations. Once again, this demonstrates that effective compliance leads to more effective business processes, leading to greater profitability.
Key Highlights
· Fighting Forced Labor
· ESG Supply Chain Auditing
· Canadian Compliance Law
· Reputational Risk of Non-Compliance
· Ethical Sourcing
Resources
Ragini Bhalla on LinkedIn
Steve Carpenter on LinkedIn
Creditsafe
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/7/2023 • 32 minutes, 47 seconds
Fighting Forced Labor with Credit Risk
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes Ragini Bahalla, head of content and PR for Creditsafe, focusing on the North America region and Steve Carpenter, Country Manager for Creditsafe in Canada. Their discussion centers around a new Canadian law designed to combat human trafficking, forced labor, and child labor within supply chains. Throughout the conversation, they shed light on the practices of various multinational corporations, emphasizing the need for cohesive anti-slavery reporting and measures across different jurisdictions. It becomes evident that addressing these critical issues requires collaboration and comprehensive efforts from all parties involved.
A key on compliance with of ethical sourcing and compliance with this new Canadian law is through a company’s Supply Chain. Companies must ensure their supply chains are free from forced labor and child labor, and Credit Safe provides services to help. The Canadian Forced Labor Law and the UK's Modern Slavery Act are steps towards making companies accountable for their actions, but governments must also work with countries like India, Bangladesh, and China to create real change. Non-compliance can lead to fines, customer trust loss, and potential stock dips, and due diligence checks and audits are necessary for companies to protect the integrity of their supply chains. Ethical sourcing is a complex issue requiring collaboration between governments, companies, and experts.
Creditsafe is in a unique position to assist companies comply with laws making illegal human trafficking, forced labor, and child labor. In this podcast, you will learn how to investigate your suppliers in a way that enhances your business operations. Once again, demonstrating that effective compliance leads to more effective business processes, leading to greater profitability.
Key Highlights
· Fighting Forced Labor
· ESG Supply Chain Auditing
· Canadian Compliance Law
· Reputational Risk of Non-Compliance
· Ethical Sourcing
Resources
Ragini Bahalla on LinkedIn
Steve Carpenter on LinkedIn
Creditsafe
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/7/2023 • 32 minutes, 58 seconds
Peter Grossman and Duane Stumpf on Crafting Impactful Compliance Campaigns
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Peter Grossman, Co-Founder, Chief Strategist at Labyrinth Training, and Duane Stumpf, Global Head of Integrity and Compliance at Alcon.
Starting with a 70s-style rock and roll music number, Alcon Vision’s interactive, animated compliance training program, developed in conjunction with Labyrinth Training, has been recognized with high praise, receiving an Anthem Award and two Telly Awards. This program was created to make the company’s Lens Policy more memorable and engaging.
This podcast episode focuses on creating impactful campaigns and stresses the need for creativity, mission, and quality work. This episode features Tom Fox, Peter Grossman, and Duane Stumpf discussing how the program’s success effectively delivers important lessons in ways people will remember and enjoy. Through this episode, the trio offers great insight into developing meaningful campaigns that will have a lasting impact.
Key Highlights:
The Lens Policy
Creating Compliance Storytelling
Compliance Training Musical
Dr. Louis’ Musical Number
Award-Winning Compliance Training
Creating Impactful Campaigns
Resources:
Peter Grossman on LinkedIn
Labyrinth Training
Duane Stumpf on LinkedIn
THE LENS
CALL DR LOUIS
Tom Fox
Threads
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/31/2023 • 34 minutes, 58 seconds
Gordon Firemark - Defending Creative Rights: Protecting Podcasts from AI & GPT
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes back the Lawyer to Podcasters-Gordon Firemark.
With the increasing prevalence of AI and Chat GPT technologies in the podcasting world, legal implications must be addressed. Tom and Gordon discuss potential legal issues, such as AI accessing private information and Chat GPT generating false information. To further this discussion, Firemark will be presenting at Podcast Movement 2023 on the importance of protecting freedom of expression in the arts. It is essential for creatives to understand their rights and obligations, as well as the potential impact of AI and Chat GPT on their work, to ensure they are fairly compensated for their creative efforts. This podcast episode provides valuable insight into the changing dynamics of the podcasting world and the need for creatives to remain informed.
Key Highlights
· AI and Chat GPT
· AI and Copyright Issues
· Fair Compensation for Creatives
· Legal Issues in Art
Resources
Gordon Firemark on LinkedIn
Firemark Law Firm
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/24/2023 • 20 minutes, 48 seconds
Maria D’Avanzo on the Intersection of AI, ChatGPT and Compliance
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In the latest episode of FCPA Compliance Report, Maria D’Avanzo from Traliant returns to discuss the intersection of AI, ChatGPT, and compliance. The recent Federal Trade Commission investigation into OpenAI serves as a reminder of the importance of staying up to date on the latest developments in the field of AI technology and the potential implications of such developments. With AI and Chat GPT being powerful tools that can automate processes and generate content, organizations must implement AI Policies and Training to ensure these technologies’ safe and responsible use. AI Compliance Training is necessary to educate employees on the risks posed by AI technology and to guarantee that their compliance program is robust and effective. Organizations must create a comprehensive policy and provide ongoing training to ensure AI’s safe and responsible use.
Key Highlights:
AI and Chat GPT Consequences
AI Policy and Training
Creating a Policy
AI Compliance Training
FTC OpenAI Investigation
Resources:
Maria D’Avanzo on LinkedIn
Traliant
Tom Fox
Threads
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/19/2023 • 22 minutes, 55 seconds
FCPA Compliance Report: Miranda Zolot - Remote Work Revolution, the Distributed Workforce
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Tom welcomes Miranda Zolot, General Counsel at Oyster HR in this episode. They discussed the distributed workforce and how Oyster can help businesses find the talent they need compliant and cost-effectively.
Beginning with the captivating detail that Oyster is a fully distributed company with no offices and almost 600 internal employees who all work from home or their personal co-working spaces, they discussed the concept of a distributed workforce and how businesses find the talent they need in a compliant and cost-effective way. Their discussion included the challenges of managing an outsourced workforce and the current model of distributed workforces that allows companies to find the right workers for their particular job.
Oyster's mission is to bring meaningful work to people in different geographies, and the website offers resources for both people looking for remote work and companies looking to hire remotely. Oyster Academy offers remote best practices and helps people present themselves to the market as ready for remote work, and the company also offers a misclassification analyzer, salary information, country guides, and open policies and handbooks. Finally, Tom and Miranda discussed how to counsel a company on conveying culture and expectations to a worker across the globe.
Key Highlights
· Remote Work Solutions
· Cross-Border Hiring
· Distributed Workforce
· Creating a Distributed Culture
· Hiring Internationally
Resources
Miranda Zolot on LinkedIn
Oyster HR
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/17/2023 • 30 minutes, 48 seconds
Jen Hoar-Uncovering Executive Risk: Corporate Intelligence
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes Jen Hoar, a corporate intelligence specialist to the podcast to discuss the use of corporate intelligence as a part of a risk management strategy, this podcast episode explored the importance of conducting thorough background checks on potential executives. Tom and Jen discussed the need to ask questions to gain a better understanding of the person's style and how they interact with their team, peers, board, and investors. They also discussed the importance of disclosure and anonymity when conducting such inquiries, as well as the need to conduct independent third-party vetting of an individual's reputation before investing in them. Finally, they discussed the use of corporate intelligence to shape a client's relationship with an executive and the need to assess the potential risks of hiring an executive before becoming emotionally, financially, and reputationally invested in the deal.
Key Highlights
· Executive Risk
· Investigating Executives
· People Show Who They Are
· Reputation Checking
· Corporate Intelligence
Resources
Jen Hoar on LinkedIn
Forward Risk
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/10/2023 • 29 minutes, 25 seconds
Maria D’Avanzo on Investigations
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In the latest episode of FCPA Compliance Report, Maria D'Avanzo from Traliant to returns to discuss the essential role of outside counsel in FCPA investigations and the challenges that a CCO may face. They believe having trusted counsel with business acumen and commercial knowledge is vital, especially when discovering potential violations outside the initial scope of the investigation. Maria shares her experience working with the CEO and chair of the audit committee and offers great tips for compliance professionals learning to trust their gut. Additionally, the speakers talk about the importance of self-disclosure and applying disciplinary actions equally across different jurisdictions in cases of misconduct. This explosive discussion is full of insights, advice, and best practices, making it a must-listen for anyone looking to improve their organization's compliance standards. You won't want to miss it!
Key Highlights
· Managing Whistleblower Complaints: Next Steps and Importance of Outside Counsel
· FCPA Investigation Best Practices
· Navigating investigations outside of initial scope
· Navigating Compliance Decision-Making
· Internal Disciplinary Processes and Corporate Compliance
· Supervised learning and DOJ cooperation challenges
· The decision (or not) to self-disclose
Resources
Maria D’Avanzo on LinkedIn
Traliant
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/28/2023 • 28 minutes, 4 seconds
Measuring Ethical Culture & Compliance Training Impact
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In the latest episode of FCPA Compliance Report, Tom Fox speaks with Parijat Jauhari and Susan Divers, both with LRN, about their new tool, Catalyst Reveal, which helps compliance professionals deal with the new DOJ requirements around culture assessment, risk management, monitoring, and improvement. They explain how Catalyst Reveal goes beyond traditional methods of measuring the effectiveness of compliance training and that the platform includes completion data, culture data, and learner sentiment analysis to determine training effectiveness.
They also discuss the importance of benchmarking, which allows for easy comparison of clients within the same industry and revenue band. Plus, find out about their upcoming additions to their product and how it can provide solutions to challenges posed by the Department of Justice. Tune in now to discover how Catalyst Reveal can help compliance professionals fulfill their obligations under the 2023 Evaluation of Corporate Compliance Programs.
Key Highlights
· Measuring Ethical Culture
· Enhancing Compliance Training Effectiveness
· Challenges in measuring training impact
· Data Analytics in Compliance Training
· Benchmarking and Data-driven compliance training
Notable Quotes
“This is the most exciting development in this space in all the time that I've been working in ethics and compliance because it allows companies and chief ethics and compliance officers and their teams to move beyond what I would call dead data.”
“The culture pulse survey that we've included in this which is the ethical culture pulse survey. That's its full title. It asks questions in real time about levels of engagement from the employee base and levels of respect levels of transparency, levels of organizational justice. And that that is a breakthrough.”
“What this tells you is it goes beyond we had a warm seat. for this training to say, we had people take it, and a lot of people in this group really struggled with facilitation payments or with what is an actual conflict of interest. And this is an area that compliance officers really struggle with.”
“We are really using some new technology, machine learning to mine the data because it's you're accumulating it every day that employees are actually.”
Resources
Parijat Jauhari on LinkedIn
Susan Divers on LinkedIn
LRN
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/26/2023 • 28 minutes, 25 seconds
Scott Solomon on Managing Cash Risk Through Compliance
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Join Tom Fox on the FCPA Compliance Report as he discusses with Scott Solomon, the CEO of Operational Security Solutions (OSS), how they manage compliance and ethical considerations around cash management, particularly for high-risk customers.
In this episode, they talk about the importance of compliance in the financial industry and how OSS helps financial institutions manage their portfolio through best practices. The podcast also touches on the challenges faced by legal cannabis businesses and the gaming industry regarding compliance and cash operations. Listeners will get insights into boutique cash and transit providers’ role in navigating licensing and permitting requirements for cannabis-related cash operations. This informative podcast concludes with contact information and an eagerness to continue the conversation. Don’t miss out on the insights shared in this episode. Tune in now to FCPA Compliance Report with Tom Fox and Scott Solomon.
Key Highlights:
Challenges of Compliance in Handling Cash Transactions
Challenges of Compliance in Regulated Industries
Cash delivery in the legal cannabis industry
Risk Management for Financial Businesses
Notable Quotes:
“Our primary customer or partner is a financial institution. So when you look at secure cash management and logistics, it boils down to our specialty is moving cash, and we have the ability in the compliance background to help financial institutions support their high-risk customers.”
“OSS was founded around compliance. A group of former law enforcement personnel, special military operators, and federal regulators got together and saw an opportunity to initially start by consulting.”
“We work with the customer. It doesn’t help us, and it doesn’t help the bank if the customer goes off the rails and becomes non-compliant. So, we want to educate them.”
“I come out of the anti-corruption compliance space; we’ve always looked to the casino world as one of the leaders around AML work simply because it was in their business interest to do.”
Resources
Scott Solomon on LinkedIn
Operational Security Solutions
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/12/2023 • 23 minutes, 29 seconds
GWIC Ladies Reflect
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. This episode features a special episode with guests Lisa Fine and Mary Shirley of the Great Women in Compliance podcast. Great Women in Compliance is coming up on its 200th-anniversary show and will move to GWIC 2.0. I asked the women if they would reflect on where they have been and where GWIC may be going.
In this podcast, Mary and Lisa reflect on their podcast journey, discussing their impact on their audience and themselves. They talk about their interview style, attempts to get Dolly Parton’s permission to use her song, and upcoming episodes, including adding a co-host. The podcast highlights the importance of diverse voices and perspectives and aims to make guests comfortable while maintaining a professional yet relaxed tone. Join these dynamic hosts as they share memories and tease new ideas, including a book release and round table discussions with women. Take advantage of this engaging and authentic conversation about success, imposter syndrome, and making a difference!
Key Highlights:
Great Women in Compliance: 200th Episode Reflections
Evolution of a Passion Podcast
Overcoming Impostor Syndrome on Podcasts
Opportunities and Authenticity in Podcasting
Approach to podcasting and favorite moments
Podcast Length and Dolly Parton’s Theme Song
Building Successful Business Relationships as Co-Hosts
Thanking Listeners for Ideas and Growth
Notable Quotes
“As a true supporter of women, you looked at us and said, ‘Why don’t you do it?’ And suddenly, right away, it went from this thing we talked about into something bigger than both of us and turned into a book where the people interested in this shared their stories.”
“The podcast started as a hobby but has become an intricate part of our lives, not only as individuals but at least as in my life as cohosts and friends.”
“And what I think was an honor for Lisa and myself as people who aren’t necessarily on the speaking circuit, that we wanted to get the diversity of thought and new voices on the show.”
“Everybody is a thought leader. I’m talking to you because I think you’re a thought leader, and I think you’re bringing something to the table that, again, in a way, which not to make somebody feel pressured into doing it But I also think that’s how I connect with people. Whether they like it or not, this is the conversation. And this is who I am.”
Resources
Mary Shirley
Lisa Fine
Great Women in Compliance
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/5/2023 • 28 minutes, 15 seconds
Brad Hibbert on Prevalent’s 3rd Party Risk Management Report
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, Tom visits Brad Hibbert, COO/CSO at Prevalent, as they discuss the surprising findings of Prevalent’s annual third-party risk management study. Discover why so many organizations still rely on spreadsheets and manual processes for managing third-party risks. Brad recommends an integrated approach to third-party risk management that considers the entire lifecycle of the relationship with third parties.
The podcast highlights the top five key findings of the report, including data breaches as the top concern, security driving the program, and the increased involvement of IT in the process. Learn how to minimize cyber exposure and risks associated with third-party management by breaking down silos, automating processes, and focusing on reducing risks associated with third parties. Listen to Brad’s practical advice on how to prioritize risks and plan your risk management program and visit prevalent.net for more compliance mandates and best practices. With exciting insights and actionable advice, this podcast is a must-listen for anyone interested in managing third-party risks.
Key Highlights:
· Prevalent’s annual third-party risk management study
· Integrated Third Party Risk Management
· Top Challenges for Organizations in Data Security
· Third Party Risk Management Survey and Findings
· Minimizing Cyber Breaches
· Effective Response to Breaches and Third-Party Programs
· Managing Business Risks for Compliance
Notable Quotes:
“The top concern driving third-party risk management programs is security, with 71 percent indicating it as their main priority.”
“Data breaches continue to be a top concern, with 41 percent of the respondents indicating that they were impacted by a third-party data breach in the last 12 months and had to perform some remedial activity.”
“About 70 percent reported increased involvement from the IT group, while 71 percent indicated that infosec owns the program.”
“Identifying and mitigating risks before the company is impacted.”
“Customs put together this enforcement dashboard that contains all of these statistics on how they’ve been enforcing the UFLPA.”
Resources
Brad Hibbert on LinkedIn
Prevalent
3Rd Party Risk Management Report
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/22/2023 • 21 minutes, 24 seconds
Maria D’Avanzo on Corporate Whistleblower Response
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Join Tom Fox, the host of FCPA Compliance Report, as he visits with Maria D’Avanzo, from Traliant. Maria shares invaluable insights on how companies can think through their whistleblowing policies and protocols, stressing the importance of triage in the whistleblowing process. She also reveals how they created a triage document to manage complaints of violations within the company and maintained consistency in the investigation process across different geographical areas and business units. Maria emphasizes the need for transparency and communication in dealing with situations of retaliation for whistleblowers and educating senior management on the value of whistleblowers in improving compliance programs. This episode is a must-listen for building effective whistleblowing policies and protocols. Don’t miss out on this opportunity to learn from a seasoned compliance expert. Tune in now!
Key Highlights:
Protocol for handling whistleblowing in companies
Internal investigations and handling complaints in a company
Whistleblowing and Compliance Strategy
Effective Whistleblower Investigation and Non-Retaliation
Whistleblower Communication and Transparency
Resources
Maria D’Avanzo on LinkedIn
Traliant
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/17/2023 • 19 minutes, 27 seconds
Virginia Newman on Enhancing UFLPA Compliance: Solutions for Forced Labor Prevention
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In the latest episode of FCPA Compliance Report, Tom Fox visits Virginia Newman from Miller & Chevalier, an expert on the Uyghur Forced Labor Prevention Act (UFLPA) and supply chain ESG work. Together, they discuss the UFLPA, its affirmative obligation on companies to comply with US import laws, and the burden of proof on businesses to prove their goods were not made using forced labor. Virginia shares valuable insight into the CBP’s enforcement efforts and how companies can exercise reasonable care to avoid having their goods detained. They also delve into trade compliance and third-party screening, predictive mapping, and the long-term changes companies must make to their compliance and sourcing programs. Thomas recommends Virginia as a source of knowledge on the subject because of her passion. Listen to this engaging and informative podcast to better understand the UFLPA and its impact on businesses.
Key Highlights:
Virginia’s background and UFLPA
US Law Prohibiting Import of Xinjiang-made Goods
US Customs’ Role in Enforcing UFLPA
CBP’s Forced Labor Technical Expo Solutions
Types of Companies for Supply Chain Mapping
Impact of a trade war on supply chain compliance
Notable Quotes:
“The US government had an import prohibition for any goods made in whole or in part with forced labor.
“The US import prohibition is one of the longstanding ones that has had the most effect on companies, but it wasn’t enforced too much until about 3 years ago.”
“If your goods are coming from Xinjiang, and you accept that they’re coming from Xinjiang, Then, really, the burden is on you to prove that they’re not made with any forced labor, which is an incredibly high burden and to our knowledge importers have not been trying meet it.”
“Customs put together this enforcement dashboard that contains all of these statistics on how they’ve been enforcing the UFLPA.”
Resources
Virginia Newman on LinkedIn
Miller & Chevalier
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/15/2023 • 23 minutes, 14 seconds
Candice Tal on Due Diligence: Levels and Evaluation
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Join Tom Fox, the host of FCPA Compliance Report, as he speaks with Candice Tal, founder and CEO of Infortal. Get ready to boost your compliance program in this exciting episode of FCPA Compliance Report. In this episode, Tom and Candice discuss the three levels of due diligence typically used to investigate joint venture partners and senior executives and the significance of conducting thorough due diligence. Level one is for low-risk situations, level two is for moderate-risk situations, and level three is for high-risk situations that require deep dark web searches. The key takeaways are to never skimp out on basic due diligence and to consider level three due diligence for high-risk areas or key executives. Don't miss out on this informative episode of FCPA Compliance Report hosted by Tom Fox and featuring Candice Tal!
Key Highlights
· Introduction of Candice Tal
· What are the 3 levels of due diligence.
· What is deep dive due diligence.
· Finding reputational issues.
· Evaluating due diligence.
Notable Quotes
“Due diligence typically is sorted out into 3 general levels or tiers.”
“If you're not doing deep dive due diligence, you're not finding reputational issues.”
“You just can't find reputational issues on database searches.”
Resources
Candice Tal on LinkedIn
Infortal
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/8/2023 • 13 minutes, 20 seconds
Maria D’Avanzo on Privacy Issues in the US and Beyond
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Join Tom Fox, the host of FCPA Compliance Report, as he speaks with Maria D'Avanzo, Chief Evangelist Officer at Traliant about privacy issues in the US and around the world. Discover the challenges businesses face due to the lack of national law in the US, with multiple state laws led by California. Compare this to the EU, where GDPR has been in place since 2018, and similar laws have been implemented in other countries such as Singapore, Australia, and Brazil. Learn how GDPR has changed the way businesses handle privacy by making it a part of business processes. Discover the importance of consulting with a good outside counsel, especially for global privacy policy implementation.
Explore how to handle cybersecurity incidents and disclosure of information, as regulations on this topic are still developing. Hear from Maria on how to address these incidents internally and the importance of an incident response plan. Find out how collaborating with the Chief Information Security Officer is crucial in developing a specific plan for these incidents, including a group effort from various departments.
Hear about instances where organizations share confidential information or data, leading to legal backlash and damage to reputation. This section discusses the Tesla case and suggests that a broader conversation about company culture may be necessary to prevent such privacy infringements. Take advantage of this insightful podcast and tune in now to get important insights into privacy and cybersecurity from two industry experts!
Key Highlights:
· The Evolution of Privacy Issues Post-GDPR
· Navigating Privacy Laws and Meeting Legal Standards
· Cybersecurity Incident Disclosure Decision Making
· Importance of Cybersecurity Incident Response Plan
· The Impact of Sharing Sensitive Information
Resources
Maria D’Avanzo on LinkedIn
Traliant
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2023 • 18 minutes, 57 seconds
Adrienne Bellehumeur on The 24 Hour Rule: Mastering Dynamic Documentation
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Join Tom Fox, the host of FCPA Compliance Report, as he speaks with Adrienne Bellehumeur, a consultant specializing in business analysis, audit, internal control programs, and effective documentation. In this episode of the FCPA Compliance Report, they discuss the secrets to smarter organizations and the importance of the 24-hour rule for documenting and retaining information. Adrienne, author of “The 24-Hour Rule,” provides practical and comprehensive techniques for dynamic documentation and pushes individuals and organizations forward through a six-step process. The discussion also covers the challenges of managing information in communication tools like Slack and WhatsApp and the need for clear repositories for future value and legal purposes. Take advantage of this informative episode and get your hands on Adrienne’s book now!
Key Highlights:
· The 24-Hour Rule: Importance of Documentation
· Dynamic documentation for managers and directors
· Mastering Successful Documentation: The Six Steps
· Effective Documentation and Data Governance
· Effective Information Management in Communication Tools
Notable Quotes:
“The 24-hour rule is what I think is the golden rule of documentation, and it’s very simple.”
“All documentation should drive back to actually pushing you personally or your organization or your team forward into a forward state to take forward action.”
“Documentation is about, and I actually believe, it’s a problem-solving technique.”
“My book is effectively a framework for better documentation where companies can assess where they’re at, look through what they have, look at I have standards I’ve developed as well.”
Resources
Adrienne Bellehumeur on LinkedIn
The 24-Hour Rule
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/1/2023 • 25 minutes
Executives at Risk Winter: 2022/2023
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In the latest episode of the FCPA Compliance Report, host Tom Fox welcomes Katherine Pappas, Lauren Briggerman and Ian Herbert, experts in government and internal investigations at the law firm of Miller & Chevalier. The group discusses changes to the Corporate Enforcement Policy and the challenges companies face with extraordinary cooperation and clawbacks. They also dive into the Biden administration's antitrust policies, particularly in the area of labor markets and the recent trend of the DOJ losing no poach cases to juries. The conversation then shifts to the FTC's proposed rule on non-compete agreements and recent FCPA individual prosecutions related to bribery allegations. Finally, the hosts discuss potential changes to duty of oversight requirements for company directors and officers and potential changes to US sentencing guidelines. Don't miss out on this informative and engaging episode!.
Key Highlights
· Updates on DOJ's Corporate Enforcement Policy
· Challenges and Failures in Antitrust Prosecutions
· No-poach and non-compete agreements in energy industry
· FTC Rulemaking and Non-Compete Agreements
· Cryptocurrency and High-Profile Nondisclosure Cases
· Oversight and Sentencing Guidelines in Companies
Resources
Miller & Chevalier
Executives At Risk Winter: 2022/2023
Lauren Briggerman
Katherine Pappas
Ian Herbert
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/24/2023 • 38 minutes, 6 seconds
Incorporating EHS and Safety in an ESG Program
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Are you interested in learning about the overlooked importance of safety in ESG? Host Tom Fox and his guests from Traliant, Andrea Foster Mack and Maria D'Avanzo delve into this topic in the latest episode of the FCPA Compliance Report. Learn how prioritizing safety can lead to cost savings and become a major differentiator for corporations in talent acquisition and retention. The trio also discusses how EHS professionals can reduce risk by implementing hazard awareness training and preventing discrimination. Furthermore, they emphasize the value-add that safety can offer to organizations in terms of corporate governance and brand recognition. Tune in to hear the experts share their insights on how ESG and EHS align under the sustainability cause and how innovative business and management decisions can lead to environmental sustainability.
Key Highlights
· ESG and Safety Culture within Organizations
· The Importance of Safety in Talent Retention
· Corporate Governance and Safety in Organizations
· The Importance of "E" in ESG Reporting
· ESG and its Role in Elevating Brands
· Managing Chemical Hazards and ESG Standards
Here are three tips to consider when incorporating safety into your ESG strategy:
1. Communicate safety policies and performance to stakeholders, such as investors and customers, to build trust and enhance reputation.
2. Use safety data to identify improvement opportunities, mitigate risks, and promote continuous learning and innovation.
3. Develop partnerships and collaborations with other organizations and industries to address safety challenges and share best practices.
Resources
Andrea Foster Mack on LinkedIn
Maria D'Avanzo on LinkedIn
Traliant
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/21/2023 • 20 minutes, 53 seconds
Incorporating EHS and Safety in an ESG Program
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Are you interested in learning about the overlooked importance of safety in ESG? Host Tom Fox and his guests from Traliant, Andrea Foster-Mack and Maria D’Avanzo, delve into this topic in the latest episode of the FCPA Compliance Report. Learn how prioritizing safety can lead to cost savings and become a major differentiator for corporations in talent acquisition and retention. The trio also discuss how EHS professionals can reduce risk by implementing hazard awareness training and preventing discrimination. Furthermore, they emphasize the value-add that safety can offer to organizations in terms of corporate governance and brand recognition. Tune in to hear the experts share their insights on how ESG and EHS align under the sustainability cause and how innovative business and management decisions can lead to environmental sustainability.
Key Highlights
· ESG and Safety Culture within Organizations
· The Importance of Safety in Talent Retention
· Corporate Governance and Safety in Organizations
· The Importance of "E" in ESG Reporting
· ESG and its Role in Elevating Brands
· Managing Chemical Hazards and ESG Standards
Here are three tips to consider when incorporating safety into your ESG strategy:
1. Communicate safety policies and performance to stakeholders, such as investors and customers, to build trust and enhance reputation.
2. Use safety data to identify improvement opportunities, mitigate risks, and promote continuous learning and innovation.
3. Develop partnerships and collaborations with other organizations and industries to address safety challenges and share best practices.
Resources
Andrea Foster-Mack on LinkedIn
Maria D’Avanzo on LinkedIn
Traliant
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2023 • 23 minutes, 37 seconds
Jon May On Defending Individuals in FCPA Cases
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom interviews well-known curmudgeon and iconoclast Jon May. May, who is not a compliance officer, talks about his approach to the topic that has caught Fox's attention. The conversation traverses May's professional background, discussing Miami's wild west environment in the 1980s, and corruption within the police department. The podcast takes a deep dive into corporate strategy, DOJ's enforcement policies, and the changes in whistleblower laws. The author provides an exclusive hotline number for listeners to call him and wraps up by describing where to purchase his book! Don't miss out on this engaging podcast with the brilliant Jon May, hosted by Tom Fox.
Key Highlights
· Negotiating with Government in Corporate Criminal Conduct
· Navigating US Sentencing Guidelines for Defense Lawyers
· Pleading Guilty and Self-Disclosure for White-Collar Crimes
· Changing view of whistleblowers and self-disclosure regulations
· Balancing Crime Fighting and Civil Liberties
Notable Quotes
“It is the company's recommendation that they obtain counsel before they are interviewed by the company or the company's outside counsel.”
“I have, as you know, always been very critical of the government's care and stick approach to convincing companies to self-disclose.”
“But to show the prosecutor that there's a very different side but requires a great deal of work.”
“You might not get 3 points. You might only get 2 points. But the amount of time you can save by litigating various aspects of sentencing could be years and years.”
Resources
Jon May
On Creative Criminal Defense Consultants
Who Says You Can’t: Strategy and Tactics for Becoming a More Creative Criminal Defense Lawyer
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/17/2023 • 27 minutes, 42 seconds
Ethics Madness 2023
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. This episode was recorded during March Madness and it is the return of Jason Meyer and Tom For Ethics Madness. In Ethics Madness, dive into the ethical questions surrounding the University of Alabama basketball team and their missteps in handling incidents involving their players. In this exciting podcast, the hosts discuss the possibility of redemption for individuals who have committed past indiscretions, and how companies must vet their employees for a better work environment. They also cover topics such as mental health and the importance of diversity, equity, and inclusion in the workplace, and how companies should embrace ESG for a better business process. You'll also get to hear some insightful interviews with various professionals on compliance and ethics education, and enjoy fun segments such as the Compliance Anthem of the week. Don't miss out on this amazing podcast that will inspire and educate compliance and ethics professionals.
Key Highlights
· Ethics in Sports: University of Alabama Basketball
· Can you love art but not artist?
· Redemption for unethical behavior in sports
· The Power of Forgiveness & Reputation Management in Sports
· Mental health in compliance profession
· Political Pressure on DEI Programs in Southern States
· Fostering DEI in Organizations
· Core values and politics in universities & ESG betting
· ESG in Energy Business Processes
· Ivy League success in March Madness
· Professional skepticism and NCAA tournament predictions
Notable Quotes
“Should I feel guilty that I put the tide in my bracket?”
“Even energy companies are doing ESG. Whe? Because they see it in their self-interest.”
“Spending more time and more attention now helping organization with including and engaging with the neurodivergent people in their workforces and trying to involve those workers in ethics compliance, and that's been fascinating work as well.”
“And to me, Tom, this debate feels like a debate at the core of ethics and compliance because this is an example of what are some core values.”
Resources
Jason Meyer on LinkedIn
The Eight Mindsets Podcast on Spotify
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/10/2023 • 53 minutes, 29 seconds
Maria D’Avanzo on the 2023 ECCP
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special edition, sponsored by Traliant, I visit with Maria D'Avanzo Chief Evangelist Officer at Traliant to discuss the 2023 Evaluation of Corporate Compliance Programs. We discuss the DOJ's guidance on financial incentive programs and highlight the importance of cross-functional collaboration in establishing effective compliance programs. What are some of the challenges of implementing clawbacks for employees who engage in misconduct? We consider some of the risks involved when a company decides to file a lawsuit against an executive for clawback. Finally, they touch on the need for proper communication of the compliance message beyond legal and compliance departments. Join Tom Fox and Maria D'Avanzo as they dive deep into the future of corporate compliance programs. Don't miss this informative and eye-opening episode.
Key Highlights
· Evaluating Corporate Compliance Incentive Programs
· Establishing Compliance Programs in Companies Facing DOJ Allegations
· Incorporating Compliance Ethics and Clawbacks in Business
· Lawsuit Consequences for Companies & Executives
· DOJ Elevating Corporate Compliance Programs
· Effective Communication for CCOs
Notable Quotes
“Certainly the timing of any type of any attempt to claw back the compensation, the board needs to be concerned about what's the right time? What's the right process? And are we going to open ourselves up?”
“There's also language about non-financial incentives. And here, once again, nothing really new that companies are supposed to take doing business ethically.”
“I'm not quite sure why a company without resolving the loss, the investigation, either internally or especially with the DOJ, would file a lawsuit against an executive in order to claw back the compensation.”
“Is your investigation completed? Or is it ongoing. I'm not sure how you would win in a litigation if you have not established the basis for the breach of contract.
Resources
Maria D’Avanzo on LinkedIn
Traliant
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/5/2023 • 26 minutes, 54 seconds
Ryan Patrick on the Role of a US Attorney Under the Monaco Memo, CEP & ECCP
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Looking for a podcast that will give you insights into the Department of Justice's corporate enforcement policy and the implications for corporations facing investigations? Look no further than FCPA Compliance Report! In this episode, Tom Fox sits down with Ryan Patrick, a former US district attorney for the southern district of Texas. They discuss the importance of staying up-to-date with DOJ memos and speeches, the difficulty for corporations in deciding whether or not to self-disclose, and the implications of outside counsel being deputized. Ryan emphasizes the importance for companies to work with lawyers who know judges and have pre-existing relationships with local prosecutors, including US attorneys and line prosecutors. They discuss the Southern District of Texas and its role in border-related issues, as well as the Patrick’s time as a US Attorney for the Southern District of Texas. This podcast is a must-listen for anyone looking to gain a better understanding of corporate enforcement and compliance policies. Don't miss out on the conversation between Tom Fox and Ryan Patrick!
Key Highlights
· Discussing U.S District Attorney's work challenges
· Evolution of Corporate Enforcement Policy by DOJ
· Challenges in Communication with Corporations for Attorneys
· Challenges of Self-Disclosure for Businesses
· Navigating Legal Issues with Local Counsel
· Challenges to Attorney-Client Privilege in Corporate Cases
· Border Security and Cryptography Cases in Texas
· US Attorney General Advisory Committee in Presidential Administration
· Role of Southern District of Texas in law enforcement and corporate enforcement
· Inside a Federal Prosecutor's Role
Notable Quotes
· "It seems to me that this broaden beyond simply anti-corruption in FCPA and whether it be fraud, whether it be antitrust, whether it be environmental, whether it be a wide variety of other types of issues that an AUSA and a local district attorney US district attorney's office would prosecute.”
· “Asking the US attorney's offices now to step into this space where really thinking from the idea of self-disclosure and from monitoring or audio auditing, so to speak, someone's compliance program.”
· “One of the not perhaps most difficult, but hardest conversations a corporation has is whether or not to self-disclose under the FCPA.”
· “Bring it to me. I will consider it because it's not 1 size fits all.
Resources
Ryan Patrick on LinkedIn
Ryan Patrick on Haynes and Boone
Tom
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/3/2023 • 35 minutes, 29 seconds
Khayot Salijanov-Compliance in Uzbekistan
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined by Khayot Salijanov, who is Master's Degree candidate at the University of Pittsburgh. He is originally from Uzbekistan and we discuss compliance in emerging markets. We discussed the history of compliance and corruption in Uzbekistan and the steps the government has taken to increase compliance through laws like public procurement and creating an anti-corruption agency. Khayot then provides insight into the two biggest challenges faced in 2020, communication and conducting effective investigations, as well as emphasizing the importance of leadership buy-in. Finally, Khayot suggests that to start a management consulting career, one should focus on creating relationships and ownership, creating value, and gaining leadership buy-in.
Key Highlights
· The History of Compliance In Uzbekistan
· Protecting Yourself When Doing Business in Uzbekistan
· The Importance of Leadership Involvement in Creating a Robust Compliance Program
· Creating Business Value Through Compliance Programs
Notable Quotes
· "And also it has a good program, a good tailored program, including ethics and risk management also sustainable business issues, which I'm really interested in because I think sustainable business is a part of compliance."
· "It's essential to create the family based ownership to achieve a success."
· "The government's anti-corruption and anti-bribery policy has changed drastically."
· "Absolutely. Thank you for inviting and having me Thomas. I have a lot of things to tell our listeners about Uzbekistan, specifically about compliance."
· "These events mark the beginning of designing and implementing corporate compliance standards in the private sector."
Resources
Khayot Salijanov on LinkedIn
Tom
Instagram
Facebook
YouTube
Twitter
LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2023 • 23 minutes, 22 seconds
Erica Salmon Byrne on 2023 World’s Most Ethical Companies
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined Erica Salmon Byrne, President of Ethisphere, to discuss the World's Most Ethical Companies awards. Byrne explains the evaluation process and what types of areas are investigated. She highlights how the list has fluctuated over the years and the importance of a company's people practices. Through the cross functional scorecard, companies can measure their performance compared to a global index.
We discuss the importance of "ethics premium" and the scorecard process. To measure the value of a company's people practices, the survey demonstrated an outperformance of 13.6% against a comparable global index. Byrne also gives information to listeners on where to find more information on the world's most ethical companies. Tune into this episode of the FCPA Compliance Report and learn more about the World's Most Ethical Companies.
Key Highlights
What is the World’s Most Ethical Companies® recognition?
How long has Ethisphere recognized the World’s Most Ethical Companies?
What are criteria Ethisphere considers during the evaluation process? What is the evaluation framework.
What are the benefits of applying for the World’s Most Ethical Companies?
Even if a company is not selected, what are some of the benefits?
What is the Ethics Premium and what was the 2023 Ethics Premium?
Notable Quotes
"What does the recognition itself mean? So, you know, it's really interesting, Tom. Because I I've asked a lot of honorary companies about that. And I particularly liked the way 1 company phrased it to me when I was talking to them last week, and they said, look, there are lots and lots of times that companies get recognized for messing up."
"We're looking at the ways you are thinking about, your impact on the communities in which you operate. We are looking at your ethics and compliance program initiatives. We're looking at the way you are governing your programs both at the board level and at the C suite level. We're looking at your leadership and your reputation."
"I've had multiple compliance officers tell me that their best self-assessment work is just reading the red line of our survey every year and asking themselves would I answer this new question from Ethisphere?"
"Are there questions on this survey I can't answer without going and speaking to somebody else? Do I know who that person is? And if not, why not? Because all of those relationships are critical relationships to operating your program well."
Episode Links
World’s Most Ethical Companies
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/27/2023 • 23 minutes, 22 seconds
Kelly Paxton on Maximizing Your Network
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined by Kelly Paxton, a certified fraud examiner who has worked in the anti-corruption space for years. In our conversation, Kelly talks about the importance of networking and how women are often underestimated in the field. She is a proponent of the Certified Fraud Examiner designation and emphasizes the need to foster a brand for yourself. She also encourages listeners to remember that good people can make bad choices, and to take an interest in the stories behind fraud cases. Kelly talks about her passion for defense work and delves into the nuances of different types of offenders. Her wisdom and insight make her an invaluable guest on the podcast.
Key Highlights
Networking at National Industry Events for Fraud Examiners [00:04:34]
The Importance of Encouraging Women in Fraud Risk Management [00:08:17]
The Benefits of Becoming a Certified Fraud Examiner [00:11:55]
The Consequences of Choosing to Commit Fraud [00:19:51]
Breaking Through Stereotypes: Exploring Unconventional Life Experiences [00:24:04]
The Value of Defense Work [00:27:59]
Notable Quotes
1. "At the end of the day, the business owners are the ones who have the assets that are getting stolen."
2. "We have this thing called the optimism bias. We don't think bad things will happen to us. Even more so, we don't think bad things will happen to us as compared to thinking good things will happen to us. We hire people. We know I can trust. So why would they steal?"
3. "Don't look at it as a cost center. Give the fraud professionals the ability to keep training into networking."
4. "The genius of LinkedIn is you meet the person, you sent you sent the invitation, you meet the person, and a couple years down the road, you're like that person pops up the again. And you go back in your messages and you remember, oh, yeah. I saw them there. I connected there."
Episode Links
Fraudish
Kelly Paxton on LinkedIn
Connect with Tom Fox on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/20/2023 • 30 minutes, 3 seconds
Gordon Firemark, The Podcast Lawyer
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Gordon Firemark, the Podcast Lawyer. Gordon is a Los Angeles lawyer and the Gordon Firemark Law Firm founder. He teaches Media Law. He also hosts the podcast Entertainment Law Update. During this podcast, Gordon and Tom discussed the spike of defamation claims brought against podcasters in 2022 and the cross-media pollination between the podcast and TV/film industries. Gordon then spoke about ChatGPT, a hot-button issue, bringing up issues around copyright and the training material related to visual, audio, and textual elements. Additionally, Gordon offered a teaser of his presentation at Podcast Movement-Evolutions.
Key Highlights
The Influence of Podcasts on Content Creators and Media Production [00:05:08]
Legal Issues in the Entertainment and Design Industries [00:09:18]
The Impact of Chat GPT in 2023 [00:13:03]
Legal Implications of Podcasting [00:16:59]
Hiring a Lawyer for Your Creative Business [00:20:49]
Notable Quotes
1. "Let's once more into the breach, dear friends."
2. "2022 really was sort of the year of the defamation cases."
3. "TV and film producers are finding inspiration in podcasts they're listening to."
4. "It's not just chat GPT, but the AI, in general, has become a hot-button issue here in the first quarter of 20 23 when we're recording this."
Episode Links
Firemark Law
Gordon Firemark on LinkedIn
Connect with Tom Fox on LinkedIn
For more on Gordon's Easy Legal for Podcasts program, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2023 • 22 minutes, 37 seconds
Sam Tate on New Failure to Prevent Cause of Action
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined by Sam Tate partner at RPC. Sam is a co-author of the leading UK anti-corruption compliance textbook “Bribery: a Compliance Handbook”. He works closely with a number of FTSE 100, international and privately owned entities and individuals in relation to financial crime proceedings, investigations, and practical crime prevention programs. He recently led the settlement on the ground-breaking 11th and 12th UK DPA’s and conducted the independent investigation for the Financial Times of allegations made by Wirecard against its reporters.
In this episode, they discuss the proposed Economic Crime and Corporate Transparency Bill and how it could have a major effect for companies not based in the U.K. The bill includes verification for all new and existing registered companies, directors, and persons, as well as provisions making it easier for the National Crime Agency. Sam Tate predicts that this will result in more focused prosecutions than Deferred Prosecution Agreements, although it should make settlements easier. This collaboration between the UK and the U.S. will be a lasting legacy of our time.
Key Highlights
Economic Crime Legislation in the UK [00:04:49]
The Potential Impact of a New U.S. Bill on Global Businesses [00:08:40]
The Cost of Increased Business Regulation [00:12:24]
Sharing Information and Improving Access between Regulated Entities and the National Crime Agency [00:16:34]
The Impact of US-UK Relationships on Prosecutions and Deferred Prosecution Agreements [00:20:49]
The Challenges of Settling Issues in the UK [00:24:36]
Notable Quotes
1. "So if you have a fraud offense, then a corporate doing probably doing any business in the UK, or having a presence in the business in the UK, so it could be one in the US, it could be one anywhere in the world, anywhere in the world with presence business in the UK, would be corporately criminally liable if it failed to prevent fraud unless it had a series of adequate procedures in place to prevent that."
2. "It's something we call the 'guidance in mind' test. They are the brains of the company and they've got to be involved for the corporates to be criminally live criminally liable."
3. "Bribery is defined in in our legislation as offering something with intention of causing another person to improperly perform their duties. Fraud takes a few forms, worth essentially is deceit of one kind or another, sometimes with the abuse of trust or over opposition to trust."
4. "It's not entirely clear what that is because we haven't have ton of cases. But it's a registered office, a large part of your business, or even a smaller part of your business, a trading arm, perhaps doing your accounts here. Probably something a little bit more than trading on the UK stock exchange, but not much more is enough to have a part of your business in the UK.""
Episode Links
RPC
Sam Tate
Bribery: a Compliance Handbook
Connect with Tom Fox on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/13/2023 • 26 minutes, 17 seconds
HHR Webinar on Strategic Competition Between US and China
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Today, we have a special edition of the FCPA Compliance Report. On Wednesday, February 22, 2023, Hughes Hubbard & Reed and BGR Group co-hosted a virtual panel discussion on the U.S. House of Representative’s recent resolution to establish a Select Committee on Strategic Competition Between the United States and China as well as major changes in U.S.-China trade policy and its impact on U.S. and Chinese businesses with operations in both jurisdictions.
The panel was moderated by Hughes Hubbard partner and head of the Sanctions, Export Controls & Anti-Money Laundering practice group, Ryan Fayhee, who is joined by fellow international trade partner and chair of Hughes Hubbard’s China Practice, Roy Liu, as well as former staff director of the Senate Foreign Relations Committee, Lester Munson, co-head of the International Practice at BGR Group. This is a recording of their presentation.
Key Highlights
U.S. Export Control Regulations and Restrictions [00:04:51]
The Effectiveness of the China Select Committee in the House of Representatives. [00:09:19]
The Role of Bipartisanship in Overlapping Authorities [00:12:51]
Impact of U.S. Computer Chip Industry Subsidies [00:16:37]
The Presidential Authority and the US-Taiwan Relationship [00:20:19]
The Potential of Retaliatory Measures in China [00:23:42]
Navigating Chinese Investment in the US Amid Changing Protocols[00:28:14]
The Impact of Commerce on Bilateral Relationships [00:32:13]
Impact of China on Western Companies and Semiconductor Industry [00:40:01]
Exploring Business Opportunities in Changing China-US Relations [00:44:11]
US-China Relations and Their Impact on Global Politics [00:48:02]
The Impact of Congressional Hearings on Chinese Companies and Businesses Partnering with China [00:51:53]
Reforming the NDAA Process in 2024[00:56:00]
Original Source:
HHR House Committee on Strategic Competition.mov from Hughes Hubbard & Reed LLP on Vimeo.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/10/2023 • 1 hour, 1 minute, 59 seconds
Egle Karalyte on Creating a Brand for the World
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined by Egle Karalyte, founder and CEO of Karalyte. Tom and Egle discussed the branding in the corporate world. Egle explained that a brand is an expression and system that encapsulates services, products and values that customers will resonate with going forward. A successful UX strategy can keep customers coming back for more. The conversation then shifted towards a discussion of how different branding rules apply for products and services. Egle discusses how the Metaverse is taking UX to new heights and why this is beneficial for companies and customers alike.
Key Highlights
· Developing a Brand: A Systematic Approach [00:05:01]
· Branding Services vs Products in Adobe [00:09:37]
· The Benefits of an Improved User Experience (UX) [00:14:04]
· The Benefits of Virtual Reality Gaming with Karalyte[00:18:55]
Notable Quotes
1. "For me, a brand is really kind of a certain belief system that is packaged into a certain package that also kind of incorporates a product, reach of service and really consolidates everything that the customer would resonate with."
2. “I've developed a system where that I go through every clients, a methodology, where we look into the into the branch world from all possible angles."
3. “It's like falling in love. Like, you have to have certain elements in place that would then trigger the spark. So it's the same thing with a brand. Like, the brand needs to get its foundational elements in place so that people when they discover it, they really kind of fall in love with the brand and with the product, and then the advocacy you know, becomes natural because when we find what we like, we simply just naturally want to share it with people."
4. "Good UX definitely helps to make people interested in what we have to offer. When we discover brand online and we come to the website, how we experience the website will determine whether the brand will hook us in or not."
Episode Links
Karalyte
Connect with Egle Karalyte on LinkedIn
Connect with Tom Fox on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/6/2023 • 24 minutes, 50 seconds
Mary Inman on Top FCA Health Care Recoveries and Issues from 2022
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined by with Mary Inman, partner at Constantine Cannon. We discuss the recently released US Fraud statistics and preventative measures with Inman. Inman explains that the US Department of Justice put out statistics on the False Claims Act for 2022, with healthcare dominating the recovered funds. Inman goes on to discuss how whistleblowers can still launch cases, even if the government does not join in, as well as encourage listeners to report fraud to their respective insurance department if it later results in higher premiums for their organization.
Key Topics:
· The Increase of Managed Care Plans in Medicare [00:05:16]
· The Power of Whistleblowing and the Impact of Joining Government Cases [00:09:19]
· Medicare and Medicaid Fraud in California and Florida [00:13:21]
· Impact of Insurance Fraud on Premiums [00:17:44]
· The False Claims Act and the Escobar Decision [00:26:09]
Notable Quotes
1. "And they were basically paying kickbacks to their they know who the physicians are, who are their largest prescribers of their drugs. And they were paying kickbacks to encourage them to basically discourage them from prescribing their competitors’ products and to direct it to them."
2. "What happened here is that Mallinckrodt improperly calculated their rebate by claiming that drug that they developed in 1990 was actually termed a new drug in 2013. And so that allowed them to greatly decrease the amount of the rebate that they would have owed to the Medicaid program.""
3. "It's another kind of false billing scenario. It was notable to me that we had 2 big settlements."
4. "The whistleblower had accused the Association of basically shifting costs that it shouldn't have been reimbursing onto the Florida Medicaid program.
Resources:
Mary Inman on Linkedin
Constantine Cannon
Tom Fox on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/27/2023 • 31 minutes, 13 seconds
Erica Salmon Byrne-Information is a Gift
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined by with Erica Salmon Byrne, the CEO of Ethisphere, to discuss the company's recent "2023 Ethical Culture Report: Lessons from the Pandemic." Erica shares that the report found a significant uptick in reports of observed cases of bullying, which is likely due to masking feelings with the anonymity of a keyboard. While an employee’s direct manager is most often the first avenue for employees to report concerns, but other forms of reporting weren't utilized, due to a fear of retaliation. Erica suggests that companies need to make it easy for employees to communicate broader ethical issues, as doing so will result in a tripling of employee faith in the system.
Key Highlights:
· The Impact of the Pandemic on Bullying Incidents
· Reasons Younger Employees Don't Speak Up When Witnessing Unethical Behavior
· Creating a Speak Up Culture in the Workplace
· Improving Communication Between Employees and Managers
· Reporting Issues to Managers: Examining the Results of a Recent Report
· The Importance of Managerial Leadership in Ethical Decision Making
· The Importance of Making it Easier for Employees to Report Issues
Notable Quotes
1. "Employee willingness to raise their hand stayed pretty steady."
2. "It's a lot easier to be a jerk behind a keyboard than it is to be a jerk to somebody's face."
3. "The reason we have non retaliation language in our code is because information is a gift."
4. "Think of the information as a gift, practice thinking of the information as a gift, and then your responsibility as the manager is to listen and follow-up."
Resources:
Ethisphere Resources
· Ethisphere
· 2023 Ethical Culture Report
Connect with Erica Salmon Byrne
● LinkedIn
Connect with Tom Fox
● LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/20/2023 • 30 minutes, 47 seconds
Eric Young on the Evolution of the CCO
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Join Eric Young from Guidepost Solutions. Young has worked at prestigious institutions like JPMorgan, General Electric, S&P Global Ratings and BNP Paribas and shares his expertise to empower employees, looking to move ahead processes, find solutions and navigate through compliance issues.
Tom and Eric talk about the highlights of the Monaco Memo, updates on the Corporate Enforcement Policy, a case study from ABB to showcase the role of the CCO and how firms should interpret Department of Justice speeches. He further dives into the corporate culture, accountability, and the role of the CCO within an organization. Finally, Eric sheds light on a case from McDonald's involving the former CEO and their decision to clawback compensation. The discussion concluded with the acknowledgement of the Delaware court's holding that elevates the CCO’s corporate duties.
Key Topics:
[00:04:24] Process Improvement to Avoid Violations and Effect Positive Change in Company Culture
[00:09:19] The Effects of the Monaco Memorandum on Corporate Compliance Practice
[00:14:35] ABB's Impressive Performance During an Investigation and Remediation Period
[00:18:42] The C-Suite's Responsibility in Organizations
[00:23:21] The Impact of Experiences on Assessing Business Decisions
[00:28:05] The SEC Inquiry on McDonald's precipitated by Steve Easterbrook's Removal
[00:32:24] The Significance of Delaware Courts in Regards to Corporate Law
[00:37:13] The Functions of Corporate Boards During Times of Crisis.
Tune in and listen to Eric as he educates us around the need to report extraordinary circumstances to the Department of Justice.
Resources:
Connect with Tom Fox
● LinkedIn
Connect with Eric Young
● Guidepost Solutions
● LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/13/2023 • 44 minutes, 33 seconds
Susan Divers on 2023 LRN Program Effectiveness Report
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Susan Divers, Director of Thought Leadership at LRN to discuss LRN’s 2023 Program Effectiveness Report. In this episode, Susan and I discuss making your ethics and compliance program is as effective as possible. We include a consideration of the gulf between high performing and less effective programs as well as the impact of the pandemic on compliance; the importance of empowering middle managers and involving them more in ethics and compliance. Susan also explains why companies need to upgrade their systems to make them more effective, particularly in the data component.
Key Takeaways:
[00:04:50] The Pandemic's Effects on Compliance Programs
[00:09:17] Decreased Engagement of Senior Management in Ethics and Compliance Throughout the Pandemic
[00:13:52] The Importance of Upgrading Data Systems for Optimal Compliance
[00:18:26] Proof the Program has Been Successful in Improving Student Achievement.
Act now and use the link below to obtain a copy of the Report at no cost. It's the perfect way to learn more about ensuring your ethics and compliance program is as effective as it should be.
Resources:
Connect with Tom Fox
● LinkedIn
Connect with Susan Divers
● LinkedIn
Download the LRN 2023 Program Effectiveness Report
● LRN
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/8/2023 • 25 minutes, 37 seconds
Alastair Parr on New Developments in TPRM
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Alastair Parr, SVP of Global Products & Delivery at Prevalent to discuss developments in third-party risk management. In this episode we consider:
· Why is a comprehensive 3rd risk management solution not simply a nice to have but a must to have now?
· Why is 3rd party risk management so much critical after the pandemic and the Russian invasion of Ukraine?
· Improving the UX for TPRM.
· Why has simplifying the UX for TPRM eluded most providers so far?
· How can the UX be improved so the information which is the most vital and most relevant is captured and more importantly can be actioned?
· How can the process of obtaining TPRM information to implementing controls to manage the risk be improved?
· How can companies automate data gathering by using a single targeted assessment by building in targeted compliance mappings for legal or regulatory requirements?
· Other areas of compliance such as modern slavery and human trafficking?
· The continued evolution of 3rd party risk management into 2025 and beyond.
Resources
Alastair Parr on LinkedIn
Prevalent
Being a Compliance Officer is Awesome on Amazon.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/6/2023 • 26 minutes, 10 seconds
James Koukios on Changes to the DOJ Corporate Enforcement Policy
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Morrison and Foerster partner James Koukios to discuss the recent Kenneth Polite speech announcing changes to the Department of Justice Corporate Enforcement Policy.
In this episode we consider:
What is the CEP;
This is a follow on from the Monaco Memo;
Why this change is significant for recidivists;
How this change redefines an effective compliance program;
The new CEP offers real, tangible and significant benefits for compliance programs; and
What it all means going forward.
Resources
Kenneth Polite Speech
Updated CEP
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/30/2023 • 20 minutes, 23 seconds
Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 2
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We conclude with Part 2 looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases and some of the important issues which arose in 2022 and how they might impact compliance in 2023. In this episode we consider:
· Building trust and credibility in the investigative process
· The ABB FCPA enforcement action
· The Honeywell FCPA enforcement action
· Why the heat is on compliance after the Monaco Memo
· Corporate incentives and discipline including clawbacks
· The Glencore FCPA enforcement action and CCO Certification
Resources
Mike Volkov on LinkedIn
The Volkov Law Group
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/23/2023 • 36 minutes, 36 seconds
Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 1
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We begin a two-part podcast on looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases and some of the important issues which arose in 2022 and how they might impact compliance in 2023. In this episode we consider:
· The Monaco Memo
· The Stericycle FCPA enforcement action
· The KT FCPA enforcement action
· The upcoming trial of Cognizant executives and internal investigations
· Key individual prosecuted
Resources
Mike Volkov on LinkedIn
The Volkov Law Group
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/9/2023 • 44 minutes, 49 seconds
Eric Morehead-The US Sentencing Guidelines at 30
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I visit with Eric Morehead, the Director of Advisory Services at LRN. We discuss the US Sentencing Guidelines on the 30th anniversary of their enactment and review the recent report on the history of the Sentencing Guidelines. Morehead, a former staff attorney at the US Sentencing Commissions takes a look at the numbers and considers the broader impact of the Sentencing Guidelines on compliance in the US and across the globe. Some of the highlights include:
· What are the US Sentencing Guidelines?
· Why were the enacted?
· How have they been supported by the DOJ and Courts?
· What were the two amendments to the US Sentencing Guidelines?
· What may be down the road for the US Sentencing Guidelines?
Resources
LRN
Eric Morehead on LinkedIn
A Deep Dive Into Organizational Sentencing Data by Eric Morehead on Law360
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2023 • 27 minutes, 13 seconds
Scott Garland and Zach Hafer – Practice After the DOJ
Welcome to the award-winning FCPA Compliance Report, the most senior podcast in compliance. In this episode, I have double trouble as I welcome Scott Garland and Zach Hafer. They worked together for many years at the US Attorney’s Office for the District of Massachusetts, and both are now in private practice, Garland as a Managing Director at Affiliated Monitors, Inc. and Hafer as a Partner at Cooley LLP in Boston. Some of the highlights include:
In this podcast Hafer considers DOJ corporate enforcement through the mechanisms of DPAs and NPAs based upon his tenure as the Criminal Chief. They discussed the need to balance approving prosecutions for general impact vs. based on the case’s individual merits. We also consider how if at all did the Monaco Memo change DOJ focus. Garland leads us through a discussion of compliance issues within a prosecutor’s office, why your compliance philosophy is so critical and some of the biggest issues and situations they both confronted while in the US Attorney’s Office for the District of Massachusetts. We conclude this section with a discussion of receiving compliance advice: what worked and what did not.
We conclude with a discussion of transitioning from DOJ to private practice and both Zach and Scott summarize some of the key questions they are getting from clients. Garland opines on key issues he sees for monitors after Monaco Memo and we conclude with why can proactive monitoring be such a powerful tool.
Resources
Scott Garland at Affiliated Monitors
Zach Hafer at Cooley LLP
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/19/2022 • 30 minutes, 50 seconds
FTX and Risk: Part 2 - Risk Management and Due Diligence
Welcome to the award-winning FCPA Compliance Report, the most senior podcast in compliance. In this episode, I conclude a 2-part series on the subjects of FTX and risk. I am joined by Gilbert Paiz and Andrew Gay, principals in the Texas Hill Country Advisors. In our previous Part 1, we considered risk and risk management through the lens of US domiciled financial institutions and how their risk management protocols help to not only assess risk, but manage throughout the life cycle of a banking-customer relationship. In this Part 2, we consider individual risk in investing and what type of background information, questions and due diligence individual should engage in and how thes questions and background investigations apply equally to larger investments made by sophisticated investors, hedge funds and institutional investors; who should have made them before investing in FTX but they all failed to do so. Some of the highlights include:
· What due diligence should an individual perform?
· What should an individual look for in financial statement?
· Why is the physical location of businesses and where it might be incorporated such an important piece of information?
· What are backstops, guarantees or other mechanisms to retrieve investments?
· What Due Diligence mistakes did you see in FTX?
· What are related party transactions and why are they problematic?
· Why are audited financials critical?
Resources
Texas Hill Country Advisors
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/12/2022 • 30 minutes, 18 seconds
FTX and Risk: Part 1 - Financial Institutions
Welcome to the award-winning FCPA Compliance Report, the most senior podcast in compliance. In this episode, I begin a 2-part series on the subjects of FTX and risk. I am joined by Gilbert Paiz and Andrew Gay, principals in the Texas Hill Country Advisors. In Part 1, we consider risk and risk management through the lens of US domiciled financial institutions and how their risk management protocols help to not only assess risk, but manage risk throughout the life cycle of a banking customer relationship. In Part 2, we will consider individual risk in investing and what type of background information, questions and due diligence individual should engage in and how this questions and background investigations apply equally to larger investments made by sophisticated investors, hedge funds and institutional investors; who should have made them before investing in FTX but they all failed to do so. Some of the highlights include:
· How do banks think of risk?
· What internal processes or controls are in place to help a bank manage its risks?
· What types of oversight do banks and financial institutions use to help manage risk?
· Why are levels of review so critical?
· How do banks think about customers in terms of risk?
· Who decides how much risk to allow a customer to engage in with a banks money, whether through loans or other capital?
· Do bank employees receive ongoing training on risk management issues?
· What tech is in place to facilitate the management of risk?
Resources
Texas Hill Country Advisors
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/5/2022 • 23 minutes, 46 seconds
Ty Francis on LRN Acquisition of Compliance Learning Solutions
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I visit with Ty Francis, the Chief Advisory Officer at LRN. We discuss the just-announced LRN acquisition of the Compliance Learning business unit from Thomson Reuters. The acquisition will further establish LRN’s position as the largest global provider of E&C program management and learning solutions serving over 2,500 companies and tens of millions of learners. It will place LRN literally across every continent, including a larger strategic presence in Asia-Pacific markets. This acquisition also enhances LRN’s capabilities and expertise in the financial services marketplace and will help accelerate several of its vertical market product strategies. Some of the highlights include:
· How this acquisition allows LNR to bring compliance training to where a customer’s employees are located.
· How this acquisition will facilitate data-driven compliance.
· Why a holistic, worldwide scope for compliance learning will be a business positive.
· How this acquisition will meet the continued growth in the regulatory landscape on a global basis.
Resources
LRN
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2022 • 19 minutes, 17 seconds
Investigative Protocols After the Monaco Memo
In this episode, I take things in a different direction today as I post the recording of a webinar I recently put on for i-Sight Software Solutions. In this presentation, I detail what the Monaco Memo means your corporate investigative protocol. Some of the highlights include:
· What changes did the Monaco Memo portend for corporate investigative protocols?
· What unintended consequence did the Russian invasion of Ukraine bring to the public view of whistleblowers?
· Why is triage a key aspect of your investigative protocol?
· Why should you create an investigative protocol long before an investigation becomes needed?
· How do you create an investigative protocol to keep key decision makers in the loop?
Resources
For a White Paper on these issues, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/28/2022 • 48 minutes, 38 seconds
David Simon and Mike Walsh on Global Supply Chain Disruption and Compliance, Part 2
In this episode, I visit with Foley & Lardner partners David Simon and Mike Walsh on the disruption to the global supply chain, which I focused on in the podcast series, Never the Same. They have co-authored an article entitled, Managing Supply Chain Disruption in an Era of Geopolitical Risk on the topic. In this Part 2 of a two-series, we continue our exploration of the current global supply chain and focus on issues relating to China. Some of the highlights include:
· Why ever company should prepare for a China confrontation over Taiwan.
· Is the UFLPA a true game changer for supply chains and compliance?
· What is the impact of China’s Belt and Road program? It’s debt financing?
· Why is the global supply chain and indeed the global economy of the past 30 years now dead?
· What steps compliance functions should take now around the global supply chain of the future.
Resources
David Simon
Mike Walsh
Managing Supply Chain Disruption in an Era of Geopolitical Risk by Mike Walsh and David Simon
Why Supply Chain Will Never Be the Same After the Russian Invasion by Tom Fox
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/21/2022 • 25 minutes
David Simon and Mike Walsh on Supply Global Chain Disruption and Compliance, Part 1
In this episode, I visit with Foley & Lardner partners David Simon and Mike Walsh on the disruption to the global supply, which I explored in the podcast series, Never the Same. They have co-authored an article entitled, Managing Supply Chain Disruption in an Era of Geopolitical Risk on the topic. In this Part 1 of a two-series, we begin to explore the topic of the events which have led to the disruption of the global supply chain and the impact on compliance functions. Some of the highlights include:
· What led to the disruption in the global supply chain?
· Will this continue for the foreseeable future?
· Why is the global supply chain and indeed the global economy of the past 30 years or so now dead?
· Why the impact of this supply chain disruption is greater in the EU than US.
Resources
David Simon
Mike Walsh
Managing Supply Chain Disruption in an Era of Geopolitical Risk by Mike Walsh and David Simon
Why Supply Chain Will Never Be the Same After the Russian Invasion by Tom Fox
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/14/2022 • 21 minutes, 56 seconds
Shannon Martin on Internal Podcasts for the Corporate Compliance Function
In this episode, I visit Shannon Martin, Director of Communications and Corporate Podcasting Specialist at Podbean, a podcast hosting platform. We discuss how companies and, more specifically, corporate compliance functions can use internal podcasts to communicate compliance and ethics concepts using storytelling and other informative techniques. Some of the highlights include:
Why storytelling works in the corporate world.
Why the power of voice works so well.
How internal podcasts can help a compliance function avoid compliance communication fatigue.
Why your imagination only limits you.
Resources
Shannon Martin on LinkedIn
Podbean
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/7/2022 • 19 minutes, 44 seconds
James Koukios on MoFo’s April 2022 Top 10 International Anti-Corruption Developments
In this episode, I visit with fan fav James Koukios, partner at Morrison & Foerster on the firm’s always great monthly Top 10 International Developments newsletter for the month of April 2022. Some of the highlights include:
Key areas we discuss on this podcast are:
· The Stericycle FCPA enforcement action.
· The Roger Ng conviction.
· Limits of prosecution on FCPA accounting provisions?
· US government using corporations in the ABC, AML and trade control fight.
James Koukios on MoFo.com
MoFo Top 10 International Anti-Corruption Developments for April 2022
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/31/2022 • 25 minutes, 27 seconds
A Dark Day for Dechert
In this episode, I visit with Jonathan Armstrong, partner at Cordery Compliance in London. We consider the recent payment by the international law firm Dechert of £20 million for its conduct and that of its former partner Neil Gerrard in the ENCR affair. The matter was certainly a dark day for Dechert and a black eye on the legal profession. Some of the highlights include:
Key areas we discuss on this podcast are:
· What were the failures of the law firm?
· What led to the £20 million interim payment?
· Will there be discipline against the law firm?
· What is the role of a law firm to oversee investigations?
· How are the implications of holding investigative data under GDPR going forward?
· Who watches the watchers (and investigators)?
Resources
Jonathan Armstrong on Cordery Compliance
Hannah Walker in Law.com on the scandal
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/24/2022 • 23 minutes, 16 seconds
Erica Salmon Byrne on Ethisphere Partnership with Alpine Investors
In this episode, I visit with Erica Salmon Byrne, now CEO at Ethisphere. We review the firm’s recent acquisition by Alpine Investors, a B-Corp. Key areas we discuss on this podcast are:
What does this new partnership mean for Ethisphere?
Who is Alpine Investors, and what is a B Corp.
What is People Focused Private Equity, and why was this a good fit for Ethisphere?
What will be Erica’s role going forward?
How this move will refocus Ethisphere’s efforts in ESG.
Resources
Ethisphere Press Release
Ethisphere
Alpine Investors
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/17/2022 • 20 minutes, 13 seconds
Oracle FCPA Enforcement Action
In this episode, I take on a solo pod to discuss and consider the Oracle FCPA enforcement action brought by the Securities and Exchange Commission. Key areas for discussion on this podcast are:
· Background facts.
· Same facts in same country?
· Failure of a paper program.
· The need for data analytics.
· Where is the DOJ?
· What are the lesson learned going forward?
Resources
For a White Paper on the Oracle FCPE enforcement action, email [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/10/2022 • 25 minutes, 46 seconds
Mike Huneke on the General Counsel Role in CCO Certification
In this episode, I visit with Mike Huneke, partner at Hughes Hubbard. We look at the role of the GC in the CCO certification requirement as first announced by Assistant Attorney General Kenneth Polite and confirmed by Deputy Attorney General Lisa Monaco. Some of the highlights include:
Key areas we discuss on this podcast are:
What is the new CCO certification policy?
Why did the DOJ create the policy?
How has the DOJ thinking around recidivists evolved?
Reasonableness is not a factual basis.
Companies with full transparency are unlikely to have conflicts due to the recent changes in CCO certification.
What is the role of the monitor going forward?
Resources
Mike Huneke on Hughes Hubbard
What is the General Counsel’s role in CEO and CCO compliance certifications? On the FCPA Blog
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/3/2022 • 28 minutes, 57 seconds
The EC Gang on the Monaco Doctrine
In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, we have the Award-Winning Everything Compliance quartet of Jonathan Marks, Jonathan Armstrong, Karen Woody, and Tom Fox on the Monaco Memo.
1. Tom Fox looks at the Monaco Memo through the monitorship language and answers a listener's questions about compliance programs under the Monaco Memo.
2. Karen Woody reviews the Monaco Memo, the self-disclosure angle, and investigatory considerations and ponders the role of defense counsel going forward.
3. Jonathan Marks also looks at investigatory issues under the Monaco Memo, the role of the Board of Directors, and the role of the forensic auditor under the Monaco Memo.
4. Jonathan Armstrong's self-disclosure from a UK angle joins Karen Woody in questioning how defense counsel should move forward.
Resources
Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog
1. A Jolt for Compliance
2. Timely Self-Disclosure
3. Corporate Compliance Programs
4. Monitors
5. The Heat is On
Monaco Memo
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/30/2022 • 56 minutes, 31 seconds
Laura Perkins on the Monaco Memo
In this special 5 part podcast series, I am taking a deep five into the Monaco Memo and analyzing it from a variety of angles. In this episode of the FCPA Compliance Report, I am joined by Hughes Hubbard partner Laura Perkins to take a deep dive into the Monaco Memo. Some of the highlights include:
1. Determination of Monitor Need.
2. Roadmap to proa-active compliance.
3. Timely self-disclosure as criteria for monitorship?
4. Monitor selection criteria.
5. Monitor review and oversight.
Resources
Laura Perkins on HughesHubbard.com
Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog
1. A Jolt for Compliance
2. Timely Self-Disclosure
3. Corporate Compliance Programs
4. Monitors
5. Polite Speech
Monaco Memo
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/29/2022 • 21 minutes, 44 seconds
Matt Kelly on the Monaco Memo
In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, I am joined by my Compliance into the Weeds co-host Matt Kelly for a deep dive into the weeds of the Monaco Memo. Some of the highlights include:
Corporate accountability.
Timeliness in turning over evidence of wrongdoing.
Baby Carrots in evaluating the corporate history of misconduct.
Additions to Evaluation of Corporate Compliance Programs.
Tweaks to the Yates Memo formulation.
Monitors and Monitorships.
Resources
Matt in Radical Compliance
Tom in the FCPA Compliance and Ethics Blog
Introduction
Self-Disclosure
Corporate Compliance Programs
Monitors
What it all means
Monaco Memo
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/28/2022 • 36 minutes, 40 seconds
Vin DiCianni on the Monaco Memo
In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, I am joined by my Affiliated Monitors founder Vin DiCianni to take a deep dive into the monitors and monitorship portions of the Monaco Memo. Some of the highlights include:
Determination of Monitor Need.
Roadmap to proa-active compliance.
Timely self-disclosure as criteria for monitorship?
Monitor selection criteria.
Monitor review and oversight.
Resources
Vin DiCianni on Affiliated Monitors
Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog
A Jolt for Compliance
Timely Self-Disclosure
Corporate Compliance Programs
Monitors
Polite Speech
Monaco Memo
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/27/2022 • 36 minutes, 3 seconds
James Koukios on the Monaco Memo
In this special 5 part podcast series, I am taking a deep five into the Monaco Memo and analyzing it from a variety of angles. In this episode of the FCPA Compliance Report, I am joined by fan fav James Koukios, partner at MoFo. James is a former member of the FCPA Unit and in this podcast we take a deep dive into the Monaco Memo. Some of the highlights include:
1. Issues involving individual accountability.
2. Burden shifting on communications devices and timeliness of self-disclosing and reporting.
3. How the Monaco Memo lays out DOJ expectations?
4. Monaco Memo at 30,000 ft and ground level. .
5. Tweaks to the Yates Memo formulation.
6. New requirements to the FCPA Corporate Enforcement Policy
7. Will the incentives be enough?
Resources
James Koukios on MoFo
Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog
1. A Jolt for Compliance
2. Timely Self-Disclosure
3. Corporate Compliance Programs
4. Monitors
5. Polite Speech
Monaco Memo
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/26/2022 • 36 minutes, 31 seconds
Tomell Ceasar and the Middle East and Africa Compliance Association
In this episode of the FCPA Compliance Report, I am joined by Tomell Ceasar. He is the Group Head of Ethics and Compliance at Careem (An Uber Company). He is one of the founders of the Middle East and Africa Compliance Association (MEACA). Some of the highlights include:
1. What is it like practicing compliance in EAME?
2. EAME is a huge amount of territory to cover with many different countries and cultures?
3. How does that play into compliance for the region?
4. Training in EAME.
5. Genesis of MEACA.
6. What do you and the other founders hope to accomplish through MEACA?
7. What are the requirements for membership?
Resources
Tomell Ceasar on LinkedIn
Middle East and Africa Compliance Association
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/19/2022 • 29 minutes, 1 second
2023 World’s Most Ethical Companies Applications Open
In this episode of the FCPA Compliance Report, I am joined by Erica Salmon Byrne, President of Ethisphere and Chair of the Ethisphere’s Business Ethics Leadership Alliance. Some of the highlights include:
1. Ethisphere announces the 2023 World’s Most Ethical application process.
2. What is the application process?
3. What is the Ethics Quotient and why is it such a useful measure?
4. What are the 5 categories of evaluation?
5. Why is going through the application process itself so useful?
6. How can a company use it as a benchmarking exercise?
7. How does the Ethisphere “The Sphere” interact with the application process?
8. What are the 6 archetypes of value creation?
Resources
Erica Salmon Byrne
Ethisphere
World’s Most Ethical Companies application process, here
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/12/2022 • 17 minutes, 12 seconds
Professor George Serafeim on Purpose + Profits
In this episode of the FCPA Compliance Report, I am joined by Harvard Business School Professor, author of the book Purpose + Profits, How Business Can Lift Up the World. Some of the highlights include:
1. Why this book and why now?
2. His personal journey to ‘purpose’.
3. Is this book an extension of his earlier work around white-collar crime and anti-corruption compliance.
4. What trends bring together both business goals and broader societal goals?
5. How did technology and social media help this change?
6. What is the role of Gen Xers and Millennials?
7. How can or should a company data analytics into this change?
8. What are the 6 archetypes of value creation?
9. What is the Southwire “12 for Life” story?
10. Why did your student’s attempt to replicate it fail and what lessons did you draw from that failure.
Resources
George Serafeim at the Harvard School of Business
George Serafeim on Linkedin
Purpose + Profits on Amazon.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/29/2022 • 32 minutes, 52 seconds
Susannah Hammond on Thomson Reuters 2022 Cost of Compliance Report
In this episode of the FCPA Compliance Report, I am joined by Susannah Hammond, Senior Regulatory Intelligence Expert at Thomson Reuters, on the firm’s 2022 Cost of Compliance Report. Some of the highlights include:
The genesis of this report.
Why can this Report be seen as cathartic?
What was the genesis of this report?
What areas have the greatest need for compliance functionality?
What are the top 3 challenges for compliance functions and compliance professionals over the next 12 months?
Why is culture still such a challenge?
Where does the Report see compliance down the road
Why will changes in regulations continue to be a key challenge?
How concerned are compliance professionals about CCO and compliance personnel liability?
Resources
Susannah Hammond on LinkedIn
2022 Cost of Compliance Report, here
Thomson Reuters Regulatory Intelligence website
The Compliance Clarified podcast series
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/22/2022 • 33 minutes, 34 seconds
Ty Francis on Assessing Corporate Culture: A Practical Guide to Improving Board Oversight
In this episode of the FCPA Compliance Report, I am joined by Ty Francis, Chief Advisory Officer at LRN. We dive deeply into a recently released LNR/Tapestry Networks Report on Assessing Corporate Culture: A Practical Guide to Improving Board Oversight. Some of the highlights include:
The genesis of this report.
How does the Report serve as a roadmap to a clearer picture of the company's ethical culture?
How can the Report help determine how to improve culture throughout the enterprise?
Who should a Board collaborate with, and how?
How does the work LRN conducts help organizations foster more effective collaborative cultures?
How do you prioritize culture on the board agenda?
What is the challenge to the board's culture?
How does a Board measure and monitor?
How does a Board articulate the desired culture?
How can a Board establish clear communication?
Resources
Ty Francis on LinkedIn
LRN
Assessing Corporate Culture: A Practical Guide to Improving Board Oversight
Tapestry Networks
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/15/2022 • 29 minutes, 5 seconds
James Koukios on the MoFo February Int’l Anti-Corruption Newsletter
In this episode of the FCPA Compliance Report, I am joined by fan favorite James Koukios, a partner at Morrison and Foerster. This episode considers some of the key ABC issues in the always great MoFo Monthly Top 10 International Anti-Corruption Developments for February 2022. Highlights of this podcast include:
KT FCPA Resolution
Roger Ng was convicted at the FCPA trial.
Resources
James Koukios on the MoFo website
February International Anti-Corruption Newsletter here
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/8/2022 • 33 minutes, 34 seconds
Mary Inman on the Current State of Whistleblowing
In this episode of the FCPA Compliance Report, I am joined by Mary Inman, partner at Constatine Cannon. We look at recent developments in whistleblowing and how the Ukraine War has increased the visibility of whistleblowers. Highlights of this podcast include:
Whistleblower Reward Program at the US Treasury Department/FinCEN – what is its relevance to corruption, anti-money laundering and the Ukraine conflict.
The House Committee on Financial Services voted to strengthen the U.S. Treasury’s Anti-Money Laundering (AML) whistleblower program. What does this mean for this nascent program?
How does a minimum whistleblower reward threshold, whistleblower incentives and injects more certainty into the Anti-Money Laundering whistleblower program.
How has expanding AML whistleblower rewards to cover laws applicable to Russian sanctions, Congress enlisted the help of the private citizenry.
Lisa Monaco recently spoke about the government relying on corporations to ID instances of money-laundering and other activities to help enforcement Russia economic sanctions and broader trade sanctions. Are private citizen or other whistleblowers as a key component of this fight?
How has the Ukraine War raised the profile of whistleblowers and whistleblowing?
Starting with SOX, then Dodd-Frank and the AML Law of 2020 has the US government began to understand whistleblowers as a key component in the fight against fraud, waste and abuse.
Has the government embraced these same strategies and tactics in the wider fight against corruption?
Tribute to Chuck Grassley for his advocacy of whistleblowers.
Resources
Mary Inman on Constantine Cannon website
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/1/2022 • 30 minutes, 36 seconds
Alvarez & Marsal Threatscape 2022 Report
In this episode of the FCPA Compliance Report, I am joined by Keith Williamson and Henry Chambers, Managing Directors at Alvarez and Marsal. We look at the firm’s Threatscape Report. Highlights of this podcast include:
A. Threat 1-ABC Threats
Why do you see a potential increase in anti-corruption investigations?
In addition to the US under the FCPA, do you see other countries actively assisting US authorities in ABC investigations?
The new DOJ Monaco Doctrine reinstates the Yates Memo, and the DOJ focuses on individuals. What does this mean for ABC investigations?
What are some of the key challenges in handling investigations in China?
How does this increase in ABC enforcement impact M&A?
B. Threat 2-Fraud and Digital Asset Fraud Threats
What are digit assets and digit asset fraud?
The US has not yet released many regulations regarding cryptocurrency. What is the role of other countries in such regulation, if any?
Why is the Ukraine war the first ‘digital asset war’?
How have the worldwide sanctions against Russia impacted the growth and use of digit assets?
What key controls and screen tools for digital assets that you advocate a company employ?
C. Threat 3-Data Privacy and Data Protection
What is the Personal Information Protection Law, and how does it relate to the Chinese State Secrets and Data Security Laws?
How can a non-Chinese company get data out of China?
What are some key components of a compliance program for this new law?
How does this new law impact investigations in China?
Resources
Threatscape 2022 report.
Keith Williamson, MD, and Head of Disputes and Investigations in Asia.
Henry Chambers, Senior Director, Disputes and Investigations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/25/2022 • 37 minutes, 16 seconds
Scott Garland on Sanctions, Cyber, Fraud, and Ethics Compliance & Monitoring at AMI
In this episode of the FCPA Compliance Report, I am joined by Scott Garland, Managing Director, Sanctions, Cyber, Fraud, and Ethics Compliance & Monitoring at Affiliated Monitors, Inc. Some of the areas we discuss include Garland’s professional background and current role. We look at some of his work at the DOJ including his role as the Deputy Chief, National Security Cyber Specialist and his work as Office’s Professional Responsibility Officer. We discuss his move to AMI and the types of monitorships Garland hopes to work on, as well as his thoughts on the role of a monitor. We conclude with some of Garland’s top recollections from UM Law School.
Resources
Scott Garland bio on AMI.
Affiliated Monitors Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/18/2022 • 24 minutes, 23 seconds
James Koukios on the MoFo January Int’l Anti-Corruption Newsletter
In this episode of the FCPA Compliance Report, I am joined by fan favorite James Koukios, partner at Morrison and Foerster. In this episode we consider some of the key ABC issues in the always great MoFo Monthly Top 10 International Anti-Corruption Developments for January 2022. Highlights of this podcast include:
Opinion Release 22-01.
Summary Judgment granted in bribery related breach of contract case-use of bribery allegations to get out of contract.
FIFA defendants raise local law defense. What is it and how is it raised and why it has never been successful in a FCPA context
Former CEO of Pemex charged. Is Mexico finally stepping up to ABC enforcement?
South African anti-corruption commission. Will this finally help SA move past capture and a culture of corruption.
Resources
James Koukios on the MoFo website
January International Anti-Corruption Newsletter here
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/11/2022 • 27 minutes, 47 seconds
Josh Fitzhugh on Trade Compliance Since the Russian Invasion of Ukraine
In this episode of the FCPA Compliance Report I welcome back Flex Vice President of Global Trade, Josh Fitzhugh, who visits about the challenges in economic and trade compliance since the Russian invasion of Ukraine. Topics include
Current role
Pre-conflict preparation
How were you able to mobilize for such robust economic and trade sanctions?
Some of the biggest challenges early in the conflict?
What are some of the biggest challenges your team currently faces?
What new challenges do you see in Q3 or further down the road?
Resources
Josh Fitzhugh on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/27/2022 • 22 minutes, 46 seconds
Erica Salmon Byrne on The Sphere
In this episode of the FCPA Compliance Report I welcome back Ethisphere President and Chair of the Business Ethics Leadership Alliance, Erica Salmon Byrne, who talks about an exciting new innovation and service offering called The Sphere. Through this offering and for the first time, Compliance Professionals can easily benchmark against the practices of companies with exceptional programs, to identify gaps, benchmark and access a wealth of insights and resources to guide improvements.
Key areas we discuss on this podcast are:
What is The Sphere?
The data and resources built into it.
The ease of access.
Where can listeners find this podcast.
Resources
Ethisphere
The Sphere
Erica Salmon Byrne on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2022 • 14 minutes, 5 seconds
Loren Steffy on Putin’s Oil Heist Podcast
In this episode of the FCPA Compliance Report I welcome Loren Steffy, now podcast host. Steffy is in the middle of a limited series on the theft by Russian President Putin on the publicly traded Yukos Oil Company back in 2007.
Key areas we discuss on this podcast are:
Why this series and why now.
What is the genesis of this story?
Who is Bruce Misamore and what was his role in Yukos.
Where can listeners find this podcast.
Resources
Putin’s Oil Heist on Stoney Creek Publishing
Loren Steffy on LinkedIn
Putin’s Oil Heist on the Compliance Podcast Network
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/20/2022 • 21 minutes, 51 seconds
Mike DeBernardis on Compliance Developments from Q1 2022
In this episode of the FCPA Compliance Report I welcome back Mike DeBernardis, a partner at Hughes Hubbard, about some of the key developments in ethics compliance and FCPA from Q1 2022.
Key areas we discuss on this podcast are:
Q1 brought resolutions that were excellent examples for training and increasing understanding of compliance issues.
One of the more difficult aspects of compliance is scoping investigations.
View input from your monitor as an opportunity to truly improve your processes, procedures, and controls. Having a positive relationship with them is hugely valuable.
Developing an investigation plan and protocols is an iterative process.
Changes to the SEC Whistleblower program.
Anti-corruption implications of the Russian invasion of Ukraine.
Resources
Hughes Hubbard & Reed website
Mike DeBernardis
Coburn and the Attorney/Client Privilege
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/13/2022 • 31 minutes, 16 seconds
Scott Schneider on Your Code of Conduct
In this episode of the FCPA Compliance Report I visit with Scott Schneider, Head of Content Development at Traliant. Scott has been in the compliance space for over 15 years and is passionate about the building blocks of a best practices compliance program, including Codes of Conduct. This week we take a deep dive into the foundational backbone of every compliance program, the Code of Conduct. Some of the highlights include:
· Importance of Code of Conduct training.
· Types of Code training.
· Why have a Code of Conduct?
· How does a Code of Conduct help establish culture?
· Key areas the Code should cover?
· How should a company develop its Code of Conduct?
· When should a Code be revisited or reassessed?
· The roles of Codes of Conduct and training down the road into 2025 and beyond?
Resources
Scott Schneider on LinkedIn
Traliant website
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/6/2022 • 28 minutes, 14 seconds
John Warren on 2022 ACFE Report to the Nations
In the Episode, I am joined by John Warren Vice President and General Counsel at the Association of Certified Fraud Examiners. We discuss the 2022 ACFE Report to the Nations, which is the most comprehensive report on the global scourge of fraud. It is a fascinating look of how fraud occurs, where is occurs and the steps you can take to prevent it.
Some of the highlights include:
What is the ACFE Report to the Nations? How often is it released? What are you trying to capture?
What are some of the big picture findings of the Report?
What is the annual cost of global fraud?
Why are hotlines so critical to fraud detection?
What is the fraud tree?
What are the 5 critical areas of occupational fraud reviewed?
What does the Report to the Nations tell us about corruption?
What detection/prevention areas are the most effective for corruption?
You can download a copy of the ACFE 2022 Report to the Nations by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/23/2022 • 35 minutes, 11 seconds
Claire Worledge on Data Analytic Secrets
In this episode of the FCPA Compliance Report I visit with Claire Worledge. Claire is an internal auditor by professional training. She is the author of Data Analytic Secrets. We visit about her book and her work to bring greater visibility to data analytics to the internal audit profession and the wider compliance profession. Some of the highlights include:
What is data visualization?
What do you see as the role of data analytics in internal audit?
Why Claire wrote Data Analytic Secrets and the audience for the book.
How can data analytics and visualization be used in fraud prevention?
How about anti-corruption/anti-bribery programs?
How can internal audit be best used in an anti-corruption/anti-bribery program?
What is the intersection of internal audit and internal control?
Resources
Claire Worledge on LinkedIn
Aufinia website
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/16/2022 • 38 minutes, 42 seconds
Dave Lefort on Compliance Week 2022
In this episode of the FCPA Compliance Report I visit with Dave Lefort, Managing Director at Compliance Week. We take a deep dive into the upcoming Compliance Week 2022 National Conference, detailing the Keynote speakers, panels, conversations and breakout sessions. If there is one compliance conference, you should attend Compliance Week 2022 is it. Listeners to the podcast can get a special discount to the conference of $200 with the discount code TFLAW $200 OFF. Registration and agenda here. If you want more details on why should you attend Compliance Week 2022? Find out in this podcast series featuring speakers at CW 2022.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/9/2022 • 29 minutes, 46 seconds
Mike Volkov on DOJ Trial Record
In this episode of the FCPA Compliance Report I visit with Mike Volkov. Mike recently did a three-part blog post series reviewing the DOJ trial strategy, successes and failures and approach of the antitrust division. In this podcast we take a deep dive into FCPA trials, other white collar fraud trials and antitrust trials the DOJ has had over the past few years. We assess the key approaches, discuss some important wins and unfortunate stumbles.
Resources
Mike Volkov on Corruption Crime & Compliance
Part 1 - A Mixed Bag
Part 2 – Big Victories and Misguided Targets
Part 3 – Antitrust Division Stumbles
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/2/2022 • 35 minutes, 41 seconds
Gordon Graham - A Whistleblower’s Story
In this episode of the FCPA Compliance Report I visit with Gordon Graham. Gordon is a successful whistleblower who told his tale in the book The Intrepid Brotherhood. In this book, Graham discusses how corruption threatened to ruin jobs and harm lives. The leadership at the top of the organization used intimidation, distrust, and secrecy to control the Chelan County Public Utility District showing that control and power can corrupt even the most ethical organization’s integrity—unless someone speaks up. Which Gordon Graham did. In this podcast, he tells his story.
Resources
website: www.intrepidbrotherhood.com
LinkedIn: linkedin.com/in/gordon-graham-57385319a
Facebook Author Page: In Search Of Aristotle | Facebook
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/25/2022 • 40 minutes, 53 seconds
Matt Galvin and Dan Kahn, Part 2-Reflections on the Monaco Speech
This episode of the FCPA Compliance Report begins a special two-part series with two well-known compliance professionals. Matt Galvin, most recently the CCO at AB-InBev and Dan Kahn, former acting Deputy Assistant Attorney General of the Criminal Division, Chief of the Fraud Section, and Chief of the FCPA Unit. Dan is now in private practice at DavisPolk. In this concluding Part 2, we take a deep dive into the Lisa Monaco Speech focusing on how the DOJ might look to access corporate culture, the Speech’s effect on the Benczkowski Memo, using the Monaco Speech and other external information for internal corporate presentations and the DOJ reviewing other corporate misconduct.
Resources
Matt Galvin on LinkedIn
Dan Kahn at Davis Polk
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/18/2022 • 27 minutes, 11 seconds
Matt Galvin and Dan Kahn-Part 1, Disclosing to and Working with the DOJ
This episode of the FCPA Compliance Report begins a special two-part series with two well-known compliance professionals. Matt Galvin, most recently the CCO at AB-InBev and Dan Kahn, former acting Deputy Assistant Attorney General of the Criminal Division, Chief of the Fraud Section, and Chief of the FCPA Unit. Dan is now in private practice at DavisPolk. In this Part 1 we take up the key issues around dealing with the DOJ including the factors which go into the decision to self-disclose, incentives and disincentives in compliance programs, internal investigations including who is involved and scoping an investigation, presenting information to the DOJ during the pendency of an investigation and negotiating the final settlement and post-resolution; including both ongoing reporting and continuing innovation in your compliance program.
Resources
Matt Galvin on LinkedIn
Dan Kahn at Davis Polk
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/11/2022 • 28 minutes, 57 seconds
Stewart Bishop, Covering the Roger Ng Trial
In this episode of the FCPA Compliance Report, I am joined by Stewart Bishop, reporter at Law360. We discuss his coverage of the Roger Ng trial currently ongoing in New York. Highlights in include:
· Roger Ng relationship to 1 MDB scandal.
· Pre-trial issues.
· Timothy Leissner, direct and cross.
· Assessing the judge and jury.
· The discovery dispute.
· Covering such a lengthy trial.
Resources
Law360
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/4/2022 • 24 minutes, 53 seconds
Susan Divers on the LRN Ethics & Compliance Program Effectiveness Report
In this episode of the FCPA Compliance Report, I am joined Susan Divers, Director of Thought Leadership at LRN. We discuss recently released LRN Ethics & Compliance Program Effectiveness Report. Highlights in include:
What is the LRN Ethics & Compliance Program Effectiveness Report?
What does it measure?
How is it generated?
Why is culture so critical?
What are the values in values?
What is LRN’s High Performance Premium?
What are the roles of managers and leaders?
What are the keys to effective training?
What will the new normal for compliance programs look like going forward?
The issue of culture and values down the road into 2025 and beyond.
Resources
Susan Divers
LRN Ethics & Compliance Program Effectiveness Report
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/28/2022 • 33 minutes, 20 seconds
Michael Beber on the Current State of SPACs
In this episode of the FCPA Compliance Report, I am joined by Exiger Board Chair Michael Beber. He returns to the podcast to talk about the current state of Special Purpose Acquisition Corporations (SPACs).Highlights in include:
· SPACs in 2021 by the numbers.
· Uses and misuses of SPACs.
· Money being invested in SPACs.
· Why SPACs can still be such a powerful tool.
· What will be the SPAC market like going forward?
Resources
Exiger
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2022 • 27 minutes, 5 seconds
Erica Salmon Byrne on 2022 World's Most Ethical Companies
In this episode of the FCPA Compliance Report, I am joined by Erica Salmon Byrne, President of Ethisphere. We discuss the announcement of Ethisphere’s 2022 World Most Ethical Companies awards. This year’s most stunning announcement is a 5-year Ethics Premium of 24.6%. Other highlights in include:
A deep dive into the Ethics Premium, including the reasons for the dramatic growth of the past 5 years.
2022 had the highest number of new companies on the list. Who were some of these first-time honorees? The non-US centric number of honorees.
The Ethics Quotient-how is it calculated?
Why is the Ethics Quotient such a powerful tool for the compliance professional?
How to get your company involved in the World’s Most Ethical Companies process.
Resources
Ethisphere
2022 World’s Most Ethical Announcement
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/17/2022 • 26 minutes, 33 seconds
Karen Woody on Elon Musk Attack on SEC Consent Decree
In this episode of the FCPA Compliance Report, I am joined by Professor Karen Woody from Washington & Lee Law School. We discuss the recent filing by attorneys for Elon Musk and Tesla to revoke the previously agreed to Consent Decree over his 2018 tweets about taking Tesla private at $420 per share and then withdrawing it a week later. Highlights in include:
· What is the legal basis for the Motion?
· Can a court hear an equitable claim for a regulatory consent decreed?
· What is the remedy Musk is seeking?
· What about his $20MM fine, which has been paid?
· Is the SEC harassing Musk for alleging violations of the Consent Decree?
Resources
Motion to Terminate Consent Decree
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/14/2022 • 26 minutes, 50 seconds
Mikhail Reider-Gordon on Conflicts of Interest
In this episode of the FCPA Compliance Report, I am joined by Mikhail Reider-Gordon, Managing Director at Affiliated Monitors, Inc. We discuss conflicts of interest with some very high-profile examples torn literally from the headlines. Highlights include:
· What exactly is a Conflict of Interest and how does it differ from self-dealing, nepotism?
· Is a COI purely an ethical problem or are there are situations where COIs are illegal?
· COIs in the news of late and in some surprising places?
· Have there been other examples across industries?
· The Courts, the Fed, SCOTUS?
· Do you ever come across COIs in your work?
Resources
Original Posting on podcast on Integrity Through Compliance
Mikhail Reider-Gordon at AMI
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2022 • 36 minutes, 46 seconds
Matt Silverman on Preparing for Potential Sanctions Against Russia
In this episode of the FCPA Compliance Report, I am joined by Matt Silverman, Director of Trade Compliance at VIAVI. In Part 1, we considered the potential U.S. sanctions if Russia invades Ukraine. In this Part 2, we discuss what you can do to prepare for such an eventuality. Highlights in include:
First, ascertain your exposure and consider how some or all of these actions would impact your business.
Check your sanctions screening policies and procedures and check your customers and business partners in real time against global sanctions lists.
Identify all of your contracts with Russian entities or individuals and review your contracts for compliance with law clauses, notice clauses, and termination provisions.
Know your customer.
Identify what, if any, items, or technology you are exporting to Russia and any transactions with Russian entities that have ongoing or continuing obligations.
Take a look at your supply chain to avoid business interruption.
Identify whether you have any outstanding debts from Russian entities or individuals, and, if so, promptly purse collection activities.
Identify any procurement or manufacturing activities for goods intended for Russia and consider whether you can safely postpone or delay those activities, especially if you are dealing with specially designed or non-fungible goods (without breaching any contracts or risking failure to meet deadlines).
Resources
Matt Silverman on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2022 • 32 minutes, 28 seconds
Matt Silverman on Potential Sanctions Against Russia
In this episode of the FCPA Compliance Report, I am joined by Matt Silverman, Director of Trade Compliance at VIAVI. In this Part 1 of a special two-part podcast series, we look at issues related to potential sanctions against Russia, Russian individuals and Russian interests if Russia invades Ukraine. In Part 2, we will discuss what you can do to prepare for such an eventuality. Potential sanctions we review in this episode ininclude:
Impose a comprehensive or near-complete embargo of Russia.
Impose additional sectoral sanctions on certain Russian industries.
Prohibit exports of certain items or technology to Russia.
Designate Russian entities under the Foreign Direct Product Rule.
Add specific Russian entities or individuals to OFAC’s Specially Designated Nationals and Blocked Persons List (“SDN”).
Prohibit Russian entities from accessing the U.S. financial system/using U.S. dollars and/or sanctioning foreign banks that conduct transactions with sanctioned Russian entities.
Prohibit U.S. persons or entities from investing in Russian companies, requiring divestment, and/or sanctioning foreign entities that buy Russian government bonds.
Impose “secondary sanctions” on entities or individuals that conduct certain transactions with Russia.
Freeze Russian assets located in the U.S.
Ban U.S. financial assistance to Russian entities.
Withhold U.S. aid to any organizations that assist Russia.
Prohibit imports and/or impose high tariffs on specific Russian imports.
U.S. State-Level Sanctions: States may enact laws that prohibit business with, or require divestment of shares in, firms that conduct certain transactions with Russia.
Resources
Matt Silverman on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/21/2022 • 24 minutes, 47 seconds
James Koukios on the MoFo November Int’l Anti-Corruption Newsletter
In this episode of the FCPA Compliance Report, I am joined by fan favorite James Koukios, partner at Morrison and Foerster. In this episode we consider some of the key ABC issues in the always great MoFo Monthly Top 10 International Anti-Corruption Developments for November 2021. Highlights of this podcast include:
OECD Updates Recommendation for Combatting Foreign Bribery
Federal District Court Dismisses FCPA and Money Laundering Charges Against Swiss Wealth Manager
SEC Reports Surge in Whistleblower Tips and Awards
Former Coal Executive Pleads Guilty to Egyptian Bribery Scheme
Adoption Agency Manager Pleads Guilty to Uganda Bribery Scheme
Resources
James Koukios on the MoFo website
November International Anti-Corruption Newsletter here
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/14/2022 • 28 minutes
James Koukios on the Monaco Speech
In this episode of the FCPA Compliance Report, I am joined by fan favorite James Koukios, partner at Morrison and Foerster. In this episode we take a deep dive into the Lisa Monaco speech from October and related remarks from other DOJ representatives about the DOJ refocus on white collar enforcement and related issues. Highlights of this podcast include:
· Who is the DAG and what does that position entail?
· Reinstatement of Yates Memo.
· Does this change an investigation focus?
· The new focus on culture and how do you assess corporate culture?
· What about reports of all violations, enforcements and even investigations even is outside FCPA?
· What are the implications of this change?
· How will all this work with current FCPA Corporate Enforcement Policy?
· The revocation of Benczkowski Memo. What are the implications?
· The new focus on monitorships?
· What about recidivists or those who fail to meet the obligations of their DPA/NPA?
Resources
James Koukios on the MoFo website.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/7/2022 • 36 minutes, 39 seconds
Mike DeBernardis on Compliance Developments from Q4 2021
In this episode of the FCPA Compliance Report, I am joined by fan favorite Mike DeBernardis, partner at Hughes Hubbard. In this episode we look at compliance and temporal timeline developments from Q4 2021. Highlights of this podcast include:
A deep dive into the Lisa Monaco speech, how it impacted the compliance temporal timeline whether it was a change or recalibration.
Anti-Trust developments.
The Biden Administration Strategy on Countering Corruption?
Compliance in 2022 and moving forward.
Resources
Mike DeBernardis on HughesHubbard website.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/31/2022 • 36 minutes, 49 seconds
Andrew Neblett and Brian Beeghly Join Ethisphere
In this episode of the FCPA Compliance Report, I am joined by Andrew Neblett and Brian Beeghly, co-founders of Informed360 who recently joined forces with Ethisphere. Highlights of this podcast include:
Tells us about Informed360 platform
Why did you decide to join Ethisphere?
How will the Informed360 solution be integrated into the Ethisphere offering(s)?
As a combined company how will this improve compliance offerings?
How will you be able to take data and provide insights for enhancement of compliance programs?
Their roles at Ethisphere moving forward.
Resources
Check out the upcoming webinar Turning Ethics and Compliance Insights into Action. Register at Ethisphere.com/events
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2022 • 31 minutes, 17 seconds
Gordon Firemark on Legal Developments in Podcasting
In this episode of the FCPA Compliance Report, I am joined by Gordon Firemark, from the Firemark Law Firm. Gordon was one of the first lawyers working on the legal side of podcasting. He returns to update us about legal developments in the world of podcasting, how the podcast market has developed and what is new at Firemark Law. Highlights of this podcast include:
What’s new in the legal world for podcasters?
What are the key legal risks podcasters need to think about?
How have you seen the podcast market develop?
Where to you see the market going?
What’s new at Firemark Law?
Resources
Firemark Law Firm
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/17/2022 • 24 minutes, 4 seconds
Mike Volkov on FCPA Enforcement and Compliance from 2021 and into 2022
In this episode of the FCPA Compliance Report, I am joined by Mike Volkov to take a look back at FCPA enforcement and compliance from 2021 and prognosticate to where it may be going in 2022. Highlights of this podcast include:
Three FCPA enforcement actions.
DAG Lisa Monaco’s October Speech to the ABA White Collar Defense Conference.
The Biden Administration’s Strategy on Countering Corruption.
Where will FCPA enforcement head in 2022.
Where will ABC compliance go in 2022?
Resources
Tom in the FCPA Compliance and Ethics Blog
FCPA Year in Review
Compliance Year in Review
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2022 • 20 minutes, 7 seconds
Karen Woody on JPMorgan and Nikola SEC Enforcement Actions
In this episode of the FCPA Compliance Report, I am joined by Professor Karen Woody. We discuss the recent SEC enforcement actions involving JPMorgan and Nikola which were announced in December 2021. Highlights of this podcast include:
Background on both cases.
Why was the SEC so excised with JPMorgan?
What are the broader lessons for the Compliance Professional?
Compliance Consultant or Monitor or both?
Nikola and the trouble with SPACs?
What is the intersection of puffing, faking it til you make it and illegal conduct?
SPACs and Due Diligence.
Could Nikola change the SEC approach to SPACs?
From visionary to founder to CEO of a public company?
The shadow of Elizabeth Holmes?
Resources-Tom on the FCPA Compliance and Ethics Blog
JPMorgan
Nikola
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2022 • 24 minutes, 17 seconds
John Katsos - Due Diligence in Conflict Zones
In this episode of the FCPA Compliance Report, I visit with John Katsos, Assistant Professor and Scholar at American University of Sharjah. John has researched and performed due diligence in conflict zones in the Middle East and Africa. He was part of a research team that published a series in the Big Idea section of the Harvard Business Review entitled Preparing for the Era of Uncertainty, which is a must read for every compliance professional. He brings a unique perspective to a variety of compliance topics. Highlights of this podcast include:
Academic and professional background.
Why due diligence in conflict zones so difficult?
What are some of the important differences in performing DD in conflict zones?
What are some keys to successfully performing DD in conflict zones?
Key lessons you observed on DD in Cyprus?
Where did you come up with the idea for this series of articles, Preparing for the Era of Uncertainty?
A discussion of each article in the series.?
What is it like teaching anti-corruption and other forms of compliance outside the US?
How do you see your work tying into a broader ESG discussion?
How does climate change and migration across borders influence your thinking?
Resources
Preparing for the Era of Uncertainty-Harvard Business Review
John Katsos website, including some great research and papers
John Katsos LinkedIn profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/27/2021 • 40 minutes, 43 seconds
Brandon Daniels-Ongoing v. Point in Time Due Diligence
In this episode of the FCPA Compliance Report, I visit with Brandon Daniels, President of Exiger. Brandon is a long-time favorite on the FCPA Compliance Report and he always brings a unique perspective to a variety of compliance topics. In this episode, we look at the Theranos case from a very different angle than the criminal fraud trial of Elizabeth Holmes. We consider the due diligence lessons from Theranos. Highlights of this podcast include:
What is the difference in ongoing due diligence v. point in time due diligence?
How does Due Diligence on potential investments different (or not) from DD on other types of 3rd parties?
What type of areas should you look at in DD of potential business partners/investments?
How do you perform DD on leaders or senior management of potential business partners/investments?
What people or skill sets should be on your DD team? For instance you would you suggest have been on a DD team to evaluate Theranos?
How do you evaluate the risk or are you simply trying to ID red flags?
Does DD provide insight into the leader of a potential business partners/investments continuing after the deal is done?
Resources
Brandon Daniels on Exiger website
Pre-investment, IPO and Fund-Raising DD
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/20/2021 • 29 minutes, 5 seconds
Kyle Brasseur, Editor in Chief at Compliance Week
In this episode of the FCPA Compliance Report, I visit with Kyle Brasseur, new appointed Editor in Chief at Compliance Week. We talk about Kyle’s professional career at ESPN, his move to Compliance Week, highlights of his work at CW and CW down the road. Highlights of this podcast include:
1. Early professional career and roles at ESPN?
2. What brought him to CW. What roles held at CW.
3. Some favorite projects at CW.
4. His move into the EIC Role
5. What are some of his goals moving forward as EIC?
6. Inside the Mind of the CCO Survey Report and long form reporting this year.
7. Compliance Week 2022 Conference. How can listeners register? What is the Ambassador Program and how can listeners participate?
Resources
Compliance Week
Kyle Brasseur LinkedIn profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/13/2021 • 34 minutes, 38 seconds
Kevin O’Brien on the Elizabeth Holmes Trial
In this episode of the FCPA Compliance Report, I visit with Kevin O’Brien, partner at Ford O’Brien in NYC. Kevin is a long-time white-collar defense lawyer and former AUSA in the Eastern District of New York. We take a deep dive into the Elizabeth Holmes trial, critiquing both the prosecution and defense. Highlights of this podcast include:
Professional background and current practice.
Why is this trial so significant?
Strength(s) of the prosecution’s case? Did you think the prosecution was successful in its case in chief?
What about the defense case? What did you see as the strengths of the defendant's case-in-chief?
Did the prosecution leave any openings for the defense?
Was Holmes playing the gender, abused spouse card warranted?
Putting Holmes on the stand was and is a huge risk. What are the benefits/downsides?
Does Holmes testimony to date remove or take away the gender/abused spouse defense she pushed pretrial?
Where else can the defense go?
Resources
Ford O’Brien LLP
Kevin O’Brien firm profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/6/2021 • 34 minutes, 22 seconds
Irene Kaushanky on Why Supply Chain is the Connective Tissue in the Fight Against Modern Slavery
In this Episode of the FCPA Compliance Report, I visit with Irene Kaushansky, Associate Director of Compliance and Operational Integrity at Global Fund to End Modern Slavery. Irene is passionate about the fight against Modern Slavery and Human Trafficking. She talks about the Fund and its mission in this podcast. Highlights of this podcast include:
What is the Global Fund to End Modern Slavery? What is the problem of of modern slavery?
How does the organization accomplish this mission?
Why is the private sector so critical to fighting this international scourge? How does the organization work with the private sector?
What is some of the impact the Global Fund has achieved?
How to get involved with the Global Fund.
Resources
Global Fund to End Modern Slavery
Irene Kaushansky on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/29/2021 • 26 minutes, 49 seconds
John Davis and James Tillen on WPP
In this Episode of the FCPA Compliance Report, I visit with Miller & Chevalier members John Davis and James Tillen. We take a deep dive into the WPP Foreign Corrupt Practices Act enforcement action. Highlights of this podcast include:
What the basic facts?
What were the missed red flags and M&A failures?
When do compliance incentives become perverse?
What were the investigative failures?
What made the Chinese bribery scheme so unusual?
The Peru bribery scheme was across national lines. Does that make it harder to detect?
Where is the DOJ?
Where is the SFO?
How did WPP get a resolution with no monitor?
Resources
John Davis
James Tillen
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/22/2021 • 35 minutes
Mary Inman on an International Whistleblower Practice
In this Episode of the FCPA Compliance Report, I visit with Mary Inman, partner at Constantine Cannon. She runs the firms International Whistleblower practice from London. Highlights of this podcast include:
The power of internal whistleblowing.
EU whistleblower Directive.
FCA whistleblowers.
SEC bounty program as a model for other federal agencies.
CFTC whistleblower awards.
Where is whistleblower regulation headed.
Resources
Mary Inman on Constantine Cannon website.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/15/2021 • 32 minutes, 28 seconds
Mike DeBernardis on Q3 Compliance and Enforcement Highlights
In this Episode of the FCPA Compliance Report, I have thrilled to have back fan favorite Mike DeBernardis, partner at Hughes Hubbard. Mike is back for our quarterly FCPA and compliance review and in this episode, we look at highlights from Q3 2021. Highlights of this podcast include:
FCPA Enforcement Actions-WPP and Credit Suisse. What are the key lessons learned?
What does it mean to extend at DPA?
Pandora Papers-how do you think this will drive the move for greater transparency around trusts and other opaque corporate forms?
SEC
a. Increased enforcement and admissions of liability in settlement docs.
b. ESG Reporting requirements-what does this mean for corps
c. Increased scrutiny for both crypto and SPACs
5. National Security Directive coming out in December.
6.HughesHubbard annual FCPA alert
Resources
Mike DeBernardis on Hughes Hubbard website.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/9/2021 • 42 minutes, 17 seconds
Matt Silverman - Trade Compliance, Part 2
In this Episode of the FCPA Compliance Report, I conclude a special two-part series with Matt Silverman on trade compliance. Matt leads the VIAVI Global Trade team and provides strategic guidance to management on international regulatory requirements - including customs, export controls, embargoes, sanctions and antiboycott laws - enabling compliant movement and market access for VIAVI's products, software, technology and services. Highlights of this podcast include:
1. What are the key components of a best practices trade compliance program?
2. It seems to me that trade compliance is even more important coming out of Covid 19 and into our ‘new normal’.
3. What would you tell a young compliance professional about focusing on trade compliance?
4. Where do you see trade compliance down the road in 2025 and beyond?
5. Where does trade compliance fit into ESG?
Resources
Matt Silverman on LinkedIn
Articles
Navigating the Line Between US Export Controls and Anti-Discrimination Laws,
Export Compliance Manager, Issue 12, April 2021
Ensuring Export Compliance in Activity-Based Working Spaces, Home Offices,
International Trade Blog, March 3, 2021
Navigating Export Compliance, CEP Magazine, March 2021
What HR Needs to Know About Export Compliance and Deemed Exports, International Trade Blog, January 11, 2021
Championing Your Compliance Program, CEP Magazine, November 2020
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/1/2021 • 28 minutes, 28 seconds
Matt Silverman - Trade Compliance, Part 1
In this Episode of the FCPA Compliance Report, I begin a special two-part series with Matt Silverman on trade compliance. Matt leads the VIAVI Global Trade team and provides strategic guidance to management on international regulatory requirements - including customs, export controls, embargoes, sanctions and antiboycott laws - enabling compliant movement and market access for VIAVI's products, software, technology and services. Highlights of this podcast include:
What got Matt interested in trade compliance?
What is trade compliance?
Why has trade compliance become not only more challenging but more important in the corporate world?
Under the prior administration, it seemed like new sanctions were announced almost daily. Has that pace of sanctions continued under the current Administration?
Join us next week for Part 2 where we dive into a best practices trade compliance program, trade compliance into 2025 and beyond and trade compliance and ESG.
Resources
Matt Silverman on LinkedIn
Articles by Matt Silverman
Build A Visitor Management Program That Ensures Export Compliance, International Trade Blog, July 7, 2021
Employee Behavior and Workplace Culture: Measuring Your Training’s Impact, Ethikos, July 2021
Export Compliance & Anti-Discrimination: Best Practices to Resolve Competing Interests,
PLI Chronicle: Insights and Perspectives for the Legal Community, June 2021
Considerations and Challenges in Developing Compliance Training, CEP Magazine, May 2021
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/25/2021 • 20 minutes, 22 seconds
Trish Refo-Lawyers in the Public Square
In this episode of the FCPA Compliance Report, I am joined by Trish Refo, Immediate Past President of the ABA. Trish recently penned an article for the ABA magazine entitled “Lawyers in the Public Square”. In this article Trish spoke about the need for lawyers to do more then to simply follow the law but to “model civility and respect in broader society and in the public square”. We discuss the article and some of Trish’s highlights as President of the ABA. Highlights of this podcast include:
Why Trish wrote ‘Lawyers in the Public Sqaure’?
When we were sworn in, we took an oath to follow the laws and constitution our state. Do we owe more as lawyers?
Why do you feel lawyers have a duty to “model civility and respect in broader society and in the public square”?
You wrote about the need for lawyers to engage in ‘self-examination’ as a profession. Why do we need to do so?
Why do lawyers need to do more than ‘avoid violation of the rules’?
Why do you believe lawyers bring ‘real morality into the legal consciousness’?
What is the role of the ABA in facilitating this self-examination?
Why is the role of the ABA as important as it has ever been?
How can lawyers get more involved in this effort through the ABA?
How can law firms help facilitate this conversation through the ABA?
The 3 things you are most proud from tenure as President of the ABA?
Resources
Wilmer and Snell
Lawyers in the Public Square
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/18/2021 • 30 minutes, 31 seconds
Dean Cherie Taylor on a Compliance Certification at STCL
In this Episode of the FCPA Compliance Report, I am joined by Cherie Taylor, Vice President, Associate Dean for Academics, Professor of Law, and Director of Institute for International Legal Practice & National Security at South Texas College of Law Houston. We discuss the school’s new initiative in the compliance arena. Highlights of this podcast include:
Professional background of Dean Taylor.
Her work at South Texas College of Law Houston.
STCL’s Institute for International Law and National Security.
A Certificate Program in Compliance.
International transactions and compliance.
STCL at 100 and beyond.
Resources
Dean Cherie Taylor
South Texas College of Law Houston
STCL International Legal Practice and National Security
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/11/2021 • 28 minutes, 32 seconds
Bill Athanas- Factors In Defending White Collar Criminal Cases
In this Episode of the FCPA Compliance Report, I am joined by Bill Athanas, partner at the Waller Law Firm in Birmingham. Bill is a former DOJer in the Fraud Section who worked on FCPA enforcement actions in the first decade of the 21st century before moving to the US Attorney’s Office in Birmingham. From there he moved to the Waller Law Firm. Highlights of this podcast include:
His work at Main Justice and later in the US Attorney’s Office in Birmingham.
Nature of his current practice.
Why the Principles of Federal Prosecution (PFP), Justice Manual, §9-27.001, are so critical to a white collar defense practice.
A lengthy discussion of his article Am I Going to Get Indicted?
UT moving to the SEC.
For more information on The Waller Law Firm, check out their website here. Check out Bill’s profile here. Check out Bill’s article, Am I Going to Get Indicted?
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/27/2021 • 36 minutes, 16 seconds
Randy Sorrels-A New Law Firm
In this Episode of the FCPA Compliance Report, I am joined by Randy Sorrels, an old colleague in the legal practice from Houston. Randy is also a former President of the State Bar of Texas. He also started a new law firm with his wife Alex at the height of the pandemic. He visits about his new law firm, his innovative use of social media and real commitment to bringing diversity to his practice.
Highlights of this podcast include:
Professional background and what he learned at his prior firms.
A confluence of events led to his open The Sorrels Law Firm.
Hiring talent that is not only diverse racially but also diverse in professional backgrounds beyond law.
Trying cases during a pandemic.
Practicing law as a trial lawyer in 2021.
Innovative use of social media to publicize the new law firm.
The importance of the State Bar of Texas.
What SealPT meant to the both of us.
For more information on The Sorrels Law Firm, check out their website here. Check out Randy’s profile here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/20/2021 • 38 minutes, 6 seconds
Lisa Beth Lentini Walker and Stef Tschida - Raise Your Game, Not Your Voice
In this Episode of the FCPA Compliance Report, I am joined by Lisa Beth Lentini Walker and Stef Tschida, co-authors of the book Raise Your Game, Not Your Voice. They explain what happens when a compliance professional and communications expert sit down and write a book. Their book presents actionable insights into how to forge relationships across the organization, craft a compelling compliance narrative, and spur your audience to action. Highlights of this podcast include:
Their professional backgrounds.
Why they wrote the book.
Why storytelling is so critical in compliance.
How to set up a communications plan for your compliance messaging.
Why it is necessary to become an organizational scholar.
Top takeaways from the book by both Lisa Beth and Stef.
How to use the book.
Raise Your Game, Not Your Voice was published by CCI. It is available for purchase in bound and eCopy formats here. Purchase on Amazon.com here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/13/2021 • 29 minutes, 4 seconds
Karen Woody on Comings and Goings at the SEC
In this Episode of the FCPA Compliance Report, I am joined by Professor Karen Woody to look at the current state of the SEC in the Biden Administration. Highlights of this podcast include:
A. SEC-Early Impressions
SEC debate in the public arena between the commissioners.
Early impressions of SEC Chair Gensler.
What are some of the top priorities you have seen so far from the SEC?
Has new enforcement life been breathed into the SEC?
B. Specific Topics
Where will SEC enforcement go on SPACs? Will Lordstown Motors be a harbinger or simply just another accounting fraud?
Non-bribery FCPA enforcement under books and records/internal control provisions. Does Tandy Leather continue this trend?
What, if any role will SEC have in crypto regulation as a commodity? Or is it a financial instrument of some type?
What other areas you are watching from the SEC for either guidance or enforcement?
C. Into the Future
How, if any has the Coronavirus health crisis changed the SEC’s approach?
When might we see the SEC under Gensler start to hit its stride?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/30/2021 • 31 minutes, 3 seconds
James Koukios on MoFo April International Anti-Corruption Newsletter
In this Episode of the FCPA Compliance Report, I am joined by fan fav James Koukios to review the Morrison & Foerster April International Anti-Corruption Newsletter. Highlights of this podcast include:
UK Subsidiary of Aircraft Manufacturer Pleads Guilty to Saudi Arabia Bribery Scheme.
Former Brazilian Petrochemical Company CEO Pleads Guilty to Brazil Bribery Scheme. Prosecution at the very top of an organization. What type of message does that send?
Former Barbados Official Sentenced for Laundering Bribe Payments.
Former Logistics Company Executive Sentenced for Scheme to Bribe a Russian Official.
Former Employee of Switzerland-Based Commodities Firm Pleads Guilty in Connection with Ecuador Bribery Scheme.
Resources
James Koukios on the Morrison & Foerster website
MoFo April International Anti-Corruption Newsletter here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/23/2021 • 27 minutes, 24 seconds
James Koukios on MoFo March International Anti-Corruption Newsletter
In this Episode of the FCPA Compliance Report, I am joined by fan fav James Koukios to review the Morrison & Foerster March International Anti-Corruption Newsletter.
Highlights of this podcast include:
Scottish Oil and Gas Company Resolves Kazakhstan Bribery Allegations in Scotland. Why is Scotland prosecuting compliance?
UK Serious Fraud Office Ends Foreign Bribery Investigation into KBR.
UK to Launch Corruption Sanctions Regime in 2021. What does it mean for US or other non-UK companies?
Former CFO of New York-Based Hedge Fund Ordered to Pay Civil Penalty. Follow on from Och-Ziff, what is that case’s legacy?
Oil Companies Acquitted in Italy over Nigeria Deal. Use to explore the prosecution’s theory of liability and how that could change compliance.
Resources
James Koukios on the Morrison & Foerster website
MoFo March International Anti-Corruption Newsletter here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/9/2021 • 27 minutes, 42 seconds
Episode 560-Mike DeBernardis on Enforcement and Oversight in Q2-2021
In this Episode of the FCPA Compliance Report, I am joined by fan fav and now Hughes Hubbard & Reed partner Mike DeBernardis. We take a look back at some of the key enforcement actions and issues from Q2-2021.
Highlights of this podcast include:
FCPA prosecutions. In the corp sphere, only one doesn’t really mean anything going forward.
FCPA Individual Prosecutions. Is the Yates Memo finally leading to results?
Anti-Trust. Will the focus on the large enforcement actions against Big Tech lead to an overall reduction or will the Division be going strong against all forms of anti-competitive behavior?
FCA, Fraud in PPP and PPE. Where to you see this going?
What about SEC enforcement actions? Will we see more in the areas of accounting fraud, SPACs, climate change and ESG areas?
Do CCOs really need to worry about individual enforcement actions?
What about environmental crime enforcement actions?
Resources
Mike DeBernardis on the HughesHubbard website
Mike DeBernardis on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/2/2021 • 35 minutes, 10 seconds
Executives at Risk, Summer 2021 Newsletter
In this Episode of the FCPA Compliance Report, I visit with three lawyers from Miller & Chevalier to discuss the Summer 2021 Edition. I am joined by Lauren Briggerman, Katherine Pappas and Ian Herbert. We take a deep dive into key areas of white collar enforcement and issues that every compliance, legal and business executive should be aware of going forward into the second half of 2021. Some of the highlights include:
Lauren Briggerman
What are some of the significant developments in cartel investigations and prosecutions involving senior execs?
What have you seen around wage-fixing and price fixing?
Yet more prosecutions in the poultry industry. Why have we seen so many over the past few years?
Anything new on the extradition front?
We saw additional charges and a settlement regarding auto emissions testing fraud. Where do you see this issue internationally?
Katherine Pappas
What has been the impact of the pandemic on white collar prosecutions?
Where are we on government efforts to combat PPP and PPE fraud?
Anything happening on the FCPA front with individuals?
Do you expect to see a pickup on the corp FCPA front in the remainder of 2021?
What does the Biden administration’s memorandum on corruption as a national security issue mean for corporations and executives?
Ian Herbert
What did we see regarding individual prosecutions on the AML front?
What about prosecutions for failures to set up AML compliance programs?
What’s happening in crypto?
Significant sentencings.
Resources
Miller & Chevalier
Lauren Briggerman
Katherine Pappas
Ian Herbert
Executive at Risk Newsletter, Summer 2021
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/26/2021 • 36 minutes, 24 seconds
Jason Mefford
In this Episode of the FCPA Compliance Report, I am joined by Jason Mefford, a top thought leader in internal controls. We discuss his podcast Jamming with Jason, his online academy cRisk Academy and a unified theory of risk management. Highlights include:
Why he began his podcast.
How professionals consume information and content in 2021.
Why he founded cRisk Academy.
Unified risk management.
What’s new in internal controls.
The current state of live music.
Resources
Jason Mefford on LinkedIn
Jamming with Jason
cRisk Academy
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/19/2021 • 39 minutes, 35 seconds
Cristina Revelo-a PhD in Compliance
In this Episode of the FCPA Compliance Report, I am joined by Cristina Revelo. Cristina got a PhD in Compliance working at KPMG on the Wal-Mart account and later went in-house at Wal-Mart. She has a great story about how on the job training has given her a PhD in Compliance. She is now Deputy Director, Corporate Monitoring and Compliance Services at Affiliated Monitors, Inc. Highlights include:
Her undergraduate career at University of Illinois and degrees in accounting.
Her work at KPMG.
What was it like moving over to Wal-Mart.
What it was like doing compliance at the world’s largest retailer.
Her current role at Affiliated Monitors.
Resources
Cristina Revelo Profile on LinkedIn
Affiliated Monitors
The Compliance Handbook
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/12/2021 • 34 minutes, 11 seconds
Welcome to ¡(H)Ola Compliance!
In this Episode of the FCPA Compliance Report, I am joined by Miller & Chevalier Members Alejandra Almonte and Matt Ellis to discuss ¡(H)Ola Compliance!. ¡(H)Ola Compliance! is the only Spanish and Portuguese language podcast produced in the US. Highlights include:
Why they started their podcast.
How the compliance profession has evolved in the Latin America over the past 5 years.
What was it like to interview Judge Moro?
What have been two or three of their biggest surprises from hosting the podcast?
Where might ¡(H)Ola Compliance! compliance be headed down the road.
Resources
Alejandra Almonte
Matt Ellis
¡(H)Ola Compliance! on the Compliance Podcast Network
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/28/2021 • 25 minutes, 1 second
Mary Ann Faremouth on Revolutionary Reinvention
In this Episode of the FCPA Compliance Report, I am joined by Mary Ann Faremouth, founder of Faremouth and Company and inventor of the Faremouth Method. She joins me to discuss her latest book Revolutionary Reinventionand what you can do for your career in this post-pandemic workplace.
Highlights include:
Her book "Revolutionary Reinvention" just won the First Place Non-Fiction Award by Authors Marketing International? Why she wrote this book and its intended market.
Why is alignment with the new normal so critical now?
The Faremouth Method and how it can the Faremouth Method help the graduates of 2021.
As we move into the next phase of Covid-19, why are the topics you wrote about even more important?
Resources
MaryAnn Faremouth on LinkedIn
Faremouth and Company
Books by Mary Ann Faremouth:
Revolutionary Reinvention
Revolutionary Recruiting
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/21/2021 • 27 minutes, 34 seconds
Charles Thomas on the Current State of 3rd Party Risk Solutions
In this Episode of the FCPA Compliance Report, I am joined by Charles Thomas Market Planning Director for LexisNexis Risk Solutions. In this episode we take a look at the current state of risk areas around third parties, the convergence of risk solutions and future developments in 3rd party risk solutions.
Highlights include:
What are the top issues clients have faced over the past 12 months?
What are the key trends in international ABC enforcement?
What is the convergence of compliance, mixing ABC with supply chain, procurement, sanctions and other regimes?
What is the increased focus on third parties and the risks posed by such relationships?
Resources
Charles Thomas on LinkedIn
LexisNexis Risk Solutions
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/14/2021 • 28 minutes, 27 seconds
Greg Keating on the Current State of Whistleblower Regs and Law
In this Episode of the FCPA Compliance Report, I am joined by Greg Keating, well-known employment lawyer who focuses on whistleblower regulation and litigation. In this episode we take a look at the current state of whistleblower regulations, case law and recent SEC awards. Highlights include:
Greg recently changed firms, moving to Epstein Becker & Green, P.C. He tells us about your new firm?
Why was the whistleblower provision of the Anti-Money Laundering Act of 2020 so controversial?
What are you counseling clients on regarding whistleblower claims under the Biden Administration?
In addition to the AMLA of 2020, what other regulatory changes have you seen from the federal government regarding whistleblowers?
Are there any court cases involving whistleblowers that have gotten your attention in 2021?
2002 was the Year of the Whistleblower with Sherron Watkins of Enron, Cynthia Cooper of WorldCom and Collen Rowley of the FBI. Could 2021 be in the running for such a designation?
Why is listening to those employees who raise their hands and speak up so critical?
Why is a proactive approach to whistleblowers so critical?
Resources
Greg Keating on LinkedIn
Epstein Becker & Green, P.C. firm profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/7/2021 • 27 minutes, 15 seconds
András Bácsfalvi on AML Compliance in Hungary
In this Episode of the FCPA Compliance Report, I am joined by András Bácsfalvi, an AML compliance specialist in Hungary and more importantly host of the podcast Védelmi Vonalak . In this episode we take a look at the current state of AML compliance in Hungary. Highlights include:
Hungary is still a largely cash based society. How does this impact AML compliance?
How Bácsfalvi became interested in compliance.
What is a MLRO and what role does in fulfill in a compliance program?
What are the challenges in anti-money laundering in Hungary?
What are some of the biggest challenges in his current role?
What is your assessment of the current state of AML compliance in Hungary?
The Bácsfalvi podcast Védelmi Vonalak. Why András Bácsfalvi started it, who is the audience?
Resources
András Bácsfalvi LinkedIn profile
Védelmi Vonalak podcast
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/24/2021 • 25 minutes, 46 seconds
James Koukios on MoFo January and February Int'l ABC Newsletter
In this Episode of the FCPA Compliance Report, I am joined by fan fav James Koukios, partner at Morrison & Foerster and editor of the firm’s great monthly International Anti-Corruption Developments Newsletter. In this episode we look back to some of the key developments from the January and February newsletters.
Highlights include:
2021 TI-CPI released. What value do you see in it? Do compliance professionals rely too greatly on it to determine an appropriate level of due diligence?
Samir Khoury denied cert. How or why could an indictment go unsealed for 10 years?
Daniel Comoretto pleads guilty. Follow on from Sargeant Marine FCPA enforcement action.
KBR decision. What does it mean for the SFO?
Samsung Industries resolves corruption matter thru Leniency Agreement.
Paul Bond convicted on retrial.
Spain extradited Alonso Ancira to Mexico. What if any is the significance to this action?
Car Wash ends. How would you assess its overall impact on the global fight against bribery and corruption?
Resources
January International Anti-Corruption Developments
February International Anti-Corruption Developments
James Koukios on MoFo
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/17/2021 • 28 minutes, 46 seconds
Joey Seeber, Part 2
In this Episode of the FCPA Compliance Report, I am joined by Joey Seeber, CEO of Level Legal, an alternative legal services provider with a wide range of talented skills. We explore how an alternative legal service provider can act as an adjunct to an in-house corporate legal team, compliance function or law firm. In this Part 2, we look at Level Legal, what makes it different as an alternative legal service provider and where the company is headed down the road. We conclude with a discussion of the Baylor Bears and their 2021 NCAA Men’s Basketball Championship.
Resources
Level Legal website
Joey Seeber on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/12/2021 • 21 minutes, 29 seconds
Joey Seeber, Part 1
In this Episode of the FCPA Compliance Report, I am joined by Joey Seeber, CEO of Level Legal, an alternative legal services provider with a wide range of talented skills. We explore how an alternative legal service provider can act as an adjunct to an in-house corporate legal team, compliance function or law firm. In this Part 1, we look at Seeber’s professional background, his time in politics, the founding of the company and its early days. Some of this episodes highlights include:
What led Seeber to run for public office and why the mayor of Tyler?
What were some of the key leadership lessons Weeber learned as Mayor?
What were a couple of Seeber’s top challenges/successes as Mayor?
What led Seeber to found Level Legal?
What makes the Level Legal approach different?
Why is Level Legal a ‘Boundary Pushers’ in the legal space?
Why is building long term relationships so critical to Level Legal success?
What are some of Level Legal’s biggest successes to-date?
Join us for Part 2 on Wednesday, May 13.
Resources
Level Legal website
Joey Seeber on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/10/2021 • 22 minutes, 43 seconds
Mike DeBernardis on Enforcement and Oversight in 2021
In this Episode of the FCPA Compliance Report, I am joined by fan fav and now Hughes Hubbard & Reed partner Mike DeBernardis. We take a look back at some of the early pronouncements from the Biden Administration and consider where both enforcement and regulatory oversight may be headed into the rest of 2021. Highlights of this podcast include:
What are the 3 top areas you and Hughes Hubbard are counseling clients to be aware of over the next few years?
In addition to general areas the DOJ has signaled its interest in; other federal agencies are coming to life again. What should clients think about regarding expanded FTC, CFPB and CFTC oversight and enforcement?
The pandemic changed the way many investigations are conducted. Other than Zoom interviews, did your substantive work really change in the areas of document review, background ETC?
What about Board and senior management risk management issues. Has it changed or are these groups now focused on a broader set of risk management strategies?
To the international arena. Are there any countries/regions you are watching more carefully than others in terms of ABC enforcement?
Resources
Mike DeBernardis on the HughesHubbard website
Mike DeBernardis on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2021 • 28 minutes, 49 seconds
Max Keating, Controls and ESG in eSports
In this Episode of the FCPA Compliance Report, I am joined by Max Keating, CEO and co-founder of Kleos, a scheduling and payment platform for the eSports industry. We take a deep dive into eSports, the Kleos platform and how the industry is evolving from an internal controls, compliance and ESG perspective. If you do not know anything about eSports and you are in compliance, this is a podcast for you. Highlights of this podcast include:
The breadth and scope of the eSports industry?
What market gap or need did you see in the eSports industry?
What is the interest in fan interaction with players and celebs?
What idea(s) led to the creation of Kleos?
What makes Kleos different?
A portion of the proceeds from each match played on Kleos go to charity. Why is this so important to you and the company?
Resources
Kleos website
Max Keating on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/26/2021 • 14 minutes, 15 seconds
Laura Tulchin on the Year Everything Changed
In this Episode of the FCPA Compliance Report, I am joined by Laura Tulchin, Director at Exiger. We take a deep dive into ESG and compliance, both now and in the future in a fascinating episode about 2020, the year everything changed. Highlights of this podcast include:
Why has ESG become such an important topic?
What does ESG mean?
Why should ESG be headed by the CCO and compliance?
How does ‘Hearts and Minds’ apply to ESG?
What risk management tools can facilitate ESG?
What do compliance professionals and companies need to be focusing on down the road regarding ESG?
Resources
Laura Tulchin on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2021 • 35 minutes, 44 seconds
Quyen Truong on the Direction of the CFPB under the Biden Administration
In this Episode of the FCPA Compliance Report, I am joined by Quyen Truong, partner at Stroock & Stroock & Lavan. During her career in government, she worked at the Consumer Financial Protection Bureau. She joins me to talk about the CFPB under the Biden Administration. Highlights of this podcast include:
What is the CFPB? What does it regulate?
What is the likely impact of Rohit Chopra to head the CFPB?
What will he need to do to rebuild the morale of the CFPB?
What do you see as the direction by the CFPB in regulation and enforcement?
Any new policy initiatives or directives?
What is the interaction between the CFPB and the states? How might that change under the Biden Administration?
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/12/2021 • 31 minutes, 8 seconds
Erica Salmon Byrne on Ethisphere’s 2021 WME
In this Episode of the FCPA Compliance Report, I am joined by Erica Salmon Byrne, EVP at Ethisphere. We take a deep dive into Ethisphere’s 2021 WME report and white papers on the award-winning best practices in global compliance program management, 3rd party risk management and training and communication.
Highlights of this podcast include:
What was the Ethical Premium for 2021?
What do are the numbers?
What are the best practices around remotely managing an effective global program effectively?
What are the best practices around third-party risk management in 2021?
What are the best practices around training and communications in the era of Covid-19?
Why should you plan to attend Ethisphere’s 2021 Global Ethics Summit?
Resources
Erica Salmon Byrne LinkedIn Profile
Ethisphere
2021 WME Awards
Leading Practices-Remotely Managing an Effective Global Program Effectively
Leading Practices-3rd Party Risk Management
Leading Practices-Training and Communications
Ethisphere 2021 Global Ethics Summit, registration and information here. Use Code tomfox15 for 15% discount.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/5/2021 • 41 minutes, 18 seconds
Raman Kalyan & Tahlal Mir on Insider Risks
In the Episode, the hosts of the Microsoft podcast, Uncovering Hidden Risks join me. Raman Kalyan is a Director of Product Marketing on the Microsoft 365 Security and Compliance team focused primarily on the Insider Risk Management set of solutions. Talhah Mir is a Principal Product Manager on the MIP & Compliance US OPEX team.
In this podcast, they explore a broader set of issues focused on identifying the various risks organizations face as they navigate the internal and external requirements organizations must comply with. They will take you through a journey on insider risks to uncover some of the hidden security threats that Microsoft and organizations across the world are facing. They bring to the surface some of the best-in-class technology and processes to help you protect your organization and employees from risks from trusted insiders. Highlights of this podcast include:
Why did you start “Uncovering Hidden Risks”? What are insider risks?
How should a corporate compliance function or risk management function think about risks inside of an organization?
What are some of the tools you and your team have developed at Microsoft to help manage these risks?
How do manage these insider risks in the context of data privacy?
What are some of the communication strategies you advocate?
What are some examples of market solutions you have developed?
Resources
Raman Kalyan LinkedIn Profile
Talhah Mir LinkedIn Profile
Uncovering Hidden Risks
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2021 • 40 minutes, 6 seconds
Bryan Sillaman on the Intersection of Compliance, ESG and Clean Energy
In the Episode, HughesHubbard partner Bryan Sillaman returns to discuss how a compliance professional can think through setting up an ESG program and clean energy issues. Highlights include
What are the 5 Steps to Establishing a Corporate ESG Policy.
What is the role of corporation compliance in a company ESG policy?
What is the role of compliance in a clean energy discussion as so critical and how does it relate to a greater ESG discussion?
What are some of the key compliance risks relevant to the clean and renewables sector?
Where do you see these issues under the Biden Administration? Is it different in the EU?
Recourses
Keeping the ‘Clean’ in Clean Energy by Bryan Sillaman
Five Steps for PE Sponsors to Establish ESG Policies at Their Portfolio Companies to Suit the Present Moment by Bryan Sillaman and Alexandra Poe
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/22/2021 • 23 minutes, 20 seconds
ECI 2021 Global Business Ethics Survey: Episode 5 - Conclusions and Recommendations
Over this special five-part podcast series, I have visited with Dr. Pat Harned, President of the Ethics & Compliance Initiative (ECI), about the organization’s 2021 Global Business Ethics Survey (GBES). Since 1994, ECI has conducted this cross-sectional study of workplace conduct from the employee’s perspective. ECI’s GBES data provides the only global benchmark on the state of ethics and compliance (E&C) in business. This year’s GBES is the first compliance related survey conducted after the global pandemic hit. It has significant information for the compliance professional which they need to consider for every compliance program, literally on a world-wide basis.
While a multitude of factors influence ethical behavior, the GBES reports interplay of four major ethics outcomes are tied to the daily decisions employees make with respect to how they behave in the workplace. These are: pressure in the workplace to compromise ethical standards; observations of misconduct; reporting misconduct; and, ultimately, the retaliation perceived by employees after they reported misconduct. Some of this year’s findings are quite troubling as they are clearly trending in disturbing directions. Over this series we reviewed the key findings, saw how retaliation against whistleblowers has taken an alarming upturn, noted the impact of Covid-19 on culture. Today we close with some conclusions and recommendations.
To obtain a copy of the Survey, click here. To find out more about ECI, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2021 • 19 minutes, 30 seconds
ECI 2021 Global Business Ethics Survey: Episode 4 - Covid-19 and Culture
In this special five-part podcast series, I visit with Dr. Pat Harned, President of the Ethics & Compliance Initiative (ECI), about the organization’s 2021 Global Business Ethics Survey (GBES). Since 1994, ECI has conducted this cross-sectional study of workplace conduct from the employee’s perspective. ECI’s GBES data provides the only global benchmark on the state of ethics and compliance (E&C) in business. This year’s GBES is the first compliance related survey conducted after the global pandemic hit. It has significant information for the compliance professional which they need to consider for every compliance program, literally on a world-wide basis.
While a multitude of factors influence ethical behavior, the GBES reports interplay of four major ethics outcomes are tied to the daily decisions employees make with respect to how they behave in the workplace. These are: pressure in the workplace to compromise ethical standards; observations of misconduct; reporting misconduct; and, ultimately, the retaliation perceived by employees after they reported misconduct. Some of this year’s findings are quite troubling as they are clearly trending in disturbing directions. Over this series we are reviewing the key findings, how retaliation against whistleblowers has taken an alarming turn, the impact of Covid-19 on compliance, closing with conclusions and recommendations. In Part 4, we consider Covid-19 and its impact on employees.
Join us for our concluding Episode 5, where we look at the conclusions from the GBES and its recommendations. To obtain a copy of the Survey, click here. To find out more about ECI, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2021 • 15 minutes, 44 seconds
ECI 2021 Global Business Ethics Survey: Episode 3 - Retaliation
In this special five-part podcast series, I visit with Dr. Pat Harned, President of the Ethics & Compliance Initiative (ECI), about the organization’s 2021 Global Business Ethics Survey (GBES). Since 1994, ECI has conducted this cross-sectional study of workplace conduct from the employee’s perspective. ECI’s GBES data provides the only global benchmark on the state of ethics and compliance (E&C) in business. This year’s GBES is the first compliance related survey conducted after the global pandemic hit. It has significant information for the compliance professional which they need to consider for every compliance program, literally on a world-wide basis.
While a multitude of factors influence ethical behavior, the GBES reports interplay of four major ethics outcomes are tied to the daily decisions employees make with respect to how they behave in the workplace. These are: pressure in the workplace to compromise ethical standards; observations of misconduct; reporting misconduct; and, ultimately, the retaliation perceived by employees after they reported misconduct. Some of this year’s findings are quite troubling as they are clearly trending in disturbing directions. Over this series we review the key findings, how retaliation against whistleblowers has taken an alarming turn, the impact of Covid-19 on compliance, closing with conclusions and recommendations. In Part 3, we consider the GBES findings around retaliation.
Join us for Episode 4, where we consider Covid-19 and its impact on employees. To obtain a copy of the Survey, click here. To find out more about ECI, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2021 • 14 minutes, 11 seconds
ECI 2021 Global Business Ethics Survey: Episode 2 - Key Findings
In this special five-part podcast series, I visit with Dr. Pat Harned, President of the Ethics & Compliance Initiative (ECI), about the organization’s 2021 Global Business Ethics Survey (GBES). Since 1994, ECI has conducted this cross-sectional study of workplace conduct from the employee’s perspective. ECI’s GBES data provides the only global benchmark on the state of ethics and compliance (E&C) in business. This year’s GBES is the first compliance related survey conducted after the global pandemic hit. It has significant information for the compliance professional which they need to consider for every compliance program, literally on a world-wide basis.
While a multitude of factors influence ethical behavior, the GBES reports interplay of four major ethics outcomes are tied to the daily decisions employees make with respect to how they behave in the workplace. These are: pressure in the workplace to compromise ethical standards; observations of misconduct; reporting misconduct; and, ultimately, the retaliation perceived by employees after they reported misconduct. Some of this year’s findings are quite troubling as they are clearly trending in disturbing directions. Over this series we will review the key findings, how retaliation against whistleblowers has taken an alarming turn, the impact of Covid-19 on compliance, closing with conclusions and recommendations. In Part 2, we consider its key trends.
Join us for Episode 3, where we discuss the troubling findings around retaliation. To obtain a copy of the Survey, click here. To find out more about ECI, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2021 • 16 minutes, 4 seconds
ECI 2021 Global Business Ethics Survey: Episode 1 - Introduction
In this special five-part podcast series, I visit with Dr. Pat Harned, President of the Ethics & Compliance Initiative (ECI), about the organization’s 2021 Global Business Ethics Survey (GBES). Since 1994, ECI has conducted this cross-sectional study of workplace conduct from the employee’s perspective. ECI’s GBES data provides the only global benchmark on the state of ethics and compliance (E&C) in business. This year’s GBES is the first compliance related survey conducted after the global pandemic hit. It has significant information for the compliance professional which they need to consider for every compliance program, literally on a world-wide basis.
While a multitude of factors influence ethical behavior, the GBES reports interplay of four major ethics outcomes are tied to the daily decisions employees make with respect to how they behave in the workplace. These are: pressure in the workplace to compromise ethical standards; observations of misconduct; reporting misconduct; and, ultimately, the retaliation perceived by employees after they reported misconduct. Some of this year’s findings are quite troubling as they are clearly trending in disturbing directions. Over this series we will review the key findings, how retaliation against whistleblowers has taken an alarming turn, the impact of Covid-19 on compliance, closing with conclusions and recommendations. In this Part 1, we review some of the key trends.
Join us for Episode 2, where we discuss some of the key findings from the 2021 GBES. To obtain a copy of the Survey, click here. To find out more about ECI, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2021 • 15 minutes, 27 seconds
James Koukios on MoFo Top 10 Int’l ABC Developments for December 2020
In the Episode, fan fav and MoFo partner James Koukios returns to discuss the firm’s always informative Top 10 International Anti-Corruption Developments for December 2020. We focus this episode on ABC enforcement efforts from other countries.
Highlights include:
CFTC brings first FCPA enforcement action;
Patrick Ho conviction upheld;
Brazilian government announces 5-year ABC plan;
MPP settles Car Wash enforcement action; and
ABC reforms introduced in NDAA.
Recourses
MoFo Top 10 International Anti-Corruption Developments for December 2020
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2021 • 23 minutes, 17 seconds
Loren Steffy on the Texas Power Disaster
In the Episode, Loren Steffy returns to take a deep dive into the Texas power failure during our recent snow-pocolypse. Steffey, a long-time business journalist who has been covering the Texas business scene for 30 years and the energy industry for 20 years. He talks about the background to the failures, what happened to cause power generation to fail, how the Texas government made the situation worse, the Texas government response and what fixes need to occur. If you are interested in risk management, this is the podcast for you.
Recourses-article on the crisis by Loren Steffey
In the Houston Chronicle, Opinion: 7 smart ways Texas can stop power blackouts - once and for all
In Texas Monthly, Texas’s Independence Didn’t Cause the Power Crisis
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/8/2021 • 28 minutes, 30 seconds
Michael Rasmussen on Policy Management Pro
In the Special Episode, I visit with Michael Rasmussen, who together with OCEG have rolled out a fabulous new resource for the compliance community, the Policy Management Pro and publication of the Policy Management Capability Model. Michael discusses how Policy Management Pro brings policy standards and a professional certification in policy management to the market for the first time. We also discuss why the Policy Management Capability Model is a great free and open-source resource.
Recourses
Check out Policy Management Pro here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2021 • 14 minutes, 30 seconds
James Koukios on MoFo Top 10 Int’l ABC Developments for November 2020
In the Episode, fan fav and MoFo partner James Koukios returns to discuss the firm’s always informative Top 10 International Anti-Corruption Developments for November 2020. We focus this episode on ABC enforcement efforts from other countries. Highlights include
· OECD Reports lauds US enforcement efforts and increased enforcement efforts by the Netherlands;
· World bank debars German firm;
· Developments in Mexico;
· Developments in and concerning Venezuela; and
· China and its repatriation of fugitives.
Recourses
MoFo Top 10 International Anti-Corruption Developments for November 2020
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/1/2021 • 28 minutes, 47 seconds
Kris Krimitsos on Podfest Global Summit
In the Episode, I visit with Podfest Expo founder Chris Krimitsos about the upcoming Podcast Global Summit, March 1-5. Podfest Global Summit is a gathering for those who are passionate about sharing their voice and message with the world through audio and video. Podfest Global has grown into a recurring, must-attend gathering that is now international, drawing creators from all over the world. You will see friendly faces and speakers who are experts in their field, delivering the most valuable, recent content from the virtual stage AND backstage. The programming, exhibitions and networking opportunities make this event a place for developing long-lasting, positive relationships for years to come. Highlights include
What led to the March event;
What makes the Podfest Global Summit the most unique event in the podcast arena;
Why this is a must attend event for any podcaster;
Be a part of this Guinness World Record setting event;
Why paying it forward is a key part of the event and how you can do so; and
Why you should join the Podfest Expo family.
Recourses
Join Tom and others at Podfest Global Summit at any time during March 1-5. Best all of listeners to this podcast can attend at no charge. Register here, using promo code CPN.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/22/2021 • 16 minutes, 54 seconds
Philip Urofsky on Shearman & Sterling’s 2020 FCPA Digest
In the Episode, I have back Philip Urofsky, a partner at Shearman & Sterling and editor of the firm’s FCPA Digest. Urofsky joins me to discuss the 2020 FCPA Digest and where anti-corruption enforcement may be headed in 2021.
Some of the highlights include:
Intro of the Shearman and Sterling FCPA Digest. What is it? How is compiled and produced?
2020 saw total sanctions of approximately $8.24 billion, making 2020 a record-shattering year in terms of quantum of FCPA enforcement penalties. What does this mean going forward?
There was growing cooperation between the FCPA enforcement agencies and other U.S. government entities, including OFAC and the CFTC. What might this mean for anti-corruption enforcement going forward? What might be the impact of CFTC enforcement of the FCPA going forward?
Did the international cooperation and enforcement in the Goldman Sachs FCPA enforcement action by state agencies such as the New York DFS signal another type of increased cooperation in investigation and enforcement?
Does the prosecution of Thomas Moyer Apple Global Head of Security, indicate a potential shift in the theoretical underpinnings of FCPA enforcement? Read in conjunction with the Relator’s actions in Opinion Release 20-01, might this signal a new approach to FCPA application?
Will the application NDAA influence or even inform FCPA requirements around due diligence on third-parties which are shell companies?
What, if any, changes to FCPA enforcement under the Biden Administration?
Resources
Check out a copy of the Shearman & Sterling FCPA Digest here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/15/2021 • 32 minutes, 39 seconds
Mike Volkov Turns the Tables
In the Episode, Mike Volkov turns the tables on me as he interviews me for a wide-ranging discussion about the new Justice Department leadership and the likely impact on enforcement and overall compliance. President Biden has nominated Merrick Garland and Lisa Monaco to head the U.S Department of Justice. In addition, the Biden Administration has nominated a number of strong enforcement candidates to head up various regulatory agencies. The implications of this new team across the government will be significant on various industry sectors. What do these developments and more mean for compliance enforcement and practice? Find out in this special episode.
This podcast originally appeared on Crime Corruption and Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/8/2021 • 52 minutes, 7 seconds
Pamela Fierst-Walsh on Responsible Sourcing
In the Episode, I have back Pamela Fierst-Walsh, Senior Advisor for Conflict & Critical Minerals, Bureau of Economic and Business Affairs, U.S. Department of State. Pamela joins me to discuss the responsible sourcing initiatives from the former Administration and where we may be headed under the Biden Administration.
Some of the highlights include:
1. What are your job duties as a Senior Advisor for Conflict & Critical Minerals, Bureau of Economic and Business Affairs, U.S. Department of State?
2. What is responsible sourcing?
3. What is the public/private partnership around this issue?
4. Why is this seen as a national security issue?
5. Is there an Executive Order on domestic supply chains relying on critical mineral sourcing from foreign Adversaries?
6. What is the process for considering this issue? Are there plans in the works to deal or remedy this?
7. What, if any, changes do you expect under the Biden Administration?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/1/2021 • 21 minutes, 27 seconds
Asher Miller on Doing Compliance in Israel
In the Episode, I visit with Asher Miller, a Compliance Consultant and Business Law Expert. Miller advises some of Israel's major corporations in the areas of anti-corruption, anti-money laundering and compliance of all areas, while combining deep knowledge in international contracting, specializing in the government and defense sectors. Miller joins me to discuss the current state of compliance in Israel.
Some of the highlights include:
What are the types of legal/compliance services offered by the Miller Law Group?
Miller been at the forefront on the dangers of bribery and corruption for Israeli businesses. Does that message resonate with companies in Israel?
How does Miller assess the state of anti-corruption/anti-bribery compliance in Israel?
Miller has written about the lessons learned from the Goldman Sachs FCPA settlement and the Airbus international anti-corruption settlement in the FCPA Blog. Do those messages resonate to your clients/potential clients?
Miller’s piece on Goldman Sachs had one of the greatest compliance lines ever, "Like in poker, if you can’t spot the fool around the table, it’s probably you." How did it relate to the Goldman settlement and what lesson should a compliance professional draw from it?
How was the Teva FCPA settlement received by Israeli companies?
Early in the Coronavirus Health Crisis Miller wrote the article “Corruption Compliance in COVID times – What’s the Exit Strategy?” We are now at 10 months later, has his assessment changed?
Resources
Check out Miller’s law firm here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2021 • 33 minutes, 13 seconds
Doreen Edelman on CFIUS under the Biden Administration
In the Episode, I visit with Doreen Edelman, chair of the Lowenstein Sandler Global Trade & Policy practice. She leads a unique team that combines global trade and policy expertise with cross-border M&A, technology, government contracts, white collar investigations, and business counseling practices to help clients develop strategies to minimize global business risks, increase compliance with U.S. requirements, and mitigate matters raised by U.S. regulatory agencies and the U.S. Department of Justice. Doreen joins me to bring us up-to-date on all things Committee on Foreign Investment in the United States (CFIUS) and where it is headed under the Biden Administration.
Some of the highlights include:
Why do you want everyone in compliance to have some familiarity of CFIUS?
Isn’t it just about foreign ownership?
Is this just about China?
Do you expect Biden to come in and have lots of changes?
What if you have investors that are Limited Partnerships?
When should company or investor start to consider CFIUS issues?
Are there any exceptions? Is there a de minimus exception for small deals?
What are the rules on a real estate purchase under CFIUS?
Resources
Doreen Edelman LinkedIn page
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2021 • 33 minutes, 30 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for October 2020
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for October 2020.
Some of the highlights include:
A record setting year in FCPA enforcement.
Beam Suntory-how did things go so sideways from SEC enforcement to DOJ enforcement.
Transparency International Report on International anti-corruption enforcement.
The continued debate over DOJ interpretation of agency theories. Do the 2 amici sited in the newsletter present any new arguments?
China considering changes to anti-corruption laws. What does this mean for Western companies and does it pose an increased risk?
Resources
To a copy of the Top 10 International Anti-Corruption Developments for October 2020 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2021 • 23 minutes, 34 seconds
Bonus Edition-Everything Ethics
Today I have a special year end episode where I am interviewed by Kevin Foster for his show Everything Ethics, which he has graciously allowed me to cross-post. It is a free flowing conversation about ethics with some compliance thrown in. It was a ton of fun to visit with Kevin. You can check out more about Kevin and his ethics trainings on the Resources below.
Resources
J. Kevin Foster LinkedIn Profile
Business Ethics Advisors
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2020 • 1 hour, 1 minute, 41 seconds
Eric Young on Key Compliance & Enforcement Changes 2010 to 2020
In this episode, I am joined by Eric Young, recently retired long-time compliance professional. In a continuing series on the FCPA Compliance Report, Eric joins me to explore some of the key changes he observed in compliance and enforcement in the financial industry over the decade of 2010 to 2020.
Some of the highlights include:
Greater and more visibility of bribery and corruption enforcement, particularly by the SEC against financial institutions.
Much lower regulator tolerance for poor data governance, self-governance and self-regulation.
An AML compliance program is a microcosm of what an enterprise-wide corporate compliance program should look like.
Resources
Eric Young on LinkedIn
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/28/2020 • 17 minutes, 56 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for September 2020
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for September 2020.
Some of the highlights include:
Brazil developments. Car wash to be extended?
SEC Amends Rules Governing Whistleblower Awards. Why were they amended?
Why has it become so important/powerful?
Any chance new Administration or Congress would fix Supreme Court decisions in Kokesh and Digital Realty Trust?
Sargent Marine FCPA enforcement action-a rare criminal prosecution against a company. Why are such cases so rare?
The discount: what was the basis; what is the process for seeking such a discount? What types of evidence is required?
Oil Trader Charged with Bribing Ecuadorian Officials.
Resources
To a copy of the Top 10 International Anti-Corruption Developments for September 2020 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2020 • 25 minutes, 7 seconds
Fry Wernick and Mike Ward Dissect the Year’s 3 Biggest Anti-Corruption Cases
In this episode, I was pleased to visit with Fry Wernick and Mike Ward, both partners at Vinson & Elkins. We dissect the three biggest anticorruption enforcement actions: Airbus, J&F Investments and Goldman Sachs. Fry explains things from the government perspective and Mike takes a look at things from the in-house CCO or compliance professional perspective. Their collective insights were great and I know you will enjoy this episode:
I. Airbus
DOJ Perspective
In this case, the UK and France took the lead in the investigation? What does this mean workload wise in the FCPA unit?
There were claims other than FCPA violations investigated by the US. How, if at all, did those impact the FCPA investigation.
What are some of the unique challenges in working with French prosecutors and theFrench blocking statute.
How does the DOJ work thru the gross penalty with other countries?
Company Perspective
What does this case tell a compliance professional?
What was the bribery scheme? What is the MO of the bad guys?
What controls were discussed in the settlement documents?
What company conduct was rewarded?
II. J&F Investments
DOJ Perspective
How do you evaluate something so massive, yet largely resolved by the time the DOJ takes the lead?
How is it to work with Brazilian prosecutors? Does each large international investigation have its own character and cadence?
Company Perspective
This case had difficult corporate governance issues.
Your M&A protocol needs to be in place but the risks from each transaction are bespoke.
In many ways, the case was a testament to deep pockets.
Pay attention to what is said in the resolution documents.
III. Goldman Sachs
DOJ Perspective
Obviously as the biggest FCPA prosecution ever, how does the Dept. work up such a case. Are there multiple prosecutors working up different aspects of the case?
How do you coordinate both internationally and domestically with all the other regulatory bodies?
What is the one pie concept and why is it so important?
Company Perspective
Why was there no monitor?
Compliance needs to be persistent and persistently right.
Why are compliance red flags also commercial red flags?
Will clawbacks become the norm?
For more information on Fry Wernick and Mike Ward and their practices, check out the Vinson & Elkins website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/14/2020 • 1 hour, 3 minutes, 57 seconds
Don Stern on the US Attorney Offices
In this episode, I am joined by Don Stern, Managing Director at Affiliated Monitors and former US Attorney for Massachusetts. We discuss the 93 US Attorneys offices across the US; how they work, how are cases worked up and their interaction with Main Justice in Washington.
Some of the highlights include:
What is the Dept of Justice structure including the US Attorneys?
What is the role of a US Attorney?
Is policy set at Main Justice in Washington and then carried out in offices across the country?
What is the relationship of the US Attorney offices to Main Justice?
Does a US Attorney or the office decide to open an investigation or does the FBI or other investigative agency bring information to the US District Attorney and ask them to prosecute?
If there is a prosecution of a Main Justice investigation, who staffs the matter at trial?
How are cases worked up in US Attorney’s offices?
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/7/2020 • 19 minutes, 40 seconds
Eric Young on the Fed and DFS Components of the Goldman Sachs Corruption Enforcement
In this episode, I am joined by Eric Young, recently retired long-time compliance professional. We explore an under-looked aspect of the Goldman Sachs FCPA enforcement action; the independent enforcement actions by the Federal Reserve Bank and state of New York’s Department of Financial Services.
Some of the highlights include:
Why was the Fed involved in the Goldman Sachs FCPA resolution?
The Fed Order seemed critical of Goldman Sachs compliance function. Do you find this criticism warranted?
Is the ongoing oversight of the Fed typical for this type of case?
Why was the state the New York DFS involved in the Goldman Sachs FCPA resolution?
What were the separate reporting obligations of the Goldman Sachs compliance function discussed in the DFS Order? Do such obligations exist at the federal level?
Were the dates, timing and amounts of these 3 bond offerings red flags?
Were the money laundering allegations in funding equally as troubling as the bribery and corruption?
Resources
Federal Reserve Cease and Desist Order
State of New York, Department of Financial Services Consent Order
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/30/2020 • 21 minutes, 53 seconds
How the Lion’s Mouth Informs Your Internal Reporting System
The week of Thanksgiving is the time of our annual trip to the most beautiful and unique city on earth-Venice, Italy. With travel to Italy shut down this year due to Covid-19, I am visiting Venice virtually and mining this rich city for compliance lessons. This episode concludes my podcast series on how the city of Venice informs your internal reporting system. The symbol of Venice is the Lion of St. Mark. The use of this symbol led to the maxim ‘straight from the lion’s mouth’. This adage came about because the Republic of Venice had its own hotline system where citizens could report misconduct. A citizen could write down his concern on paper and literally put the message into the mouth of statues of lion heads placed around the City. This system was originally set up to be anonymous but later changed to require that a citizen had to write his name down when submitting a message.
As podcast series on compliance lessons from Venice draws to an end, I am reminded how much the western world has to thank the Republic of Venice. From the forms of republican democracy that the US Founding Fathers drew from to helping to establish a world-wide trade and banking system which still reverberates today. But, if you look closer, ancient Venice had many good government techniques which also still inform the modern world. Straight from the lion’s mouth to your company’s internal reporting system is just one of them.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/25/2020 • 9 minutes, 16 seconds
Arsenale and Incentivizing Compliance
The week of Thanksgiving is the time of our annual trip to the most beautiful and unique city on earth-Venice, Italy. With travel to Italy shut down this year due to Covid-19, I am visiting Venice virtually and mining this rich city for compliance lessons. Today's lesson come from the Arsenale and incentives in compliance. This is not a precursor to that famous north London football club, the Arsenal Gunners, but the district in Venice where one of the main commercial enterprises of the city took place, that being ship building and ship repair. At one point, the Arsenale employed almost 10% of the city’s workforce or 12,000 people.
I picked up some interesting compliance insights in learning more about the Arsenale. On the incentive side there were several mechanisms the City of Venice used to help make the Arsenale work force more loyal and desirous to stay in their jobs, all for the betterment of themselves and their city. The first was job security. The Arsenale was so busy for so many years that lay-offs were unheard of. Even if someone lost their job, through injury, mishap or worse; they received enough of compensation that they could live in the city. Finally, when a worker died, the company provided not only funeral expenses but would assist in taking care of the family through stipends or finding other work for family members.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/24/2020 • 10 minutes, 29 seconds
Mike Lindsey on Legal Issues Related to Cyber, E-Commerce and Internal Communications
In this episode, I am joined by Mike Lindsey, a partner in the Los Angeles law firm of Steinbrecher and Span. Lindsay specializes in cyber risk issues. He joins me to discuss those legal issues around cyber security, e-commerce, internal communications and ephemeral messaging.
Some of the highlights include:
The nature of Lindsey’s practice.
Description of legal work on in the areas of (a) e-commerce structuring, (b)new media development and (c) co-branding, alliance and other marketing arrangements.
How should a company put out e-learning information on near misses or actual ethical/policy/Code of Conduct violations and protections do they need to consider for the employee(s) involved?
What are the key issues when responding to a data breach?
What is data mapping and why should a company do so on a proactive basis?
Recently the DOJ announced that Chief Compliance Officers should have access to all corp data? Does this raise in data privacy/data protection risks?
How should a company try and capture ephemeral messaging?
Resources
LinkedIn page for Mike Lindsey
Steinbrecher and Span page for Mike Lindsey
Steinbrecher and Span homepage
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/23/2020 • 25 minutes, 58 seconds
How the Venetian Gondolier Informs Your Compliance Program
If there is one thing that is ubiquitous throughout this city it is the Gondolier, the Venetian Gondola boatman. You are never far from hearing their cry of “Gondola, Gondola” to attract tourists for a fabled and romantic gondola ride. One thing I notice about the Gondolier that in addition to having a stout pairs of lungs, they are almost all in very good physical condition. They have to be piloting this very old craft by hand in and around the crowded waters of Venice.
I thought about this as a metaphor for improving your compliance program. As a CCO or compliance practitioner, the more you can get out of the office, into the field and meet the troops the more fit your compliance program will be. Any best practices compliance program should have input from the geographies, cultures, business units and corporate functions within the company. It is well understood that a compliance procedure that works well in the US may not work in Indonesia.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/23/2020 • 8 minutes
Dave Lefort, Reflections on Tommy Heinsohn
In the episode, I take things in a different direction as I visit with Compliance Week Editor-in-Chief Dave Lefort. We reflect on the life and meaning of the recently deceased Tommy Heinsohn. We talk about Heinsohn the player, the coach, the announcer and the man. We discuss leadership and why Heinsohn was a figure beloved by all of New England.
Some of the highlights include:
The basketball resume of Tommy Heinsohn, from Holy Cross and an NIT Championship, to a Boston Celtics player, to the Boston Celtics coach and ending as the Boston Celtics announcer.
Some Heinsohn numbers.
Tommy Heinsohn and Red Auerbach –their relationship.
How did Auerbach make use of Tommy’s skills in over 35 years of working together?
What is the role of a Coach/GM in finding roles for all players?
What did Tommy mean to Boston, New England and indeed all of New England?
Why is continuity so valued in Boston sports?
Final Thoughts-What did Tommy Heinsohn mean personally to each of us?
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/16/2020 • 30 minutes, 25 seconds
Mike DeBernardis on Q3 FCPA Enforcement and Related Issues
In the Episode, I visit with Mike DeBernardis, Counsel and Hughes Hubbard. We take a look back at the FCPA world in Q3. It started off with a bang and never slowed down.
Some of the highlights include:
The quarter started off with a bang-Novartis US and never slowed down.
How and why did Novartis US, First Energy in Ohio and Commonwealth Ed in Illinois change the discussion around domestic corruption?
What were some of the key lessons from the Herbalife FCPA enforcement action? Why is it so important to obtain experienced White-Collar Counsel in a serious FCPA matter?
What were top 3 takeaways from the release of the FCPA Resource Guide 2nd edition?
Sargeant Marine was a rare criminal FCPA plea. What is the significance of the case?
The Alexion SEC enforcement action in July was relatively small but had some interesting lessons. What were key takeaways from the case?
Do you see continue aggressive FCPA enforcement by the DOJ/SEC?
What are you telling clients about their compliance programs going into the next 12 months?
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/9/2020 • 30 minutes, 53 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for April 2020
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for April 2020.
Some of the highlights include:
DOJ Announces Repatriation of $300 Million to Malaysia in Connection With 1MDB.
Colombia Officially Enters the OECD. What was the process and what does this mean for Colombia?
What is the DOJ saying around FCPA enforcement in the Covid-19 era?
London court discharges 3rd ever unexplained wealth order?
ENI resolves Algeria FCPA allegations.
Resources
To a copy of the Top 10 International Anti-Corruption Developments for April 2020 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/2/2020 • 18 minutes, 44 seconds
Wirecard Part 10, On the Beach
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we explore shell companies in our On the Beach episode.
Some of the highlights include:
Weekly news wrap-up on Wirecard
What is the Bundestag investigating? Are they doing anything?
Were 250 Wirecard employees assigned to the money-laundering team?
Is a Bundestag inquiry in the works by the EU?
KPMG enters the story.
Shell Companies Shell Companies Shell Companies
Why it might be time for a walk on the beach (and to read On The Beach)
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/28/2020 • 57 minutes, 50 seconds
Susan Divers on Evolution in Compliance over the Past Decade
In this episode, I visit with Susan Divers, Senior Advisor at LRN. It is part of my continuing series this year looking back over the past decade of Foreign Corrupt Practices Act enforcement and the evolution of compliance. Some of the topics we consider are:
How the heavy emphasis on enforcement by the DOJ led to organizations investing in compliance.
How did companies begin to evolve their compliance programs away from paper programs, written by lawyers for lawyers?
How the first industry sweep through energy led to a pragmatic business solution to compliance throughout the energy ecosystem.
The DOJ evolution in communicating information on its expectations on best practices compliance program.
The change in ERM emphasis requiring each company to manage its risks.
The use of data in compliance.
Trends into the 2020s and beyond.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/26/2020 • 25 minutes, 6 seconds
Gar Hurst on Biggest Import Issue You Have Never Heard About
In this episode, I visit with Gar Hurst a partner at Givens and Johnston. Gar and the firm specialize on import control issues. Today we take a major issue that is bedeviling companies in the Port of Houston and elsewhere, wood packaging issue. We explore why it is the biggest threat to importations you have never heard about. It turns out that import laws and regulations have substantial impact on export control, AML and ABC compliance.
What are wood packaging violations?
What is covered by Wood Packaging regulations?
What are violations and what are Emergency Actions Notices?
What remedies are allowed in the US and when must you go internationally for remediation?
What are potential penalties.
How can you engage in prevention?
See Gar Hurst’s professional profile here. See the firm of Givens and Johnston’s profile here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/19/2020 • 30 minutes, 16 seconds
Carrie Penman on Beyond the Moment
In this podcast, I am joined I am joined by Carrie Penman, Chief Risk and Compliance Officer at NAVEX Global, Inc. We visit about their upcoming 2020 virtual conference, NAVEX Next, which is entitled Beyond the Moment.
The theme, Beyond the Moment, defines the 2020 agenda and supports sessions that will help you and your organization move past a defensive stance on current events and trends. The goal is to help everyone be proactive and more holistic in their approach to risk and compliance management. If there is one key message that I have garnered in talking to compliance and other professionals about Coronavirus is that the future demands we be prepared, no matter what comes next.
What are some of the key themes for this conference? Obviously the Coivd-19 lockdowns, work from home and remote working environments have changed a large number of risk factors that every Chief Compliance Officer (CCO) needs to consider from a risk perspective and address from a variety of angles; such as data privacy/protection, communications and training and ongoing engagement.
Last year, NAVEX’s virtual conference had over 9,000 registrants. Best of all is the cost of the conference, its FREE. That is right, all of the above is available at no charge. NAVEX Global has submitted the conference to the Compliance Certification Board (CCB)® and is pending their review for approval of CCB CEUs. It will be held Thursday, October 22, from 10 AM to 4 PM Central Time. I hope that you will plan to join me for this great event. Registration, agenda and other information are available here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/16/2020 • 21 minutes, 41 seconds
Wirecard Part 9, Running to Fraud with Hermes
In our continuing series, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we explore the money laundering Wirecard engaged in via the project dubbed ‘Hermes’.
Some of the highlights include:
· Weekly news wrap-up on Wirecard.
· What has this done to the German political scene?
· Any talk about BaFin reforms?
· How do losses reach €20bn?
· How was the investigation “unrelated to the mandate”?
· Money laundering through Hermes.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2020 • 53 minutes, 36 seconds
The FinCen Papers
In this podcast, I am joined by Piero Molinario, Senior Managing Director, Head of Financial Crimes Risk and Compliance for EMEA for K2 Intelligence FIN and Joanne Taylor, Managing Director, K2 Intelligence FIN who works with clients investigations and financial crime compliance, including fraud risk management, anti-bribery and corruption, regulatory enforcement, and fraud investigations. Both are located in London. We take a deep dive into the FinCen Papers.
Some of the highlights include:
What are the FinCen Papers?
What is the significance of their release?
Does this release hurt financial institutions?
Does it hurt the regulators?
Do the FinCEN Papers show there is more work to be done?
Are there any positive takeaways from the release of the FinCEN papers?
For more information on K2 Intelligence FIN, check out their website here.
For additional reading see the white paper, The FinCEN Files Impatiently Bypasses Government Entities Responsible for Acting on SARs Filings.
See also the following policy, Policy Alert: ICIJ Leaked SAR Investigation Highlights Opportunity for BSA/AML Reform, 25 September 2020
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/12/2020 • 25 minutes, 43 seconds
Jonathan Armstrong on Herbalife from a UK Perspective
In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this concluding Part 5, I am joined by Jonathan Armstrong and we discuss the enforcement action from the UK perspective under the UK Bribery Act.
Some of the highlights include:
· China is a known high-risk business venue.
· Licenses are required in China for direct sales.
· UK Bribery Act not as concerned with the blurring of public and private officials.
· Scottish cases provide some interesting analogies.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/9/2020 • 14 minutes, 31 seconds
Jonathan Marks on the Role of Gatekeepers
In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this Part 4, Jonathan Marks and Tom Fox discuss the role of gatekeepers and the lack of skepticism at the Board of Directors.
Some of the highlights include:
· Chief Audit Executive and Chief Compliance Officer exits should be 8K events.
· Who guards the gatekeepers?
· The Board is responsible for management override of controls.
· Why was there a lack of skepticism at the Board level?
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2020 • 11 minutes, 15 seconds
Compliance Book Club Interview of Robert Chesnut on Intentional Integrity
In this special edition, I am pleased to cross-post a recent live event hosted by Sean Freidlin, Director Product Marketing at SAI Global. He hosted the third edition of SAI Global’s Compliance Book Club, featuring Robert Chesnut, author of Intentional Integrity. Sean's Compliance Book Club is fast becoming one of the most listened to events in the compliance world. His interview with Robert Chesnut is great information for the compliance professional. Sean graciously allowed me to cross-post this interview as a podcast on the Compliance Podcast Network.
SAI Global’s Compliance Book Club is a community initiative that brings ethics, compliance, and risk professionals together around a book you’ll love, and invites everyone to participate in a live Q&A and discussion with the author. For the third meeting, and as part of our celebration of the fifth annual International Compliance Officer Day, we present “Intentional Integrity: How Smart Companies Can Lead an Ethical Revolution” by Robert Chesnut. In Intentional Integrity, Chesnut offers a six-step process for leaders to foster and manage a culture of integrity at work. He explains the rationale and legal context for the ethics and practices, and presents scenarios to illuminate the nuances of thinking deeply and objectively about workplace culture.
You can check out Sean's original recording here. Check out the full panoply of SAI Global Ethical Leadership Articles and Resources here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/7/2020 • 1 hour, 2 minutes, 51 seconds
Wirecard Part 9, Bring Lawyers Guns and Money
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we explore those other professional service providers who enabled Wirecard in our bring Lawyers Guns and Money episode .
Some of the highlights include:
Weekly news wrap-up on Wirecard
Is EY at its Arthur Anderson moment?
Who has potential lawsuits against EY?
Is a Bundestag inquiry in the works?
Will there be an EU-level inquiry into the German government response?
Who were the Enablers?
Why is now the time for lawyers to take a stand for the Rule of Law?
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/7/2020 • 39 minutes, 10 seconds
Matt Kelly on the Role of Internal Audit
In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this Part 3, Matt Kelly joins me to consider the role internal audit in this matter and the (non) actions of Herbalife’s Board of Directors.
Some of the highlights include:
Internal Audit as window dressing does not good government make.
How high up must internal audit push?
What is the Board’s duty?
Is there a Caremark claim against the Herbalife Board of Directors?
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/7/2020 • 12 minutes, 52 seconds
Jay Rosen on the Lack of Monitorship
In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this Part 2, Jay Rosen joins me to consider how Herbalife was able to avoid a Monitorship.
Some of the highlights include:
· The Benczkowski Memo.
· The need for full disclosure and candor.
· Remediate extensively.
· End of monitorships as we know them?
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/6/2020 • 9 minutes, 59 seconds
Mike Volkov on the Herbalife FCPA Resolution
In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this Part 1, Mike Volkov details how he would counsel a company which found itself in a situation similar to Herbalife.
Some of the highlights include:
· Where would you start?
· Make sure the full Board of Directors understands its obligations and the risks involved.
· Build internal alliances moving forward.
· Be up front and candid with prosecutors.
· Do not walk back promises or representations made to prosecutors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/5/2020 • 11 minutes, 49 seconds
The Miller & Chevalier 2020 Latin American Corruption Survey-Part 5, 12-Year Retrospective
Welcome to a special five-part podcast series where I take a deep dive into the Miller & Chevalier Chartered Latin American Corruption Survey. Over this five-part series I will visit with firm lawyers James Tillen, Matt Ellis, Alexandra Almonte and Greg Bates. Miller & Chevalier and 14 partner firms have tracked perspectives on anti-corruption issues in the region since 2008. It is the most comprehensive survey on the perception of corruption in Latin America.
This year, 54 percent of survey respondents said corruption is a significant obstacle to doing business – up 10 percent since 2012 – while only 45 percent of respondents believe offenders are likely to be prosecuted, down from 66 percent in 2008. Despite Latin America's anti-corruption progress over the last decade this new survey data reveals corruption risk to be at an all-time high across the region.
In this Episode 5, I am joined by James Tillen and Matt Ellis to take a retrospective look back over the 12 years of Miller & Chevalier’s Latin American Corruption Survey. Some of the highlights include:
How have the perceptions of corruption changed in the region over the past 10 years?
What have been the changes in anti-corruption laws in the region over the past 10 years?
What has been the progression of views on corruption related risks to specific countries over the past 10 years?
Miller has 14 partner firms from the region involved in the Survey and we discuss their crucial role in obtaining actionable data.
For more information on the Miller & Chevalier Chartered 2020 Latin American Corruption Survey, click here. The Survey is available in English, Spanish and Portuguese.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/2/2020 • 25 minutes, 18 seconds
The Miller & Chevalier 2020 Latin American Corruption Survey-Part 4, Compliance Program Design and Implementation
Welcome to a special five-part podcast series where I take a deep dive into the Miller & Chevalier Chartered Latin American Corruption Survey. Over this five-part series I will visit with firm lawyers James Tillen, Matt Ellis, Alexandra Almonte and Greg Bates. Miller & Chevalier and 14 partner firms have tracked perspectives on anti-corruption issues in the region since 2008. It is the most comprehensive survey on the perception of corruption in Latin America.
This year, 54 percent of survey respondents said corruption is a significant obstacle to doing business – up 10 percent since 2012 – while only 45 percent of respondents believe offenders are likely to be prosecuted, down from 66 percent in 2008. Despite Latin America's anti-corruption progress over the last decade this new survey data reveals corruption risk to be at an all-time high across the region.
In this Episode 4, I visit with firm Counsel Greg Bates and we explore some of the Survey’s data on compliance program design and implementation. Some of the highlights include:
What does the Survey data mean for in-house compliance officers?
What trends does the Survey indicate vis-à-vis compliance program data?
The Survey had almost 1000 respondents, with a mix of representatives from multinational, local/regional, and public and private companies. Do you see different levels of importance of ABAC compliance programming based on the type of company that responded?
What other efforts to manage bribery and corruption risks are you seeing in the Survey data?
The Survey was conducted just before Coronavirus hit Latin America. Looking into your crystal ball, how do you think COVID-19 will impact compliance programming in the region?
Join us in our final episode where I am joined by James Tillen and Matt Ellis to take a retrospective look back over the 12 years of Miller & Chevalier’s Latin American Corruption Survey.
For more information on the Miller & Chevalier Chartered 2020 Latin American Corruption Survey, click here. The Survey is available in English, Spanish and Portuguese.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2020 • 15 minutes, 22 seconds
Lies, Spies and Wirecard
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we explore lies, spies and Wirecard.
Some of the highlights include:
Weekly news wrap-up on Wirecard
What did BDO find in the Philippines?
Why was the Wirecard Board of Directors afraid to meet in a conference room with windows?
Why is there no interest in the bankruptcy remains of Wirecard?
What did the initial Insolvency Report show?
Was Wirecard ever designed to be profitable?
The continued adventures of Jan Marsalek.
More dirty money.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/30/2020 • 46 minutes, 25 seconds
The Miller & Chevalier 2020 Latin American Corruption Survey-Part 3, Compliance Trends
Welcome to a special five-part podcast series where I take a deep dive into the Miller & Chevalier Chartered Latin American Corruption Survey. Over this five-part series I will visit with firm lawyers James Tillen, Matt Ellis, Alexandra Almonte and Greg Bates. Miller & Chevalier and 14 partner firms have tracked perspectives on anti-corruption issues in the region since 2008. It is the most comprehensive survey on the perception of corruption in Latin America.
This year, 54 percent of survey respondents said corruption is a significant obstacle to doing business – up 10 percent since 2012 – while only 45 percent of respondents believe offenders are likely to be prosecuted, down from 66 percent in 2008. Despite Latin America's anti-corruption progress over the last decade this new survey data reveals corruption risk to be at an all-time high across the region.
In this Episode 3, I visit with firm Member Alejandra Almonte and we explore some of the Survey’s high-level findings on compliance trends in the Latin American region. Some of the highlights include:
What were some of the key high-level findings about corruption and anti-corruption compliance in the region?
Focusing on implementation of compliance programming in Latin America, what trends does the Survey show are emerging?
Given the enactment of laws in the region, such as Brazil’s Clean Companies Act and other anti-corruption legislation, where does the FCPA stand in the region?
What does the continued importance of the FCPA mean for compliance programs in the Latin American Region?
Join us in our next episode where we explore some of the Survey’s data on compliance program design and implementation with Greg Bates.
For more information on the Miller & Chevalier Chartered 2020 Latin American Corruption Survey, click here. The Survey is available in English, Spanish and Portuguese.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/30/2020 • 15 minutes, 15 seconds
The Miller & Chevalier 2020 Latin American Corruption Survey-Part 2, Country Specific Corruption Issues
Welcome to a special five-part podcast series where I take a deep dive into the Miller & Chevalier Chartered Latin American Corruption Survey. Over this five-part series I will visit with firm lawyers James Tillen, Matt Ellis, Alexandra Almonte and Greg Bates. Miller & Chevalier and 14 partner firms have tracked perspectives on anti-corruption issues in the region since 2008. It is the most comprehensive survey on the perception of corruption in Latin America.
This year, 54 percent of survey respondents said corruption is a significant obstacle to doing business – up 10 percent since 2012 – while only 45 percent of respondents believe offenders are likely to be prosecuted, down from 66 percent in 2008. Despite Latin America's anti-corruption progress over the last decade this new survey data reveals corruption risk to be at an all-time high across the region.
In this Episode 2, I visit with firm Member Matt Ellis on some of the Survey’s findings on country specific corruption issues. Some of the highlights include:
What countries in the region are seen as most corrupt?
What were some of the most surprising country-specific findings?
Brazil has been so active in recent years in leading corruption investigations and cooperating with other countries. What does the data say about Brazil?
Mexico is a focus right now given the various investigations surrounding Pemex. What does the data say about Mexico corruption risk?
Do any countries buck the trend of more perceived corruption risk?
The Notebooks Scandal in Argentina was a surprising development. What are Argentines saying about their own anti-corruption laws and efforts?
Join us in our next episode where we explore some of the Survey’s high-level findings on compliance trends with Alejandra Almonte.
For more information on the Miller & Chevalier Chartered 2020 Latin American Corruption Survey, click here. The Survey is available in English, Spanish and Portuguese.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/29/2020 • 16 minutes, 29 seconds
The Miller & Chevalier 2020 Latin American Corruption Survey-Part 1, Introduction
Welcome to a special five-part podcast series where I take a deep dive into the Miller & Chevalier Chartered 2020 Latin American Corruption Survey. Over this five-part series I will visit with firm lawyers James Tillen, Matt Ellis, Alexandra Almonte and Greg Bates. Miller & Chevalier and 14 partner firms have tracked perspectives on anti-corruption issues in the region since 2008. It is the most comprehensive survey on the perception of corruption in Latin America.
This year, 54 percent of survey respondents said corruption is a significant obstacle to doing business – up 10 percent since 2012 – while only 45 percent of respondents believe offenders are likely to be prosecuted, down from 66 percent in 2008. Despite Latin America's anti-corruption progress over the last decade this new survey data reveals corruption risk to be at an all-time high across the region.
In this Episode 1, I visit with firm Member James Tillen on the Survey’s findings on region-wide corruption risks and region-wide perceptions of corruption and effectiveness of local anti-corruption laws. Some of the highlights include:
Miller has been tracking views of corruption risk in the region since 2008. How do businesspeople perceive corruption risk in this Survey v. prior years?
What kind of questions did Miller ask respondents to inform these perceptions of risk?
What is the significance, if any, that risk has gone up at the same time that enforcement has gone up in the region over the last 10 or so years?
What areas of government in the region are seen as most corrupt and least corrupt?
Join us in our next episode where we explore Survey findings on some country-specific corruption issues with Matt Ellis.
For more information on the Miller & Chevalier Chartered 2020 Latin American Corruption Survey, click here. The Survey is available in English, Spanish and Portuguese.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/28/2020 • 16 minutes, 44 seconds
Wirecard-Part 6, End of Summer Wrap UP
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we are back from a summer hiatus and wrap up what has been happening on the Wirecard front over the past few weeks.
Some of the highlights include:
· BaFin Unapologetic
· Reporters and Short Sellers – Free to Be, You & Me?
· Political Fallout?
· Another German DAX-listed Company Scandal?
· Impact on EU – Rethinking Germany Frankfurt and Bonn for Financial Services Capitols post-Brexit?
· What is happening within Wirecard now – is the company still going?
· Deutsche is Not Buying
· Has the fullness of the scandal been revealed, or is more coming to light?
· What is, or what was, Project Panther?
· Enron had significant impact on then Big-5; is Wirecard going to impact Big-4 in the same way?
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/23/2020 • 51 minutes, 28 seconds
John Fons and Current Issues Facing CCOs
In this episode, I visit with John Fons. Over his career, Fons has been the Director, Global Compliance & Ethics, Modine Manufacturing, Senior Counsel, Modine Manufacturing, General Counsel, Joy Global, Milwaukee and VP, General Counsel & Secretary, Metso Minerals, Brookfield. Fons has also been a Partner to the Board and all levels of organization in setting strategic direction of ethics and compliance program and implementation within businesses. Fons provides insights into some of the current issues facing CCOs and CECOs today.
Some of the highlights include:
Why compliance needs to report into a Board committee separate and apart from the Audit Committee;
Why Boards should have compliance expertise on the Board;
Why CCOs should have a written contract with guaranteed severance; and
Why the hiring and firing of CCO should be an 8K event.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/21/2020 • 23 minutes, 17 seconds
Jordan Arnold and Surjeet Mahant on the DFS Cyber Enforcement Action on First American Title
In this episode, I take a deep dive into the first cyber-security enforcement action brought by the state of New York, Department of Financial Services. It was against First American Title. In this exploration I am joined by Jordan Arnold, the Chief Innovation Officer at K2 Intelligence FIN. He is the founder and Global Chair of K2 Intelligence’s Private Client Services practice, which provides privacy and security services to ultra and high net worth families and clients in the entertainment, music, and sports industries and Surjeet Mahant, Managing Director in K2 Intelligence FIN’s Financial Crimes Risk and Compliance practice, where he leads cyber risk services. With over 20 years of experience in cybersecurity and privacy risk solutions for large institutions, Surjeet assists clients in developing the tools and strategies needed to protect the confidentiality of their data, the availability of their systems, and the integrity of their operations.
Some of the highlights include:
Overview of the enforcement action;
What are the broader consequences for the industry; significance of regulation/action; need for proactive actions;
What is the DFS and why is it regulating an insurance company around cyber?
Why has cyber become a part of the broader compliance conversation?
What specific steps can entities take to mitigate a violation or breach of data?
What can entities expect in the future from regulators in the cyber space?
For more information on K2 Intelligence FIN, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/14/2020 • 37 minutes, 23 seconds
Special 500th Anniversary Episode
The FCPA Compliance Report is the longest running podcast in compliance. Today, I am extraordinarily honored to post my 500th Anniversary podcast. Today, I switch seats to be the guest as I am interviewed by Gregg Greenberg, the General Manager of CSuite Radio. We take a look back at some of the key trends, I have seen in compliance over the past 10 years, the top episodes, my favorite guests, the Liverpool Football Club, buffalo wings and much more.
Some of the highlights include:
The biggest changes seen in compliance over the past 10 years.
When, why and how did the FCPA Compliance Report begin?
What are of my favorite episodes and some of my top guests? By the number and by guests.
What I have learned in this journey?
As The Voice of Compliance; why I am so passionate about podcasting as a communication tool.
If you are an LFC fan, why you will walk alone.
What makes the perfect buffalo wing?
Check out the Lead Up Podcast Series
If you are interested in my podcast series from 5 top commentators on their reflections on the evolution of compliance over the past 10 years, check out the following:
Episode 495 – Mike Volkov on changes in FCPA enforcement;
Episode 496 – Matt Kelly on changes in compliance report from business journalism;
Episode 497 – Jonathan Armstrong in changes GDPR, the UKBA and Modern Slavery law;
Episode 498 – Jay Rosen on moving from reactive to proactive compliance; and
Episode 499 – Jonathan Marks on how changes in internal audit both mirror changes in compliance professionalism.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/31/2020 • 39 minutes, 1 second
Jonathan Marks on the Evolution of Compliance Through the Eyes of Internal Audit
The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I have been joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Jonathan Marks, a partner at Baker Tilly who talks about the evolution of compliance through the lens of internal audit. We consider how some of the changes in compliance mirror those he saw and lived through in the world of internal audit.
Some of the highlights include:
Marks looks back at the changes and evolution of the internal audit profession since SOX.
Marks sees the FCPA Internal Control provisions as the precursor to SOX.
Marks sees professionalism in compliance in a similar arc as he observed in the audit profession.
Why was the COSO 2013 Internal Controls Framework a seminal moment for compliance professionals.
Why is the move to an overall integrated structure of Enterprise Risk Management so critical?
How the 2020 Update to the Evaluation of Corporate Compliance Programs brought business intelligence to compliance.
Lineup
I hope you will listen in to each episode over this week. The lineup will be:
Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement.
Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective.
Wednesday 26, August Episode 497-Jonathan Armstrong in changes in data protection/data privacy compliance.
Thursday August 27-August Episode 498-Jay Rosen in changes in compliance from the business development perspective.
Monday, August Episode 500-the Anniversary Episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/28/2020 • 26 minutes, 33 seconds
Jay Rosen on Changes from the Compliance Vendor Perspective
The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Jay Rosen, Vice President of Business Development at Affiliated Monitors, Inc. We consider some of the top changes Rosen has observed in how companies have thought about compliance solutions.
Some of the highlights include:
How Rosen moved from Hollywood the movies to Hollywood, the compliance field.
How purchases of items like translation services moved to be seen as an ongoing service.
The “Foreign” in Foreign Corrupt Practices Act.
The move from reactive compliance to proactive compliance.
How consumers of compliance products and services became more sophisticated over time.
The changes brought by the Coronavirus health crisis for virtual everything.
Lineup
I hope you will listen in to each episode over this week. The lineup will be:
Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement.
Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective.
Wednesday 26, August Episode 497-Jonathan Armstrong in changes in data protection/data privacy compliance.
Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit.
Monday, August Episode 500-the Anniversary Episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2020 • 28 minutes, 22 seconds
Jonathan Armstrong on the UKBA, GDPR and Modern Slavery Compliance
The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Jonathan Armstrong, co-founder of Cordery Compliance. We take a look back at the evolution of UK and EU laws around bribery, data privacy/data protection and modern slavery and the compliance response.
Some of the highlights include:
The UK Bribery Act was a seminal law for international anti-corruption enforcement which brought another sheriff to town.
How tech monopolies have led to greater enforcement in the UK and EU.
How one person can make a change. Max Schrems was a law school student in 2011.
How the US model of FCPA enforcement influenced regulators across the globe.
The evolution of DPAs in the UK and elsewhere.
Armstrong believes the fight against slavery is a job only half well done.
Lineup
I hope you will listen in to each episode over this week. The lineup will be:
Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement.
Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective.
Thursday August 27-, August Episode 498-Jay Rosen in changes in compliance from the business development perspective.
Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit.
Monday, August Episode 500-the Anniversary Episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/26/2020 • 23 minutes, 23 seconds
Matt Kelly on Changes Seen by the 4th Estate
The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Matt Kelly, founder of Radical Compliance. Kelly is a business journalist who was one of the first to gravitate to compliance. We take a look back at the evolution compliance over the past 10 years from the perspective of the 4th Estate.
Some of the highlights include:
How compliance has moved into the mainstream of business news and the discussions about business.
How social media has led to a more robust discussion about corporate ethics and democratized other people's ability to hold companies accountable to ethical standards.
The significance of the COSO 2013 Internal Controls Framework.
Kelly sees FCPA enforcement as fundamentally different than corporate scandals which led to SOX and Dodd-Frank.
The convergence of compliance & ethics and audit & risk management.
The increased use of data in compliance as emphasized in the 2020 Update to the Evaluation of Corporate Compliance Program.
Lineup
I hope you will listen in to each episode over this week. The lineup will be:
Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement.
Wednesday 26, August Episode 497-Jonathan Armstrong in changes in data protection/data privacy compliance.
Thursday August 27-, August Episode 498-Jay Rosen in changes in compliance from the business development perspective.
Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit.
Monday, August Episode 500-the Anniversary Episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/25/2020 • 21 minutes, 56 seconds
Mike Volkov on Changes in FCPA Enforcement
The FCPA Compliance Report is the longest running podcast in compliance, airing on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective.
In this episode, I visit with Mike Volkov, founder and principal of the Volkov Law Group. We take a look back at the evolution of FCPA enforcement over the past 10 years.
Some of the highlights include:
Volkov looks all the way back to the Father of the FCPA, Judge Stanley Sporkin to see the beginnings of cooperation credit under the current FCPA Corporate Enforcement Policy.
Why was the Parker Drilling enforcement action a seminal moment in FCPA enforcement?
Why the 2012 version of the FCPA Resource Guide was such an important step forward in FCPA compliance. Why the 2020 FCPA Resource Guide, 2nd edition was so welcomed.
The continued evolution of the DOJ on both FCPA enforcement and best practices compliance.
From reading the tea leaves to the 2020 Update to the Evaluation of Corporate Compliance Programs.
The Lineup
I hope you will listen in to each episode over this week. The lineup will be:
Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective.
Wednesday 26, August Episode 497-Jonathan Armstrong in changes in data protection/data privacy compliance.
Thursday August 27-, August Episode 498-Jay Rosen in changes in compliance from the business development perspective.
Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit.
Monday, August Episode 500-Tom Fox and the Anniversary Episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/24/2020 • 26 minutes, 39 seconds
Wirecard and Fraud
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we continue our multipart series on the Wirecard accounting fraud. Today, we take up the issue of fraud in the Wirecard saga.
Some of the highlights include:
Did Wirecard ever make money?
Was Wirecard even designed to make money?
Was it simply a Ponzi scheme??
Why BCCI and not Enron was Wirecard’s role model?
How could BaFin employees oversee Wirecard while investing in it? (Ans: they couldn’t)
What is Round-Tripping fraud and how did Wirecard master it?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/19/2020 • 56 minutes, 58 seconds
Eric Lorber on How the Trade Sanction Sausage is Made
Ever wonder how the sausage is made around economic and trade sanctions? What is the process for persons and companies to be put on the sanctioned lists? Then this is the podcast for you as I am joined by Eric Lorber.
Eric is a vice president at K2 Intelligence Financial Integrity Network, where he advises global financial institutions on issues related to sanctions and anti-money laundering/combating the financing of terrorism compliance. Prior to re-joining FIN, Eric was a senior advisor to the Under Secretary for Terrorism and Financial Intelligence at the United States Department of the Treasury, where he provided strategic guidance on U.S. sanctions and AML/CFT policies. He is also the senior director of the Center of Economic and Financial Power at the Foundation for Defense of Democracies.
Some of the highlights include:
What is the process for creation of economic sanctions?
How does an individual or corporation go on the economic sanctions list?
What is the role of the DOJ?
Who at Treasury leads the effort?
What is the process for enforcement?
Why does Treasury have such an ongoing educational effort around sanctions?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/17/2020 • 30 minutes, 4 seconds
Mikhail Reider-Gordon on AML and Wirecard, Part 1
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we continue our multipart series on the Wirecard accounting fraud. Today, we begin a two-part exploration of the role of money-laundering in the Wirecard saga.
Some of the highlights include:
· How money laundering works?
· What is threat finance?
· Other examples of German corporate fraud?
· Why 2006 was such an important year in anti-money laundering?
· How Wirecard made money through money laundering.
· The risk related business model used by Wirecard.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2020 • 1 hour, 26 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for March 2020
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for March 2020.
Some of the highlights include:
Portugal Freezes Assets of Africa’s Richest Woman-could this be even bigger than 1 MDB?
Thoughts on Teva FCPA enforcement action in the context of it completing its DPA.
What is the DOJ saying around FCPA enforcement in the Covid-19 era? (IE., any change in enforcement cadence)
What significance, if any, do you see in Mexico request to extradite former Pemex official?
OECD Expresses Concern over Costa Rica’s Foreign Bribery Enforcement Record. What does this mean?
Resources
To a copy of the Top 10 International Anti-Corruption Developments for March 2020 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/10/2020 • 25 minutes, 25 seconds
WireCard and Germany Inc.
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we continue our multipart series on the Wirecard accounting fraud. Today, we consider the role of Germany Inc. in the Wirecard saga.
Some of the highlights include:
· Wrap up of the most current event in the Wirecard saga.
· Where does Germany fit in the global economy?
· Other examples of German corporate fraud?
· Where is all this corporate malfeasance coming from?
· What is the co-determination management structure and how does it play into all this?
· Political fallout?
· EU response?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/5/2020 • 47 minutes, 48 seconds
Mike DeBernardis on 2020 Update to the Evaluation of Corporate Compliance Programs and FCPA Resource Guide, 2nd edition
In the Episode, I am joined by Mike DeBernardis, Counsel at Hughes Hubbard, in the firm’s Washington office and a member of the firm’s Anti-Corruption and Internal Investigations and White Collar & Regulatory Defense practice groups. He represents corporate and individual clients in criminal, civil and administrative enforcement matters, including matters involving the Foreign Corrupt Practices Act and securities and accounting fraud. In this episode we take a deep dive into the DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs and DOJ and SEC FCPA Resource Guide, 2nd edition.
Some of the highlights include:
What were the top changes DeBernardis observed in 2020 Update to Evaluation of Corporate Compliance Programs?
What were the top changes for you in FCPA Resource Guide, 2nd edition?
How should one read the Resource Guide, 2nd with the 2020 Update? In conjunction, separately or in some other way?
Is there any significance to the two documents being released so close together in time?
Should you advise clients to do anything different because of these documents?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/3/2020 • 32 minutes, 15 seconds
Wirecard and Short Sellers
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we continue our multipart series on the Wirecard accounting fraud. Today, we consider the roll of short sellers in the Wirecard saga.
Some of the highlights include:
Wrap up of the most current event in the Wirecard saga.
What is a short seller?
Is it wrong or prohibited?
Are short sellers activists?
History of short sellers and Wirecard.
What happened after so many short sellers warned of fraud by Wirecard.
Was that the end of it?
When were their suspicions vindicated?
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/30/2020 • 48 minutes, 23 seconds
Gordon Platt-from Investigative Journalism to White Collar Defense
In the Episode, I am joined by Gordon Platt. Platt is an attorney, award-winning investigative journalist and filmmaker, and long-time entrepreneur and strategic consultant. His legal practice focuses on representing companies and individuals facing significant challenges in rapidly evolving sectors of the world economy. Areas of focus include: dispute resolution, fraud and internal investigations, and asset tracing and recovery. He is a member of the bar and licensed to practice in New York and Massachusetts. In this episode, we discuss Platt’s return to the full-time practice of law and how the skills he used as investigative journalist enhance his work as a white collar practitioner.
Some of the highlights include:
What has it been like to return to the practice of law fulltime during Covid-19?
Platt’s work as an investigative journalist.
How did that work inform his approach to the practice of law?
Why Platt has always found that people who attempted to dissuade him from covering something because it was of no interest always led him to become interested?
Where and how does Platt see anti-corruption due diligence headed?
How Platt’s practice is informed by an extensive network of relationships formed over two decades of organizing professional events and programs for investors and entrepreneurs?
For more information on Platt or his law practice, check out his firm’s website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/27/2020 • 23 minutes, 56 seconds
Wirecard-a podcast series on the scandal, with Mikhail Reider-Gordon, Part 1-Introduction
In the Episode, I am joined by Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors. Mikhail’s areas of expertise include technology, privacy, cybersecurity, IP and accountability in artificial intelligence; the global anti-corruption and anti-money laundering regimes; media & entertainment; biotech and the life sciences; the public sector and international law. She is accustomed to working on extremely sensitive and high-profile matters, both nationally and internationally. In this episode, we begin a multipart series on the Wirecard accounting fraud.
Some of the highlights include:
How long was Wirecard been under scrutiny?
What was the role of BaFin in this disaster?
What does this mean for Germany Inc?
Why didn’t the regulators step in?
What about EY?
Where are we headed in the Wirecard Fraud?
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/20/2020 • 29 minutes, 26 seconds
Eric Young on the Plumbing and Wiring of Compliance
In the Episode, I am joined by Eric Young. Eric has been in the compliance field longer than anyone I know and long before it was called Compliance. Eric graduated from Columbia University at the age of 20, with a degree in Economics and has securities licenses with FINRA and is ACAMS-certified. He started with the Fed in 1980 and has 40 years’ regulatory and Chief Compliance Officer experience with the Fed, JP Morgan Chase, General Electric, S&P Global Ratings, and four foreign banks including UBS and most recently, as CCO of BNP Paribas.
Some of the highlights include:
Young has been in compliance longer than anyone I know. He gives us a rundown of his professional career starting with the Fed.
Penn Square. At the time it was the largest bank failure since the Great Depression. What was the significance of Penn Square for the US banking industry and the regulators?
What are the three things Young is most proud of accomplishing in his career?
What are 3 pieces of advice Young would give a new CCO today?
Young tells us about the book he is writing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/13/2020 • 22 minutes, 34 seconds
Compliance Line 2020 Hotline Benchmark Report
In the Episode, I am joined Compliance Line co-CEOs Nick and Gio Gallo to discuss the firm’s 2020 Ethics and Compliance Hotline Benchmark Report. We consider various issues related to the Report including what was the genesis of the Compliance Line 2020 Benchmark Report; from what sources and how did Compliance Line draw data to create the Report. We review the Executive Summary of the Report. We consider both the highlights of the Report from the Gallos perspective as well as some of the findings which surprised them. Finally we review the actionable steps Compliance Line suggests your company can take based upon the findings in the Report.
Resources
For more information on Compliance Line, check out their website here.
To obtain a copy of the Report, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/6/2020 • 30 minutes, 22 seconds
Louis Perold on the State of Compliance In South Africa
In the Episode, I am joined by Louis Perold, founder of Citadel Compliance. Perold has with more than 20 years’ experience in legal and compliance across various industries including financial, oil and gas, mining, retail and manufacturing. He has successfully transformed and operationalized global ethics and compliance risk management programs from concepts to real-world practices and infrastructures that work. He is a strategic business partner and team-focused leader experienced in delivering proactive solutions that help protect organizations from compliance failures, liabilities, and reputational damage. He is also a well-respected global educator, advocate, and influencer on ethics and compliance risk management effectiveness and best practices.
We visit about his founding of Citadel Compliance, the current state of ABC compliance in South Africa and how Covid-19 has impacted business in South Africa. Some of the highlights include:
What does Perold hope to bring to the market through your own compliance consulting firm, Citadel Compliance?
How does Perold assess the current state of anti-corruption compliance in South Africa?
Have internationally focused South African companies come to embrace ABC compliance as a way of doing business?
For companies who want to do business in South Africa, what are some of the key issues from the compliance perspective?
What are some of the ways coronavirus has impacted compliance in South Africa?
Resources
For more information on Perold, check out the Citadel Consulting website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/29/2020 • 23 minutes, 31 seconds
Stanley Foodman on the Travel Act and FCPA
In the Episode, I am joined by Stanley Foodman, President and CEO of Foodman CPAs & Advisors. He is a bilingual professional that specializes in Forensic Accounting, Complex Tax and Financial Institution Compliance. Foodman is a recognized forensic accountant and litigation support practitioner who specializes in complex tax matters, commercial and civil litigation, financial crimes investigation and defense as well Corporate Governance and financial institution compliance matters. Foodman has served as expert witness and forensic accountant for some of the nation’s most challenging and high-profile economic crimes. Foodman is a JD Supra Readers’ Choice author. His articles have appeared in international and domestic banking journals, newspapers, magazines and on-line publications.
We visit about the intersection of the FCPA and Travel At. Some of the highlights include:
What led to Foodman’s interest in the Travel Act?
What led Foodman to write “Connecting The FCPA With The “Travel Act” In 2020”.
How do you connect the Travel Act with the FCPA?
The Travel Act originally intended by Robert Kennedy to help in his fight against organized crime. How does its current use build on that original premise?
Why are there only a very few FCPA cases where the DOJ used the Travel Act?
If a company is primarily liable under the FCPA is there any need for a Travel Act component?
Resources
See Stanley Foodman article “Connecting the FCPA with the “Travel Act” in 2020”
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/22/2020 • 19 minutes, 5 seconds
Ian McDougall on the Rule of Law
In this episode, I am joined by Ian McDougall, the General Counsel for LexisNexis. He is also the President of the LexisNexis Rule of Law Foundation. McDougall is also the Chair of the Global Marketing Committee, where responsible for Professional Association relationships and responsible for Global Rule of Law development. McDougall has a uniquely wide ranging and high-level experience in the delivery of legal advice to substantial corporations at board level (both as a board member and as adviser to the board). Finally, he has presented to and made speeches at the highest international levels; including the International Bar Association, the General Assembly of the United Nations Comprehensive Test Ban Treaty Organisation, and ministers from various governments internationally. In this podcast, you will learn how and why McDougall is so passionate about the Rule of Law.
Some of the highlights include:
Why McDougall is so passionate about the Rule of Law.
What are McDougall’s 4 principles for defining the Rule of Law?
What is the difference of the Rule by Law and the Rule of Law?
What are three reasons why McDougall believes the Rule of Law is even more crucial at this point in time?
How does the Rule of Law lead the discussion around the areas of the profession of Law, Corporate Social Responsibility and Social Entrepreneurship?
Resources
Text of Ian McDougall speech on The Rule of Law to IBA Annual Conference Rule of Law Symposium – Rome 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/15/2020 • 23 minutes, 16 seconds
Loren Steffy with Reflections on the 25th Anniversary of Oklahoma City Bombing
In the Episode, I am joined by Loren Steffy. I met Loren when he was the business columnist for the Houston Chronicle. Steffy now has his own consulting practice. He has been a long-time business journalist, author and commentator on business issues, generally focusing on energy issues. On the morning of April 19, 1995, he was working for Bloomberg in Dallas Texas and was called by a colleague who suggested he hop in his car and drive to Oklahoma City in the wake of the bombing at the Alfred P. Murrah Federal Building. He talks about reporting live from Oklahoma City for the next five days, his reflection on that time 25 years later and how the actions of Timothy McVeigh presaged the issues of domestic terrorism from Oklahoma City to 9/11 to Charlottesville and Charleston. We conclude our podcast with a short discussion on Steffy’s latest book, co-written with Chrysta Castañeda, The Last Trial of Boone Pickens.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/8/2020 • 23 minutes, 16 seconds
Kevin Abikoff and Aline Osorio on Distribution of Proceeds from ABC Enforcement Actions
In the Episode, I am joined by Kevin Abikoff, partner at Hughes Hubbard and Aline Osorio, International Specialist at the firm. The co-authored a very interesting article entitled “Corruption Settlements, Coronavirus And The Road Paved With Good Intentions”. The paper considered where should the proceeds of government enforcement activity be placed and who should get to decide. It was a fascinating topic that I have long considered and wanted to podcast on.
Some of the highlights include:
What was the genesis of the paper “Corruption Settlements, Coronavirus And The Road Paved With Good Intentions”?
Where do funds collected in FCPA cases go in US?
Where do funds collected in anti-corruption actions in Brazil go?
What was the driving force behind Brazil dedicating monies from the Petrobras settlement to benefit education and the environment in Brazil?
What has the current government requested be changed?
Who should decide where fines and penalties go? Prosecutors? Executive Branch? Other elected officials? Non-elected officials?
You can download a copy of their white paper Corruption Settlements, Coronavirus And The Road Paved With Good Intentions by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/1/2020 • 20 minutes, 7 seconds
John Warren on 2020 ACFE Report to the Nations
In the Episode, I am joined by John Warren Vice President and General Counsel at the Association of Certified Fraud Examiners (ACFE). We discuss the 2020 ACFE Report to the Nations, which is the most comprehensive report on the global scourge of fraud. The year’s Report is particularly important with the government bailouts from the fallout of Covid-19. It is a fascinating look of how fraud occurs, where is occurs and the steps you can take to prevent it.
Some of the highlights include:
What is the ACFE Report to the Nations? How often is it released? What are you trying to capture?
What are some of the big picture findings of the Report?
What is the annual cost of global fraud?
Why are hotlines so critical to fraud detection?
What is the fraud tree?
What are the 5 critical areas of occupational fraud reviewed?
What does the Report to the Nations tell us about corruption?
What detection/prevention areas are the most effective for corruption?
With COVID-19 and the federal government bailout, why is fraud prevention and detection so much more critical now?
You can download a copy of the ACFE 2020 Report to the Nations by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/18/2020 • 27 minutes, 23 seconds
Joel Androphy on the Role of the FCA in Fighting Government Procurement Fraud
In the Episode, I am joined by Joel Androphy, co-founder at Berg & Androphy. Joel is well-known literally across the country as a white-collar defense lawyer and plaintiff’s counsel in high-profile False Claims Act litigation. With the ongoing Trump Administration’s bailouts and stimulus packages, there will be great temptations for fraud. There have already been several high-profile cases of companies returning bailout monies to which they were not entitled. In this podcast we consider the role of the FCA in helping the US government fight fraud, waste and abuse.
Some of the highlights include:
Androphy believes the coronavirus bailout will cause great amount of fraud.
What is the role of the FCA in fighting government fraud, waste and abuse?
Why does Androphy believe that citizens who bring FCA cases are doing civic duty?
What are the different types of fraud perpetrated in government contracting?
Why is Androphy on a mission to have the federal bailout dollars benefit the American worker and not the American fraudster.
For more information on Joel Androphy, check out the firm website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/10/2020 • 26 minutes, 22 seconds
Mike DeBernardis on Q1 FCPA Enforcement Highlights
In the Episode, I am joined by Mike DeBernardis, Counsel and Hughes Hubbard. We review the Foreign Corrupt Practices Act enforcement from Q1 and take a look into that veiled land of the future.
Some of the highlights include:
Key highlights from the Cardinal Health SEC enforcement action.
The Airbus international anti-corruption enforcement action is the largest ever. How can a CCO begin to get their arms around it or discern what it might mean for their company?
What are Mike’s 3 key takeaways from Airbus?
What is the significance of the individual prosecutions in Q1?
What are the top questions Mike and the Hughes Hubbard team is receiving from its clients now?
While investigations may slow down in Q2, Mike expects an uptick in Q3 & Q4.
There will not be any Free FCPA Pass from the DOJ going forward on enforcement.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2020 • 31 minutes, 48 seconds
From the Unthinkable to a Culture of Compliance-Lucas Bianchini on Environmental Compliance in Brazil
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchini on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos on the hottest topic in Brazil: Me Too and sexual/moral harassment. In this fifth and final episode, I visit with Lucas Bianchinni about the current state of environmental regulation, enforcement and compliance in Brazil.
With the country’s size and scope in mind, what is the framework for environmental regulation in Brazil, in both criminal and civil?
What are best practices in complying with Brazilian environmental regulations?
Why everything starts with a risk assessment?
What is the risk management process for environmental compliance?
What should US or other non-Brazilian companies expect in the environmental regulatory process?
Many of our listeners are aware of several very high-profile environmental disasters in Brazil. What are some of the lessons from these recent Brazilian cases?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2020 • 16 minutes, 26 seconds
From the Unthinkable to a Culture of Compliance- Ingrid Santos and Guiliana Boniha on #MeToo and Sexual/Moral Harassment
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos on the hottest topic in Brazil: Me Too and sexual/moral harassment. In today’s episode, I visit with Ingrid Santos and Giuliana Boniha on #MeToo and Sexual/Moral harassment in Brazil today.
How does the #MeToo movement in Brazil differ from the US?
What are some of the key Brazilian laws in this area?
What practical approaches do you suggest companies take?
Given the cultural differences in the US and Brazil, what advice do you give foreign companies new to Brazil on sexual and moral harassment?
Where can listeners go for more information?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support. For general and easy-access information on harassment in Portuguese, we recommend reading the manual created by the Brazilian Labor Court of Appeals’ available on their website. Other than that, we can be reached through the firm’s website at www.azevedosette.com.br, which is also available in an English version.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2020 • 12 minutes, 4 seconds
From the Unthinkable to a Culture of Compliance- Glaucia Ferreira on Background Investigations
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos on the hottest topic in Brazil: Me Too and sexual/moral harassment. In today’s episode, I visit with Glaucia Ferreira on background investigations in Brazil.
What are some of the challenges in performing background investigations in Brazil under the Clean Companies Act?
Why are financial check and security investigation so critical in Brazil?
What some of the challenges unique to performing background investigations in Brazil?
Why is the human element so important in background investigations?
Where can listeners go for more information?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2020 • 13 minutes, 20 seconds
From the Unthinkable to a Culture of Compliance-Luiz Salles on Investigations and Anti-Trust Compliance
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos on the hottest topic in Brazil: Me Too and sexual/moral harassment. In today’s episode, I visit with Luiz Salles and we discuss two key factors in compliance investigations in Brazil and the impacts of these factors on antitrust compliance.
Why must a company take “Brazilian Factors” into account for an investigation?
Why is an interdisciplinary approach needed for investigations in Brazil?
As the world’s 5th largest country does an internal investigation need to take local culture into account? Why?
What is the nexus between anti-corruption investigations and anti-trust violations in Brazil?
Where can listeners go for more information?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2020 • 16 minutes, 8 seconds
From the Unthinkable to a Culture of Compliance-How a Car Wash Changed a Culture, Isabel Franco
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos on the hottest topic in Brazil: Me Too and sexual/moral harassment. In this first episode, I chat with Isabel Franco about how CarWash changed the entire perception and culture of compliance in Brazil.
What was CarWash and how did it change perceptions about compliance in Brazil?
Why was an investigation of corruption of Petrobras so critical to Brazil?
Who were some of the key political figures brought down by Lava Jato?
Why was this change so critical to the compliance profession in Brazil?
What other corruption investigations did CarWash lead to?
How did Lava Jato expand out to the entire continent?
Having practiced in both the US and Brazil, how would you assess the current state of the compliance profession in Brazil?
What is the legacy of Lava Jato?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2020 • 16 minutes, 54 seconds
Susan Divers on LRN’s 2020 Compliance Program Effectiveness Report
In the Episode, I visit with Susan Divers, Senior Executive at LRN. Susan is one of the leaders of the LNR team which annually produces the Program Effectiveness Report. The 2020 version has been released. We review its key findings and insights as well as the LRN Program Effectiveness Index. Finally, we conclude with a key theme of the Report and discuss why it is such an insight for the compliance professional.
Some of the highlights include:
What is the 2020 Program Effectiveness Report?
Why does LRN release this report annually?
This year’s report has even more importance and urgency but we had ethical failures which caused loss of life over the past year as well.
What were the overview of key insights?
What are some of the key reasons ethical scandals occur?
What is the Program Effectiveness Index (PEI) and what does it tell us this year?
What are the 5 elements of an ethical culture?
One of the key themes I took away from this year’s Report is the interconnectedness of compliance program elements.
Download and read the 2020 Program Effectiveness Report here. For more information on LRN, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2020 • 38 minutes, 53 seconds
Pat Harned on ECI’s IMPACT 2020
In the Episode, I visit with Pat Harned, President of the Ethics & Compliance Initiative (ECI). We discuss ECI’s upcoming virtual conference IMPACT 2020. As the first major compliance annual conference to go virtual, ECI faced unique challenges to bring the top speakers and thought leaders to this event. Find out how they did so as Harned and Tom Fox discuss some of the highlights of this most unique event.
Some of the highlights include:
Keynotes speeches include Sally Yates, Anita Hill, David Rock and Jan Schwartz.
Earn up to 15 CEUs - Participate in, view and earn CEUs for every session, even those happening concurrently!
On-Demand Access - Watch and participate in exceptional keynotes and benchmarking sessions live as well as on-demand through the event library for up to one year.
Assess Your Program - Register for the event and you will be provided access to ECI's High-Quality Program (HQP) Assessment. Take the survey and gauge the maturity of your E&C program prior to the event. This assessment is valued at $500 for individual users but is included in IMPACT registration!
Get Valuable Benchmarks - Throughout the conference we will be sharing metrics from the HQP and compare your results with your peers.
Resources
It’s not too late to register for IMPACT 2020. Conference information and registration available here. For more information on ECI, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/20/2020 • 21 minutes, 14 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for February 2020
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for February 2020.
Some of the highlights include:
Lambert Motion for Acquittal Denied. We take a deep dive into the motion and the court’s ruling.
Pemex Investigation Expands. What does it mean for US companies?
Is each email a separate FCPA violation? What does this mean for the DOJ going forward?
Cardinal Health FCPA resolution. Key takeaways for the compliance professional.
Resources
To a copy of the Top 10 International Anti-Corruption Developments for February 2020 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/13/2020 • 20 minutes, 56 seconds
Karen Woody on Profit Disgorgement at the Supreme Court
In the Episode, I visit with Karen Woody, Assistant Professor of Law. Her areas of expertise include, Securities Law, Financial Regulation and White-Collar Crime. We visit about the recent Supreme Court argument in the Lui case and how it might (or might not) impact the SEC’s ability to seek profit disgorgement for fraudsters.
Some of the highlights include:
What is profit disgorgement? Is it different from restitution?
How has the SEC used this doctrine in the past?
How did the Kokesh decision open the way for the Lui appeal?
How does the Lui case attack this doctrine?
What question was before the Supreme Court?
What were the parties arguments?
From the Court’s questioning, what can be gleaned?
Will the Court really allow convicted fraudsters to keep their ill-gotten gains by doing away with profit disgorgement?
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/6/2020 • 23 minutes, 35 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for January 2020
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for January 2020.
Some of the highlights include:
Airbus-in this massive and sprawling case, Koukios details what are the 3 key takeaways you would advise a company on from the matter.
The French PNF involvement and what it might mean from French anti-corruption enforcement going forward.
SFO Wins First Conviction for Withholding Documents Requested in Bribery Investigation.
Isabel dos Santos, Sonangol and Angola-what does it mean and what should companies do now?
Resources
To a copy of the Top 10 International Anti-Corruption Developments for January 2020 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/30/2020 • 25 minutes, 46 seconds
Quyen Truong on California’s Proposed Mini-CFPB: National Impact and Enforcement Threat
In this Episode, I visit with Quyen Truong, a partner at Stroock & Stroock & Lavan in Washington DC. In this podcast we discuss the firm’s recent article on the national impact of this proposed mini-CFPB, part of a major California’s major push to dominate the consumer protection landscape; and the key aspects of the proposed agency expansion, particularly the top enforcement threats facing the industry. Some of the highlights include:
Some of the highlights include:
An overview of the California proposal to create a mini-Consumer Financial Protection Bureau in California.
What types of businesses does the proposal cover?
What will be the role of the California Dept. of Business Oversight?
What are the similarities with the federal law and CFPB?
Could this law be expanded to B2B companies?
Could this law serve as a model for other states?
With the Trump Administration’s recent rollback on CFPB enforcement, will states likely take up the slack?
For a copy of the article California’s Mini-CFPB: National Impact and Enforcement Threat, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/23/2020 • 29 minutes, 24 seconds
Bryan Sillaman on the French Airbus Enforcement Action
In the Episode, I visit with Bryan Sillaman, Managing Partner of the Paris office of Hughes Hubbard & Reed. In this podcast we discuss the French portion of the Airbus anti-corruption enforcement action.
Some of the highlights include:
Describe the French enforcement authorities and the law under which they investigated and then issued the Judicial Public Interest Agreement with Airbus?
What is the French Blocking Statute and what role did it play in the investigation?
Why is this enforcement action a milestone in French anti-corruption enforcement?
What was the final penalty assessed by the French Court?
How will the monitorship over Airbus work in practice?
What does the French Judgment say about or do for the PNF?
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/16/2020 • 21 minutes, 39 seconds
Tony Charles on Managing a 3rd Party Process
In this Episode, I visit with Tony Charles, Chief Client Officer at Steele Compliance Solutions, Inc. In this podcast we discuss the firm’s recent article 3rd Party Due Diligence: Creating a Credible and Defensible Program. We use it as an entrée into the topic of 3rd party due diligence.
Some of the highlights include:
· What was the genesis behind the article 3rd Party Due Diligence: Creating a Credible and Defensible Program?
· Where should a company begin due diligence?
· What are the levels of due diligence?
· What is investigative tiering?
· What is an investigative framework?
· What are the critical components of automated due diligence program?
For a copy of the article 3rd Party Due Diligence: Creating a Credible and Defensible Program, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/9/2020 • 28 minutes, 20 seconds
Erica Salmon Byrne on Ethisphere’s 2020 WME Honorees
In the Episode, I visit with Erica Salmon Byrne, EVP at Ethisphere, Governance and Compliance and Chair of the Business Ethics Leadership Alliance. In this podcast we discuss Ethisphere’s 2020 World’s Most Ethical company honorees.
Some of the highlights include:
What was the Ethical Premium for 2020 honorees?
The number of companies and the number of countries represented on this year’s list of honorees.
What is the Ethisphere’s Ethics Quotient and how does it help assess companies?
Why is the application process so rigorous?
Join Ethisphere to celebrate the 2020 WME companies at the Gala Dinner on March 31.
Resources
2020 World’s Most Ethical Companies® Honoree List
Ethisphere Press Release on 2020 WME awards
Letter from Ethisphere President Tim Erblich on 2020 WME awards
The Ethics Premium for 2020
Information on Ethisphere’s Gala Dinner celebrating 2020 WME honorees
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/2/2020 • 20 minutes, 4 seconds
Airbus-Part 5, Tom Fox with some final thoughts on Airbus
In this special 5-part podcast series on the FCPA Compliance Report, I am considering the Airbus international anti-corruption enforcement action from a variety of perspectives from some of the top world’s top compliance practitioners and commentators on compliance. They include, Jay Rosen-Mr. Monitor; Mike Volkov-Editor of Corruption Crime and Compliance; Jonathan Armstrong-partner at Cordery Compliance in London; Cecilia Fellouse-Guenkel-Secretary General, The Circle of Compliance and Tom Fox-the Compliance Evangelist. In today’s concluding Episode 5, Tom Fox provides his perspective with some final thoughts about what it all means.
Highlights include:
The significance of the largest international anti-corruption enforcement action of all time.
Why a complete sweep of Airbus was required and did it achieve one?
What are the three key takeaways for the compliance professional?
How this enforcement action will be the model for international cooperation in investigations and enforcement going forward.
At the end of the day, what does it all mean?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/28/2020 • 13 minutes, 12 seconds
Airbus-Part 4, Cecilia Fellouse-Guenkel on the French Perspective
In this special 5-part podcast series on the FCPA Compliance Report, I am considering the Airbus international anti-corruption enforcement action from a variety of perspectives from some of the top world’s top compliance practitioners and commentators on compliance. They include, Jay Rosen-Mr. Monitor; Mike Volkov-Editor of Corruption Crime and Compliance; Jonathan Armstrong-partner at Cordery Compliance in London; Cecilia Fellouse-Guenkel-Secretary General, The Circle of Compliance and Tom Fox-the Compliance Evangelist. In today’s Episode 4, Cecilia Fellouse-Guenkel discusses what the Airbus enforcement means for compliance in France, French companies and French compliance practitioners.
Highlights include:
What was the role of French prosecutors in the Airbus anti-corruption enforcement action?
Why is the Airbus enforcement action so critical to the success of Sapin II?
What are the three key takeaways for the compliance professional?
How should the Board of Directors of a French company respond?
Why is culture the critical question?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/27/2020 • 14 minutes, 28 seconds
Airbus-Part 3, Jonathan Armstrong on the UK-SFO Enforcement
In this special 5-part podcast series on the FCPA Compliance Report, I am considering the Airbus international anti-corruption enforcement action from a variety of perspectives from some of the top world’s top compliance practitioners and commentators on compliance. They include, Jay Rosen-Mr. Monitor; Mike Volkov-Editor of Corruption Crime and Compliance; Jonathan Armstrong-partner at Cordery Compliance in London; Cecilia Fellouse-Guenkel-Secretary General, The Circle of Compliance and Tom Fox-the Compliance Evangelist. In today’s Episode 3, Jonathan Armstrong considers the UK’s Serious Fraud Office role in the enforcement involving Airbus.
Highlights include:
The transparency in the UK-Deferred Prosecution Agreement process allows greater information to for the compliance professional.
What are the key differences in the UK and US DPA process?
The breadth and scope of the UK investigation.
The UK-DPA is not the end of the story as there may well be significant individual enforcement actions going forward.
What does Airbus mean for the new SFO style of anti-bribery enforcement action?
Resources
Cordery Compliance Client Alert on the Airbus enforcement action here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/26/2020 • 16 minutes, 31 seconds
Airbus-Part 2 Mike Volkov on ITAR and Trade Sanction Enforcement
In this special 5-part podcast series on the FCPA Compliance Report, I am considering the Airbus international anti-corruption enforcement action from a variety of perspectives from some of the top world’s top compliance practitioners and commentators on compliance. They include, Jay Rosen-Mr. Monitor; Mike Volkov-Editor of Corruption Crime and Compliance; Jonathan Armstrong-partner at Cordery Compliance in London; Cecilia Fellouse-Guenkel-Secretary General, The Circle of Compliance and Tom Fox-the Compliance Evangelist. In today’s Episode 2, Mike Volkov considers that US trade sanction enforcement involving Airbus.
Highlights include:
How was Airbus subject to US trade sanction jurisdiction?
This is one of the few cases where the DOJ focused on anti-corruption and trade sanctions.
Airbus had complete absence of commitment to compliance.
Airbus had a completely broken culture.
What were the three categories of ITAR violation identified by the DOJ?
Resources
Mike Volkov’s review of the ITAR portion of the US enforcement action here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2020 • 16 minutes, 42 seconds
Airbus, Part 1-Jay Rosen on the FCPA Enforcement
In this special 5-part podcast series on the FCPA Compliance Report, I am considering the Airbus international anti-corruption enforcement action from a variety of perspectives from some of the top world’s top compliance practitioners and commentators on compliance. They include, Jay Rosen-Mr. Monitor; Mike Volkov-Editor of Corruption Crime and Compliance; Jonathan Armstrong-partner at Cordery Compliance in London; Cecilia Fellouse-Guenkel-Secretary General, The Circle of Compliance and Tom Fox-the Compliance Evangelist. In today’s Episode 1, Jay Rosen considers the FCPA enforcement involving Airbus.
Highlights include:
What was the procedural history of the enforcement action?
Why companies who do business with the government need robust compliance.
Airbus was clearly incentivized to cooperate with the DOJ.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/24/2020 • 14 minutes, 7 seconds
Joanne Taylor on the UK Airbus Enforcement Action
In the Episode, I visit with Joanne Taylor, Managing Director at K2, an industry leading investigative, compliance and cyber defense services firm. Joanne joined K2 Intelligence with 20 years of experience in legal, investigations, and financial crime compliance. This includes fraud risk management, anti-bribery and corruption, regulatory enforcement, and fraud investigations within leading international financial and legal services industries. Prior to joining K2 Intelligence, Joanne led global anti-fraud, bribery and corruption strategy and was previously responsible for the global whistleblowing program and cross-border investigations related to fraud, bribery and corruption for a European bank. In this podcast we discuss the UK portion of the Airbus anti-corruption enforcement action.
Some of the highlights include:
The Airbus international corruption settlement is so massive that many compliance professionals might have trouble getting their arms around it. What are there some key takeaways you see from your perspective?
Can you describe the extensive cooperation noted by the UK Court by Airbus after the investigation began in earnest?
What is the significance of the French/UK/US taking the lead in different aspects of the investigation?
The UK Court provided a detailed look at the economic consequences of a trial and guilty verdict. Why was this analysis so critical to the Court?
What do you see as the significance of the international cooperation by investigating agencies and enforcement agencies?
What does the UK Judgment say about or do for the SFO?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/17/2020 • 22 minutes, 15 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for December 2019
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for December 2019.
Some of the highlights include:
South Korea Passes Bill to Establish New Anti-Corruption Agency.
Four of the top 6 FCPA enforcement actions of all-time are telecom companies? Why is telecom so susceptible to corruption?
You were involved in one of the earliest telecom trials. Do you see much difference in the corruption from the Haitian Teleco cases and the much larger ones like Ericsson?
What lessons do you seen in this enforcement action for the compliance professional?
Will we see more teleco FCPA enforcement actions in 2020 or 2021?
SNC-Lavalin resolves corruption charges in Canada.
Resources
To a copy of the Top 10 International Anti-Corruption Developments for December 2019 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/10/2020 • 23 minutes, 4 seconds
James Koukios on the MoFo Top 10 International Anti-Corruption Developments for November 2019
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for November 2019.
Some of the highlights include:
The Lambert guilty verdict. Can you have a guilty verdict for conspiracy without a conviction of the underlying offense?
Revision to FCPA Corporate Enforcement Policy. What changed?
Former CEO of Brazilian Chemical Company Indicted for FCPA and Money Laundering Offenses. Is this an outlier or will it become more prevalent?
SEC Whistleblower numbers. What if anything do these numbers mean for Chairman Clayton’s attempts to cut back on the size of whistleblower awards?
Miami Investment Firm Executive Pleads Guilty in $1.2 Billion Venezuelan Money Laundering Scheme.
Resources
To a copy of the Top 10 International Anti-Corruption Developments for November 2019 Newsletter click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/3/2020 • 23 minutes, 57 seconds
Day 31 | Levels of due diligence
Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward. The question becomes how you use the information you obtained in the business justification and the questionnaire to determine an appropriate level of due diligence for the next step in the five-step process of third-party management. A three-step approach of varying levels of due diligence is the appropriate analysis to take going forward.
A three-step approach was discussed in Opinion Release 10-02, in which the DOJ discussed the due diligence that the requesting entity performed. This Opinion Release sets out a clear break which every compliance practitioner should use in considering an appropriate level of due diligence to engage with your third-party risk management process or when considering the level of due diligence required on a potential business venture partner. A very good description of the three levels of due diligence was presented by Candice Tal, Founder and CEO of Infortal Worldwide, in an article entitled “Deep Level Due Diligence: What You Need to Know”.
Three key takeaways:
A Level I due diligence should only be used where there is a low risk of corruption.
A Level II due diligence is sufficient in a high-risk jurisdiction if there are no red flags to be cleared.
Level III due diligence is deep dive, boots on the ground investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/31/2020 • 10 minutes, 56 seconds
Day 30 | Using a root cause analysis for remediation
We previously considered the Prong in the Evaluation that was not present in the Ten Hallmarks of an Effective Compliance Program; that being root cause analysis. The requirement was first raised in the 2017 Evaluation. It was then carried forward as a requirement in the FCPA Corporate Enforcement Policy, later in 2017. It was discussed again in the 2019 Guidance.
You should begin with the question of who should perform the remediation; should it be an investigator or an investigative team which were a part of the root cause analysis? Jonathan Marks, believes the key is both “independence and objectivity.” It may be that an investigator or investigative team is a subject matter expert and “therefore more qualified to get that particular recourse”. Yet to perform the remediation, the key is to integrate the information developed from the root cause analysis into the solution.
Marks further noted that the company may also have deficiencies in internal controls. More importantly, the failure to remediate gaps in internal controls “provides the opportunity for additional errors or misconduct to occur, and thus could damage the company’s credibility with regulators” by allowing the same or similar conduct to reoccur. Finally, with both the 2019 Guidance and FCPA Corporate Enforcement Policy, the DOJ has added its voice to prior SEC statements that regulators “will focus on what steps the company took upon learning of the misconduct, whether the company immediately stopped the misconduct, and what new and more effective internal controls or procedures the company has adopted or plans to adopt to prevent a recurrence.”
Three key takeaways:
The key is objectivity and independence.
The critical element is how did you use the information you developed in the root cause analysis?
The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach, using data that already exists in the organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/30/2020 • 9 minutes, 24 seconds
Day 29 | What is a root cause analysis?
Well known fraud investigator Jonathan Marks, defined a root cause analysis as “a research based approach to identifying the bottom line reason of a problem or an issue; with the root cause, not the proximate cause the root cause representing the source of the problem.” He contrasted this definition with that of a risk assessment which he said “is something performed on a proactive basis based on various facts. A root cause analysis analyzes a problem that (hopefully) was previously identified through a risk assessment.” He went on to note a, “Root cause analysis is a tool to help identify not only what and how an event occurred, but also why it happened. When we are able to determine why an event or failure occurred, we can then recommend workable corrective measures that deter future events of the type observed.”
Marks also contrasted a root cause analysis with an investigation. He noted, “in an investigation we are try to either prove or disprove an allegation.” This means that in a compliance investigation you may be trying to prove or disprove that certain transactions could form the basis of a corrupt payment or bribe by garnering evidence to either support or refute specific allegations. You do not assess blame and that is the point where a root cause should follow to determine how the compliance failure occurred or was allowed to occur.
Three key takeaways:
A root cause analysis is now required if you have a reportable compliance failure.
There is no one process for performing a root cause analysis. You should select the one which works for you and follow it.
To properly perform a root cause analysis, you need trained professionals who really understand what they’re doing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/29/2020 • 9 minutes, 24 seconds
Day 28 | Post-acquisition integration plan
Your company has just made its largest acquisition ever and your CEO says they want you to have a compliance post-acquisition integration plan on their desk in one week. Where do you begin? A good place to start would be the 2012 FCPA Guidance language: Pre-acquisition due diligence, however, is normally only a portion of the compliance process for mergers and acquisitions. DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program. Companies should consider training new employees, reevaluating third parties under company standards, and, where appropriate, conducting audits on new business units.
As reported by New and Trahanas, in a July 2018 speech, former Deputy Assistant Attorney General Matthew Miner emphasized that DOJ would apply the principles contained in the FCPA Corporate Enforcement Policy to successor companies that discover potential violations subsequent to an acquisition, as well as to acquirers who detect potential corrupt activities during the due diligence process. He also encouraged acquiring companies to seek guidance through the FCPA Opinion Procedures. Miner said the DOJ would apply the principles contained in the FCPA Corporate Enforcement Policy to acquiring companies that uncover potential FCPA violations in the mergers and acquisitions context. This means if you meet the four requirements under the FCPA Corporate Enforcement Policy, the default DOJ position would be a declination would be granted.
Three key takeaways:
Planning is critical in the post-acquisition phase.
Build upon what you learned in pre-acquisition due diligence.
You literally need to be ready to hit the ground running when a transaction closes.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2020 • 9 minutes, 24 seconds
Day 27 | Pre-acquisition due diligence in mergers and acquisitions
A company that does not perform adequate due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue - with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. While most compliance practitioners have been long aware of the requirement in the post-acquisition context, the 2012 FCPA Guidance focused many compliance practitioners of the need to engage in robust pre-acquisition due diligence.
This was expanded again in the 2017 Evaluation but the 2019 Guidance made even more clear the need for a robust compliance presence in the pre-acquisition phase. It stated, “A well-designed compliance program should include comprehensive due diligence of any acquisition targets. Pre-M&A due diligence enables the acquiring company to evaluate more accurately each target’s value and negotiate for the costs of any corruption or misconduct to be borne by the target. Flawed or incomplete due diligence can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.”
Three key takeaways:
The results of your pre-acquisition due diligence will inform your post-acquisition integration and remediation going forward.
Periodically review your M&A due diligence protocol.
If red flags appear in pre-acquisition due diligence, they should be cleared.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/27/2020 • 9 minutes, 24 seconds
Philip Urofsky on the Shearman & Sterling 2020 FCPA Digest
In the Episode, I visit with Philip Urofsky, partner at Shearman & Sterling, Editor-in-Chief of the firm’s most excellent FCPA Digest. We visit about the firm’s 2020 FCPA Digest, Recent Trends and Patterns in the Enforcement of the FCPA and consider some of the highlights from the report. We also take a deep dive into the issue of agency under the FCPA, which was a major legal issue in the Hoskins trial and an ongoing debate on the issue of parent-subsidiary liability under the FCPA. Some of the highlights include:
Enforcement actions and strategies seen in 2019. What did the numbers tell us?
What were some of the perennial statutory issues address and litigated in 2019? Did the DOJ adequately address the issue of parent-subsidiary liability? Do the Barclays and Deutsche Bank enforcement actions end the question of whether a job for a child or relative can be a ‘thing of value’ under the FCPA?
What is the significance you seen in the Criminal Division’s 2019 Guidance?
Is the ‘inability to pay’ a codification of existing DOJ practice or something new?
What is the significance of the Och-Ziff restitution case?
What were some of the key developments in the UK around Bribery Act prosecutions and enforcement actions?
Resources
To download a copy of the Shearman & Sterling 2020 FCPA Digest, Recent Trends and Patterns in the Enforcement of the FCPA click here.
To use the fully searchable Shearman & Sterling FCPA digest, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/27/2020 • 36 minutes, 47 seconds
Day 26 | Operationalizing compliance through payroll
One of the areas articulated in the 2019 Guidance was around payments and payroll. For the both the compliance professional and the corporate payroll function, there is a significant role to play in the operationalization of a corporate compliance program. The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) was replete with references to payment and its critical nature to any best practices compliance program. This includes references to payments to foreign officials, payments to third parties and hiding bribes in payments to distributors.
The 2019 Guidance begins with an admonition to stop wasting time on low hanging fruit when there are much higher risks in your business operations. It stated: Risk-Tailored Resource Allocation – Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas, such as questionable payments to third-party consultants, suspicious trading activity, or excessive discounts to resellers and distributors? Does the company give greater scrutiny, as warranted, to high-risk transactions (for instance, a large-dollar contract with a government agency in a high-risk country) than more modest and routine hospitality and entertainment? The 2019 Guidance then drills down into the payment and payroll system, stating: Appropriate Controls – How does the company ensure there is an appropriate business rationale for the use of third parties? If third parties were involved in the underlying misconduct, what was the business rationale for using those third parties? What mechanisms exist to ensure that the contract terms specifically describe the services to be performed, that the payment terms are appropriate, that the described contractual work is performed, and that compensation is commensurate with the services rendered?
Taken together, these questions may not seem particularly new, innovative, or even something different from what payroll currently does for an organization. However, the 2019 Guidance , clearly demonstrates the role of payroll in compliance. The 2019 Guidance requires that payroll not only form a part of any best practices compliance program, but when it comes to the specific subject matter expertise, payroll is on the front lines of any attempts to prevent, detect, and then remediate anti-corruption compliance violations.
Three key takeaways:
Payroll can be a key prevent and detect control.
The Evaluation specified the tying of the corporate compliance function to the corporate payroll function.
Offshore payments remain a key indicator for a red flag.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/26/2020 • 9 minutes, 24 seconds
Day 25 | Compliance function in an organization
The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, 2012 FCPA Guidance, under Hallmark Three of the Ten Hallmarks of an Effective Compliance Program, simply noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
This Hallmark was significantly expanded in both the 2019 Guidance and the FCPA Corporate Enforcement Policy. And in so doing, the DOJ has increased the prestige, authority and role of both the corporate compliance function. The 2019 Guidance has four general areas of inquiry around the corporate compliance function. (1) What is the seniority and stature of the compliance function within an organization? (2) What are the experience and stature of the compliance personnel with an organization? (3) What is the funding and resources made available to the compliance function? (4) How much autonomy does the compliance function have to report to the Board of Directors?
Three key takeaways:
How is compliance treated in the budget process?
Has your compliance function had any decisions over-ridden by senior management?
Beware outsourcing of compliance as any such contractor must have access to company documents and personnel.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2020 • 9 minutes, 24 seconds
Day 24 | CCO authority and independence
The role of the CCO has steadily grown in stature and prestige over the years. In the 2012 FCPA Guidance, under Hallmark Three of the Ten Hallmarks of an Effective Compliance Program, it focused on the whether the CCO held senior management status and had a direct reporting line to the Board; stating:
In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively. Adequate autonomy generally includes direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors.
This Hallmark was significantly expanded in both the 2019 Guidance and the FCPA Corporate Enforcement Policy. And in so doing, the DOJ has increased the prestige, authority and role of both the CCO and corporate compliance function. The 2019 Guidance has four general areas of inquiry around the CCO and corporate compliance function. (1) How does the CCO salary and stature within the organization compare to other senior executives within the company. (2) What are the experience and stature of the CCO with an organization? Does the CCO have appropriate training for the role? (3) How much autonomy does the CCO have to report to the Board of Directors? How often do the CCO meet with directors? Are members of the senior management present for these meetings with the Board of Directors or of the Audit Committee? (4) Is the compliance function run by a designated chief compliance officer, or another executive within the company, and does that person have other roles within the company?
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2020 • 9 minutes, 24 seconds
Day 23 | Updates and feedback
One of the critical elements found in the 2019 Guidance is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. It stated:
Evolving Updates – How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?
Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.
Three key takeaways:
Innovation can come through a new way to think about and use data going forward.
Have a plan in place to use the information garnered in your monitoring incorporated back into your compliance program.
Always remember that Document Document Document is critical if the regulators come knockin
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/23/2020 • 9 minutes, 24 seconds
Day 22 | Assessing compliance internal controls
Control Testing – Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third-parties does the company undertake? How are the results reported and action items tracked?
Fortunately, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 Internal Controls Framework considers assessing compliance internal controls. In “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls”, COSO laid out its views on assessing the effectiveness of internal controls. It noted that an effective system of internal controls provides “reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.” Moreover, there are two over-arching requirements that can only be met through such a structured protocol. First, each of the five components are present and functioning. Second, that the five components operate in an integrated fashion with each other. One of the most critical components of the COSO Framework is that it sets internal control standards against those which you can audit to assess the strength of your compliance internal controls.
Three key takeaways:
An effective system of internal controls provides reasonable assurance of achievement of the company’s objectives, relating to operations, reporting and compliance.
There are two over-arching requirements for effective internal controls. First, each of the five components are present and function. Second, are the five components operating together in an integrated approach.
For an anti-corruption compliance program, you can use the Ten Hallmarks of an Effective Compliance Program as your guide to test against.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/22/2020 • 9 minutes, 28 seconds
Day 21 | Continuous improvement in a compliance program
The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) was very clear about the need for continuous improvement in any compliance program. It stated quite succinctly, “One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the applicable industry standards. Accordingly, prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale.”
This was further specified in the DOJ’s 2019 Guidance which listed three types of continuous improvement, each further refined with multiple attendant questions. It also added a new area of inquiry that every compliance practitioner needs to incorporate into their assessment, improvement and management cycles; culture.
Three key takeaways:
Your compliance program should be continually evolving.
Monitoring and auditing are different, yet complimentary tools for continuous improvement.
Culture assessment and monitoring are also now required as well.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2020 • 9 minutes, 25 seconds
Day 20 | Responding to investigative findings
There is nothing like an internal whistleblower report about a compliance violation, the finding of such an issue, or (even worse) a subpoena from the DOJ or notice letter from the SEC to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However, it may well be the time for a very serious reality check.
Three key takeaways:
A serious FCPA allegation gets the attention of the Board and senior management. Use this time to move the compliance program forward.
Be aware of how your investigation can impact and even inform your remediation efforts.
Be prepared to deal with the dreaded “where else” question.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/20/2020 • 9 minutes, 38 seconds
Dave Lefort on 10 Stories CW Will Follow in 2020
In the Episode, I visit with Dave Lefort, Editor in Chief for Compliance Week. Dave recently wrote “It’s hard to tell whether the age we’re living in is the calm before the storm or if it is the storm. One way or another, we’ll likely get some clarity in the year ahead for CCOs navigating these choppy waters.” I asked him to come on the podcast and discuss his 10 predictions on what will dominate compliance headlines in 2020.
Big Tech in antitrust crosshairs. Is everyone ganging up on big tech?
Deregulation. Is it real or is it Memorex?
Recession worries: Impact on ethics and compliance. Will compliance have to do more with less or less with less?
2020 elections. How could it impact the regulatory environment heading into 2021?
Protecting whistleblowers. Will Congress step in where the Supreme Court gutted protection? Will Trump’s public berating of the impeachment whistleblower embolden those accused of wrongdoing to retaliate?
Data privacy equation has changed. How so?
GDPR: Waiting for the big one. Which US company will it be?
Regulators will reward good-faith efforts. Is it softening or a refocus?
Ethics and Artificial Intelligence: Trouble ahead? Will Skynet become self-aware?
Supply chains, geopolitical risk, and third parties. If this is such a big problem, where are the resources to fix it?
Resources
Dave’s article Ten Things We’ll Be Talking About in 2020
Subscribe to Compliance Week here. Use the code, NEWYEAR2020 … for a $365 for a one-year membership.
Register for Compliance Week 2020, here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/20/2020 • 35 minutes, 28 seconds
Day 19 | The investigation protocol
After the internal report comes in and you have properly triaged the matter, you need to scope out and investigate it, promptly, thoroughly and with competent personnel. Your company should have a detailed written procedure for handling any complaint or allegation of bribery or corruption, regardless of the means through which it is communicated. The mechanism could include the internal company hotline, anonymous tips, or a report directly from the business unit involved. You can make the decision on whether or not to investigate with consultation with other groups such as the Audit Committee of the Board of Directors or the Legal Department. The head of the business unit in which the claim arose may also be notified that an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis. Through the use of such a detailed written procedure, you can work to ensure there is complete transparency on the rights and obligations of all parties, once an allegation is made. This allows the compliance team to have not only the flexibility but also the responsibility to deal with such matters, from which it can best assess and then decide on how to manage the matter.
Three key takeaways:
A written protocol, created before an investigation, is a key starting point.
Create specific steps to follow so there will be full transparency and documentation going forward.
Consistency in approach is critical.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/19/2020 • 9 minutes, 24 seconds
Day 18 | Internal reporting and the triaging of claims
The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward.
This scenario was driven home by the SEC in a 2015 FCPA enforcement action involving Mead Johnson Nutrition Company. In this enforcement action, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately, the first investigation, performed in 2011, did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.
Three key takeaways:
The DOJ and SEC put special emphasis on internal reporting lines.
Test your hotline on a regular basis to make sure it is working.
Have a triage protocol in place before the call comes in so you will be ready to go and not required to scramble to create a protocol.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/18/2020 • 9 minutes, 24 seconds
Day 17 | Managing your third parties
The building blocks of any compliance program lay the foundations for a best practices compliance program. For instance, in the life cycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third-party management becomes more important. It is also the one where the rubber meets the road of operationalizing compliance. It is also an area the DOJ specifically articulated in the 2019 Evaluation that companies need to consider.
The key is to have a strategic approach to how you structure and manage your third-party relationships. This may mean more closely partnering with your third parties to help manage the anti-corruption compliance risk. It would certainly lead towards enabling your company to control risk while optimizing the performance of your third parties.
Three key takeaways:
Have a strategic approach to third-party risk management.
Rank third parties based upon a variety of factors including compliance and business performance, length of relationship, benchmarking metrics and KPIs for ongoing monitoring and auditing.
Managing the relationship is where the real work begins.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/17/2020 • 9 minutes, 49 seconds
Day 16 | The third-party risk management process
As every compliance practitioner is well aware, third parties still present the highest risk under the FCPA. The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) devotes an entire prong to third-party management. It begins with the following: A well-designed compliance program should apply risk-based due diligence to its third-party relationships. Although the degree of appropriate due diligence may vary based on the size and nature of the company or transaction, prosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors that are commonly used to conceal misconduct, such as the payment of bribes to foreign officials in international business transactions.
This clearly specifies that the DOJ expects an integrated approach that is operationalized throughout the company. This means you must have a process for the full life cycle of third-party risk management. There are five steps in the life cycle of third-party risk management, which will fulfill the DOJ requirements as laid out in the 2012 FCPA Guidance and in the Ten Hallmarks of an Effective Compliance Program. They five steps in the lifecycle of third-party management are:
Business Justification;
Questionnaire to Third-party;
Due Diligence on Third-party;
Compliance Terms and Conditions, including payment terms; and
Management and Oversight of Third Parties After Contract Signing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/16/2020 • 9 minutes, 49 seconds
Day 15 | How do you evaluate a risk assessment?
After you complete your risk assessment, you must then translate it into a risk profile. If your estimate of where your bribery risk is greatest is wrong, it will be an effort to address it. As Ben Locwin explained in his BioProcess International article, entitled “Quality Risk Assessment and Management Strategies for Biopharmaceutical Companies”:
Once we have assessed risks and determined a process that includes options to resolve and manage those risks whenever appropriate, then we can decide the level of resources with which to prioritize them. There always will be latent risks: those that we understand are there but that we cannot chase forever. But we need to make sure we have classified them correctly. With a good understanding of each of these, we are in a better position to speak about the quality of our businesses.
A way to evaluate risks as determined by the company’s risk assessment is through a risk matrix. Once risks are identified, they are then rated according to their significance and likelihood of occurring, and then plotted on a heat map to determine their priority. The most significant risks with the greatest likelihood of occurring are deemed the priority risks, which become the focus of your remedial efforts or for continuous auditing. A variety of solutions and tools can be used to manage these risks going forward, but the key step is to evaluate and rate these risks. All your actions should flow from the risk ranking.
Three key takeaways:
Even after you complete your risk assessment, you must evaluate those risks for your company.
The DOJ and SEC are looking for a well-reasoned approach on how you evaluate your risk.
Create a risk matrix and rank your risks; then remediate and monitor as appropriate.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/15/2020 • 9 minutes, 49 seconds
Day 14 | Risk Assessments
One cannot really say enough about risk assessments in the context of anti-corruption programs. This is because every corporate compliance program should be based upon a risk assessment, to understand your organization’s business from the commercial perspective, how your organization has identified, assessed, and defined its risk profile and, finally, the degree to which the program devotes appropriate scrutiny and resources to this range of risks.
As far back as 1999, in the Metcalf & Eddy enforcement action, the DOJ has said that risk assessments that measure the likelihood and severity of possible FCPA violations should direct your resources to manage these risks. The 2012 FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.”
This language was supplemented in the 2017 FCPA Corporate Enforcement Policy, which stated, “The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment.”
A risk assessment determines the areas at greatest risk for FCPA violations among all types of international business transactions and operations, the business culture of each country in which these activities occur, and the integrity and reputation of third parties engaged on behalf of the company. The reason is straightforward; one cannot define, plan for, or design an effective compliance program to prevent bribery and corruption unless you can measure the risks you face.
Three key takeaways:
Since at least 1999, the DOJ has pointed to the risk assessment as the start of an effective compliance program.
The DOJ will now consider both your risk assessment methodology for identifying risks and gathered evidence.
You should base your compliance program on your risk assessment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2020 • 9 minutes, 49 seconds
Day 13 |Institutional Justice and The Fair Process Doctrine
Companies have finally come to realize that institutional justice and fairness are perhaps the most basic tenet of any successful workplace. If employees believe they will be treated fairly, it will engender a level of trust that can work to not simply motivate employees but lead to a more successful workplace and, at the end of the day, a more profitable company. This encompasses the entire lifecycle of the employment relationship, from hiring through separation. It works in areas as seeming disparate as compensation and incentives, discipline, promotion and internal reporting.
Three key takeaways:
The DOJ and SEC have long called for appropriate and consistent application of both incentives and discipline.
The Fair Process Doctrinewill help set institutional justice as the norm in your organization.
Inconsistent application of discipline will destroy your compliance program credibility.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/13/2020 • 9 minutes, 49 seconds
André H. Paris on the Brazilian Compliance Scene
In the Episode, I visit with André H. Paris, a Brazilian Compliance Consultant and Lawyer. He is a specialist in building a Corporate Culture based on Ethics, Transparency and Respect. Paris has experience in Corporate Risk Analysis and Management, as well as in Protecting Corporate Reputation and Crisis Management. He is also quite enthusiastic on building a more ethical and transparent business environment. Paris is the author of the recently released book Compliance - Ethics and Transparency as the Way Forward. I met Paris at a compliance conference in Brazil last year. I am always interested in the views on compliance from practitioners outside the US, most particularly those who have written on the subject. He came on to the podcast to discuss his book and the current compliance scene in Brazil.
Due to the numerous corruption scandals, many Brazilian companies have experienced an extreme reputation crisis.
Companies have suffered substantial reputational bumps, including loss of market value, frequent presence on police pages, destroyed careers and thousands of jobs down the drain, as well as a profound brand disruption.
Paris believes that many of these risks should never have been taken, seeking results at any cost.
One of the challenges is helping the market to understand the need and value of compliance.
Additionally, many companies are trying to catch by creating internal structures focused on this compliance.
Compliance needs to be further studied and deepened. Paris believes there is the need for constant updating.
While the book deals with the main themes of corporate compliance, Paris both in the podcast and in his book does not shy away from expressing his opinions on topics that are often considered controversial.
Resources
To purchase a copy of Compliance - Ethics and Transparency as the Way Forward (in Portuguese) click here
André Paris LinkedIn Profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/13/2020 • 19 minutes, 49 seconds
Day 12 | Financial Incentives for Compliance
One of the areas that many companies have not paid as much attention to in their compliance programs is compensation. However, the DOJ and SEC have long made clear that they view monetary structure for compensation, rewarding those employees who do business in compliance with their employer’s compliance program, as one of the ways to reinforce the compliance program and the message of compliance. As far back as 2004, then SEC Director of Enforcement Stephen M. Cutler noted that integrity, ethics and compliance needed to be part of promotion, compensation and evaluation processes: “At the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.”
The 2012 FCPA Guidance stated the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
This same concept around compensation and incentives was brought forward in the 2019 Guidance - Incentives and Disciplinary Measures, which read:
Incentive System – Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?
The first question posed in the 2019 Guidance requires you to start with the basic question of what does your employee compensation consist of? Is it a straight salary? Is it variable? If so, what does the variable component consist of? Is it a discretionary bonus based upon the overall success of the entire business enterprise or some small subset such as a business unit or geographic region? Is it solely personal? Or is it some combination of all of the above?
Three key takeaways:
The DOJ and SEC have long advocated compensation as a way to motivate employees into ethical and compliant behaviors
Keep the compliance aspects of your compensation structure simple and easy for your employees to understand
Have full transparency in the framework of your compensation structure
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/12/2020 • 9 minutes, 50 seconds
Day 11 | What is Effective Compliance Training?
One of the key goals of any compliance program is to train employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. While it seems axiomatic that compliance training is a mainstay of any best practices compliance program, the conversation around training has evolved over the years. The 2012 FCPA Guidance started the conversation.
Beginning in the fall of 2016, through the announcement of the FCPA Enforcement Pilot Program, the DOJ began to talk about whether you have determined the effectiveness of your training. This conversation continued with the 2017 Evaluation where it asked, “How has the company measured the effectiveness of the training?” This point has bedeviled many compliance professionals yet is now a key metric for the government in evaluating compliance training. It evolved further in the 2019 Guidance with the mandate that training must be “truly effective”. Finally, the training must be presented in a language in which the employees understand, which means in a local language, if the training is outside the US or other non-English-speaking countries.
Also raised in the 2017 Evaluation was the focus of your training programs, where the DOJ inquired into whether your training was “tailored” for the audience. This added two requirements. The first was to assess your employees for risk to determine the type of training you might need to deliver by risk ranking your employees. Obviously, the sales force would be the highest risk but there may be others who are deserving of high-risk training as well. From this risk ranking, you were required to develop tailored training for the risks those employees will face.
The 2019 Guidance spells this out in greater detail. Not only in the design but who receives it, all coupled with backend determination of effectiveness. Finally, all of this must be documented.
Three key takeaways:
How and why have you tailored your compliance training?
The DOJ has mandated demonstrating the effectiveness of compliance training
How is your training presented: both in languages and media?
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2020 • 9 minutes, 50 seconds
Day 10 | The use of social media in compliance
What is the message of compliance inside of a corporation and how it is distributed? In a compliance program, the largest portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communications are free or available at very low cost. Why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward?
Why should you do so? Start with the tech-savvy nature of the today’s workforce. It is not simply about having a younger workforce but a workforce whose primary tool for communication is social media. If your company is in the services business, it probably means your employee base is using technological tools to deliver business solutions. Finally, consider the data-driven nature of business today so using technological tools to deliver products and solutions is something your company most probably does now.
Finally, never forget the social part of social media. Social media is a more holistic, multiple-sided communication. Not only are you setting out expectations but also these tools allow you to receive back communications from your employees. The D&B experience around the name change for its Code of Conduct is but one example. You can also see that if you have several concerns expressed it could alert you earlier to begin some detection and move towards prevention in your compliance program.
Three key takeaways:
Incorporation of social media into your compliance communications can pay big dividends.
Focus on the ‘social’ part of social media.
Use internal corporate social media to facilitate a 360-degree conversation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2020 • 9 minutes, 52 seconds
Day 9 | 360 degrees of compliance communications
A 360-degree view of compliance is an effort to incorporate your compliance identity into a holistic approach so that compliance is in touch with and visible to your employees at all times. It is about creating a distinctive brand philosophy of compliance which is centered on your consumers. In other words, it helps a compliance practitioner to anticipate all the aspects of your employees needs around compliance. This is especially true when compliance is either perceived as something that comes out of the home office or is perceived as the “Land of No.” A 360-degree view of compliance gives you the opportunity to build a new brand image for your compliance program. This is important as the Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) mandates that for a compliance program to be effective, it must be understood by a wide variety of stakeholders.
Communications is often thought of as a two-way street - upward and downward, inbound and outbound, or side-to-side. However, it is better to think of it as a 360-degree effort. You simply can no longer effectively communicate in just two ways. You now communicate in a more holistic manner, and in multiple ways. If you are just thinking about communications in the classic form, you are missing something that is happening around you.
360-degrees of compliance communication is not just a classic form of communication but rather it is a communication in the concept of every interaction, whether they be planned or accidental interactions. It is all a form of communication. This is particularly true if you are a compliance professional, practitioner or Chief Compliance Officer. The things you do, the way you act, and the way people see you, you are always communicating. It is not simply communicating one to one as often you may be communicating to a group across siloed boundaries, to the constituencies you had not even planned to communicate with initially.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/9/2020 • 9 minutes, 34 seconds
Day 8 | Internal controls and compliance
What specifically are internal controls in a compliance program? The starting point is the FCPA itself, which requires issuers to devise and maintain a system of internal controls that can reasonably assure:
Transactions are executed in accordance with management’s general or specific authorization;
Transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
Access to assets is permitted only in accordance with management’s general or specific authorization; and
The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
The DOJ and SEC, in the 2012 FCPA Guidance, stated:
Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring. … The design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.
Three key takeaways:
Effective internal controls are required under the FCPA.
Internal controls are a critical part of any best practices compliance program.
There are four significant controls for the compliance practitioner to implement initially. (a) Delegation of authority (DOA); (b) Maintenance of the vendor master file; (c) Contracts with third parties; and (d) Movement of cash/currency.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/8/2020 • 9 minutes, 38 seconds
Day 7 | Policies and Procedures
There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly a first line of defense when the government comes knocking. The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures against bribery and corruption; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and proceures in anti-corruption compliance.
The specific written policies and procedures required for a best practices compliance program are well known and long established. According to the 2012 FCPA Guidance, some of the risks companies should keep in mind include the nature and extent of transactions with foreign governments (including payments to foreign officials); use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectations for standards of conduct in your company. Procedures are the documents that implement these standards of conduct.
Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.
Three key takeaways:
Written compliance policies and procedures, together the Code of Conduct, with form the backbone of your compliance program.
The DOJ and SEC expect a well-thought out and articulated set of compliance policies and procedures and that they be adequately communicated throughout your organization.
Institutional fairness for the application of policies and procedures demands consistent application across the globe.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2020 • 9 minutes, 18 seconds
Day 6 | The Code of Conduct
What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in the creation of your company’s Code of Conduct?
How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United’s operations at the company’s huge east coast hub at Newark, NJ.
The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to its 2016 Non-Prosecution Agreement (NPA) settlement with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.
In the 2012 FCPA Guidance, the DOJ and SEC states:
A company’s Code of Conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.
The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) further specified “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” The Department of Justice (DOJ) Antitrust Division, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance) also specified “If the company has a Code of Conduct, are antitrust policies and principles included in the document?”
Three key takeaways:
Every formulation of a best practices compliance program starts with a written Code of Conduct.
The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity.
“Document, Document, and Document” your training and communication efforts.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/6/2020 • 9 minutes, 27 seconds
Fry Wernick on the Hoskins Jury Instructions
In the Episode, I visit with Ephraim (Fry) Wernick. He is a partner in the Government Investigations and White-Collar Practice Group at Vinson & Elkins LLP in Washington, DC. Mr. Wernick joined V&E in June 2019 after serving 11 years as a federal prosecutor, including most recently as Assistant Chief of the U.S. Department of Justice, Criminal Division’s Fraud Section, where he supervised dozens of FCPA cases, including four of the largest-ever corporate criminal resolutions. Mr. Wernick now represents public and private companies and individuals in connection with government and internal investigations. Mr. Wernick is a graduate of Brown University and the University of Texas School of Law. In this podcast we take a deep dive into the jury instructions in the recent Hoskins FCPA trial. Some of the highlights include:
What was the procedural history of the Hoskins case leading up to trial?
The court’s agency instruction required the government to establish three elements: (1) “a manifestation by the principal that the agent will act for it”; (2) “acceptance by the agent of the undertaking”; and (3) “an understanding between the agent and the principal that the principal will be in control of the undertaking.” The court further instructed that “[t]he undertaking consists of the acts or services which the agent performs on behalf of the principal.” Hoskins’ arguments focus primarily on the element of control. Did the DOJ satisfy this element?
At trial, the DOJ presented evidence that although Hoskins worked for the French parent, for the purposes of his actions around bribery and corruption, he was the agent of the US subsidiary. What was some of evidence presented at trial to show agency? Will it be enough to satisfy the Second Circuit definition in the inevitable appeal?
At the ACI National Conference, Assistant Attorney General Brian Benczkowski said that the DOJ would analyze each case individually to determine if there was such an agency relationship present. What will the DOJ likely take into account?
Might there be further clarification from the trial court or Second Circuit?
Does the DOJ trial win against Hoskins open up wider individual prosecutions under the FCPA for foreign employees of foreign subsidiaries who may never set foot in the US?
Resources
Vinson and Elkins’ firm page on Fry Wernick
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/6/2020 • 24 minutes, 42 seconds
Day 5 | The Board and operationalizing compliance
In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Director, the Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) stated:
Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
The DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Compliance Program Guidance) was even more explicit in announcing their expectation for robust Board oversight of a corporate compliance function. The Antitrust Compliance Program Guidance stated “For the antitrust compliance program to be effective, those with operational responsibility for the program must have sufficient autonomy, authority, and seniority within the company’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program. The Antitrust Compliance Program Guidance then went on to ask the following questions: Who has overall responsibility for the antitrust compliance program? Is there a chief compliance officer or executive within the company responsible for antitrust compliance? If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body? How often does the compliance officer or executive meet with the Board, audit committee, or other governing body? How does the company ensure the independence of its compliance personnel?
Three key takeaways:
The DOJ Evaluation requires active Board of Director engagement and oversight around compliance.
Board communication on compliance is a two-way street; both inbound and outbound.
Does the Board of Directors have a Compliance Expert?
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/5/2020 • 9 minutes, 38 seconds
Day 4 | Moving compliance tone down through an organization
Mike Volkov, in a blog post entitled “Mood in the Middle Versus Tone at the Top”, said, “Even when a company does all the right things at the senior management level, the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that exist throughout the company.” To fully operationalize your compliance program, you must articulate the message of ethical values and doing business in compliance and then drive that message from the top down, throughout your organization.
The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) made clear a company must have more than simply good ‘Tone-at-the-Top’; it must move down through the organization from senior management to middle management and into its lower ranks. This means that one task is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization. The 2019 Guidance stated:
Shared Commitment – What actions have senior leaders and middle-management stakeholders (e.g., business and operational managers, finance, procurement, legal, human resources) taken to demonstrate their commitment to compliance or compliance personnel, including their remediation efforts? Have they persisted in that commitment in the face of competing interests or business objectives?
This requirement speaks to the greater role of non-compliance functions in fully operationalized compliance program. Indeed, one sign of a mature compliance and ethics program is the extent to which a company’s other corporate disciplines are involved in implementing and then taking forward a compliance solution. This approach can act as a lynch pin in spreading a company’s commitment to compliance throughout the employee base. It can also be used to ‘connect the dots’ in many divergent elements of a corporate compliance and ethics program.
Three key takeaways:
Tone at the top - direct supervisors become the most important influence on people in the company.
Give your middle managers a Tool Kit around compliance so they can fully operationalize compliance.
Organizational justice is an additional way to help operationalize compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2020 • 9 minutes, 18 seconds
Day 3 | Leadership’s conduct at the top
Obviously, in every compliance program, the ethical tone of a company and accountability all starts at the top and most specifically senior management. The Evaluation of Corporate Compliance Programs - Guidance Document (2019 Guidance) stated, “The company’s top leaders – the board of directors and executives – set the tone for the rest of the company. Prosecutors should examine the extent to which senior management have clearly articulated the company’s ethical standards, conveyed and disseminated them in clear and unambiguous terms, and demonstrated rigorous adherence by example. Prosecutors should also examine how middle management, in turn, have reinforced those standards and encouraged employees to abide by them.” To assist companies in understanding this requirement the 2019 Guidance sets out the following inquiries.
Conduct at the Top – How have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How have they modelled proper behavior to subordinates? Have managers tolerated greater compliance risks in pursuit of new business or greater revenues? Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?
This requirement is more than simply the ubiquitous “tone-at-the-top,” as it focuses on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values and finally, how is such conduct monitored in an organization?
Three key takeaways:
Senior management must actually do compliance; walk-the-walk, not simply talk-the-talk.
Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.
CEO as Compliance Ambassador.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2020 • 8 minutes, 48 seconds
Day 2 | Measuring your risk
Operationalizing your compliance program can take many shapes and forms. Using the entire risk management process to embed your compliance program within the contours of your organization is an important key step that will allow you to have full visibility of your compliance risks through a longer life cycle. Forecasting allows you to consider your business strategy and wed the risks you can foresee. Risk assessments allow you to evaluate and measure known risks. Risk-based monitoring allows you to monitor both the compliance risks you know about and detect those you do not know, on an ongoing basis.
Three key takeaways:
The risk management process is an important backbone of operationalizing compliance.
You should be able monitor and measure both known and unknown risks.
All of these steps help a business to run more efficiently and more profitably.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2020 • 8 minutes, 27 seconds
Day 1 | What 2019 Brought to Compliance Programs
2019 was a very significant year for every compliance practitioner and compliance program. Not only was it the year with the single highest amount of FCPA enforcement actions, fines and penalties assessed against corporations but it also saw the greatest number of individual prosecutions. Yet perhaps most significantly there were three noteworthy releases of information by the federal government which directly impacted compliance professionals in 2019. Two came from the Department of Justice (DOJ) and one came from the Department of Treasury, Office of Foreign Asset Control (OFAC). These three guidances contributed to the continued evolution of what constitutes a best practices compliance program.
Three key takeaways:
The 2019 Compliance Guidance asks three key questions of every corporate compliance program and adds a mandate for culture assessment, management and improvement.
The OFAC Framework mandates due diligence on not only third parties in the sales cycle but also vendors in the Supply Chain and customers as well.
The Antitrust Division Compliance Evaluation adds a requirement for data analytics and statistical analysis in monitoring and continuous improvement.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/1/2020 • 9 minutes, 53 seconds
Karen Woody on the SEC year in FCPA Enforcement
In the Episode, I visit with Karen Woody, Assistant Professor of Law at Washington and Lee. Karen was in private practice for many years before going into Academia. She specializes in the SEC and issues around the Commission. Some of the highlights include:
Karen moved this year from the Indiana University-Kelly School of Business to the Law School at Washington and Lee. We discuss some of the differences in teaching at a law school as opposed to a business school.
Karen assesses the SEC’s overall year in FCPA Enforcement.
Karen highlights some of the key SEC FCPA enforcement actions over the past year.
She provides insights into the upcoming Supreme Court consideration of Lui and Wang attack on profit disgorgement.
We consider SEC Chairman Clayton’s backing off on his attempt to cut whistleblower awards. Why did it fail?
Woody highlights some of the SEC enforcement areas she is paying the most attention to going forward.
We conclude with a look into the veiled land of the future and what Woody expects to see from the SEC in 2020.
Resources
Scholarly papers from Karen Woody, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/30/2019 • 27 minutes, 57 seconds
James Koukios on the MoFo October International Anti-Corruption Newsletter
In the Episode, I visit with James Koukios, a partner at Morrison and Foerster in Washington DC. Koukios is a former prosecutor from the Department of Justice who worked in the FCPA Unit. He is back to discuss the firm’s monthly newsletter the Top 10 International Anti-Corruption Developments for October 2019.
Some of the highlights include:
· The DOJ Issues Guidance on Corporate Inability-to-Pay Claims. We consider is this something new or codification of prior practices?
· The Unaoil guilty pleas. Are they huge, even bigger than Panalpina?
· The EU whistleblower initiative. Is this a sea change or something else? What might it mean for anticorruption enforcement?
· OECD Expresses Concern over Brazil’s Foreign Bribery Enforcement. Has there been a change in Brazil enforcement or is this simply a part of the natural ebb and flow of enforcement actions?
· Are things really going to heat up in Mexico in terms of investigations involving Pemex? Should US companies which have done business in Mexico be scrubbing their operations?
Resources
To see the firm’s Top 10 International Anti-Corruption Developments for October 2019, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/23/2019 • 27 minutes, 52 seconds
James Koukios on the MoFo September International Anti-Corruption Newsletter
In the Episode, I visit with James Koukios, a partner at Morrison and Foerster in Washington DC. Koukios is a former prosecutor from the Department of Justice who worked in the FCPA Unit. He is back to discuss the firm’s monthly newsletter the Top 10 International Anti-Corruption Developments for September 2019. In this podcast we discuss:
What are you key takeaways from the 3 fiscal year ending FCPA enforcement actions from the SEC?
Restitution is becoming for a bigger topic in FCPA settlements. What is restitution in the FCPA context? Why the different rulings in Och-Ziff and PetroEcuador? Should companies start to consider this in settlement negotiations?
SEC Chair Laments Perceived Lack of International Anti-Corruption Enforcement Efforts-What is (or was) going on?
Mexico-are things really going to heat up in terms of investigations involving Pemex. Should US companies which have done business in Mexico be scrubbing their operations?
To see the firm’s Top 10 International Anti-Corruption Developments for September 2019, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/16/2019 • 25 minutes, 25 seconds
Stacie Hartman on Whistleblowers, the CFTC and the FCPA
In this episode I visit with Stacie Hartman, co-chair of the Financial Services Group at Steptoe & Johnson LLP. She offers insight in how this new appeal to whistleblowers could impact the type or volume of enforcement cases within the CFTC. Stacie leads major cases in courts around the country and in enforcement proceedings before the Commodity Futures Trading Commission (CFTC), Securities and Exchange Commission (SEC), and financial exchanges, as well as in investigations by the US Department of Justice (DOJ). She has a strong track record of helping her clients avoid prosecution completely or obtain settlements at record-low penalties.
In July, the House passed the Whistleblower Protection Reform Act of 2019, which passed by a vote of 410-12. Last month the Senate introduced the Whistleblower Programs Improvement Act. In this podcast we consider what these pieces of legislation might mean for the corporate compliance practitioner.
Some of the highlights include:
We consider if these pieces of legislation are in response to the Supreme Court decision in Digital Realty Trust?
If so, how do they remedy the Court’s decision?
Are there be ancillary issues involved?
Do they expand the definition of whistleblower?
What do they do for the timeframes for decisions on whistleblower awards at the SEC and CFTC?
Listeners are familiar with whistleblower process to the SEC. Have there been What if any are the differences in the process program run by to the CFTC?
Resources
Stacie Hartman firm profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/9/2019 • 19 minutes, 2 seconds
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, Part 5: Developments from Brazil with Salim Saud
Welcome to a special five-part podcast series from the Compliance Podcast Network. In this series I am taking a look at the Hughes Hubbard & Reed 2019 FCPA and Anti-Bribery Alert. I visit with five firm lawyers involved in the preparation of the report, each of whom is a subject matter expert in an area of the FCPA and anti-corruption. In this Part 5, I visit with Salim Saud, Partner at Saud Advogados, in cooperation with Hughes, Hubbard & Reed LLP, on developments in anti-bribery enforcement from Brazil from over the past year.
Some of the highlights include:
What is the key role the CGU has taken over the past year?
How is the CGU currently assessing compliance programs?
What were some of the setbacks in Brazil over the year?
How can a company obtain a Leniency Agreement?
What are some key lessons for the compliance practitioner?
Resources
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2019 • 12 minutes, 38 seconds
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, Part 2: Year in FCPA with Laura Perkins
Welcome to a special five-part podcast series from the Compliance Podcast Network. In this series I am taking a look at the Hughes Hubbard & Reed 2019 FCPA and Anti-Bribery Alert. I visit with five firm lawyers involved in the preparation of the report, each of whom is a subject matter expert in an area of the FCPA and anti-corruption. In this Part 2, I visit with Laura Perkins, co-Executive Editor of the Alert for an overview of the 2019 Alert.
Some of the highlights include:
What were some of the key developments from the Department of Justice over the past year in the FCPA?
What were some of the enforcement actions from the Department of Justice over the past year in the FCPA?
What were some of the policy announcements from the Department of Justice over the past year in the FCPA?
What were some of the DOJ tips on best practices in compliance were to be found in FCPA enforcement actions over the past year?
Why are the guidance documents from the DOJ so useful to the compliance professional?
Resources
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2019 • 14 minutes, 43 seconds
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, Part 3: Anti-Bribery Enforcement in France with Bryan Sillaman
Welcome to a special five-part podcast series from the Compliance Podcast Network. In this series I am taking a look at the Hughes Hubbard & Reed 2019 FCPA and Anti-Bribery Alert. I visit with five firm lawyers involved in the preparation of the report, each of whom is a subject matter expert in an area of the FCPA and anti-corruption. In this Part 3, I visit with Bryan Sillaman, Managing Partner of the firm’s Paris office, on developments in France regarding anti-bribery enforcement over the past year.
Some of the highlights include:
What were the anti-bribery prosecutions under Sapin II?
What were the first decisions by the AFA on compliance programs?
What were changes in whistleblower protection over the past year in France?
Why are the developments of a DPA equivalent so significant in France?
What the requirement for entering into a settlement agreement in France?
Resources
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2019 • 18 minutes, 36 seconds
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, Part 4: Developments from Multilateral Development Banks with Michael DeBernardis
Welcome to a special five-part podcast series from the Compliance Podcast Network. In this series I am taking a look at the Hughes Hubbard & Reed 2019 FCPA and Anti-Bribery Alert. I visit with five firm lawyers involved in the preparation of the report, each of whom is a subject matter expert in an area of the FCPA and anti-corruption. In this Part 4, I visit with Michael DeBernardis, on developments from Multilateral Development Banks in the fight against bribery and corruption over the past year.
Some of the highlights include:
What is the role of Multilateral Development Banks in the fight against bribery and corruption?
What were the key enforcement actions reported by the World Bank?
What were changes in whistleblower protection over the past year in France?
Why are these developments so significant?
What are some key lessons for the compliance practitioner?
Resources
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2019 • 13 minutes, 39 seconds
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, Part 1: Overview with Kevin Abikoff
Welcome to a special five-part podcast series from the Compliance Podcast Network. In this series I am taking a look at the Hughes Hubbard & Reed 2019 FCPA and Anti-Bribery Alert. I visit with five firm lawyers involved in the preparation of the report, each of whom is a subject matter expert in an area of the FCPA and anti-corruption. In this Part 1, I visit with Kevin Abikoff, co-Executive Editor of the Alert for an overview of the 2019 Alert.
Some of the highlights include:
Ø When did the Alert come into existence?
Ø How has it changed over time?
Ø Why does each edition begin with lyrics from a recording artist we lost over the past?
Ø What is the significance of this year’s tribute to Steve Cash and If You Want to Get to Heaven?
Ø Why is this year-end alert different than other law firm publications of a similar nature?
Resources
Hughes Hubbard 2019 FCPA and Anti-Bribery Alert, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2019 • 12 minutes, 41 seconds
Executives at Risk Report Summer/Fall 2019
In this episode I visit with Lauren Briggerman, Member at Miller & Chevalier and Katherine Pappas, Counsel at Miller & Chevalier about the firm’s most recent edition of the publication Executives at Risk, the Summer/Fall 2019 edition. Some of the highlights include:
What is the publication “Executives at Risk”?
What were some of the noteworthy Investigations covered in the report? a. Pharma Executives Charged in Second Criminal Case Involving Improper Opioid Sales. b. Are more executives in danger from the ongoing opioid trials and enforcement actions?
What are some of the Cartel issues covered in the report? a. Two Foreign Shipping Executives Charged in Ongoing Ocean Cargo Shipping Cartel Scheme. b.Why do executives need to be concerned with this Administration’s trade sanction policy?
There was one significant criminal trade secret case as a former Uber executive was charged with Trade Secrets Theft from Google. These matters are usually civil matters. Why is this case a criminal matter?
We consider the extradition matter involving a Société Générale banker living in France deemed a fugitive by U.S. Judge. What does this mean for non-US executives?
We visit about the policy developments from the DOJ-the Evaluation of Corporate Compliance Programs. I ask, what is its significant for Executives?
Resource
Executives at Risk-Summer/Fall 2019 Edition
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2019 • 22 minutes, 55 seconds
Mikhail Gordon on Aspects of Monitorships: Part 5, Evolution of Situations Requiring Monitors
In this special five-part podcast series, I have been joined by Mikhail Reider-Gordon, Managing Director of Global Affairs at Affiliated Monitors, Inc. (AMI) the sponsor of this podcast series. We have discussed various aspects of monitorships, including why independence matters, the American Bar Association’s (ABA) Guidelines on Monitors, Gordon’s professorial career at the International Anti-Corruption Academy, cultural differences between international and US domestic monitorships. and the continuing evolution in monitorships. Today, in this concluding Part 5, we consider the continuing evolution in monitorships. Some of the highlights include:
· There is growth in monitoring entities that have violated data privacy laws, either because they have suffered a data breach, or have misused data they control.
· Can you elaborate on data privacy and monitoring?
· Can you tell us how monitorships fall into different categories based on the type of remediation effort the monitorship is meant to achieve?
· How should companies prepare for a monitorship?
· Does AMI take on pro-active monitorships?
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2019 • 15 minutes, 53 seconds
Mikhail Gordon on Aspects of Monitorships: Part 4, Cultural Differences in Int'l and Domestic US Monitorships
In this special five-part podcast series, I am joined by Mikhail Reider-Gordon, Managing Director of Global Affairs at Affiliated Monitors, Inc. (AMI) the sponsor of this podcast series. In this series we discuss various aspects of monitorships, including why independence matters, the American Bar Association’s (ABA) Guidelines on Monitors, Gordon’s professorial career at the International Anti-Corruption Academy, cultural differences between international and US domestic monitorships and the continuing evolution in monitorships. In Part 4, we consider the cultural differences between international and US domestic monitorships. Highlights include:
· How do cultural differences and legal process affect the structures a monitorship of an entity or individuals?
· Differences between US and other countries related to dealing with Corporations and Individuals?
· Why are cultural considerations important for a monitor working with multi-nationals?
· How does working with foreign regulators impact the consideration for a monitor?
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2019 • 13 minutes, 51 seconds
Mikhail Gordon on Aspects of Monitorships: Part 3, International Teaching
In this special five-part podcast series, I am joined by Mikhail Reider-Gordon, Managing Director of Global Affairs at Affiliated Monitors, Inc. (AMI) the sponsor of this podcast series. In this series we discuss various aspects of monitorships, including why independence matters, the American Bar Association’s (ABA) Guidelines on Monitors, Gordon’s professorial career at the International Anti-Corruption Academy, cultural differences between international and US domestic monitorships and the continuing evolution in monitorships. In this Part 3, we consider how Gordon’s teaching compliance and investigations at the International Anti-Corruption Academy inform her view of wide-ranging cultural differences in monitorships. Highlights include:
· What is the International Anti-Corruption Academy?
· Who attends? Cultural Differences must be an interesting aspect of the Academy.
· What do you do at the Academy?
· How do the cultural differences come into consideration when teaching compliance at the Academy?
· Is the subject of data/technology having an impact in building and operating entity-wide compliance programs?
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2019 • 13 minutes, 33 seconds
Mikhail Gordon on Aspects of Monitorships: Part 2, ABA Guidelines on Monitors
In this special five-part podcast series, I am joined by Mikhail Reider-Gordon, Managing Director of Global Affairs at Affiliated Monitors, Inc. (AMI) the sponsor of this podcast series. In this series we discuss various aspects of monitorships, including why independence matters, the American Bar Association’s (ABA) Guidelines on Monitors, Gordon’s professorial career at the International Anti-Corruption Academy, cultural differences between international and US domestic monitorships and the continuing evolution in monitorships. In episode 2, we discuss the ABA Guidelines on Monitors. Highlights include:
· Mikhail’s involvement with ABA
· The ABA, via its Criminal Justice Section, issued Standards for Monitors. What are they and why are they important?
· Use of Monitors by more than DOJ
· The ABA Standards extend into civil and criminal proceedings.
· Monitors are known by a variety of names including external compliance officers, ombudsmen, Independent Private Sector Inspectors General (IPSIGs), etc
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2019 • 12 minutes, 38 seconds
Mikhail Gordon on Aspects of Monitorships: Part 1, Why Independence in a Monitor Matters
In this special five-part podcast series, I am joined by Mikhail Reider-Gordon, Managing Director of Global Affairs at Affiliated Monitors, Inc. (AMI) the sponsor of this podcast series. In this series we discuss various aspects of monitorships, including why independence matters, the American Bar Association’s (ABA) Guidelines on Monitors, Gordon’s professorial career at the International Anti-Corruption Academy, cultural differences between international and US domestic monitorships and the continuing evolution in monitorships. Today, in Part 1, we consider why independence in monitors is so critical. Highlights include:
· Regulator Considerations
· Former Collogues: Appearance of Conflict
· Informal Sympathies
· The value of an independent to a company that needs a monitor
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/2/2019 • 14 minutes, 56 seconds
Update on Varsity Blues
In this episode I visit with Benjamin Britz, a partner at Hughes Hubbard & Reed. We review the current state of the Varsity Blues prosecutions, including the guilty pleas and those still maintaining their innocence. We consider the evidence presented and where the case may be heading.
Britz advises clients on all aspects of corporate governance including government investigations, shareholder class action and derivative litigation, and corporate compliance matters. He has represented clients before all manner of domestic and international enforcement agencies, including the Department of Justice, Securities and Exchange Commission, UK Serious Fraud Office and the enforcement offices of the World Bank, Asian Development Bank and African Development Bank, among others. His practice particularly focuses on anti-corruption compliance, securities enforcement, and accounting and procurement fraud matters. He has performed internal investigations and due diligence exercises around the globe and across an array of different industries.
Some of the highlights include:
What is the current state of prosecutions?
What evidence has been presented?
Might there be ancillary issues involved?
What will be the fallout for the cooperating witnesses?
Is money laundering a viable prosecution strategy?
Will the IRS become involved?
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/18/2019 • 23 minutes, 35 seconds
Episode 452, Mike Volkov on the Hoskins Jury Verdict
In this episode I visit with Mike Volkov about the Hoskins verdict, which was announced on Friday, November 8. In it Lawrence Hoskins was found guilty on six counts of violating the FCPA, three counts of money laundering, and two counts of conspiracy. Hoskins was acquitted on one money laundering count. We explore this case from the trial perspective. Some of the highlights include:
· What was the significance of the verdict?
· What evidence did the prosecutors have to put forward to prove agency?
· How do prosecutors think through jury presentations?
· Did the fact that Hoskins basic defense was that he was in charge of a criminal conspiracy and not an agent play poorly in front of the jury ?
· What might all this mean for FCPA prosecutions going forward? How about internal investigations?
· What does this case say about being the first to cooperate?
· What signal does this case say about DOJ prosecution of individuals under the FCPA?
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/11/2019 • 26 minutes, 7 seconds
Pamela Fierst-Walsh on the Kimberley Process
In this episode I visit with Pamela Fierst-Walsh, who works at the US State Department as the Senior Advisor on Conflict & Critical Minerals and U.S. Representative to the Kimberley Process. Every compliance professional needs to understand not only responsible sourcing but the Kimberley Process and how it relates to anti-corruption compliance. Some of the highlights include:
What is Pamela’s role as the Senior Advisor on Conflict & Critical Minerals and U.S. Representative to the Kimberley Process.
What is the Kimberly Process?
Who developed it?
How does it relate to conflict mineral initiatives? Responsible sourcing?
How does the US State Department support the Kimberley Process?
Where could listeners go for more information?
Resources
For more on the Kimberley Process, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/3/2019 • 20 minutes, 7 seconds
Episode 450-Steven Lofchie and the Cadwalader Cabinet
In this episode I visit with Steven Lofchie, a partner in the NYT office of Cadwalader, Wickersham and Taft. Lofchie and his team have developed an incredible new resource called The Cadwalader Cabinet, which is the “Go To One-Stop Shop” for attorneys and regulators operating in the US financial services sector. Lofchie is the Mastermind behind the Cabinet, this intelligence and knowledge management platform. Some of the highlights include:
What led to the creation of the Cadwalader Cabinet?
What market need/opportunity did you see that the Cadwalader Cabinet fills?
Why is the Cadwalader Cabinet “Go To One-Stop Shop” for attorneys and regulators operating in the US financial services sector?
What are some of the Power links in the Cadwalader Cabinet?
Some of other materials available on the Cadwalader Cabinet include expected rules, regs, statutes, but also includes hot topics like Reg BI, LIBOR, Cryptocurrencies, Cannabis Finance and of course FCPA related materials.
Resources
To check out the Cadwallader Cabinet, click here. Best of all, mention this podcast and receive a free trial.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/28/2019 • 21 minutes, 11 seconds
Francine McKenna with an update on the KPMG-PCAOB Scandal
In this episode I visit with one of my favorite people, Francine McKenna, a reporter at MarketWatch. We check in on the current developments in the KPMG-PCAOB scandal including recent guilty pleas, sentencing and where the matter might finally be headed. Some of the highlights include:
· A review of the Indictment and underlying facts.
· A review of the horrendous facts about KPMG that came out during the March trial.
· What does it say about the PCAOB that two of its former Board members were witnesses for the defense in the trial?
· What did all this mean for KPMG head Lynne Doughtie? What does all this mean for audit independence, particularly in the Jay Clayton era at the SEC?
· Where can listeners go for more information?
Resources
Francine McKenna on MarketWatch
MarketWatch website
Re: The Auditors blogsite
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/21/2019 • 28 minutes, 53 seconds
Parth Chanda on integrating data analytics into a compliance platform
In this episode I visit with Parth Chanda, CEO of Lextegrity, a leading technology platform that combines the up-front due diligence approval of planned third-party spend with the analysis of actual spend — focused on fraud, corruption and conflicts of interest. Some of the highlights include: · Professional background for Chanda, with nearly 20 years in compliance.· Some of the problems the Lextegrity Integrity platform is addressing with for compliance professionals? · What traditional challenges do CCO’s face when they try to deploy compliance monitoring solutions? They include:a. Employees lacking sufficient tools to assess risk and take ownership of their own compliance.b. Complex reports or analytics for the business users not user-friendly or intuitive.c. Too few legal, compliance, IT and anti-fraud resources to support the business or continuous monitoring efforts.d. Disorganized and disparate data stores.e. Risks managed in multiple systems that don’t “talk to each other” or require duplicate entry or manual data input processes.f. Not having real-time analytics, reporting or monitoring, which leads to missed anomalies and patterns.· In September’s FRAUD Magazine innovation column authored by Vincent Walden he quoted you for the following, “Avoiding professional biases in your fraud risk management program”. How does the Lextegrity platform help avoid bias and integrating typical compliance functions with traditional internal audit functions?· How does the Lextegrity platform integrate both pre-approvals and monitoring? What are the benefits to that as compared to what’s in the market?· What’s the benefits to General Counsels and heads of investigations from the platform and about how the machine learning aspects help companies be more strategic and effective? · What advice do you have for CCOs and General Counsels when they are evaluating the use of data analytics into their compliance program?· Where can listeners go for more information? ResourcesParth ChandaLextegrity websiteArticle “Avoiding Bias in Your Fraud Management Program” by Vince Walden in September/October issue of Fraud Magazine
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2019 • 30 minutes, 28 seconds
Why Culture Matters-Episode 5, How is ethical culture a part of an overall ethics and compliance assessment?
Welcome to this special five-part podcast series with Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. (AMI), who is the sponsor of this podcast series. Corporate culture exists in the space between what an organization professes and what it does. In this series Jay and I will be exploring key aspects of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. In this concluding Part V, we consider how an ethical culture is a part of an overall ethics and compliance assessment.
Highlights include:Begin with framework for such an assessment, usually the compliance program itself.Is your training both focused and effective?Is there institutional fairness in your promotion and compensation programs?Is there institutional justice around reporting, discipline and investigations?Is your compliance program a paper program or is it fully operationalized?Is there accountability in your organization?For more information see Jay’s blog post How is ethical culture a part of an overall ethics and compliance assessment? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2019 • 12 minutes, 4 seconds
Why Culture Matters-Episode 4, How Does a Company Assess its Culture?
Welcome to this special five-part podcast series with Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. (AMI), who is the sponsor of this podcast series. Corporate culture exists in the space between what an organization professes and what it does. In this series Jay and I will be exploring key aspects of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. In this Part IV, we consider how to assess your corporate culture. Highlights include: · Who should perform the assessment of corporate culture? · An in-house resource may be seen as more ongoing monitoring than culture assessment. · Conversely an independent outside expert may be able to garner more fulsome information of the true state of your corporate culture.· Tools to assess the culture of an organization include employee surveys, conversations, visits to field operations. · What are the differences, if any, which must be considered when assessing a global company?· Why do you need to “fine-tune” a cultural survey to get a good understanding of the company’s culture and obtain meaningful metrics? · The bottom line is you should take the temperature of your employees internally by doing regular monitoring of your company to understand its culture and what needs to be done. Please join us for our concluding Episode 5, where we bring it all together and consider how ethical culture is a part of an overall ethics and compliance assessment. For more information see Jay’s blog post How does a company assess its culture? on Corporate Compliance Insights. For more information on Affiliated Monitors, Inc. check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2019 • 14 minutes, 21 seconds
Why Culture Matters-Episode 3, the Role of the CCO in Culture
Welcome to this special five-part podcast series with Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. (AMI), who is the sponsor of this podcast series. Corporate culture exists in the space between what an organization professes and what it does, yet who bears the responsibility for establishing and maintaining an ethical culture? In this series Jay and I will be exploring key aspects of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. In this Part III, we consider to what extent the Chief Compliance Officer (CCO) should be involved in shaping a culture of ethics and driving ethical behavior.Highlights include: · Who bears the responsibility for culture? · The duty most often falls to the CCO, so both the CCO and the entire compliance function need to be able to coordinate the various inputs and support mechanisms that guide employee behavior.· The CCO is often the face of the ethics program for the company – kind of the spokesperson for the company who helps to drive behavior.· In hiring and recruiting, a CCO can create a culture where an organization would only hire the right type of people as employees. · When managing upward, the CCO has an equally critical mandate through unfettered access to provide information to the Board regarding the compliance and ethics posture at the company, specifically including the culture.· What are the warning signs of an unethical culture? · It is up to the CCO to understand and have their finger on what the culture is, where the challenges are and what needs to be done to continually strengthen the culture. Please join us for Episode 4, where we explore how a company can begin to assess its own culture. For more information see Jay’s blog post What is the CCO’s Role in Strengthening the Organization’s Culture of Ethics?on Corporate Compliance Insights. For more information on Affiliated Monitors, Inc. check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2019 • 11 minutes, 11 seconds
Why Culture Matters-Episode 2, What Factors Influence a Company’s Culture
Welcome to this special five-part podcast series with Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. (AMI), who is the sponsor of this podcast series. Corporate culture exists in the space between what an organization professes and what it does. It is important to pay attention to corporate culture as disconnects in this reality can be quite costly. Yet what factors influence corporate culture. In this series Jay and I will be exploring key aspects of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. In this Part II, we consider what can influence an organization’s ethical culture, starting at the top with senior leadership. We consider such questions as whether your senior leaders practice what they preach as employees can spot a disconnect from a mile away.
Highlights include:A company does not have an ethical culture unless top management commits to it.Equally important is a sense of organizational justice and fairness.One of the key elements of effective leadership is listening and that also applies to a company’s culture.Do senior leadership give their people the opportunity to be heard?Do senior leaders get out of the ivory tower, go out into the field and meet with employees?Are there town halls or other types of group interactions?Do the employees see whether their leaders are living those kinds of values?It is crucial for perception to equal reality.The bottom line is there must be alignment between what top management says and the company’s core values – between what the organization says and what it does.Please join us for Episode 3, where we explore the role of a Chief Compliance Officer in strengthening the ethical culture of the organization.
For more information see Jay’s blog post What Factors Influence a Company’s Ethical Culture? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2019 • 11 minutes, 52 seconds
Why Culture Matters-Episode 1, What is Ethical Culture and Why Does it Matter
Welcome to this special five-part podcast series with Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. (AMI), who is the sponsor of this podcast series. Corporate culture exists in the space between what an organization professes and what it does. It is important to pay attention to corporate culture as disconnects in this reality can be quite costly. Witness the continuing imbroglio surrounding Wells Fargo. In this series Jay and I will be exploring key aspects of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. In this Part I, we consider what is ethical culture and why does it matter.
Highlights include:An exploration of the question “what is corporate culture”?Corporate culture is the way things really arein an organization and the way things really work.There may be more than one culture in an organization and there might well be multiple subcultures in a company.M&A due diligence around culture is critical.What different kinds of cultural systems could impact a company?Why is having a “speak up” culture a key indication of a strong ethical culture?How can an organization hold its employees throughout the organization accountable?Why must there must be an alignment between what top management says and the company’s core values to have an effective culture?Please join us for Episode 2, where we will explore the factors that influence a company’s ethical culture.
For more information see Jay’s blog post What is Ethical Culture and Why Does it Matter? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/14/2019 • 12 minutes, 20 seconds
Joe Gerard on Conducting Fraud Investigations with Case Management Software
In this episode I visit with Joe Gerard, CEO of i-Sight Software. We consider i-Sight’s recent eBook, Conducting Fraud Investigations with Case Management Software and how case management software facilitates the investigative process. Some of the highlights include: What is iSight Software and what are some of its services, products and tools. What is Case Management Software?How does it assist corporate fraud investigations? How does it help both accuracy and speed?Gerard provides an example of how case management SW works.How case management SW streamlines a pre-existing investigative process?What is the ROI of case management SW?What are some of the differences between homegrown case management solutions (or worse yet—spreadsheets) and case management SW?Where can listeners go for more information? ResourcesJoe Gerardi-Sight SoftwareeBook on Conducting Fraud Investigations with Case Management SW
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/7/2019 • 25 minutes, 41 seconds
The Future of Financial Compliance: Maintaining Oversight
In this special five-part podcast series, I have visited with Phil Fry, VP, Go To Market at Verint, which is the sponsor of this podcast series. In this podcast series, we consider how Verint is changing the future of financial compliance by challenging the accept wisdom through capture, control, sustainability & oversight. I found this process as useful to think through a wide range and assortment of compliance issues for any compliance field: anticorruption compliance; trade compliance; AML compliance or any other type of compliance. Today in this concluding Part 5, we tie it all together, through a discussion of oversight of you the entire process. (The Verint process is so innovative, I have cross-posted the entire series on Innovation in Compliance this week as well.) For more information on Verint, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/4/2019 • 14 minutes, 3 seconds
The Future of Financial Compliance: Sustainability
In this special five-part podcast series, I visit with Phil Fry, VP, Go To Market at Verint, which is the sponsor of this podcast series. In this podcast series, we consider how Verint is changing the future of financial compliance by challenging the accept wisdom through capture, control, sustainability & oversight. I found this process as useful to think through a wide range and assortment of compliance issues for any compliance field: anticorruption compliance; trade compliance; AML compliance or any other type of compliance. Today in Part 4, we discuss sustainability. (The Verint process is so innovative, I have cross-posted the entire series on Innovation in Compliance this week as well.) Verint, a provider of reactive, active and proactive compliance solutions for the new regulatory environment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/3/2019 • 13 minutes, 39 seconds
The Future of Financial Compliance-Challenging Accepted Wisdom
In this special five-part podcast series, I visit with Phil Fry, VP Go To Market at Verint, which is the sponsor of this podcast series. In this podcast series, we consider how Verint is changing the future of financial compliance by challenging the accept wisdom through capture, control, sustainability & oversight. I found this process as useful to think through a wide range and assortment of compliance issues for any compliance field: anticorruption compliance; trade compliance; AML compliance or any other type of compliance. Today in Part 1, we begin with an overview of the process.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/3/2019 • 11 minutes, 31 seconds
The Future of Financial Compliance: Control
In this special five-part podcast series, I visit with Phil Fry, VP Go To Market at Verint, which is the sponsor of this podcast series. In this podcast series, we consider how Verint is changing the future of financial compliance by challenging the accept wisdom through capture, control, sustainability & oversight. I found this process as useful to think through a wide range and assortment of compliance issues for any compliance field: anticorruption compliance; trade compliance; AML compliance or any other type of compliance. Today in Part 3, we discuss control. (The Verint process is so innovative, I have cross-posted the entire series on Innovation in Compliance this week as well.) Verint, a provider of reactive, active and proactive compliance solutions for the new regulatory environment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/2/2019 • 10 minutes, 53 seconds
The Future of Financial Compliance: Capture
In this special five-part podcast series, I visit with Phil Fry, VP Go To Market at Verint, which is the sponsor of this podcast series. In this podcast series, we consider how Verint is changing the future of financial compliance by challenging the accept wisdom through capture, control, sustainability & oversight. I found this process as useful to think through a wide range and assortment of compliance issues for any compliance field: anticorruption compliance; trade compliance; AML compliance or any other type of compliance. Today in Part 2, we discuss capture. (The Verint process is so innovative, I have cross-posted the entire series on Innovation in Compliance this week as well.) Verint, a provider of reactive, active and proactive compliance solutions for the new regulatory environment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2019 • 11 minutes, 11 seconds
Episode 446-Matthew Jacobs on the Juniper Networks FCPA Resolution
In this episode I visit with Matthew Jacobs, a partner at Vinson & Elkins in San Francisco who represented the Audit Committee of the Board of Directors of Juniper Networks in the company’s recently concluded FCPA enforcement action. In addition to his discussion his work on the matter we discussed some interesting questions about representation during the pendency of a FCPA investigation. Some of the highlights include:
Initial retention by the Audit Committee and the scope of the assignment?Why the settlement was so favorable to the company?How the company is in a stronger position now to stay in compliance with the FCPA and other international anticorruption laws today.When should there be separate counsel for company and audit committee?Why do cases take so long and how does that help or hurt the company?What is the role of management changes in the resolution of a FCPA enforcement action?How has the interest of the government in compliance changed?Where does the disgorgement issue fit in settlement discussions?What is the effect of the government deferring to internal investigations?Resources Matthew Jacobs, V&E website.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/30/2019 • 25 minutes, 8 seconds
Episode 445- Shon Ramey on the Navex Global Acquisition of Lockpath
In this episode I visit with Shon Ramey, General Counsel at Navex Global. We discuss Navex’s recent acquisition of Lockpath. In addition to his discussion on how Lockpath fits into the strategic plan of Navex Global, Ramey discusses his approach to mergers and acquisitions. Highlights from the podcast include:Why did Navex Global see this acquisition of Lockpath as an opportunity?How does this acquisition provide Navex Global with a more holistic approach to GRC solutions?Cyber security and data breaches have become an important part of M&A pre-acquisition Due Diligence. Can you outline your approach to these issues?Why is it important to have a defined acquisition procedure, which details an acquisition from pre-contact of a target through full integration in place?As the top lawyer for an ethics and compliance software and risk management, you must be hyper-aware of the myriad threats facing companies these days. What, in your experience, are some of the threats most overlooked by businesses?For additional information, see Navex Global Press Release announcing the sale.
See article by Phillip Bantz in Corporate Counsel entitled “NAVEX Global General Counsel Discusses M&A Due Diligence”.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/23/2019 • 16 minutes, 12 seconds
Jim Murphy on the Dangers in Using Slack
In this episode I visit with podcast favorite Jim Murphy, who is the VP of Products at Hanzo. We discuss a recent article by Murphy which appeared on Corporate Compliance Insights and was entitled, The Shark in the Wave: Revealing the Lurking Danger of Slack Data.It detailed the dangers from Slack from a compliance and investigative perspective. Highlights from the podcast include: 1. Murphy’s role at as VP of Products at Hanzo2. Why did you write, The Shark in the Wave: Revealing the Lurking Danger of Slack Data?3. A discussion of rise of Slack as a common business tool.4. What are the dangers in using Slack from the compliance and investigative perspectives?5. How can a company think though managing these risks? For additional reading, see Murphy’s article, The Shark in the Wave: Revealing the Lurking Danger of Slack Data, on Corporate Compliance Insights by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/16/2019 • 23 minutes, 59 seconds
James Koukios on the Morrison and Foerster Top 10 International Anti-Corruption Developments for April 2019
In this episode I visit with podcast favorite Morrison and Foerster partner James Koukios on the firm’s Top 10 International Anti-Corruption Developments for April 2019. We look at some of the key international developments. Highlights from the podcast include:The debate Over Meaning of “Agent” Under FCPA Intensifies Ahead of Hoskins Trial.Federal Court Finds FCPA Investigation Documents Protected by Attorney-Client Privilege.International Maritime Organization (IMO) Sets Anti-Corruption Agenda.We take a deep dive into the new Evaluation of Corporate Compliance Programs, 2019 Guidance. What is new (if anything)? How does this assist the corporate compliance professional? Should it be read in conjunction with the Benczkowski Memo?To see a copy of the Morrison and Foerster Top 10 International Anti-Corruption Developments for April 2019, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/9/2019 • 25 minutes, 4 seconds
Episode 442-Serco Geografix DPA
In this episode I visit with Sacha Harber-Kelly, a partner at Gibson Dunn in the UK and Steve Melrose, a senior Associate at the firm. They authored what I think is one of the best summaries of the recent Serco Graphic Deferred Prosecution Agreement and they came on the podcast to flesh out some of their thoughts on the matter. Highlights from the podcast include:
1. What is the significance of this Serco DPA?2. What was the court’s analysis?3. Why did the court deem the DPA in the interest of justice?4. What did the court say about the seriousness of the conduct?5. What was the company’s cooperation and how did that play into the court’s analysis?6. What would have been the collateral consequences to the company had it been convicted at trial?7. How did the court view the strength of the evidence brought forward by the SFO?8. What was the court’s discussion around whether or not the terms of the DPA fair reasonable and proportionate?9. What is the significance of postponement of the Statement of Facts?10. Does the Serco Geografix DPA provide any additional guidance beyond prior DPAs issued in the UK?
For more information on Sacha Harber-Kelly, check out his LinkedIn profile here. For more information on Steve Melrose, check out his LinkedIn profile here. To read the full client alert, The SFO’s Fifth DPA – High Five or Down Low? Too Slow ! click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/26/2019 • 35 minutes, 51 seconds
Episode 441- Compliance Training to Influence Behavior
In this episode I visit with Matt Galvin, Vice President, Ethics & Compliance at Anheuser-Busch InBev and Peter Grossman, Co-Founder, Chief Strategist at Labyrinth Training about their work on compliance training to influence behavior at Ab-InBev. Highlights from the podcast include: 1. How did they create some of the most innovative compliance training?2. How can innovative training be effective training?3. How can compliance training influence behavior?4. Why does Galvin (and Ab-InBev) emphasis compliance training so robustly?5. How can non-traditional approaches to compliance training be effective?6. Why compliance officers should always be curious?7. How did Matt and Peter come together to create this innovative training regime? For more information on Peter Grossman, check out his LinkedIn profile here. For more information on his company Labyrinth Training, click here. For more on Labyrinth’s work with Ab-InBev on training, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/19/2019 • 37 minutes, 8 seconds
Everything You Wanted to Know About Monitors But Were Afraid To Ask: Part V-Cost Issues When Hiring a Monitor
This week, over a five-part podcast series, we have considered some of the basic questions around monitors and monitorships. I have been joined in this exploration by Jay Rosen, the Vice President of Business Development and Monitoring Specialist at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduced the role of independent integrity monitors and corporate monitorships; discussed both pre-settlement and post-resolution monitorships and their different applications; and listed out some of the considerations a company should take in hiring a monitor. Today, in our concluding Part 5, we look at cost issues when hiring a monitor and how a company can work to ameliorate them.
Some of the highlights from this podcast include:
What will be the overall scope of the monitorship?What will be the frequency of engagement by the monitor?What will be the duration of the monitorship?What is the experience of the monitor and how does that play into overall costs?How you can work through cost control issues by using a robust monitor’s Workplan?How selective sampling is a powerful tool and why it can be a cost-saving measure.For additional reading see Jay Rosen’s article How Much Will a Corporate Monitorship Cost? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2019 • 14 minutes, 36 seconds
Everything You Wanted to Know About Monitors But Were Afraid To Ask: Part IV-Considerations When Hiring a Monitor
In this five-part podcast series, we consider some of the basic questions around monitors and monitorships. I am joined in this podcast series by Jay Rosen, the Vice President of Business Development and Monitoring Specialist at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of independent integrity monitors and corporate monitorships; discuss both pre-settlement and post-resolution monitorships and their different applications; considerations a company should take in hiring a monitor and cost reflections for monitorships. Today, in Part 4, we look at considerations when hiring a monitor.
Some of the highlights from this podcast include:Considering the type and style of the monitor in your selection process.What is the expertise of the monitor, not simply in the subject matter but concluding monitorships?Balancing the interests of the regulator, the company and other stakeholders.Making sure that the monitor is bringing value to the company.Why a Monitor must be independent and conflict-free.I hope you will join us tomorrow for Part 5, where we discuss the issue of costs when retaining a monitor.
For additional reading see Jay Rosen’s article What Issues Should a Company Consider When Hiring a Corporate Monitor? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2019 • 13 minutes, 55 seconds
Everything You Wanted to Know About Monitors But Were Afraid To Ask: Part III-the Power of a Pre-Settlement Monitorship
In this five-part podcast series, we consider some of the basic questions around monitors and monitorships. I am joined in this podcast series by Jay Rosen, the Vice President of Business Development and Monitoring Specialist at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of independent integrity monitors and corporate monitorships; discuss both pre-settlement and post-resolution monitorships and their different applications; considerations a company should take in hiring a monitor and cost reflections for monitorships. Today, in Part 3, we consider the power of a monitorship in the pre-settlement phase of any matter.
Some of the highlights from this podcast include:
1. What is an Internal Cultural Assessment?2. How can a pre-settlement monitorship be used as a (a) Pre-emptive Strike; or (b) to prevent a suspension or debarment action?3. What is the power of a pre-acquisition monitor in M&A Due Diligence?4. How is an independent integrity monitor can be a powerful prescriptive tool?
I hope you will join us tomorrow for Part 4, where we discuss considerations when hiring a monitor.
For additional reading see Jay Rosen’s article What is the Power of a Pre-Settlement Monitorship?on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2019 • 13 minutes, 57 seconds
Everything You Wanted to Know About Monitors But Were Afraid To Ask: Part II-Post-Resolution Monitorships
In this five-part podcast series, we consider some of the basic questions around monitors and monitorships. I am joined in this podcast series by Jay Rosen, the Vice President of Business Development and Monitoring Specialist at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of independent integrity monitors and corporate monitorships; discuss both pre-settlement and post-resolution monitorships and their different applications; considerations a company should take in hiring a monitor and cost reflections for monitorships. Today, in Part 2, we consider the use of monitors in the post-resolution phase.
Some of the highlights from this podcast include:
What is a monitorship in the FCPA Context?Complying with Consent DecreesWhen does post-resolution monitorship have the impact of a pre-settlement monitorship?There are myriad of other ways a post-resolution monitorship can help a company navigate post-resolution issues with regulators.I hope you will join us tomorrow for Part 3, where we discuss the power of a pre-settlement monitorship.
For additional reading see Jay Rosen’s article What is a Post-Resolution Monitorship? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2019 • 13 minutes, 57 seconds
Everything You Wanted to Know About Monitors But Were Afraid To Ask: Part I-Introduction
In this five-part podcast series, we consider some of the basic questions around monitors and monitorships. I am joined in this podcast series by Jay Rosen, the Vice President of Business Development and Monitoring Specialist at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of independent integrity monitors and corporate monitorships; discuss both pre-settlement and post- resolution monitorships and their different applications; considerations a company should take in hiring a monitor and cost reflections for monitorships. Today, in Part 1, introduce the role of independent integrity monitors and corporate monitorships.
Some of the highlights from this podcast include:
1. What is a corporate monitor?2. What agency has oversight?3. Who foots the bill?4. What about subject matter expertise?
I hope you will join us tomorrow for Part 2, where we discuss post-settlement monitorships.
For additional reading see Jay Rosen’s article Corporate Monitorship 101: Who Are They, and What Can You Expect? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/12/2019 • 13 minutes, 57 seconds
Jesse Caplan on the DOJ Evaluation of Corporate Compliance Programs for Antitrust
In this episode I visit with Affiliated Monitor’s Managing Director Jesse Caplan on the recently released DOJ Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations. Highlights from the podcast include:
How does this change the Antitrust Division Leniency Program?Does your compliance program have an antitrust focus?How should compliance professionals consider using this Evaluation?How does this Evaluation fit in with Evaluation of FCPA Compliance Programs?For a copy of the DOJ Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/5/2019 • 19 minutes, 21 seconds
FCPA Compliance Report-Episode 439, James Koukios on the Morrison and Foerster Top 10 International Anti-Corruption Developments for March 2019
In this episode I visit with podcast favorite Morrison and Foerster partner James Koukios on the firm’s Top 10 International Anti-Corruption Developments for March 2019. We look at some of the key international developments. Highlights from the podcast include:
The MTS FCPA Settlement.Changes in FCPA Corporate Enforcement Policy-what is ‘De-Confliction’ and ephemeral messaging.OECD Working Group on Bribery Reports on the UK’s Foreign Bribery Enforcement Record.CFTC announces entry into FCPA enforcement.India appoints first anticorruption ombudsman.To see a copy of the Morrison and Foerster Top 10 International Anti-Corruption Developments for March 2019, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/29/2019 • 27 minutes, 8 seconds
Bonus Episode-Mike Volkov's Interviews the Compliance Evangelist for 100th Episode of Corruption Crime and Compliance
This special bonus episode is a cross-post of Mike Volkov's 100th episode podcast, where he interviewed me. It was a ton of fun and Mike was gracious enough to allow me to post on the FCPA Compliance Report. Click here for the post on Corruption Crime and Compliance.
Some of the highlights include:
Where is the vast Compliance Podcast Network, and what is coming in the future?
The genesis of for Trekking through Compliance and how were you able to pull together and synthesize all of the Star Trek episodes?
My perspective on this recent DOJ and OFAC Guidance and how should compliance professionals use this guidance?
Given all of this recent government guidance, where does the FCPA Guidance from 2012 fit into the picture? Does it still have value to the compliance professional?
What do you see, over the next five years, and how should compliance professionals prioritize compliance?
We always hear about automation, blockchain, artificial intelligence, data analytics and machine learning – how do we sift through these, find valuable compliance applications and then prioritize the use of these technologies?
When Trump first assumed the presidency there was concern about his commitment to FCPA enforcement. What is my view of how this has turned out?
Where DOJ will be over the next few years on enforcement and compliance?
As compliance continues to evolve and increase its influence, where is the compliance profession growing?
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/27/2019 • 51 minutes
Bonus Episode-Sean Freidlin Interviews Elizabeth O'Keefe
In this special bonus episode, In the newest episode of Hanzo's Profiles in Excellence series, Sean Freidlin interviews Elizabeth O'Keefe, Compliance Manager at KAYAK and OpenTable. Their conversation includes Elizabeth's career path from over a decade in the compliance space, what an average day as a compliance manager looks like, building a culture where compliance is seen as a collaborator within the organization, major trends impacting the compliance profession, and more. Tune in to listen to the full conversation, or head over to https://corporatecomplianceinsights.com to read the transcribed, edited version.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/26/2019 • 35 minutes, 30 seconds
The Use of Monitors by State Attorneys General: Part V-The Road Ahead
In this five-part podcast series, I consider the use of monitors by state Attorneys General. I am joined in this podcast series by Jerry Coyne, the Managing Director of State Monitoring Services at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of state Attorneys Generals as enforcers of state law and bringers of civil litigation; the reaction to the big-tobacco settlement and the criticism of state Attorney Generals over that process; multi-state settlements in the post-tobacco era; challenges in multi-state litigation and the road ahead. Today, in this concluding Part 5, we consider the road ahead and the use of monitors by state Attorney Generals. For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2019 • 14 minutes, 22 seconds
The Use of Monitors by State Attorneys General: Part IV-The Challenges of Multi-state in Today’s Litigation Environment
In this five-part podcast series, I consider the use of monitors by state Attorneys General. I am joined in this podcast series by Jerry Coyne, the Managing Director of State Monitoring Services at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of state Attorneys Generals as enforcers of state law and bringers of civil litigation; the reaction to the big-tobacco settlement and the criticism of state Attorney Generals over that process; multi-state settlements in the post-tobacco era; challenges in multi-state litigation and the road ahead. Today, in Part 4, we consider the challenges for state Attorney Generals in today’s litigation environment. I hope you will join us tomorrow for our concluding Part 5, where consider the road ahead for state AGs. For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2019 • 11 minutes, 51 seconds
The Use of Monitors by State Attorneys General: Part III-Multistate Litigation in the Post-Tobacco Era
In this five-part podcast series, I consider the use of monitors by state Attorneys General. I am joined in this podcast series by Jerry Coyne, the Managing Director of State Monitoring Services at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of state Attorneys Generals as enforcers of state law and bringers of civil litigation; the reaction to the big-tobacco settlement and the criticism of state Attorney Generals over that process; multi-state settlements in the post-tobacco era; challenges in multi-state litigation and the road ahead. Today, in Part 3, we consider the role of state Attorney Generals in multistate litigation in the post-tobacco era.
I hope you will join us tomorrow for Part 4, where we discuss the challenges of multistate into today’s litigation environment. For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2019 • 14 minutes, 30 seconds
The Use of Monitors by State Attorneys General: Part II-Reaction to the Big Tobacco Settlement and Criticisms of State Attorneys General
In this five-part podcast series, I consider the use of monitors by state Attorneys General. I am joined in this podcast series by Jerry Coyne, the Managing Director of State Monitoring Services at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of state Attorneys Generals as enforcers of state law and bringers of civil litigation; the reaction to the big-tobacco settlement and the criticism of state Attorney Generals over that process; multi-state settlements in the post-tobacco era; challenges in multi-state litigation and the road ahead. Today, in Part 2, we consider the reaction to the Big Tobacco settlement and criticisms directed at the state Attorney Generals.
I hope you will join us tomorrow for Part 3, where we discuss multi-state litigation by state Attorney Generals in the post-tobacco era. For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2019 • 14 minutes, 53 seconds
The Use of Monitors by State Attorneys General-Part I: The Role of State Attorneys General as Enforcers
In this five-part podcast series, I consider the use of monitors by state Attorneys General. I am joined in this podcast series by Jerry Coyne, the Managing Director of State Monitoring Services at Affiliated Monitors, Inc. who is the sponsor of this podcast series. In this series we introduce the role of state Attorneys Generals as enforcers of state law and bringers of civil litigation; the reaction to the big-tobacco settlement and the criticism of state Attorney Generals over that process; multistate settlements in the post-tobacco era; challenges in multistate litigation and the road ahead. Today, in Part 1, we consider the role of state AGs as enforcers of civil law and in bringing litigation to enforce consumer protect and related statutes.
I hope you will join us tomorrow for Part 2, where we discuss the reaction to the Big Tobacco settlement and the criticisms of state Attorney Generals for the process used. For more information on Affiliated Monitors, Inc. visit their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2019 • 14 minutes, 45 seconds
FCPA Compliance Report-Episode 438, Michael DeBernardis on The China Initiative and FCPA Enforcement
In this episode of the FCPA Compliance Report, I visit Michael DeBernardis, Counsel at Hughes Hubbard. We discuss the Trump Administration’s China Initiative and how it may impact FCPA enforcement efforts and spark a potential backlash against US companies. Some of the highlights include:
1. What is the China Initiative?
2. Why is it significant?
3. What developments have you seen over the past 6 months since its announcement?
4. Does the China Initiative tie into the effort for greater transparency of Chinese owned companies in America per the Senate bill on auditing?
5. Does the China Initiative mean the FCPA is being weaponized? If so, what are the implications?
6. What about China push back? FedEx or even GSK? You can find more information on see DeBernardis and Zygielbaum’s article Revisiting the China Initiative: Will the Focus on FCPA Prosecutions of Chinese Companies Produce Results?
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/22/2019 • 26 minutes, 50 seconds
FCPA Compliance Report-Episode 437, Kelly Leonard on The Second City Works and Compliance
In this episode of the FCPA Compliance Report, I visit Kelly Leonard, Executive Director, Insights and Applied Improvisation at The Second City Works. We discuss the compliance training which The Second City Works has developed and how they have incorporated storytelling into compliance training and communications.
Some of the highlights include:Most folks are familiar with Second City but what is Second City Works?What are the service offerings of Second City Works?What is the Second Science Project and how does it inform your service offerings?Why is storytelling so important in training and ongoing communications?The book “Yes, And: How Improvisation Reverses "No, But" Thinking and Improves Creativity and Collaboration--Lessons from The Second City”.How do you mentor Millennials but sidestep the drama?As a company scales up or grows how can it keep its lines of communications open?Where can listeners go for more information?You can find more information on The Second City Works by checking out their website, here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/15/2019 • 18 minutes, 51 seconds
FCPA Compliance Report-Episode 436, Justin Muscolino on Creating eLearning Training
In this episode of the FCPA Compliance Report, I visit Justin Muscolino, Head of North American Compliance Training Operations for GRC Solution.
Some of the highlights include:
Why do organizations struggle so much with culture and what impact can compliance training have to improve this?What do organizations often get wrong when it comes to training?What happens when organizations do not target their training?One of the issues that organizations face is measuring the effectiveness of their training benchmarking that their compliance is working. How can a compliance professional consider benchmarking?In a blog post on the GRC Solutions website you also look at the training compliance professionals to improve their culture? How can you train compliance officers around this issue?Any advice for companies trying to get the right culture in their organizations?You can find more information on GRC Solutions by checking out their website, here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/8/2019 • 18 minutes, 51 seconds
FCPA Compliance Report-Episode 435, Dave Lefort on Compliance Week’s Re-platforming
In this episode of the FCPA Compliance Report, I visit Dave Lefort, Editor of Compliance Week. We discuss the re-platforming of the Compliance Week website. Some of the highlights include:
The nearly one-year journey to the re-platformed Compliance Week siteWhat the user experience will be going forward.How did the re-platforming multiple the Compliance Week user experience?How and why podcasts and videos on the site will be more scannable and readable.What are the new tools available for the user on the Compliance Week site?Check out Compliance Week’s re-platformed website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/2/2019 • 16 minutes, 32 seconds
FCPA Compliance Report-Episode 434, Brandon Daniels on Using Investigations to Drive Continuous Improvement
In this episode of the FCPA Compliance Report, I visit with Brandon Daniels, who is the President of Global Technology Markets for Exiger. Daniels is regulatory expert and technology practitioner, bringing more than 15 years in senior management across the financial services, life sciences and energy sectors. He has a reputation for technological innovation in regulatory investigations and compliance management. Some of the highlights include:
Daniels’ professional background, how he got to Exiger and his current role at the company.Some of the key technological innovations Daniels has recently seen in the way in which investigations are being handled?We discuss how can Exiger’s technological solutions help a CCO get their arms around the unstructured data which is available to them inside their organization?How can technology be used to create predictive models to rank offshore companies for potential tax and corruption risk?How can a technological solution can be used to help perform a compliance risk assessment?How do Exiger technological solutions assist compliance professionals to improve their corporate culture? For more information on Exiger, check out the firm’s website here. For more information on Brandon Daniels, check out his firm profile here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/1/2019 • 24 minutes, 5 seconds
FCPA Compliance Report-Episode 433, Sean Freidlin on the Current State of Internal Investigations
In this episode I visit with Sean Freidlin, the Senior Product Marketing Manager, Compliance at Hanzo. We take a deep dive into the state of compliance investigation in 2019, focusing on the impact of the Evaluation of Corporate Compliance Programs on investigations. For more information, Hanzo has published the following work, “THE 2019 GUIDE TO INTERNAL INVESTIGATIONS FOR COMPLIANCE-An eBook on Planning, Protocols, Data Collection, Triage, and Remediation” on which I collaborated. (The eBook was sponsored by Hanzo.) The eBook provides the compliance professional with multiple tools, strategies and tactics for the entire lifecycle of investigations; from initial intake through remediation. I know that you will find it incredibly useful. You can download it here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/27/2019 • 19 minutes, 19 seconds
The Current State of Compliance - Issues and Challenges: Part 5 - New Compliance Concerns in Healthcare
Over this five-part podcast series, I have visited with Terry L Orr, a Managing Director at Kroll, a division of Duff & Phelps, and the sponsor of this podcast series. We have taken a comprehensive look at state of compliance at the half-year mark of 2019. In the concluding episode, Part V, we consider some of the latest challenges for healthcare compliance, including legislative changes and a recent corruption trial which Orr believes will be seen as a landmark event. There are some safe harbor exceptions but outside of those exceptions a broad interpretation of value is used. For more information on Kroll, a division of Duff & Phelps, click here. For more information on Terry Orr, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2019 • 15 minutes, 1 second
The Current State of Compliance - Issues and Challenges: Part 4 - Private Equity and Compliance
In this five-part podcast series, I visit with Terry L Orr, a Managing Director at Kroll, a division of Duff & Phelps, the sponsor of this podcast series. We visit on the current state of compliance through the lens of recent Foreign Corrupt Practices Act (FCPA) enforcement actions and the Evaluation of Corporate Compliance Programs, 2019 Guidance, consider some of the specific issues in compliance for private equity and the increased importance of compliance in the healthcare industry. It is a comprehensive look at state of compliance at the half-year mark of 2019. We have previously considered how compliance programs might be updated based upon lessons learned in recent FCPA enforcement actions, then we considered the Department of Justice’s (DOJ’s) recent guidance on corporate compliance. In Part IV, we consider unique challenges for private equity companies in compliance; both in their organizations and for their portfolio companies.
For more information on Kroll, a division of Duff & Phelps, click here. For more information on Terry Orr, click here. Join us for our final episode where take a deep dive into the burgeoning issues of healthcare and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2019 • 16 minutes, 29 seconds
The Current State of Compliance - Issues and Challenges: Part 3 - Evaluation of Corporate Compliance Programs
During this five-part podcast series, I visit with Terry L Orr, a Managing Director at Kroll, a division of Duff & Phelps, the sponsor of this podcast series. We visit on the current state of compliance through the lens of recent Foreign Corrupt Practices Act (FCPA) enforcement actions and the Evaluation of Corporate Compliance Programs, 2019 Guidance, consider some of the specific issues in compliance for private equity and the increased importance of compliance in the healthcare industry. It is a comprehensive look at state of compliance at the half-year mark of 2019. In Part III, we consider the recently released Department of Justice (DOJ) 2019 Guidance and what it means for compliance professionals.
Which will be the topic of our next Podcast. For more information on Kroll, a division of Duff & Phelps, click here. For more information on Terry Orr, click here. Join us for our next episode where take a deep dive into the unique issues of Private Equity and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2019 • 15 minutes, 41 seconds
Walmart FCPA Settlement
In this special bonus podcast, I am joined by Jay Rosen to discuss the stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the FCPA enforcement action against the world’s largest retailer--Walmart. Some of the highlights include: · The background facts;· How significant is the case;· Is the penalty too low (or too high)?· Response of Walmart;· Lessons learned for the compliance professional;· Was there self-disclosure and full cooperation?· How should we analyze the monitor requirement under the Benczkowski Memo? Resources: The documents for this matter include:From the Department Of Justice1. Criminal Information2. Non-Prosecution Agreement3. Plea Agreement and Statement of Facts4. Press Release From the SEC, Cease and Desist Order and Press Release. See also Tom’s Blog Post Walmart Enforcement Action-Part 1: Introduction. Tom will have multiple blog posts on the Walmart enforcement action so keep abreast on the FCPA Compliance Report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2019 • 31 minutes, 8 seconds
The Current State of Compliance - Issues and Challenges: Part 2 - Lessons Learned from Recent Enforcement Actions
In this five-part podcast series, I visit with Terry L Orr, a Managing Director at Kroll, a division of Duff & Phelps, the sponsor of this podcast series. We visit on the current state of compliance through the lens of recent Foreign Corrupt Practices Act (FCPA) enforcement actions and the Evaluation of Corporate Compliance Programs, 2019 Guidance, consider some of the specific issues in compliance for private equity and the increased importance of compliance in the healthcare industry. It is a comprehensive look at state of compliance at the half-year mark of 2019. In Part II, we consider what can be learned from recent FCPA investigations and settlements.
Which will be the topic of our next Podcast. For more information on Kroll, a division of Duff & Phelps, click here. For more information on Terry Orr, click here. Join us for our next episode where take a deep dive into DOJ’s recent Evaluation of Corporate Compliance Programs, 2019 Guidance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2019 • 14 minutes, 9 seconds
The Current State of Compliance - Issues and Challenges: Part 1 - Orr and his Journey to Compliance
In this five-part podcast series, I visit with Terry L Orr, a Managing Director at Kroll, a division of Duff & Phelps, the sponsor of this series. We visit on the current state of compliance through the lens of recent Foreign Corrupt Practices Act (FCPA) enforcement actions and the Evaluation of Corporate Compliance Programs, 2019 Guidance, consider some of the specific issues in compliance for private equity and the increased importance of compliance in the healthcare industry. It is a comprehensive look at state of compliance at the half-year mark of 2019. We begin this series by introducing Orr, how he came into focus in the compliance space and where he sees compliance headed down the road.
For more information on Kroll, a division of Duff & Phelps, click here. For more information on Terry Orr, click here. Join us for our next episode where take a deep dive into lessons learned for the compliance practitioner from recent key FCPA enforcement actions.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/24/2019 • 14 minutes, 49 seconds
Impacts of Emerging Regulations: Part 5- Scaling to Meet Change
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I have explored the market impacts of emerging regulations on supply chain compliance and the supply chain professional. During the course of this series, I visit with several members of the Assent team to introduce the topic, look at Human Trafficking and Slavery (HTS), supply chain risk management programs, CSR value propositions, the current state of responsible mineral sourcing and where all of this is headed. In this fifth and concluding episode, I visit with Jonathan Hughes, Director, Strategic Relationships at Assent Compliance. We considered how the market impacts are driving the need for more technology-based solutions for supply chain management. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/17/2019 • 19 minutes, 46 seconds
Impacts of Emerging Regulations: Part 4- the Current State of Responsible Minerals
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market impacts of emerging regulations on supply chain compliance and the supply chain professional. During the course of this series, I visit with several members of the Assent team to introduce the topic, look at Human Trafficking and Slavery supply chain risk management programs, Corporate Social Responsibility (CSR) value propositions, the current state of responsible mineral sourcing and where all of this is headed. In this fourth episode, I visit with Jared Connors, subject matter expert for Assent Compliance on CSR on the current state of conflict minerals/responsible minerals. Join us tomorrow where we wrap us this series on emerging regulatory areas in a conversation with Jonathan Hughes. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/17/2019 • 16 minutes, 21 seconds
Impacts of Emerging Regulations: Part 3- What is Your CSR Value Proposition?
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market impacts of emerging regulations on supply chain compliance and the supply chain professional. During the course of this series, I visit with several members of the Assent team to introduce the topic, look at Human Trafficking and Slavery (HTS), supply chain risk management programs, Corporate Social Responsibility (CSR) value propositions, the current state of responsible mineral sourcing and where all of this is headed. In this second episode, I visit with Sarah Carpenter, Manager, Business and Human Rights for Assent Compliance on the value proposition of CSR for corporations. Join us tomorrow where we consider the current state of conflict minerals/responsible minerals with Jared Connors? You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/17/2019 • 14 minutes, 27 seconds
Impacts of Emerging Regulations: Part 2- Instituting a Broader Risk Management Program
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market impacts of emerging regulations on supply chain compliance and the supply chain professional. During the course of this series, I visit with several members of the Assent team to introduce the topic, look at Human Trafficking and Slavery (HTS), supply chain risk management programs, CSR value propositions, the current state of responsible mineral sourcing and where all of this is headed. In this second episode, I visit with Jared Connors, subject matter expert for Assent Compliance on Corporate Social Responsibility (CSR) on how to institute a broader supply chain risk management program. Join us tomorrow where we ask, ‘what’s your CSR value proposition’? You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/17/2019 • 19 minutes, 33 seconds
Impacts of Emerging Regulations: Part 1 – The HTS Landscape
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market impacts of emerging regulations on supply chain compliance and the supply chain professional. During the course of this series, I visit with several members of the Assent team to introduce the topic, look at Human Trafficking and Slavery (HTS), supply chain risk management programs, CSR value propositions, the current state of responsible mineral sourcing and scaling up to meet future challenges. In episode one, I visit with Kate Dunbar, subject matter expert for Assent Compliance in HTS on the current and evolving HTS landscape. Join us tomorrow where provide an overview of instituting a broader supplier risk management program. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/17/2019 • 18 minutes, 20 seconds
FCPA Compliance Report-Episode 432, Mark Lanpher on DOJ Change in M&A Enforcement under the FCPA
In this episode I visit with Mark Lanpher, a partner at Shearman & Sterling LLP, practicing in the firm’s White Collar and Regulatory Enforcement group. Lanpher is a former Assistant Chief Litigation Counsel at the SEC. We take a deep dive into the July 2018 change in FCPA Enforcement Policy, announced by the Justice Department creating a safe harbor in mergers and acquisition enforcement actions brought under the FCPA. Some of the highlights from the podcast include: 1. How did Matthew Miner’s announcement impact the FCPA Corporate Enforcement Policy re: M&A?2. What were the policy reasons behind the announcement? 3. Was Miner’s announcement a codification of DOJ/SEC safe harbor policy first articulated in the 2012 FCPA Guidance?4. How did (or not) Miner’s announcement bring certainty to this area?5. What does it mean going forward?
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/10/2019 • 18 minutes, 36 seconds
Life With GDPR: Episode 29- GDPR Year 1 Review-Part II, the Issues
In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I we considered some of the enforcement numbers. In this Part II, we discuss some of the substantive issues. Some of the highlights in this episode include: Security issues-multiple regulators for large breaches and questions of whether TOMs are adequate. 6 Principles of GDPR-highest is around transparency.Data Subject Rights are seen as the biggest corporate pain points.DPIAs have been embraced by many companies and are seen by regulators as the backbone of a corporate compliance program around data security/data privacy. Industry sweeps are beginning to occur. Mixed quality of legal advice is hurting many companies in their compliance efforts. Some significant cases are headed to trial and then appeal. GDPR is here to stay. For more information on Cordery Compliance, go their website here.For additional reading see the Cordery Compliance article, “GDPR One Year On”.Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/6/2019 • 32 minutes, 53 seconds
Daily Compliance News: June 4, 2019, the leadership edition
In today’s edition of Daily Compliance News:Why are bashful bosses better leaders? (FT)Leaders must know their weaknesses better than their strengths? (FT)A key leadership problem-setting boundaries. (Washington Post)A younger generation of leadership for Glencore is coming. (Bloomberg)
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2019 • 6 minutes, 27 seconds
FCPA Compliance Report-Episode 431, Pat Harned On ECI's Impact 2019 Wrap Up
In this episode I visit with Pat Harned, CEO at the Ethics and Compliance Initiative. We discuss the ECI’s recently concluded annual conference, Impact and some of the highlights for both Pat and myself. The theme of the event was ECI’s High Quality Program (HQP) Framework Assessment. Some of the highlights from the podcast include: 1. The key theme was the HQP Framework Assessment tool. How did the genius bar facilitate discussions around the tool?2. How the physical layout of the event facilitated the thorough discussions at Impact 2019.3. How ECI will use the momentum from this event going forward. 4. Some of the working groups which have come out of this event and will working to enhance the HQP.5. What is next for the High-Quality Program and Framework Assessment?6. A preview of some of the upcoming ECI events people can look forward to in the summer and fall, 2019. ResourcesFor more information on ECI, click here. For information on the High-Quality Program, click here. For information on the HQP Framework Assessment, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2019 • 26 minutes, 16 seconds
DOJ 2019 Guidance: Part V – Final Thoughts
Over the course of this podcast series, sponsored by Affiliated Monitors, Inc. (AMI), I have visited with Eric Feldman, Senior Vice President of AMI. We have considered the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. We are exploring what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program (2017 Guidance), released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In this concluding Episode, we bring together our final thoughts through a consider of the question “What does it all mean for your compliance practice?” For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2019 • 15 minutes, 26 seconds
DOJ 2019 Guidance: Part IV – Does your compliance program work in practice?
Over the course of this podcast series, sponsored by Affiliated Monitors, Inc. (AMI), I am visiting with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. We are exploring what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program (2017 Guidance), released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 4, we consider the question “Does your compliance program work in practice?” Join us tomorrow when we conclude our deep dive into the 2019 Guidance by putting it all together with final thoughts and observations. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2019 • 14 minutes, 13 seconds
DOJ 2019 Guidance: Part III – Is It Being Effectively Implemented?
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I am visiting with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over this series we are exploring the 2019 Guidance changes from the Evaluation of Corporate Compliance Program (2017 Guidance), released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 3, we consider the question “Is it being effectively implemented?” Join us tomorrow when begin a deep dive into the 2019 Guidance in considering the third question, “Does your compliance program work in practice?” For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2019 • 16 minutes, 54 seconds
DOJ 2019 Guidance: Part II – Is Your Program Well Designed?
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I am visiting with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program (2017 Guidance), released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 2, we consider the question “Is your program well designed?” Join us tomorrow when begin a deep dive into the 2019 Guidance in considering the second question, “Is your program being implemented effectively?” For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2019 • 19 minutes, 15 seconds
DOJ 2019 Guidance: Part I - Introduction
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I visit with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program (2017 Guidance), released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 1, we begin with some of Feldman’s observations on the 2019 Guidance. Join us tomorrow when begin a deep dive into the 2019 Guidance in considering the first question, “Is the program well designed?” For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/3/2019 • 17 minutes, 47 seconds
Daily Compliance News: June 1, 2019-the Management Incentives edition
In today’s edition of Daily Compliance News:What are management incentives?(Huffington Post)Vale employees warned of dam collapse and were ignored. (WSJ)Think meetings are bad? Just wait until you can’t have any.(FT)Claus von Bülow dies. (NYT)
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/1/2019 • 6 minutes, 36 seconds
Daily Compliance News: May 31, 2019-the May is done edition
In today’s edition of Daily Compliance News:CITGO now part of PdVSA/Venezuelan corruption scandal. (Houston Chronicle)Who else did Chuck Blazer bribe? (NYT)Who is in your supply chain? (FT)Former head of Pemex charged with bribery and tax fraud? (NYT)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/31/2019 • 6 minutes, 36 seconds
Life With GDPR: Episode 28- GDPR Year 1 Review-Part I, the Numbers
In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I of this two-part series we consider some of the enforcement numbers. In Part II, we will consider some of the substantive issues. Some of the highlights in this episode include: EDPB says just over 150,000 complaints files EU under GDPR. Robust enforcement by both regulators and private bodies/citizens.UK leads with the largest number of complaints filed, followed by Germany then France.Around 950 complaints have reach courts. Italy is the country which has seen the largest number of court cases. Several countries are increasing inspections which could lead to enforcement actions. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/30/2019 • 11 minutes, 26 seconds
Daily Compliance News: May 30, 2019-is a spanking is coming edition
In today’s edition of Daily Compliance News:
Is the SEC useless? Mark Cuban thinks so. (Yahoo Finance)Monitor orderd for Wynn Casinos in Massachusettes. (WSJ)Frederick Pierucci continues his crusade against the DOJ and FCPA enforcement.(Shine)What will happen to Carnival Cruise Lines? (Miami Herald)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/30/2019 • 6 minutes, 31 seconds
Bonus Episode-Compliance Week 2019 Wrap Up
In this special bonus podcast, I am joined by the co-hosts of Great Women in Compliance, Lisa Fine and Mary Shirley as well as Amii Bernard-Bahn. We all participated in the recently concluded Compliance Week 2019 and we sat down to provide some of our reflections on the conference. This podcast cross-posts on Great Women in Compliance. The episode is sponsored by Corporate Compliance Insights. Some of the highlights include: Lisa Fine- the Key Note Presentation by Preet Bharara. Some of the highlights for Lisa were:· Doing the right thing can often be the most expedient thing as well.· The problems when you go right up to the ethical line.· His career advice regarding learning the business side of things. Mary Shirley- the presentation by Lisa Beth Lentini, Subhashis Nath and Robert Appleton on the behavioral science behind corporate compliance. Some of the highlights for Mary were: · The benefits of metrics in a best practices compliance program.· Her surprise when the audience was polled that fewer than one-half in attendance are currently using data analytics in their corporate compliance programs.· Data science will be a key component of compliance officers in a very short time. Amii Bernard-Bahn-the reaction to and participation of the audience in two sessions Amii led on careers in corporate compliance. Some of the highlights for Amii included: · Compliance professionals are now thinking of their careers 3-5 years down the road. · CCOs are actively considering Board roles as a part of their compliance careers. · What are some of the business leadership skills a compliance professional needs to move to non-compliance roles in the C-Suite. Tom Fox-the Key Note address by Hui Chen on where compliance has been, where it is now and where it is going in the 2020’s and beyond. Some of the highlights for myself were: · A review of the five decades of compliance.· The current challenges for the compliance professional.· Where is compliance and ethics headed into next decade. For additional reading on Compliance Week 2019 see the following blog posts:On the Importance of Compliance ProgramsThree Compliance Lessons from Preet BhararaLooking Forward in Compliance With Hui Chen Subscribe to the Great Women in Compliance podcast, co-hosted by Mary Shirley and Lisa Fine. For more information on this episode’s sponsor—Corporate Compliance Insights, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2019 • 40 minutes, 37 seconds
Daily Compliance News: May 29, 2019-the Workers Unite edition
In today’s edition of Daily Compliance News:Braskem Board OK’s $101MM for corruption settlement. (Reuters)Mexican steel company shut down by Mexican government for AML violations. (FT)Workers of America unite? (Washington Post)The long road ahead for Fiat-Chrysler/Renault. (NYT)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 29, 2019-the Workers Unite edition
In today’s edition of Daily Compliance News:Braskem Board OK’s $101MM for corruption settlement. (Reuters)Mexican steel company shut down by Mexican government for AML violations. (FT)Workers of America unite? (Washington Post)The long road ahead for Fiat-Chrysler/Renault. (NYT)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 27, 2019-the Memorial Day edition
In today’s edition of Daily Compliance News:
· Is corruption across the EU ‘stunning’? (BBC)· What is management duty to set right tone at the top? (Harvard Law School Forum on Corporate Governance and Financial Regulation)· What is leadership in action? (Washington Post)· Why did it take you so long? Nike ends financial penalties for pregnant athletes. (NYT)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/27/2019 • 6 minutes, 31 seconds
Leveraging AI in Compliance Investigation: Part 5 – Where are investigations headed?
Today we conclude a five-part podcast series sponsored by Hanzo, where we have considered how to leverage Artificial Intelligence (AI) in compliance investigations. I have been joined by several members of the Hanzo team as we explored the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency. Our explorations include considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. In Part 5, I am once again joined by Keith Laska to consider how the company’s specific approach to finding and managing data across the entire lifecycle of an investigation improves the efficiency of a compliance investigation in a cost-effective manner. For more information check out Hanzo.co.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/27/2019 • 16 minutes, 12 seconds
Leveraging AI in Compliance Investigation: Part 4-Improving Investigative Efficiencies
I am on a five-part podcast series sponsored by Hanzo. In this series we consider how to leverage artificial intelligence (AI) in compliance investigations. In this series I am joined by several members of the Hanzo team as we explore the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency. Our explorations includes considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. In this Part 4 I am joined by Keith Laska, Chief Commercial Officer at Hanzo to consider how the use of AI in investigations improves the workflow and processes around solving complex problems that compliance professionals experience when work around data. For more information, check out the Hanzo Dynamic Investigator in more detail and how it will assist you moving forward. For more information visit Hanzo.co.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/27/2019 • 14 minutes, 41 seconds
Leveraging AI in Compliance Investigation: Part 3-Overcoming Investigative Challenges
This week I embark on a five-part podcast series sponsored by Hanzo. In this series we consider how to leverage artificial intelligence (AI) in compliance investigations. In this series I am joined by several members of the Hanzo team as we explore the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency. Our explorations includes considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. In this Part 3, I am joined by again Jim Murphy, VP for Products at Hanzo to consider more specifically how this technology has been used by legal professionals in the past and why this matters for compliance professionals going forward. For more information, check out the Hanzo Dynamic Investigator in more detail and how it will assist you moving forward. For more information visit Hanzo.co.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/27/2019 • 13 minutes, 59 seconds
Leveraging AI in Compliance Investigation: Part 2-Using AI and Web-Based Evidence
This week I embark on a five-part podcast series sponsored by Hanzo. In this series we consider how to leverage artificial intelligence (AI) in compliance investigations. In this series I am joined by several members of the Hanzo team as we explore the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency. Our explorations includes considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. We begin today with Part 2 where I am joined by Jim Murphy, VP for Products at Hanzo to consider how to conduct more conclusive compliance investigations with AI and web-based evidence. For more information, check out the Hanzo Dynamic Investigator in more detail and how it will assist you moving forward. For more information visit Hanzo.co.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/27/2019 • 13 minutes, 33 seconds
Leveraging AI in Compliance Investigation: Part 1-Current State of Investigations
This week I embark on a five-part podcast series sponsored by Hanzo. In this series we consider how to leverage artificial intelligence (AI) in compliance investigations. In this series I am joined by several members of the Hanzo team as we explore the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency. Our explorations includes considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. We begin today with Part 1 where I am joined by Sean Freidlin, Hanzo’s Senior Product Marketing Manager, Compliance, to consider the current state of investigations. Join us in our next episode where we consider the Hanzo Dynamic Investigator in more detail and how it will assist you moving forward. For more information visit Hanzo.co.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/27/2019 • 18 minutes, 28 seconds
Daily Compliance News: May 26, 2019-the Sunday Book Review edition
n today’s edition of Daily Compliance News:Oliver Wendall Holmes by Stephen BudianskyBrothers Down by Walter BornemanSacred Duty by Tom CottonRise and Fall: The Story of 9/11 by Mitchell Zuckoff
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/26/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 25, 2019-the execs behaving badly edition
In today’s edition of Daily Compliance News:Chief Executives behaving badly. (Financial Times)Deloitte offices raided in connection with 1MDB scandal. (Channel News Asia)What is leadership? (WSJ)What is a conflict of interest? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/25/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 24, 2019-the Memorial Day Weekend edition
In today’s edition of Daily Compliance News:BeIN Media Group CEO charged in corruption scandal. (FoxNews)Deutche Bank finds flaw in reporting system. (Wall Street Journal)Whose in your supply chain? (NYT)Compliance staff for banks tough to find? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/24/2019 • 6 minutes, 30 seconds
Daily Compliance News: May 23, 2019-the life or death
In today’s edition of Daily Compliance News:
Guyana Investigating Leases Controlled by Exxon & Tullow (Bloomberg)In EU 75% of those who observe illegal corp activity afraid to report it. (FT)KPMG to be hit by massive fine in UK. (Reuters)What is risk management (as in when its life or death)? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/23/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 22, 2019, the what is ethics edition
In today’s edition of Daily Compliance News:What is ethics? Pimco and Rick Singer (WSJ)Big changes coming to Corporate Leniency Program? (DOJ Press Release)France seeks trial of former IAAF head. (Financial Times)Former South Africa President wants corruption charges thrown out. (Bloomberg)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/22/2019 • 6 minutes, 27 seconds
Daily Compliance News: May 20, 2019, Compliance Week 2019 is here edition
In today’s edition of Daily Compliance News:
· So many myths, so little time. The FT lunches with Laura Codruta Kövesi. (FT)· Red flags on Trump and Kushner? I’m shocked. (New York Times)· Government official demands he stay at his company’s hotel to visit Irish government. Is it extortion? (Washington Post)· Compliance Week 2019 kicks off (it’s not too late to attend). (Compliance Week)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 6 minutes, 27 seconds
Maintaining Market Access: Part 5 – Chemical and Product Compliance
During this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I have explored market access for supply chain data. I have visited with several Assent team members to introduce the topic, consider what market access is, provide an overview of trade compliance, Federal Acquisition Register (FAR) flow downs, the value of continuous monitoring and the origins of laws impacting market access. In this fifth and final episode, James Calder, Vice-President of Compliance and Regulatory Programs, and I discuss how chemical and product compliance impacts access to markets and supply chain compliance. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 18 minutes, 19 seconds
Maintaining Market Access: Part 4 - FARs flow downs
Over this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I have been exploring market access for supply chain data. I have visited with several Assent team members to introduce the topic, consider what market access is, provide an overview of trade compliance, Federal Acquisition Register (FAR) flow downs, the value of continuous monitoring and the origins of laws impacting market access. In episode four, Travis Miller, General Counsel (GC), and I discuss how the regulatory requirements of the Federal Acquisitions Regulations (FARs) impact access to markets and supply chain compliance. Join us tomorrow for our final episode where I visit with James Calder on Chemical and Product Compliance. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 12 minutes, 52 seconds
Maintaining Market Access: Part 3 - Continuous Monitoring in Trade Compliance
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market access for supply chain data. Over this series, I have visited with several Assent team members to introduce the topic, consider what market access is, provide an overview of trade compliance, Federal Acquisition Regulations (FAR) flow downs, the value of continuous monitoring and the origins of laws impacting market access. In episode three, I discuss with Jared Connors, Subject Matter Expert in Corporate Social Responsibility (CSR), the value of continue monitoring in trade compliance. Join us tomorrow where we consider Federal Acquisition Register (FAR) flow downs. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 15 minutes, 37 seconds
Maintaining Market Access: Part 2 - Trade Compliance
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market access for supply chain data. In this series, I visit with several Assent team members to introduce the topic, consider what market access is, provide an overview of trade compliance, Federal Acquisition Register (FAR) flow downs, the value of continuous monitoring and the origins of laws impacting market access. In episode two, I continue the conversation with Travis Miller, General Counsel (GC). We introduce the topic of trade compliance and how this new era of trade wars has created such challenges. Join us tomorrow where consider the value of continuous monitoring in trade compliance and the Supply Chain. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 13 minutes, 50 seconds
FCPA Compliance Report-Episode 430, Scott Moritz on a Forensic Response to Varsity Blues
In this episode I visit with Scott Moritz, the Global Lead, Protiviti Forensics. We discuss the Varsity Blues scandal from the forensic perspective. Some of the highlights from the podcast include: Ø What would a root cause analysis show?Ø Every college and university need to do a full analysis of its admissions process. From soup to nuts, a complete review. Ø With so much in the public domain, there is a clear road map to do so.Ø How should you pressure test your control environment?Ø What is the curriculum around business ethics? These words must also mean for each institution to look inward. Ø What will you do when the government comes knocking?
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 25 minutes, 1 second
Maintaining Market Access: Part 1 - Introduction to Market Access
In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market access for supply chain data. During the course of this series, I visit with several members of the Assent team to introduce the topic, consider what market access is, provide an overview of trade compliance, Federal Acquisition Register (FAR) flow downs, the value of continuous monitoring and the origins of laws impacting market access. In episode one, I visit with Travis Miller, General Counsel (GC). We introduce the topic of market access and how companies are responding to these requirements. Join us tomorrow where provide an overview of trade compliance. You can check out more about Assent Compliance Inc. at their website, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/20/2019 • 16 minutes, 18 seconds
Daily Compliance News: May 19, 2019-the Sunday Book Review-con men edition
In today’s edition of Daily Compliance News:King Con by Paul WillettsChasing Phil by David HowardUltimate Folly by Henry MacroryDuped by Abbe EllinThe Confidence Game by Maris KonnikovaAdditional resources-Golden Age of the Grift
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/19/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 18, 2019-the more bad news from Brazil edition
In today’s edition of Daily Compliance News:
Four more banks named in London bribery suit. (Bloomberg)Can blockchain help in the fight against corruption? (World Economic Forum)South African President appoints new head of bribery unit. (Reuters)FBI targets Johnson & Johnson, Siemens, GE, Philips in Brazilian graft case. (Reuters)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/18/2019 • 6 minutes, 31 seconds
This Week in FCPA-Episode 154 - the Take It Back edition
This week's highlights include:
1. Uber stumbles at going IPO. What role did its culture, lack of compliance and ethics play? 2. Belying those who advocate a paper program compliance defense, DOJ/SEC require compliance programs which actually works. 3. What is up with Ephemeral Messaging for Businesses? Avi Gessner, Daniel Foerster and Mengyi Xu consider. 4. What criteria should be used to make reparations to victims of corruption? Sam Hickey explores. 5. Hong Kong criminally indicts ex-JP Morgan banker in Princeling case. Harry Cassin reports.6. FCPA Unit head Dan Kahn discusses evolution in FCPA enforcement. Clara Hudson reports. 7.How should you repay victims of corruption? Sam Hickey. 8. Federal judge lambastes SEC for filing on VW nearly 4 years after emissions-testing scandal erupted. David Shepardson reports.10. What is the fraud risk for non-profits? 11. Join Tom and Jay at Compliance Week 2019. It is one of the top compliance and ethics conferences of the year. This year, Tom is joined by Jonathan Marks in leading a pre-conference workshop on Sunday afternoon about handling internal investigations and performing a root cause analysis. Monday will include a keynote address from the always popular Hui Chen, Tuesday Preet Bharara. As a listener, you are eligible for a discount on the conference cost. Enter code “TOM300” at checkout to save $300 from your registration. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected]. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/17/2019 • 30 minutes, 3 seconds
Daily Compliance News: May 16, 2019-the CEOs and ethical lapses edition
In today’s edition of Daily Compliance News:More business leaders forced out for ethical lapses than for poor financial performance in 2019. (Washington Post)Do large companies fear legal violations? (New York Times)Nordic/Baltic countries agree to share AML information. (Wall Street Journal)Anti-corruption measures as KPIs for government ministers. What a novel idea. (Yahoo Business News)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/16/2019 • 6 minutes, 31 seconds
Everything Compliance-Episode 46, the Justice Department's 2019 Guidance for FCPA Compliance Programs
Welcome to the only roundtable podcast in compliance. Today, we have the full quintet of Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Armstrong and our newest colleague, Sarah Hadden. We take on one topic which the panelist explores from their expertise. The topic is the Justice Department’s Evaluation of Corporate Compliance Programs-2019 Guidance which was recently released.
Sarah Hadden puts on her journalist hat to consider the 2019 Guidance in the context of transparency by DOJ in releasing this information critical for compliance going forward. Sarah rants on all those in the Everything Compliance gang who attended the ECI Impact 2019 conference in her hometown of Dallas and did not reach out to connect with her. (And we know who we are)Matt Kelly considers some different questions such as: Is there anything new? Does it mean any difference in practice? Is it simply a way to wipe out one of the core legacies of Hui Chen? Matt rants on the Trump Administration which said only a couple of weeks ago said it was cracking down on Agency and Department Guidance and literally turns around and issues the 2019 Guidance. Which is it guys?Jay Rosen discuss the original Benczkowski Memo as a precursor to the new 2019 Guidance and how the Benczkowski Memo lays out a roadmap to avoid a monitor by using pro-active assessments. Jay shouts out to the Boston Red Sox for reaching .500. (Matt chastises Jay for now jinxing the Sox)Mike Volkov discusses how the Justice Department is using the state of compliance programs not only at time of violation but also at time of conclusion to reward companies with lower penalties. Mike shouts out to both Brian Benczkowski/DOJ for this new FCPA Compliance Guidance and the Department of Treasury for OFAC guidance around money-laundering and trade sanctions compliance programs.Jonathan Armstrong compares and contrasts the 2019 Guidance document with the information released by SFO on compliance programs. He then considers what a ‘good’ compliance program looks like in his search for a ‘good’ recipe for the perfect Tikka Masala. He rants about the first UK data privacy regulatory action under GDPR, where the UK data protection agency sanctioned the UK government for violation of GDPR.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/15/2019 • 55 minutes, 21 seconds
Compliance into the Weeds: Episode 123-Whistleblower Protection
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into the House Financial Services bill, HR 2515, which amends the Dodd-Frank Act to clarify that whistleblowers who report misconduct to their employers and not to the SEC also have protections against retaliation under the law. This bill fixes the US Supreme Court decision in Digital Realty Trust which mandated that whistleblowers had to go to the SEC to obtain Dodd-Frank anti-retaliation protection. Some of the highlights include: Some of the highlights include: Ø What was the ruling in Digital Realty Trust?Ø Why did it negatively impact whistleblowers, companies and the SEC?Ø What has made whistleblowers and internal reporting so significant?Ø How does the proposed fix benefit whistleblowers, companies and the SEC?Ø Why should businesses get behind this proposed fix?Ø What are the chances it actually is signed into law? For more reading check out Matt’s blog post “Progress on Whistleblower Fix”
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/15/2019 • 26 minutes, 45 seconds
Daily Compliance News: May 15, 2019-the whistleblower protection edition
In today’s edition of Daily Compliance News:
· FCA Whistleblowers given additional protection by US Supreme Court . (Mondovisione)· More regulatory on capture of the FAA by Boeing? (Wall Street Journal)· Why good governance matters. (Financial Times)· CEO pays fine, penalty includes teaching business ethics. (Yahoo Business News)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/15/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 14, 2019-the from bad to worser edition edition
In today’s edition of Daily Compliance News:Judge scolds SEC over VW lawsuit. (WSJ)With friends like this? (Corporate Counsel)Bombadier faces World Bank debarment. (org.cn)Things go from bad to terrible for Bayer. (WSJ)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/14/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 13, 2019-the regime change edition
In today’s edition of Daily Compliance News:DOJ asks Judge to remove lead defense counsel for Huawei. (NYT)Did cost cutting cause Boeing 737 Max crashes? (Bloomberg)House Financial Services approves bill to overturn Digital Trust Realty. (Radical Compliance)States allege generic drug makers obstructed justice in cartel probe. (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/13/2019 • 6 minutes, 31 seconds
FCPA Compliance Report-Bonus Episode-ECI High Quality Program Framework Assessent
In special bonus episode, I present a full hour's presentation of a panel discussion I recently chaired at the ECI Impact 2019 conference. The panel consisted of Steve Scarpino, Director, Ethics and Compliance at BP; Suzanne Mitchell, CCO at US Foods; and Karen Clapsaddle, Ethics Director Lockheed Martin. They were all involved in the design and creation of the ECI High Quality Program and had experience with the Framework Assessment. It was a great review of the HQP and discussion of not only the design of the Framework Assessment but how your company might use it going forward.
Some of the highlights included:The five elements of the HQP;What are the Framework Assessment maturity curves;What level of optimization should companies aspire to'Can the Framework Assessment be used as internal measure;How much is the Framework Assessment quantitative v. qualitative driven?Does a company need to meet all the supporting objectives to be assessed as optimizing?How should you use and communicate maturity levels within your organization?Is backsliding possible?Is there a 'one-size-fits-all'?For additional resources:
Check out the ECI website here.
More on the ECI High Quality Program.
How to use the Framework Assessment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/13/2019 • 1 hour, 1 minute, 45 seconds
Daily Compliance News: May 11, 2019-the what is data security edition
In today’s edition of Daily Compliance News:
· What is data security? Ask Jonathan Armstrong. (Financial Times)· Uber tanks at IPO opening. What did compliance have to do with it? (WSJ)· SEC Thursday fined Telefônica Brasil S.A. $4.125MM for World Cup tickets. (FCPABlog)· What to do when the boss tells you to lie to the feds? Ask Don McGahn. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/11/2019 • 6 minutes, 27 seconds
This Week in FCPA-Episode 153 – the You’ll Never Walk Alone edition
A big tip of the hat to the Liverpool Football Club for its stunning 4-0 trouncing of Barcelona at Anfield to roar back into the Champions League finals for the second consecutive year. With Tom still singing You’ll Never Walk Alone, he takes a break to join Jay to discuss both events some of this week’s top compliance and ethics stories which caught their collective eyes.Roger Ng extradited to US. Is he cooperating with authorities? Want to take a deep dive into the 2019 Guidance. Who are the Top Minds for 2019? Regime change ensnares two more companies: Shell and ENI.What is the Corporate Identification Doctrine in Canada and the UK? Would you but a new plane from Boeing? Should compliance be siloed? What is moral harassment and will it ever be prosecuted in the US. JIn Part 2 of a two-part series on monitors, Jay discusses dealing with a monitor after the settlement. What happens when the DOJ outsources its investigations? Two low level players convicted in NCAA bribery case. Tom has a special 5-part podcast series with Don Stern, Managing Director at AMI on Use of Monitors by Defense Counsel. Check out the following: Part 1-Introduction;Part 2-the Nuts and Bolts; Part 3- Case Studies; Part 4-in the Health Care industry; Part 5-Non-Profits and Varsity Blues. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Megaphone,YouTube, Spotifyand Corporate Compliance Insights. The Compliance Podcast NetworkTom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/10/2019 • 43 minutes, 11 seconds
Daily Compliance News: May 10, 2019-the what is hubris edition
In today’s edition of Daily Compliance News:Theranos founder Elizabeth Holmes defense? The government defrauded Theranos (not the other way around). (New York Times)Wells Fargo creates new compliance position but promotes old employee into it. (Financial Times)Too many auditor findings of insufficient controls? SEC solution, eliminate the requirement. (MarketWatch)Deutsche Bank accused of bribery in London lawsuit. (Bloomberg)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/10/2019 • 6 minutes, 27 seconds
Daily Compliance News: May 9, 2019-the regime change edition
In today’s edition of Daily Compliance News:
· Regime change and more corruption claims. (Bloomberg)· Another guilty plea in NCAA hoops bribery scandal. (NY Daily News)· US returns $200MM in corrupt funds back to Malaysia. (Financial Times)· UK regulator spanks KPMG over poor audit. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/9/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 8, 2019-the Is He or Isn’t He edition
In today’s edition of Daily Compliance News:
Judge says Roger Ng in negotiations with the DOJ, although his lawyer denies it. (New York Times)Colleges in ‘Willful Ignorance’ of corruption, say it ain’t so. (Law360)It’s a bad day when the FT Editorial Board spanks you. (Financial Times)Former Danske bank CEO charged in money-laundering scandal? (Reuters)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/8/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 7, 2019-the Welcome to the US edition
In today’s edition of Daily Compliance News:
· Roger Ng extradited to US. (New York Times)· Closing arguments made in NCAA bribery scandal case. (ESPN)· Hell hath no fury like a competitor scorned. (Financial Times)· What happens when safety is ‘just a given’ at the Board level? (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/7/2019 • 6 minutes, 31 seconds
Independent Monitoring and Proactive Assessments for Defense Attorneys-Part 5, In Non-Profits and Varsity Blues
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I have been joined by AMI Managing Director Stern. We have considered how defense counsel can work proactively with independent monitors to help clients who may have sustained an ethical or compliance violation or are under government scrutiny for allegations of illegal misconduct in a wide variety of industries, disciplines and corporate settings. In this concluding episode, we look at a third-party independent in non-profit setting and how it could help universities survive Varsity Blues. Find out more about Affiliated Monitors Inc. by checking out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 15 minutes, 20 seconds
Independent Monitoring and Proactive Assessments for Defense Attorneys-Part 4, In the Health Care Industry
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Stern. We consider how defense counsel can work proactively with independent monitors to help clients who may have sustained an ethical or compliance violation or are under government scrutiny for allegations of illegal misconduct in a wide variety of industries, disciplines and corporate settings. In this fourth episode, we look at a third-party independent in the health care setting. Join us in our concluding episode in which we consider working with independent third-party monitor in the non-profit setting and the Varsity Blues scandal. Find out more about Affiliated Monitors Inc. by checking out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 15 minutes, 34 seconds
Independent Monitoring and Proactive Assessments for Defense Attorneys-Part 3, Case Studies of Working with 3rd Party Independents
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Stern. We consider how defense counsel can work proactively with independent monitors to help clients who may have sustained an ethical or compliance violation or are under government scrutiny for allegations of illegal misconduct in a wide variety of industries, disciplines and corporate settings. In this third episode, we look at some case studies. Case studies are something every lawyer and compliance practitioner responds to because it presents real facts and events that the corporate compliance discipline can learn from and hopefully incorporate these lessons learned into their organizations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 14 minutes, 3 seconds
Independent Monitoring and Proactive Assessments for Defense Attorneys-Part 2, The Nuts and Bolts
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Stern. We consider how defense counsel can work proactively with independent monitors to help clients who may have sustained an ethical or compliance violation or are under government scrutiny for allegations of illegal misconduct in a wide variety of industries, disciplines and corporate settings. In this second episode, take a deep dive into the nuts and bolts of defense counsel working with a third-part independent monitor. Join us in our next episode in which we consider case studies where an independent third-party monitor was used successfully by defense counsel. Find out more about Affiliated Monitors Inc. by checking out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 14 minutes, 13 seconds
Daily Compliance News: May 6, 2019-the Diamonds are Forever edition
In today’s edition of Daily Compliance News:
· Regulatory capture, regulatory ineptitude or just don’t care? (Washington Post)· 1MDB diamonds headed to US. (Reuters)· Boeing knew about safety issue for 1 year before informing FAA. (Wall Street Journal)· Why compliance needs a seat at the grown-ups table. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 6 minutes, 31 seconds
Independent Monitoring and Proactive Assessments for Defense Attorneys-Part 1, Introduction
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Stern. We consider how defense counsel can work proactively with independent monitors to help clients who may have sustained an ethical or compliance violation or are under government scrutiny for allegations of illegal misconduct in a wide variety of industries, disciplines and corporate settings. In this first episode, we introduce the concept of defense counsel working with independent monitors. Join us in our next episode where we dive into the weeds by looking at the nuts and bolts of working with a third-party independent monitor. Find out more about Affiliated Monitors Inc. by checking out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 14 minutes, 19 seconds
FCPA Compliance Report-Episode 429, James Koukios on MoFo’s February Anti-Corruption Newsletter
In this episode I have back with me, fan favorite James Koukios, partner at Morrison and Foerster. This is Part 2 of a two-part series where we discuss the firm’s always great Top 10 International Anti-Corruption Developments newsletter. In this episode, we take a look at some of the key highlights from the February newsletter. In the most recent episode, we detailed some of the key developments from the January newsletter. We also have a special segment on the FCPA Opinion Release Procedure. Some of the highlights from the podcast include:
DOJ Files $38 Million Civil Forfeiture Action in Connection with Malaysia Sovereign Wealth Fund ScandalWhat is the role of civil forfeiture in anti-corruption enforcement?9thCircuit Court of Appeals Vacates Federal Whistleblower Retaliation Verdict Against Bio-Rad. What does this mean for whistleblower cases going forward?UK Serious Fraud Office Closes Two Foreign Bribery Cases. Gutless move on the part of the new director or is something else going on?What is the Opinion Release Procedure? How a company can use it? What happens on the DOJ side once a request comes into the DOJ?For further reading, see the Morrison and Foerster Top 10 International Anti-Corruption Developments for February 2019, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/6/2019 • 30 minutes, 39 seconds
Daily Compliance News: May 5, 2019-the Sunday Book Review edition
In today’s edition of Daily Compliance News:
· New David McCullough book. (Wall Street Journal)· How streaming changed music and us. (Financial Times)· The Lord Lucan Murder case still fascinates. (Financial Times)· Harper Lee lives on. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/5/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 4, 2019-the Enter Slow, Exit fast edition
In today’s edition of Daily Compliance News:What to do when the founder is toxic? (New York Times)Michael Senna informs 3rdparty risk management. (Wall Street Journal)Exxon sues Cuban companies for expropriation. (Wall Street Journal)Model airplane enthusiasts stop drone delivery. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/4/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 3, 2019-the Insys execs guilty edition
In today’s edition of Daily Compliance News:
· Insys execs found guilty of racketeering. (New York Times) Is a socialist revolt coming? (New York Times)· What’s the going rate for paying BB players at Arizona? Apparently as high as $10K per month. (ESPN)· Where goeth Tesla? Hat in hand looking for cash apparently. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2019 • 6 minutes, 31 seconds
Daily Compliance News: May 2, 2019-the Evaluation edition
In today’s edition of Daily Compliance News:
· Wall Street Journal· Radical Compliance· FCPA Compliance and Ethics Blog (Part 1)· Board and Fraud
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/2/2019 • 6 minutes, 27 seconds
Life With GDPR: Episode 26- The Importance of Passwords
In this episode, I visit with Jonathan Armstrong a topic which does not seem to garner the attention that it deserves in data protection; that being passwords. Some of the issues and highlights are: What is two-factor authentication? How, when and where should your use it?What are the most common passwords still in use?Why are passwords one of the most basic forms of data security protection?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/2/2019 • 18 minutes, 57 seconds
Compliance into the Weeds: Episode 121-The Role of the CRO in ERM
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive intothe role of the Chief Risk Officer in overall Enterprise Risk Management. Some of the highlights include: Some of the highlights include: Ø Why is effective ERM is more than simply operationalization of ethics and compliance?Ø Why the Board and senior management must take a holistic approach to ERM? Ø Why is it even more important for Boards and senior management to have better risk governance?Ø How do you define the role of Chief Risk Officer?Ø What is the role of internal audit in today’s analytical world of risk management?Ø Could or even should the role of the Chief Audit Officer evolve into the role of a Chief Risk Officer? For more reading check out Matt’s blog post “The Chief Risk Officer Role”. Also listen to the Radical Compliance podcast here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/1/2019 • 26 minutes, 45 seconds
Daily Compliance News: May 1, 2019-the May Day edition
In today’s edition of Daily Compliance News:
· What happens when your customer is hit by scandal? (Wall Street Journal)· Tear gas and the Whitney, what does it all mean? (New York Times)· Boeing CEO confronts hostile shareholders. (Washington Post)· Will the EU do something about money-laundering? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/1/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 30, 2019-the End of April edition
In today’s edition of Daily Compliance News:Prosecutors ask for hold on Sunny Balwani SEC civil action. (MarketWatch)What’s $5bn among friends? (New York Times)Did Varsity Blues parents engage in a conspiracy or just old-fashioned bribery? (New York Times)Bank regulators behaving badly. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/30/2019 • 6 minutes, 31 seconds
Across the Board – Episode 5: The Road Ahead
Over this special 5-part podcast series, I have visited with David Greenberg, Special Advisor at LRN. We took a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In this fifth and final episode, we look at the road ahead. The White Paper stated, “Over time, the gulf between CECOs and boards should be bridgeable. We believe the bridge should be built quickly. The sooner that CECOs have the board’s ear – and that directors are fully aware of what CECOs and the initiatives they lead can bring to the table –the stronger and more resilient their companies will be.
Some of the highlights from the podcast include:What practical steps should be taken to engage the board more actively and effectively in ethics and compliance oversight?More time, higher priority, stronger signals from boards in ethics and compliance oversight.Boards need to question whether ethics and compliance are genuinely integral to business operations.Elevate the CECO and establish direct and confidential reporting lines?What lays on the road ahead?Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 13 minutes, 42 seconds
Across the Board – Episode 4: Metrics and Senior Management
In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We are taking a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 4, we look metrics which a BOD should consider and how a Board should oversee senior management around ethics, compliance and culture. Some of the highlights from the podcast include: Ø CECOs want their boards will send stronger signals to executive management about the importance of embedding ethics and compliance in the company’s business.Ø CECOs want boards to hold management more accountable for ethics and complianceØ A BOD should ask management ‘What have you done to assure compliance. Show me.’ Ø Why should a Board be concerned about metrics around culture?Ø What measures should a Board employ for culture and ethics? Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 15 minutes, 44 seconds
Across the Board – Episode 3: Not Enough Time/Not Enough Depth
In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 3, we consider many CECO’s concern that Boards do not dedicate sufficient time and priority to compliance nor go into sufficient depth into compliance programs and potential outcomes . Some of the highlights from the podcast include:Why don’t Boards put in more time around E&C programs?Why is compliance often the last item on the Board agenda and equally as often, left off for later?CECOs want to be challenged by their Boards but often are not.Does your Board have a compliance game plan?Why don’t BODs go deeper into E&C programs? How would they do so?Are Boards even asking the right questions?Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 14 minutes, 34 seconds
Daily Compliance News: April 29, 2019-the Welcome to my Tweet-Up edition
In today’s edition of Daily Compliance News:SW Airlines not told of deactivated safety feature on Boeing 737 Max. (Wall Street Journal)Sexual harassment claims hit the energy industry. (I’m shocked) (Wall Street Journal)Welcome to my Tweet-Up, as Musk/SEC settlement twitter imbroglio. (Wall Street Journal)Power, corruption and duplicity in Alabama over a superfund site. (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 6 minutes, 31 seconds
Across the Board – Episode 2: BOD Understanding and the Game Plan
In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 2, we consider the average Board of Director’s knowledge of compliance and your game plan going forward. Some of the highlights from the podcast include: Ø Why don’t Boards have a better understanding of the compliance function within their organization?Ø Why do BOD’s have such little knowledge of the CECO role?Ø Why does the BOD tend to focus on what has passed rather forward looking?Ø Does your Board have a compliance game plan?Ø Why does a BOD need to develop a framework for discussing, evaluating, and measuring ethics and compliance?Ø Why should BODs relate ethics and compliance to their companies’ core strategy and be able to have a sufficient point of view to guide and oversee it? Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 13 minutes, 51 seconds
FCPA Compliance Report-Episode 428, James Koukios on MoFo’s January Anti-Corruption Newsletter
In this episode I have back with me, fan favorite James Koukios, partner at Morrison and Foerster. This is Part 1 of a two-part series where we discuss the firm’s always great Top 10 International Anti-Corruption Developments newsletter. In this episode, we take a look at some of the key highlights from the January newsletter. Next week we conclude with some of the key developments from the February newsletter. Some of the highlights from the podcast include: Ø Former Bankers Arrested on FCPA Charges in Mozambique Tuna Boat Scandal. Ø Japan’s Olympics Chief Faces Corruption Charges in France. Ø Two European Countries Take Steps to Strengthen Anti-Corruption Efforts.Ø Italy Publishes New “Bribe Destroyer” Law. Ø The UK Establishes Financial-Industry Task Force. For further reading, see the Morrison and Foerster Top 10 International Anti-Corruption Developments for January 2019, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 18 minutes, 21 seconds
Across the Board – Episode 1: What’s the Tone at the Very Top
In this special 5-part podcast series, I visit with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 1 we introduce the topic of what’s the tone at the very top of your organization. Some of the highlights from the podcast include: Ø What’s the role of the Board around compliance and ethics?Ø Why is it important for the Board to actively oversee a C&E program?Ø What is the biggest disconnect between the BOD and the compliance function?Ø Board members should think of compliance as beyond FCPA and Sarbanes-Oxley, yet there understanding is members’ fuzzy at best. Ø Board members understand what auditors do, but they often do not understand compliance enough to ask intelligent questions.” Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/29/2019 • 12 minutes, 57 seconds
Daily Compliance News: April 28, 2019-the Sunday Book Review edition
In today’s edition of Daily Compliance News:
· What was behind “Our Man in Havana? (Financial Times)· Why Ovid is still an inspiration. (New York Times)· Life of John Hersy. (Wall Street Journal)· The Best Five. Allison Lurie on heroines over 50. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/28/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 27, 2019-the Havlicek stole the ball edition
In today’s edition of Daily Compliance News:
· What hath Zion wrought? (NY Post)· Petrobras revisiting its ill treatment of whistleblowers. (Reuters.com)· Glencore under CFTC investigation for FCPA violations.(Bloomberg)· Who owns Huawei? (The company says it’s the workers.)(New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2019 • 6 minutes, 31 seconds
Episode 106-Metropolis by Philip Kerr
Richard Lummis and I are back and today we head in a different direction. We consider the final Bernie Gunther novel by Philip Kerr Metropolis. It is the final Gunther novel as Kerr died earlier this year. The novel is a prequel to the entire series, taking place in 1928, near the end of the Weimar Republic. Some of the highlights were:The city of Berlin as a character in the novel;Bernie Gunther as Phillip Marlow?How close are the police to those they police?What is the symbiotic relationship between the police and criminals of the city?Why is the Weimar Republic in many ways the undiscovered country for Americans? andRichard and I asses not only this book but the entire Gunther series.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2019 • 28 minutes, 16 seconds
Daily Compliance News: April 26, 2019-the Endgame edition
In today’s edition of Daily Compliance News:DOJ wants Goldman Sachs to plead guilty over 1MDB. (Financial Times)How did Wirecard generate its profits? (Financial Times)UK agrees to use Huawei to build out its 5G network. What will be the US response? (Financial Times)Be part of the $300MM pool of money—see Endgame this weekend. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/26/2019 • 6 minutes, 31 seconds
This Week in FCPA-Episode 151 – the World Domination edition
Is the US utilizing FCPA enforcement for world domination? Recovering screenwriter Jay Rosen and frustrated novelist Tom Fox consider this while they also take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.
1. Does the statute of limitations run while Trump is in office? Sara Kropf opines. 2. What is the compliance response to the Varsity Blues scandal? Sandra Erez reports. 3. NYDFS cybersecurity requirements are live, is your organization ready? Michael McGrath. 4. Matt Kelly has a twitter storm on Boeing, sales strategy and ethics. Tom and Matt take a deep dive into the imbroglio. 5. Is the US using FCPA to garner world domination? Henry Astier opines.6. What are the best practices for managing employee hotline reports? Jaclyn Jaeger reports.7. What do the WME companies have in common? Aarti Maharaj. 8. Transparency challenges in CSR. Dunstan Allison-Hope. 9. Tom is speaking at ECI’s IMPACT 2019 next week in Dallas about the importance of measuring the quality and maturity of your high quality E&C program. Regisration and information is available here. 10. Join Tom and Jay at Compliance Week 2019 on May 20-22, in Washington DC. Listeners to this podcast can receive a $300 discount by using the code TOM300. You can check out the full agenda, see who’s speaking, and review registration information. 11. Sarah Hadden joins the Everything Compliance as our latest panelist. Listen in on Episode 45, the Drinkin’ the Kool-Aidedition. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/26/2019 • 36 minutes, 55 seconds
Everything Compliance-Episode 45, the Drink the Kool-aid edition
Welcome to the only roundtable podcast in compliance. Today, in Episode 45 we celebrate our newest addition to the Everything Compliance gang; Sarah Hadden. Sarah is the Publisher at Corporate Compliance Insights, taking the helm from founder Maurice Gilbert earlier this year. She is a journalist by profession and has been working in the compliance space, largely at CCI for the past six years. She brings a wealth of talent, knowledge and perspective to our happy band of commentators and help us to 'drink the Kool-Aid. Sarah Hadden discusses experiential learning. She uses that as a basis to consider what is effective training and how interactive training can lead to a new level of not simply effectiveness but awareness to recency bias which can cloud decision making. Sarah shouts out to internet service providers everywhere who were able to make the Mueller report available as soon as it was released.Matt Kelly discusses best practices around disclosing reporting data and using interactive technologies to improve Codes of Conduct, compliance policies and procedures. Matt rants on former White House Ethics Counsel, Stefan Passantino who urged Mazars USA not to comply with a subpoena that House Oversight Committee issued for Trump’s financial documents. That is ethics for you in TrumpWorld.Jay Rosen talks about repositioning compliance as a business generator. He discusses companies which see compliance as a business advantage and details how they do so. Jay shouts out to former White House counsel Don McGahn for being a “real lawyer” because he takes notes.Tom Fox, sitting in on this episode, uses the top three FCPA settlements of 2019 (MTS, Cognizant and Fresenius) to illustrate how the FCPA Corporate Enforcement Policy, announced in 2017 is being used in practice. He compares the three different types of resolutions used by the Justice Department and what it might mean for compliance going forward. Tom rants about Charles Van Doren and the quiz show scandals from the late 1950s.The members of the Everything Compliance panelist are:Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected] Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected] Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected] Armstrong–is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] Hadden– the newest addition to our panel. Sarah is the Publisher at Corporate Compliance Insights. Hadden can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/25/2019 • 51 minutes, 25 seconds
Compliance into the Weeds: Episode 120-On the Ethical Tarmac
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into continued ethical, reputational and business imbroglio which Boeing finds itself in around the 737 MAX airliner, as the company finds itself on the ethical tarmac.
Some of the highlights include:Where does compliance come into a sales strategy?Who is responsible for entailing safety - the buyer or seller?What does it mean from the compliance perspective is a safety upgrade is optional?How does regulatory capture affect overseas sales?What is the legal analysis around safety and options for safety upgrade on products?Who should regulate the supply side-the government or the market?For more reading check out Matt’s blog post “More on Boeing and Business Ethics”
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/24/2019 • 26 minutes, 45 seconds
Daily Compliance News: April 24, 2019-the bit player edition
In today’s edition of Daily Compliance News:
· Opioid distributor faces criminal charges. (New York Times)· NCAA scandal; little fish=big charges. (New York Times)· Walmart investigates Flipkart’s compliance lapses and bribe paid to govt officials. (EnTracker)· How does the rest of the world see FCPA enforcement? (AsiaTimes)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/24/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 23, 2019-the pay for information edition
In today’s edition of Daily Compliance News:
· Should shareholder authorize payments to corrupt execs to tell what they know about corruption. (Bloomberg)· Google employees claim retaliation. (New York Times)· CTFT charges company in $47MM Ponzi scheme. (MarketWatch)· GSK non-prosecution costs SFO £7.5MM. (The Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/23/2019 • 6 minutes, 1 second
Supply Chain Data Management: Part -5, Market Drivers for Continued Legislation
In this five-part podcast series, sponsored by Assent Compliance, I have explored supply chain data management. I have visited with several members of the Assent Compliance team to introduce the topic, consider the synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. In this fifth and final episode, I have back Travis Miller, General Counsel at Assent Compliance Inc. and Director of Assent Compliance USA Ltd. We consider the market drivers for continued legislation. To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click here and sign up for the Assent Compliance newsletter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 13 minutes, 51 seconds
Supply Chain Data Management: Part -4, Failures in Supply Chain Compliance
In this five-part podcast series, sponsored by Assent Compliance, I explore supply chain data management. In this series, I visit with several members of the Assent Compliance team to introduce the topic, consider the synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. In this first episode, I visit with Jared Connors, Senior Subject Matter Expert, Corporate Social Responsibility at Assent Compliance Inc. We consider what it the impact on organizations which have a supply chain compliance failure. Join us in our next episode when we conclude this five-part series by considering the market drivers of continued supply chain compliance. To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click here and sign up for the Assent Compliance newsletter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 18 minutes, 27 seconds
Supply Chain Data Management: Part -3, Development of Supply Chain Risk Management
In this five-part podcast series, sponsored by Assent Compliance, I explore supply chain data management. In this series, I visit with several members of the Assent Compliance team to introduce the topic, consider the synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. In this third episode, I visit with Travis Miller, General Counsel at Assent Compliance Inc. and Director of Assent Compliance USA Ltd. We consider the synergies between the emergence of supply chain risk and the compliance response. Join us tomorrow where we explore organizational impacts of compliance failures with Jared Connors. To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click here and sign up for the Assent Compliance newsletter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 14 minutes, 10 seconds
Supply Chain Data Management: Part -2, Introduction to Supply Chain Data Management
In this five-part podcast series, sponsored by Assent Compliance, I explore supply chain data management. In this series, I visit with several members of the Assent Compliance team to introduce the topic, consider the synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. In this second episode, I visit with James Calder, the Vice President of Compliance and Regulatory Programs at Assent Compliance. We introduced the topic of supply chain data management. Join us in our next episode, where we consider the development of supply chain risk management. To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click hereand sign up for the Assent Compliance newsletter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 14 minutes, 34 seconds
Supply Chain Data Management: Part -1, Who is Assent?
In this five-part podcast series, sponsored by Assent Compliance, I explore supply chain data management. In this series, I visit with several members of the Assent Compliance team to introduce the topic, consider the synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. In this first episode, I visit with Matt Whitteker, the Vice President of Growth at Assent Compliance. He is also one of the co-founders of the organization. We discussed how Assent Compliance came to be founded through seeing the market need the founders saw and moved to fill with Assent.
Join us tomorrow where we introduce the topic of supply chain data management. To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click hereand sign up for the Assent Compliance newsletter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 14 minutes, 55 seconds
Daily Compliance News: April 22, 2019-the asking for a Ferrari edition
In today’s edition of Daily Compliance News:
· McKesson employee compares asking for compliance resources to ‘asking for a Ferrari’. (New York Times)· Odebrecht scandal shows no sign of waning. (BBC)· Is Knicks’ owner James Dolan the worst owner in sports? (New York Times)· Brian Lamp signs off. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 22, 2019-the asking for a Ferrari edition
In today’s edition of Daily Compliance News:
· McKesson employee compares asking for compliance resources to ‘asking for a Ferrari’. (New York Times)· Odebrecht scandal shows no sign of waning. (BBC)· Is Knicks’ owner James Dolan the worst owner in sports? (New York Times)· Brian Lamp signs off. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 6 minutes, 31 seconds
FCPA Compliance Report-Episode 427, Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup
In this episode I take things in a bit of a different direction as I am interviewed by Sean Freidlin, Senior Product Marketing Manager, Compliance at Hanzo, on a project commissioned by Hanzo which became a part of the Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup. Sean explains what the resulting white paper provides and then queries me on some of the deep dives I took into several areas. Some of the highlights from the podcast include:What is the Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup?The approach in writing the Roundup.What were key macro highlights from the WEF Global risk Report 2019?What were key micro business highlights from the Allianz Business Risk Barometer-Top Business Risks?What are some of the key regulatory enforcement priorities going forward into 2019?Where has compliance been over the past 18 months and where is it headed going forward?Where listeners can go for more information.To obtain a full copy of the Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/22/2019 • 31 minutes, 28 seconds
Daily Compliance News: April 19, 2019-the Good Friday edition
In today’s edition of Daily Compliance News:When safety has a training issue, what is the answer? (Wall Street Journal)Where will Fyre bankruptcy lead? (Wall Street Journal)More focus on Peru after former President’s suicide. (Wall Street Journal)Want a job, Japan wants you. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2019 • 6 minutes, 31 seconds
This Week in FCPA-Episode 150– the Easter/Passover edition
On this weekend, we have the dual celebrations of Easter and Passover. As Tom enjoys the Astros 11-0 run and sweeps of the Yankees and Mariners; Jay mourns his Red Sox going into the doghouse, they also take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.
1. Corporations behaving badly are looming large in the news this week. What does Boeing’s culture teach us about compliance and ethical behavior? Former VW CEO Martin Winterkorn charged criminally in Germany.2. Mike Volkov takes a deep dive into the Standard Chartered $1bn fine for failures in AML controls, on his blog Corruption, Crime and Compliance. 3. How can you get compliance right when there are no regulations on it? Jo Ritcey-Donohue explores.4. Jay joins the bandwagon on compliance program as business enhancer. 5. GDPR-what happened to one-stop enforcement?6. How can the role of a monitor go murky? 7. When is a facilitation payment a bribe? Dick Cassin uses the Uber FCPA investigation disclosure to explore. 8. Trump administration moves to eviscerate agency ruling making? Joe Mont reports. (sub req’d) Matt Kelly discusses the pitfalls. 9. What businesses need to do now to prepare for Cyber Attacks. 10. This week Tom visits with AMI MD Rod Grandon on federal contractors and compliance programs. Check out the following: Part 1-Reponsible Contractors; Part 2- What the Government Expects; Part 3- Small Business Compliance Programs; Part 4-Why are we still talking about this?; and Part 5-Keeping it Fresh. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2019 • 31 minutes, 58 seconds
Life With GDPR: Episode 25- Data Breach=Deadly Consequences
In this episode, I visit with Jonathan Armstrong to consider the recent regulatory fine leveled against London Borough of Newham £145,000 for a data breach involving the data of more than 200 people. It presents a situation where a data breach was literally a matter of life and death. Some of the issues and highlights are: What was the data and why was it so sensitive? How was the data leaked?How did the authorities determine the data breach?What as the basis of the Information Commissioner’s Office (ICO) fine?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/18/2019 • 17 minutes, 23 seconds
Daily Compliance News: April 18, 2019-the what am I going to be edition
In today’s edition of Daily Compliance News:
· Pension fund demands GE can KPMG. (Accounting Today)· What will be the role for compliance when it ‘grows up’? (Wall Street Journal)· Former Peru President commits suicide when facing arrest. (Washington Post)· New U.S. Policy on Cuba Sanctions Threatens EU Ties. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/18/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 17, 2019-the whistleblower protection edition
In today’s edition of Daily Compliance News:
· Ongoing graft in India? I’m shocked! (The Economic Times)· When is a facilitation payment a bribe? (FCPA Blog)· Whistleblowers garner EU wide protection? (BBC)· FT slams SFO for dropping Rolls-Royce; GSK investigations. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/17/2019 • 6 minutes, 31 seconds
Compliance into the Weeds: Episode 119-Rule Making Power Grab
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recently announced policy by the Trump White House that all regulatory rules and guidance must be submitted to the White House for review before it goes through Congressional review. Some of the highlights include: Some of the highlights include: Ø This is a significant power grab by the White House.Ø What is OIRA and can the White House force all new regs and guidance go through it before Congress considers them? Ø Will regulatory guidance be treated as regulations? What about SEC No-Action Letters? DOJ declinations?. Ø Will regulatory reduction continue under this new policy?Ø This is an example of how political instability negatively impacts businesses.Ø What does this mean for the Democratic nominee to the SEC? For more reading check out Matt’s blog post “Trump Grabs at Rulemaking"
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/17/2019 • 26 minutes, 45 seconds
Daily Compliance News: April 16, 2019-the Integrity edition
In today’s edition of Daily Compliance News:
· What is the most important leadership trait? (Inc.com)· When is a facilitation payment a bribe? (FCPA Blog)· What happened to one-stop GDPR enforcement? (Compliance and Enforcement Blog)· Former VW CEO indicted in Germany. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/16/2019 • 6 minutes, 31 seconds
Federal Contractor Responsibility: Part 5-Keeping it Fresh
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Rod Grandon. We have considered the responsibility of federal contractors to maintain their status as “Responsible Contractors” and explore the benefits of having an effective compliance and business ethics program to not only increase business efficiencies and profitability but prepare you in good stead if the regulators come knocking. In this final episode, we consider how you can keep your compliance program fresh through ongoing monitoring. To find out more about Affiliated Monitors, Inc. check out their website www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 15 minutes, 11 seconds
Federal Contractor Responsibility: Part 4-Why Are We Still Talking About This?
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Rod Grandon. We consider the responsibility of federal contractors to maintain their status as “Responsible Contractors” and explore the benefits of having an effective compliance and business ethics program to not only increase business efficiencies and profitability but prepare you in good stead if the regulators come knocking. In this fourth episode, I get to ask Rod a question I have wanted to pose to him for some time, which is “why are we still talking about this?” Join us in our next and final episode, where Grandon explains how to keep your program fresh. To find out more about Affiliated Monitors, Inc. check out their website www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 14 minutes
Federal Contractor Responsibility: Part 3-Small Business Compliance Programs
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Rod Grandon. We consider the responsibility of federal contractors to maintain their status as “Responsible Contractors” and explore the benefits of having an effective compliance and business ethics program not only to increase business efficiencies and profitability but prepare you in good stead if the regulators come knocking. In this third episode, we discuss small business compliance programs. Join us in our next episode, when I pose the following question to Grandon, “Why are we still talking about this?” To find out more about Affiliated Monitors, Inc. check out their website www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 13 minutes, 57 seconds
Federal Contractor Responsibility: Part 2-What Does the Government Expect
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Rod Grandon. We consider the responsibility of federal contractors to maintain their status as “Responsible Contractors” and explore the benefits of having an effective compliance and business ethics program not only to increase business efficiencies and profitability but prepare you in good stead if the regulators come knocking. In this second episode, we engage in more in-depth discussion what the government expects from contractors. Join us in our next episode, where we consider the concerns of small business contractors and how they can be ameliorated. To find out more about Affiliated Monitors, Inc. check out their website www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 12 minutes, 59 seconds
Federal Contractor Responsibility: Part 1-Introduction of Responsible Contractors
In this five-part podcast series, sponsored by Affiliated Monitors, Inc. (AMI); I am joined by AMI Managing Director Rod Grandon. We consider the responsibility of federal contractors to maintain their status as “Responsible Contractors” and explore the benefits of having an effective compliance and business ethics program not only to increase business efficiencies and profitability but prepare you in good stead if the regulators come knocking. In this first episode, we introduce the concept of Responsible Contractors. Join us in our next episode where discuss what the government expects from contractors. To find out more about Affiliated Monitors, Inc. check out their website www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 16 minutes, 42 seconds
Daily Compliance News: April 15, 2019-the Tiger Wins edition
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 6 minutes, 31 seconds
FCPA Compliance Report-Episode 426, Jon Rusch on Dipping Through Geometries
In this episode I finally have Jon Rusch on the podcast. Jon is the author of one of the most recent podcasts in law around law and compliance. His topics include the FCPA, AML, export control, anti-trust and a wide variety of other legal issues that the compliance practitioner faces. Some of the highlights from the podcast include: Ø Why name your blog ‘Dipping Through Geometries’? Ø What is your interest in this area-money laundering?Ø Why are the money service businesses in London both so problematic and difficult for authorities to effectively regulate?Ø One of the key themes seems to be money-laundering can occur in a wide variety of businesses and industries.Ø Why is the international fight against bribery, corruption and money-laundering a key component in the international fight against terrorism?Ø What is they link between money-laundering and terrorism?Ø What is the role of the compliance professional in this fight? For more information on the blog posts referenced in this podcast , check out “The first is “United Kingdom Criminal Network That Obtained More Than £8 Billion from Frauds Sent £80 Million to al-Qaeda” and “Metropolitan Police Commissioner: London Money Service Businesses Used to Export Drug Money”. Finally, you should sign up for Jon Rusch’s blog Dipping Through Geometries.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/15/2019 • 26 minutes, 24 seconds
Daily Compliance News: April 123, 2019-the Saturday the 13th edition
In today’s edition of Daily Compliance News:
· Les Moonves forfeited $34.5MM in comp. (Wall Street Journal)· Grant Thornton in how water in UK. (Wall Street Journal)· Conflict of interest in Hollywood (I’m really shocked). (New York Times)· What is risk? When growth fuels a change. (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/13/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 12, 2019-the Uber FCPA investigation edition
In today’s edition of Daily Compliance News:
· Uber is under FCPA investigation. (FCPA Blog)· Did you break the rules? Just rewrite them in your favor. (Wall Street Journal)· Apple requires supply chain compliance re: climate warming emissions. (Washington Post)· Halloween comes early this year for the UK. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/12/2019 • 6 minutes, 31 seconds
This Week in FCPA-Episode 149 – the White Privilege edition
After a one-week hiatus, the lads are back. While debating white privilege and the Varsity Blues scandal, they also take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.
1. Guilty pleas begin in the Varsity Blues scandal. For those who did not plead guilty, additional charges filed. Jay interviews Justin Paperny about the Varsity Blues sting. For one of the best and fullest explanations, see Caitlan Flanagan’s article in The Atlantic.2. Does your company lack integrity? Mike Volkov gives 5 signs which show it does. 3. Standard Chartered joins the $1 bn fine club.4. What is the intersection of DD and AI? 5. OFAC enforcement action demonstrates need for pre-acquisition due diligence? 6. What is ethical AI?7. What are the shifting reasons for FCPA enforcement?. 8. What are the risks to investors in Uber? 9. This week Tom explores the intersection of Shakespeare and Compliance through the lens of King Lear. Check out the following: Part 1-Innovation;Part 2- Changing Your Focus; Part 3- Engaging Your Audience; Part 4-a Different Interpretation; and Part 5-The Fool. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotifyand Corporate Compliance Insights. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/12/2019 • 44 minutes, 35 seconds
Compliance into the Weeds: Episode 118-Hotline Metrics
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recently released NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report. We consider the details from the report and ask the following question “are you using all the right intake channels to capture a true sense of misconduct and corporate culture at your organization?” Some of the highlights include: Some of the highlights include: Ø What are the intake channels available to your organization?Ø If you are only tracking complaints through a formal system, you may well be missing a wider variety and rich source of information. Ø Moving your intake past simply what the law requires will give you a much better accounting of your organization’s culture.Ø How can you improve your intake?Ø Has closure time for reported increase or decrease?Ø What has been the continued impact of #MeToo? For more reading check out Matt’s blog post “Hotline Metrics-are you missing any?”To read the full NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/11/2019 • 22 minutes, 22 seconds
Daily Compliance News: April 10, 2019-the $1.1bn edition
In today’s edition of Daily Compliance News:
Standard Chartered joins the $1 bn fine club. (New York Times)Are you missing any hotline metrics? (Radical Compliance)AML charges in Varsity Blues, can tax fraud be far behind? (New York Times)Institutional investors dump Vale stock. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/10/2019 • 6 minutes, 31 seconds
Daily Compliance News: April 9, 2019-the Varsity Blues-guilty pleas edition
APRIL 9, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· First round of guilty pleas in Varsity Blues. (Huffington Post)· How can you tell if a company is overpaying its CEO? (MarketWatch)· Dirty money and Scandinavian banks. (New York Times)· Nissan shareholders erupt at annual meeting. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/9/2019 • 6 minutes, 27 seconds
Shakespeare on Compliance – the Fool (In theater and in business)
In this podcast series, I have used the current Broadway performance by Glenda Jackson as King Lear to introduce several compliance topics. Today, I want to discuss the role of The Fool. Initially I should note that the actor who played it, Ruth Wilson, also played Cordelia; which in and off itself is rather amazing. The Fool did well to speak truth to power during the play and Wilson was excellent in both roles. Wilson’s performance as The Fool added a shading of interpretation that certainly works. It also informs today’s review topic which is who was the fool and who was the criminal in one of the most nortorious acquistions in recent memory, the Hewlett-Packard (HP) acquisition of the UK company Autonomy. The matter is now on trial in London, it being the largest UK civil trial in history with HP claiming some $5 billion in damages. The former Autonomy CEO Mike Lynch is in the dock as he will be in the US when his criminal case goes to trial sometime after the conclusion of this civil action. The trial began last month and the fireworks have already started, with HP claiming Lynch and his former CFO engaged in massive fraud; the trial judge asking HP what accounting standards they used to evaluate HP and Lynch basically saying HP dropped the ball completely in both the acquisition and after closing for a variety of reason. Based upon all of this tomfoolery I thought a review of HP actions was warranted today. Perhaps the simple truth is that everyone involved in this matter was a Fool.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 11 minutes, 49 seconds
Shakespeare on Compliance – A Different Interpretation
In this episode, I want to discuss how Jackson, starring in the role of King Lear, added a new level of complexity, nuance and interpretation to the entire play. Jackson is an octogenarian, the oldest person I have ever seen play Lear. Having seen my two parents age, I have some understanding that a person does not gain in stature, power or strength after they cross the 80-birthday mark. In other productions I have seen Lear roar and rail at Cordelia however, Jackson played it understated with nary a raised voice. Even after the intermission, one of the most powerful scenes is when Lear carries of the lifeless body of Cordelia. Lear is in shock, bereaving and clearly quite mad. Yet to pull this off this scene requires an actress playing Cordelia to be of a size that the actor playing Lear can physically carry. Jackson is far too frail to do so. In this penultimate scene she sat on the stage with Cordelia’s head cradled in her lap, gently stroking her dead daughter’s hair. It was one of the most tender, loving and affectionate presentations I have ever seen in Lear. The same week as the Mobile TeleSystems PJSC (MTS) Foreign Corrupt Practices Act (FCPA) enforcement action was announced there were two significant speeches by Department of Justice officials. The first was by Deputy Attorney General Rod Rosenstein. The second was by Assistant Attorney General Brian Benczkowski. I want to focus on how both speeches explain what many found to be the stunning result Cognizant Technology Solutions Corporation (CTSH) received when it obtained a declination for its FCPA violations, both from the strategic and tactical levels. Taken together, these two speeches made clear the reasons why the DOJ handed a declination to CTSH. The company engaged in the type of conduct, after it discovered its FCPA violation, that the DOJ wanted to reward and encourage going forward. Rosenstein made this crystal clear in his remarks, when he stated, “We aim to incentivize companies to report crimes, disgorge illegal proceeds, take remedial actions, and identify accountable officials so we can prosecute them – and do it all promptly. That will result in less corporate crime in the future.” This is not going soft on corporate crime; this is bringing corporate America into a role in the global fight against bribery and corruption. Yet the Benczkowski speech had equal import for the compliance professional. The DOJ rewarded CTSH for not only its quick decision to self-disclose and then doing so; they also rewarded the company for having a robust pre-existing compliance program even though C-Suite executives led the bribery effort. This recognition by the DOJ makes even more important the corporate compliance function and a corporate compliance program to protect an organization if nefarious actors arise.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 10 minutes, 20 seconds
Shakespeare on Compliance - Engaging Your Audience
In this episode, I want to discuss the opening scene where Lear bids his daughters express the breadth and scope of their love for him. Lear has called a conference to divide his kingdom between his three daughters, Goneril, Regan and Cordelia, his youngest who is clearly is favorite. Goneril professes her love is more than words alone can convey, saying “A love that makes . . . speech unable / Beyond all manner of so much I love you”. Regan professes, “Myself an enemy to all other joys, Which the most precious square of sense possesses, And find I am alone felicitate in your dear Highness’ love.” However, Cordelia refuses to play the flattering fool. Her father twice gives her the opportunity to redress this decision but she holds firm saying “Nothing, my lord”. This leads to the break in the family, the deaths of the sisters and the fullest scope of tragedy. Why do you need to engage your audience? I thought about this in the context of the Foreign Corrupt Practices Act, compliance and regime change. This is not Saddam Hussain regime change where the US government invades a country to throw out the old boss. This is a democratically elected-peaceful transfer of power. However, it now appears that regime change now means corruption investigations which impact not only the FCPA but also US companies. Every compliance officer needs to aware of this new reality. Take three recent regime changes, together with what they have meant; and perhaps one to come. 1. South Africa2. Malaysia3. Brazil4. Venezuela The bottom line is that every Chief Compliance Officer (CCO) must now watch local politics much more closely. If you are doing business in a high-risk country and there are new leaders brought in through democratically elected regime change, your company had better be ready for a robust corruption investigation. Certainly if Malaysia, South Africa and Brazil are any indication, prosecutors from nations with new regimes may well share their findings with the US Department of Justice (DOJ). This means that regime change could lead directly to a FCPA investigation, where the disclosure was by a foreign government and not the company self-disclosing. If there is no self-disclosure, a company is not eligible for the declination under the 2017 FCPA Corporate Enforcement Policy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 9 minutes, 19 seconds
Shakespeare on Compliance - Changing Your Focus
In this episode, I want to discuss how this production changed the focus of the play, away from the madness of the king to the actions of the three daughters. Perhaps it was my perception of the play or perhaps it was the director’s intention but the focus in the first half of the play was clearly on the daughters and their families. Both Goneril and Regan played much more prominent roles throughout the first scene and their joint liaisons with Edmund, later the Earl of Gloucester, were key components of this production. Moreover, their husbands, the Duke of Cornwall and the Duke of Albany, also played prominent roles. The Duke of Cornwall, for instance his role in this production was more than the traditional highlight for him, which is the blinding of the original Earl of Gloucester. (Even in this production it still elicited gasps from the audience.) Even after the intermission, where some of the most powerful scenes in all of Shakespeare playout, including the blinded Earl of Gloucester and the mad Lear wandering the moor, this production held a distinct focus on Lear’s daughters and their families, adding in the complexity of Edmund, the new Earl of Gloucester, having an affair with Goneril while secretly pledged to wed Regan. In the most recent Harvard Business Review (HBR), Scott Berinato writes, in an article entitled “Data Science and the Art of Persuasion”, that most companies are not getting the value from data science initiatives and prescribes ways to remedy this phenomenon. Last year, at Compliance Week 2018, Hui Chen said on a panel that she expected the compliance team of the not-so-distant future would have a data scientist. As with most of her pronouncements, she was way ahead of the crowd. You must start with the premise that most CCOs and compliance professionals are legally trained, usually without any data analytics classes in law schools still operating under the Socratic Method. Even if a stat class is thrown in somewhere along the way in undergrad, grad school or even through some business school outreach to law students, that does not begin to prepare someone to understand the insights available through advanced data analytics. The key is to build a better data science operation. There are four suggestions, with the over-arching theme of defining the talents you need to understand and communicate the data. 1. The unpacking of data and creation of insights is a skill. 2. Data wrangling.3. Expertise.4. How to communicate the information.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 8 minutes, 46 seconds
Shakespeare On Compliance - Innovation
I recently saw the performance ofKing Learwith Glenda Jackson as the mad king. It was a magnificent production and if you have the chance to see, I would certainly urge you to do so. The production had many interesting features and interpretations which seemed to be great entrees into several compliance topics. The play was directed by Sam Gold and it was scored by Phillip Glass but the star power was derived from Jackson as King Lear. It was a fabulous take on the story and one that will resonate directly to our turbulent times. Therefore, inspired by octogenarian Jackson and her performance, I am going to use King Lear as a deep dive into several compliance topics this week. Today, I want to use the nature of the production, to introduce the day’s topic of innovation in compliance. Gold’s Lear production was both unique and innovative. It was quite a large stage but the lightening was used to great effect. When the director wanted to shift the action, to another group of actors or topic, the lights were simply shut off to the actors not involved. They did not have to exit the stage and then return. This allowed them to remain on stage and the action could move back and forth without disruption. The second innovation was in the use of music. While I am generally not a fan of music in Shakespeare, unless used in the original show notes, such as bugles blaring; I am not a fan of music in the performances. However there was a classical quartet which played throughout the performance that I felt truly enhanced the entire production. Finally, I normally revolt at any singing in a Shakespearian production. There were a couple of singing scenes which almost worked for me but at least they did not detract from the overall performance. I thought about this in the context of how to move compliance innovation into the corporate pantheon of greater business process efficiency when I read a recent MIT Sloan Management Review article, entitled “Grow Faster By Changing Your Innovation Narrative”, by George S. Day and Gregory P. Shea. In the article they discussed their findings that organizations that sustain growth “faster than industry rivals articulate a coherent, compelling innovation narrative and rely on four powerful levers to make it a reality.” They posited four key levers for doing so which I believe would work well for a compliance function to sustain innovative growth within an organization and with its customer base, i.e. employees. I have adapted their piece for such an exercise. The first lever is to invest in compliance talent. The second lever is encouraging prudent risk taking. The third lever is to adopt a customer centric process. The fourth lever is aligning metrics and incentives with innovation activity. The bottom line is that senior management is well-versed in the need for innovative and effective compliance. By using these four levers, a compliance practitioner can help senior managers to focus the organizations compliance efforts. The authors conclude by stating, “A growth-affirming innovation narrative and the four levers that make it manifest within a company can help leaders focus and prioritize their innovation efforts. The process of identifying and articulating the narrative is essential to understanding the culture of innovation within a company and envisioning what it can achieve. The levers bring that narrative to life. Without them, organic growth leadership in any industry is a hit-or-miss endeavor.”
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 9 minutes, 12 seconds
FCPA Compliance Report-Episode 425, the Fresenius FCPA Enforcement Action
In this episode I have back fan fav Mike Volkov. We break down the recently released Fresenius FCPA enforcement action. Some of the highlights from the podcast include: Ø A detailed discuss of the underlying facts.Ø What were the bribery schemes? Some old and some new but every compliance professional should study them.Ø How and why did Fresenius let the conduct go on for so long.Ø How was the company able to garner a NPA?Ø How did the company obtain its 40% discount for its fine and penalties?Ø Why was a monitor required?Ø What are the lessons learned from this enforcement action?Ø How does this case illustrate current Justice Department enforcement under the 2017 FCPA Corporate Enforcement Policy, as amended? To take a deeper dive into the Fresenius FCPA enforcement action, check out Mike Volkov’s three-part series on his blog site,Corruption, Crime and Compliance. You can also check out my three-part series on the FCPA Compliance Report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 28 minutes, 7 seconds
Daily Compliance News: April 8, 2019-the changing spots edition
In today’s edition of Daily Compliance News:
· Can a leopard (in this case Equifax) change its spots. (New York Times)· Investigations for Boeing mount. (Washington Post)· More corruption alleged in cricket, yet again. (BBC)· Nominee for No. 2 at DOJ faces tough Senate hearing. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/8/2019 • 6 minutes, 27 seconds
Daily Compliance News: April 6, 2019-the return on bribe (ROB) edition
APRIL 6, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Pharma exec who developed return on bribe metric goes to jury. (NPR)· Wilkie-Farr co-chair pleads guilty in admissions scandal. (Bloomberg)· How the Nordic banks came to grief in the Baltics. (FT-Big Read)· Schlumberger in trouble over sanctions violations again. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/6/2019 • 6 minutes, 27 seconds
Daily Compliance News: April 5, 2019-the I feel very much loved edition
APRIL 5, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Judge gives SEC and Musk 14 days to settle their differences. (New York Times)· 3 drug companies settle FCA claims for $122MM. (Wall Street Journal)· 7 key considerations for M&A site visits. (Merrill blog)· Top 10 most interesting expense reimbursement claims. (Corporate Compliance Insights)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/5/2019 • 6 minutes, 28 seconds
Daily Compliance News: April 4, 2019-the Bigot Law edition
APRIL 4, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Wynn Casinos said to have hidden claims against Steve Wynn. (New York Times)· Is your airline watching you? (New York Times)· Hertz goes after former execs for restatement costs. (Compliance Week)· Texas senate passes Bigot Law. (Houston Chronicle)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/4/2019 • 6 minutes, 27 seconds
Everything Compliance-Episode 44, the April is Here edition
Welcome to the only roundtable podcast in compliance. Today, in Episode 44 Tom Fox sits in for Mike Volkov, who is on assignment. Jonathan Armstrong discusses a recent presentation he saw by the OECD on some of the key and current numbers on the global fight against bribery and corruption. Jonathan shouts out to Nicola Howard QC for her work on DPAs in the UK and the British Airways for its pizza delivery service from London to Lagos.Matt Kelly details the recent SEC whistleblower award to two individuals of $50MM. There were multiple claimants and the award detailed what the SEC values in terms of information. He also discusses the award in the context of the Trump administration’s attempt to gut the SEC whistleblower program. Matt rants on the unqualified Trump nominee for the Fed, Stephen Moore.Jay Rosen talks about how the #MeToocontinues to resonate in Hollywood as yet another studio executive is forced to resign. This time the scandal is not about power over another but about the conflicts which arise when some in a relationship uses his power to promote his paramour over others. It is also about how the studio internal investigations continue to clear the studio execs of any wrongdoing. Jay shouts out to Matt Kelly for attending the SCCE Regional event in Boston.Tom Fox, sitting in for Mike Volkov discusses a compliance-based solution to help manage the opioid crisis. He shouts out to (now) former Wells Fargo CEO Tim Sloan for admitting the abysmal job he did in the wake of the fraudulent account scandal by resigning and rants on Wells Fargo which cannot seem to move beyond the scandal.The members of the Everything Compliance panelist are:Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected] Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected] Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected] Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/4/2019 • 53 minutes, 55 seconds
Compliance into the Weeds: Episode 117-Wells Fargo Update
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into resignation of now former Wells Fargo CEO Tim Sloan. We use his departure as a starting point to discuss some of the issues which continue to bedevil the organization some three years after the original fraudulent accounts scandal broke. Some of the highlights include: Ø Another tough Congressional hearing, another Wells Fargo CEO resigns. Ø Why can’t Wells Fargo turn around its culture?Ø Should an outsider (IE., non-long term Wells Fargo employee be brought in to right the ship?Ø What is the difference in high-performing and high-pressure organizations?Ø Why does Wells Fargo continue to resist whistleblower retaliation claims?Ø Does Wells Fargo treat its customers as it treats its employees?Ø What draconian sanctions are the OCC and Fed considering?Ø What can Wells Fargo do to actually change its culture? If you are in Houston on Friday, please plan to attend the South Texas College of Law 2019 Symposium on Compliance in international Corporate Legal Practices – Legal Development and the Talent Needs of the Future. Information and registration details available here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/3/2019 • 22 minutes, 22 seconds
Daily Compliance News: April 3, 2019-the trial of the century begins edition
In today’s edition of Daily Compliance News:
· Trial of ex-Malaysian PM Najib Razak to begin. (The Guardian)· Shocked, just shocked to find out drug company pushed opioids. (NPR)· Former Colombia official convicted of bribing government officials on behalf of Odebrecht. (Colombia Reports)· UK’s Financial Reporting Council will examine KPMG. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/3/2019 • 6 minutes, 27 seconds
IMPACT2019, Amy Edmondson on Creating a Safe Workspace
In this episode I visit with Amy Edmondson about her upcoming keynote speech at IMPACT2019, entitled “The Fearless Organization: Creating Psychological Safety for Learning, Innovation, and Growth”. Some of the highlights from the podcast include: 1. Beginning in the 1990s Edmondson began research how organizations are made better by creating safe spaces for employees to speak up.2. Why listening is the key trait for every leader. 3. Your organization can have stretch goals but you must have open ears.4. How failure to listen to employees who speak up can cause business losses.5. Information on why you should attend ECI’s IMPACT2019.
Resources: Amy Edmondson LinkedInprofileRegistration and Information on IMPACT2019 here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2019 • 14 minutes, 50 seconds
Daily Compliance News: April 2, 2019-the FB mea culpa edition
In today’s edition of Daily Compliance News:
· Is it illegal to do business with corrupt governments? (New York Times)· Does PG&E really want a judge running its business? (Hint-no). (Wall Street Journal)· Mark Zuckerberg asks for more regulation. (Wall Street Journal)· Anti-Corruption lawyer elected PM of Slovakia? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2019 • 6 minutes, 27 seconds
Are You Creating Barriers to Your Art?
On this episode of the Modern Medium Podcast, we are exploring barriers: might artists inadvertently create these barriers to their art? And how does this affect its experience?
Barriers
Barriers can be anything: a blind person who can’t see the art, or someone with a learning disability who might not understand the art in the way that it was intended. But they can still experience art in other ways that you might not expect, and so in this way, art can be accessible to anybody. It’s just a matter of creating that space.
On communicating
Art is not always going to be clearly communicated across all platforms. It might offend. It might cause stress or tension. And that’s part of the learning process as both artist and viewer: each of our experiences are different, and so the ways in which we access art will naturally be different too. As artists, we can’t control how people will react, so a big thing is keeping your art true to yourself.
Being true to yourself
Trying to communicate what’s inside of you is in itself a barrier: it’s going to reach some people and not others. There might be backlash. As an artist, it’s a balancing act of staying true to yourself and the art that you practice, but keeping in mind that not everybody will be able to access it. By virtue of understanding that, artists can grow and change their art — but it’s important not to censor it.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/1/2019 • 9 minutes, 14 seconds
FCPA Compliance Report-Episode 424, David Childers on the New ECI Self-Assessment Tool
In this episode I visit with David Childers, the Senior Vice President at Ethics & Compliance Initiative (ECI). We discuss ECI’s High-Quality Ethics & Compliance Program (HQP) Self-Assessment Tool. Some of the highlights from the podcast include: What are the 5 Principals of a HQP? They include: Strategy, Risk Management, Culture, Speaking Up and Accountability.
What are the 5 operational areas of an E&C program? They include:E&C is central to business strategyE&C risks are identified, owned, managed and mitigated Leaders at all levels across the organization build and sustain a culture of integrityThe organization encourages, protects and values the reporting of concerns and suspected wrongdoing The organization takes action and holds itself accountable when wrongdoing occursWhat is the design of the Self-Assessment tool? While the methodology is fairly complex, for the participant it is only 107 multiple choice questions and it takes less than 30 minutes to complete.What is it designed to measure? The HQP Assessment measures program maturity based on a combination of questions regarding 27 operating components and more than 100 program practices.
What are the four categories of reporting information for each principal? They include:(1) What to measure/review; (2) Questions to consider ; (3) Potential sources of information and (4) Leading practices illustrative of HQPs. What are the five-point scale for program maturity? Program maturity is based on five levels, which are represented on a 0-100 scale. · UNDERDEVELOPED· DEFINING· ADAPTING· MANAGING· OPTIMIZINGThe HQP Assessment tool is a measure of where an organization believes their E&C program operates based on the five principles. The assessment can be used in several ways. We have organizations that are looking for program improvement. The assessment can be a baseline for measured improvement. It can also be a qualification. As we said this isn’t about a score. In some industries, being at the managing level of maturity may be sufficient for their risk. Most of all it is a great way to create dialog and discussion with your leadership using a definitive measure of your program. How will ECI use this information going forward? We are already seeing important trend and insights from the data. We will introduce many of these findings are our Annual Conference in Dallas, and we are developing working groups within our membership to explore some the findings to refine best practices and guidelines for program improvement. For more information on the ECI Self-Assessment Tool, go to www.ethics.org Registration and Information on IMPACT2019 here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/1/2019 • 22 minutes, 30 seconds
Daily Compliance News: April 1, 2019-the Not April Fool’s edition
In today’s edition of Daily Compliance News:
· GOP congressmen threaten to kill NAFTA 2. (Washington Post)· CBS Credit Union shut down as one employee embezzled $40MM. (Deadline)· Scott Moritz on why every college should now perform a root cause analysis. (Proviti)· What does Occam’s Razor have to do with blockchain? (McKinsey White Paper)
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/1/2019 • 6 minutes, 27 seconds
Daily Compliance News: March 30, 2019-the Sackler family sued edition
In today’s edition of Daily Compliance News:
Wirecare in deep trouble. (Financial Times)Nissan was in big trouble and still may be. (New York Times)New York state sues Sackler family directly. (Wall Street Journal)PG&E needs compliance on its Board. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/30/2019 • 6 minutes, 27 seconds
This Week in FCPA-Episode 148 – the Hope Springs Eternal edition
As Opening Day near and the Astros are predicted to unseat Jay’s Red Sox to win the 2019 World Series, both lads are eternally hopeful for their hometown heroes. While debating this issue, they also take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.
1. Former Hong Kong official sentenced for FCPA violations. 2. SEC awards two whistleblowers $50MM. Kristin Broughton in the. Matt Kelly takes a deep dive. Doug Cornelius gets snarky. Jonathan Marks weighs in. 3. Jonathan Ruschand William Weaverdebate whether corruption can be measured. Both on the FCPA Blog. 4. Was it fraud or was it incompetency? The HP v. Autonomy civil trial begins in London. 5. What is the difference in whistleblowing and extortion? Joe Mont explains.6. What are your supply chain risks? Russ Berland explores in Part 1 of a two-part blog post. 7. Looking at enforcement of financial market crimes in Canada and UK. Anita Anand reports. 8. What steps can you take to reduce whistleblower retaliation? Matt Kelly opines. 9. OECD slams Canadian government for interfering in SNC-Lavalin corruption investigation. Jonathan Rausch reports.10. Join Tom and AMI’s Jesse Caplan for a 5-part exploration of emerging issues in healthcare compliance and monitoring. 11. In Houston on April 11? Join the Greater Houston Business and Ethics Roundtable for a presentation for one year look back on GDPR. Registration and information are here. 12. Check out the latest edition of Great Women in Compliance where Mary Shirley visits with Marianne Ibrahim. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2019 • 44 minutes, 35 seconds
Daily Compliance News: March 29, 2019-the out like a lamb edition
MARCH 29, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· JPMorgan under fire for bribery in Nigeria. (New York Times)https://www.nytimes.com/2019/03/28/business/jpmorgan-nigeria.html· Black and Decker settle Iranian sanctions case. (Wall Street Journal)· Having failed to change its culture, Wells Fargo CEO quits, effective immediately. (NPR)· Swedbank President fired over money-laundering scandal. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2019 • 6 minutes, 27 seconds
Daily Compliance News: March 28, 2019-the SFO sued edition
MARCH 28, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· What is your cybersecurity rating? (Wall Street Journal)· Trump tweets on North Korea sanctions as coverup for incompetence? (Washington Post)· SFO sued for investigation. (FinancialTimes)· Russian money laundering scandal spreads to Sweden. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/28/2019 • 6 minutes, 27 seconds
Life With GDPR: Episode 24- Phishing
In this episode, I visit with Jonathan Armstrong consider the increasing business risk around phishing. There have recently been some multi-million-dollar losses around phishing so you need to be prepared. Some of the issues and highlights are: What is phishing? The largest number of data breach have come through phishing. Why has it become such a business risk?What are the requirements a company take against phishing under GDPR?What are the three key concepts in data protection?Modern phishing attacks are very sophisticated.What are some of the most intricate frauds seen in this area? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/28/2019 • 17 minutes, 7 seconds
Compliance into the Weeds: Episode 116-Brexit Risks
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/27/2019 • 20 minutes, 38 seconds
Daily Compliance News: March 27, 2019-the Autonomy trial begins edition
MARCH 27, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Former Autonomy CEO goes to trial in UK. (The Register)· Want credit in FCPA sentencing? Engage in random acts of kindness while in jail. (New York Times)· SEC pays whistleblowers $50MM. (FCPA Blog)· Stormy Daniels lawyer charged with attempted extortion. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/27/2019 • 6 minutes, 27 seconds
Daily Compliance News: March 26, 2019-the UK AG edition
MARCH 26, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Why is UK Attorney General sitting on Airbus corruption case? (The Guardian) · Ex-HK official sentenced to jail for FCPA, AML violations. (FCPA Blog)· Duke pays over $110MM for filing false research grant applications? (New York Times)· Charitable institutions to Sacklers: We don’t want your money. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/26/2019 • 6 minutes, 27 seconds
Setting the Right Tone from the Top
The board of directors, in concert with the CEO and others, set the tone and conduct for corporate behavior throughout the organization, and is the most important element for promoting honesty in a company. In this episode, we’re talking about tone and conduct from the top.
Trends
Corporate greed at the executive level has destroyed hundreds of companies. Many CEOs over the years have been sued over white collar crimes, and this sends a clear — though perhaps unintentional — message to their employees that committing fraud is acceptable, so long as it makes the company seem acceptable.
That’s simply not the case, and is a prime example of setting the wrong tone and conduct from the top. At the same time, there are no regulatory rules or accounting standards that define exactly what the tone and conduct at the top should be.
So we need to be mindful. When our companies are doing really well, we might slip into “Perfect Place Syndrome," and all the hard work and effort you put into building a company culture that is mindful of ethical breakdowns could be wiped out in an instant.
Gaps
The control environment: This is key to setting the right tone and conduct of the organization, because it influences the control consciousness of its people. For example, do you have a Code of Business Conduct and Ethics?
A commitment to competence: Don’t take shortcuts, and don’t hire people that don’t fit within your organization.
Board of Directors and audit committees: Are they engaged? Do they ask questions and take appropriate action?
Management philosophy and operating style: This needs to place a high value on risk assessment and internal control and, more importantly, encourage a “speak up” environment. If people feel like what they’re going to say will fall on deaf ears, they may not speak up at all.
Well-defined organizational structure: Do people know what their roles and responsibilities are? How about their reporting channels and the communication protocols?
Appropriate assignments and authority and responsibility: Are there well-defined duties that are appropriately segregated to prevent and detect errors or fraud?
Human resources: Your recruiting and retention policies and practices should ensure that human capital is valued.
Chief Executive: The buck stops with them. They have the ultimate responsibility for the internal control system, and a positive control environment is a big part of maintaining effective internal controls.
Challenges
It is crucial for company success for executives and management to set an example of ethical behavior on the job, otherwise, they are creating an entire organizational culture of fraud.
ABC Theory of Fraud: You have one bad apple, you create a bad bunch, and the next thing you know, you have a bad crop. So what should have been an isolated incident may manifest itself in other parts of your organization. When employees are under pressure to meet unrealistic goals, they’re often faced with a choice of whether or not to do whatever it takes, no matter how improper, to achieve those goals.
Solutions
Personnel changes are not always warranted. Education and formal training in some cases might accelerate the general adoption of a more ethical corporate culture in an organization. It is really important that senior management position themselves to communicate to employees what is expected of them, lead by example, and provide a safe mechanism for reporting violations and rewarding integrity. Employees need to see management demonstrating a commitment to their ethics principles. The message must be communicated consistently and reinforced with actions.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 16 minutes, 32 seconds
Making Art a Sensory Experience
On this episode of the Modern Medium Podcast, we’re exploring our senses: while it’s common for art to have visual and aural components, we don’t normally think about art in terms of smell, taste, or touch. But art is supposed to imitate life, and within life, we experience these all at once. How then can we make art a sensory experience?
It’s easy to be visual, as a lot of art already is. Visiting art galleries or museums is typically a visual experience, seeing the paintings or sculptures and experiencing them from a distance.
But one thing that’s interesting about those spaces is that they’re usually silent. Why is there no sound? Why are we hearing people just shuffling around? Paris shares about a project she did, where she recorded audio snippets of her morning rituals, experiencing that routine through sound. We don’t normally think of audio outside of music, but you can easily tell a story through the things you hear on the street.
When you touch something, you’re going to understand it in a different way. If it feels different from what you’re picturing, that can change the piece’s tone, energy, or the way you view it. Art that incorporates touch has the power to change the story.
It’s important to consider all five senses when you’re creating anything. And it’s important to consider not only what senses you're activating, but how the that might be different for different people, because we all come with our different preconceived notions and experiences.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 10 minutes, 38 seconds
Daily Compliance News: March 25, 2019-the would you do business with this man edition
MARCH 25, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Jeff Skilling wants you to invest your money with him. What could go wrong? (Wall Street Journal) · Most bitcoin trading is faked. (Wall Street Journal)· What do sanctions mean anyway? (Wall Street Journal)· Two charitable donations rejected, Sackler family trying to settle OxyContin lawsuits. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 6 minutes, 27 seconds
Emerging Issues in Healthcare Compliance and Monitoring-Episode 2- Focus on Opioid Prescribing – Identifying and Mitigating the Risks
In this special five-part podcast series, sponsored by Affiliated Monitors, Inc., I visit with AMI Managing Director Jesse Caplan on emerging issues in healthcare compliance and monitoring. In Episode 1, Jesse Caplan discussed the many different types of potential regulatory and liability risks healthcare provider organizations and practices face in connection with the prescribing of opioids. In this Episode, we discuss how healthcare organizations can identify and mitigate the risks from opioid prescribing by their practitioners. Some of the issues considered are:
What can healthcare organizations, and particularly their compliance departments do to identify and mitigate the risks from opioid prescribing?
Can you give us some examples of deficient opioid prescribing practices by, otherwise, experienced and caring physicians?
What help is available to healthcare organizations to address these risks?
Do monitoring firms like AMI provide these types of proactive assessments of opioid prescribing programs and practices?
Join us for Episode 3, where we discuss the expanding use of independent monitors by health regulators.
For more information on Affiliated Monitors, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 15 minutes, 28 seconds
Emerging Issues in Healthcare Compliance and Monitoring-Episode 4 - Independent Integrity Monitoring of Healthcare Organizations
In this special five-part podcast series, sponsored by Affiliated Monitors, Inc., I visit with AMI Managing Director Jesse Caplan on emerging issues in healthcare compliance and monitoring. In the Episode 3, we discussed how independent monitoring can serve important public policy goals in the healthcare industry. In this Episode 4, we consider examples of independent monitoring involving healthcare organizations or systems.
How do healthcare organizations or the agencies that regulate them may use monitoring in connection with significant business transactions – as opposed to law enforcement or disciplinary proceedings.
What are some examples of where organizations and government regulators have jointly agreed to use an independent firm to monitor implementation and compliance with conditions of a healthcare transactions?
Join us for our final installment, Episode 5, where we tie it all together by discussing how to use an independent integrity monitor in a proactive approach that can lead to greater business efficiency and profitability.
For more information on Affiliated Monitors, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 16 minutes, 43 seconds
Emerging Issues in Healthcare Compliance-Episode 5, Proactive Monitoring
In this special five-part podcast series, sponsored by Affiliated Monitors, Inc., I visit with AMI Managing Director Jesse Caplan on emerging issues in healthcare compliance and monitoring. In the previous episodes, we considered how healthcare organizations can benefit by having an independent compliance expert – a fresh set of eyes, so to speak – evaluate the organization’s compliance program. We explored the emerging risks involved in opioid prescribing and how organizations can mitigate that risk by pro-actively assessing the prescribing practices of their physicians and physician extenders. In this final episode we discuss how an independent integrity review can be helpful for organizations that may be facing actual or potential compliance issues. We consider some of the following:
Can independent integrity review and monitoring be helpful where a healthcare organization may have reason to believe it has an actual or potential compliance problem, but has not yet been subject to an enforcement action or a corporate integrity agreement imposed by the government?
How can engaging an independent integrity monitor help an organization in dealing with an enforcement agency?
Why do government enforcement and regulatory agencies prefer not to exclude important health care providers who have compliance issues?
For more information on Affiliated Monitors, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 18 minutes, 27 seconds
Emerging Issues in Healthcare Compliance and Monitoring-Episode 1 –Focus on Opioid Prescribing – Regulatory and Liability Risks
In this special five part podcast series, sponsor by Affiliated Monitors, I visit with Jesse Caplan, Managing Director at AMI on emerging issues in healthcare compliance and monitoring. Healthcare provider organizations and practices face many different types of potential regulatory and liability risks – in this first episode we focus on the risks posed by opioid prescribing. We consider the some of the following issues:
>What are the risks to providers and health care organizations from opioid prescribing? >What has been the response of the Department of Justice? >What are legislators and regulators doing to address the opioid crisis? >Can you tell us a little more about the legal and regulatory framework impacting opioid prescribing?
>What should be the primary compliance concerns for healthcare organizations in connection with the opioid crisis?
Join us for Episode 2, where we discuss how healthcare organizations can identify and mitigate the risks from opioid prescribing.
For more information on our sponsor Affiliated Monitors, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 19 minutes, 5 seconds
FCPA Compliance Report-Episode 423, Sarah Hadden on the New CCI
In this episode I visit with Sarah Hadden, the new Editor-in-Chief at Corporate Compliance Insights (CCI). We discuss her professional background in journalism and her journey to becoming EIC at Corporate Compliance Insights. Some of the highlights from the podcast include: 1. Her professional background as a journalist and how it informs her thinking for CCI.2. What drew her to CCI and the compliance space?3. Her ascension to the EIC role at Corporate Compliance Insights.4. How did CCI accomplish content marketing?5. What do you hope to accomplish with CCI?6. The CCI website recently went through a face-lift. What are some of the key elements of this new look?7. Why is CCI “not a house cat anymore”?8. Where can listeners go for more information?9. Calling all authors-CCI looking for new contributors Resources: Check out the newly redesigned CCI Website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 17 minutes, 7 seconds
Emerging Issues in Healthcare Compliance and Monitoring-Episode 3-Expanded Use of Independent Monitoring by Health Regulators
In this special five-part podcast series, sponsored by Affiliated Monitors, Inc., I visit with AMI Managing Director Jesse Caplan on emerging issues in healthcare compliance and monitoring. In this Episode, Jesse Caplan discusses how health regulatory agencies are using independent monitoring to serve important public policy goals – specifically to help ensure a ready supply of quality healthcare providers, particularly for government programs like Medicaid and Medicare.
We consider some of the following issues:
In previous episodes, you and your colleagues at affiliated monitors have talked about how independent monitoring can effectively and efficiently extend the ability of government regulators to oversee healthcare providers and organizations. can you explain some more about how independent monitors can serve this purpose?
In most cases, a monitor has to be approved by the government regulator or enforcement agency – what’s the value to the government of approving a monitoring relationship?
What about the healthcare organization – what are the benefits of an independent monitoring situation?
Can you give us some recent examples of where healthcare regulators are using independent monitors in different contexts?
Join us for Episode 4, where we discuss independent integrity monitoring of healthcare organizations or systems.
For more information on Affiliated Monitors, check out their website here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/25/2019 • 14 minutes, 15 seconds
Daily Compliance News: March 23, 2019-the who’s on your Board edition
MARCH 23, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Should safety be a ‘nice to have’? (New York Times)· Boeing loses first contract for 737 MAX jets. (Wall Street Journal)· Unrepentant Rujat Gupta says jury got it wrong, he never violated the law. (New York Times)· What is his compliance experience? Shaq joins the Papa John Board of Directors (Business Insider)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/23/2019 • 6 minutes, 27 seconds
IMPACT 2019- Sam Silverstein on Accountability
In this episode I visit with Sam Silverstein about his upcoming keynote speech at IMPACT 2019, entitled “Inspiring Accountability at Every Level”. Some of the highlights from the podcast include: 1. Why Silverstein believes that “Accountability is the Highest Form of Leadership”Ô.2. The problems he sees with the way companies talk about “accountability”. 3. How accountability can create impact and influence for your organization through a leader’s values. 4. How accountability enhances corporate culture and improves the organization.5. Information on why you should attend ECI’s IMPACT2019. Resources: Sam Silverstein bio hereSam Silverstein website, on how to lead with accountability hereRegistration and Information on IMPACT 2019 here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/22/2019 • 13 minutes, 58 seconds
Daily Compliance News: March 22, 2019-the my bracket is already blown edition
MARCH 22, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Google & Facebook defrauded to the tune of $100. (Wall Street Journal)· Too scared to drink Miller Lite? (New York Times) · Corporate execs trading on insider information? I’m shocked. (Financial Times)· K-Pop scandal rocks South Korea. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/22/2019 • 6 minutes, 27 seconds
IMPACT 2019, Tony Brigmon on Joy and Laughter
In this episode I visit with Tony Brigmon about his upcoming keynote speech at IMPACT 2019, entitled “The Funomenal Workplace: Energizing People & Culture with the Positive Power of Fun”. Some of the highlights from the podcast include: 1. Tony’s professional history at SW Airlines as the “Ambassador of Fun”. SW is generally recognized as one of the most fun places to work in the US.2. Why joy and laughter are keys to a great corporate culture. 3. Some thoughts from his book “The FUNOMENAL WORKPLACE: Energizing People & Culture with the Positive Power of Fun!”4. How a fun workplace enhances corporate culture and improves the organization.5. Information on why you should attend ECI’s IMPACT 2019. Resources: Tony Brigmon website hereRegistration and Information on IMPACT 2019 here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2019 • 12 minutes, 41 seconds
Daily Compliance News: March 21, 2019-the Google spanked edition
MARCH 21, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Chuck Pearson pleads guilty. (France24.com) · USC goes after the students fraudulently admitted. (NPR)· EU spank Google to the tune of $1.5bn for anti-trust violations. (Financial Times)· Bayer stock plummets. (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2019 • 6 minutes, 27 seconds
Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball
In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are: Drones-what are the GDPR implications. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road? What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2019 • 28 minutes, 30 seconds
Compliance into the Weeds: Episode 115-Regulatory Capture and Regulatory Approval at the FAA
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into the circumstances around the FAA approval process regarding the Boeing 737 MAX in the context of the crash in Ethiopia. Some of the highlights include: Ø What was the process by which the plane was approved by the FAA?Ø How did the Boeing CEO persuade President Trump to prevent the FAA from grounding the Boeing fleet during the investigation process?Ø Why did the Ethiopian government send the plane’s black box to France, rather than the US, for analysis?Ø How did the US lose the world’s leadership in aviation safety?Ø Where was Boeing’s compliance function during all of this?Ø What are the lessons for the compliance practitioner? For additional reading, see articles discussed in this podcast: 1. In the Seattle Times, Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system, by Dominick Gates2. In the Wall Street Journal, Prosecutors, Transportation Department Scrutinize Development of Boeing’s 737 MAXby Andrew Tangel, Andy Pasztor and Robert Wall3. In Slate.com, Where Did Boeing Go Wrong? by Jeff Wise.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/20/2019 • 27 minutes, 7 seconds
Daily Compliance News: March 20, 2019-the Risky Business edition
MARCH 20, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Cambridge Analytica cover up? (The Daily Beast) · SEC ‘stunned’ Musk violated court order. (Bloomberg)· Japanese Olympic Committee head resigns amid bribery scandal. (Fox Sports)· It’s risky business to loan money to Donald Trump. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/20/2019 • 6 minutes, 27 seconds
Daily Compliance News: March 19, 2019-the filling out my bracket edition
MARCH 19, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Of money laundering and cars in Ireland. (Irish Mirror)· Warner Brothers head to step down due to an inappropriate relationship. (Wall Street Journal) · Feds open criminal investigation into Boeing regulatory approval of 737Max. (Wall Street Journal)· FDIC settles with PwC. (MarketWatch)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/19/2019 • 6 minutes, 27 seconds
Freud and Fraud
On this episode, we’re putting Freud to fraud and getting inside the minds of crooks. Today’s white collar criminals have decades of technological evolution at their fingertips, creating new opportunities for fraudsters to inflict crippling loss to organizations. Which means it’s time to update and expand the elements of the traditional Fraud Triangle, to account for this new and vastly different world.
The Fraud Pentagon
Donald Cressey created the original concept of the Fraud Triangle way back in the 1950s to explain why someone might decide to commit fraud. The three original elements of the triangle are Pressure, Opportunity, and Rationalization, but we need to be gravitating more toward the advanced meta-model of fraud which also considers the act of concealment strategy and the conversion piece.
This introduces two new elements to the Fraud Triangle, expanding it into the Fraud Pentagon:
Arrogance, especially unchecked arrogance, enables individuals to see themselves as superior or entitled to the point where policies and laws simply do not apply to them.
Competence contributes in two ways: a greater understanding of procedures expands on the Fraud Triangle’s Opportunity element, but it also enables them to create a wall of trust that shields them from suspicion.
Get inside the mind of a fraudster
Let’s take a look at Sam Antar, the CFO of Crazy Eddie.
For Antar, arrogance was not only the foundation on which Crazy Eddie was built, it was the soil on which the seeds of fraud were planted. Most people aren’t willing to start a public company for the main purpose of defrauding the public, and as far as this fraudster goes, it takes a real amount of arrogance to do that.
His actions also perfectly represent the two ways a fraudster can use competence to steal. He knew the business of accounting and how to socially control the situation to Crazy Eddie’s advantage. He was a nice guy. He knew he had to get people to like him, trust him, and respect him to lower their levels of skepticism. If you’re nice to people, they’ll be nice to you — like looking away or not asking the tough questions.
What you can do
By utilizing all five elements, you’re going to be more able to identify potential risks beyond legitimate individuals who simply have arrogance and competence as part of their persona.
First, start with a hands-on cultural assessment to determine the ethical pulse of your organization. Next, make it known to your board and ethics team that you have zero fraud tolerance within the organization, including at the top. Finally, make periodic checks to monitor the pressure points and values that affect individual behaviors.
Final thoughts
We need to pay more attention to the human element of fraud. In doing so, we’ll understand fraud a lot better and be able to build more effective controls.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 15 minutes, 5 seconds
Incorporating Time into Art
On this episode of the Modern Medium Podcast, we’re talking about a medium not often thought about in the art field: time. How can we incorporate this into art, and what might that look like?
Time-based art
Time-based art can contain anything. It can be oral or visual — whatever you can incorporate into a specific amount of time. Movies, for example, are time-based, as you experience it for an hour and a half or two hours.
The influence of time
The thing that Paris likes most about time is how it can be ritualistic. You can get time anywhere: over the course of a day or a year, or as in an art exhibition where two people live their daily lives for nine months physically attached to each other.
On top of that, time brings to mind how things are going to change: some things are not necessarily always going to end the way they began. It’s easy to fall into our own ritual; we don’t believe time is going to change us, but 40 or 50 years later, we’re asking ourselves how we got here because this isn’t where we began.
Some examples of time-based art
In photography, artists have done the thing where they take a photo of themselves 365 days a year and you end up with a wall of prints of how you’ve changed within that time.
Paris’s personal project is on feelings and emotions. Every day this term, she’s been writing a definitive statement about the way that she is; an “I am _____” statement. It’s her way of coming back to herself and becoming more grounded and fully understanding where she’s at. At the end of the term, she will stitch each statement together, creating a compiled sense of who she was and is.
In terms of graphic design, what we think of on our computer and phone screens as permanent really aren’t. That in itself is a sort of time-based art. We don’t know how long we’ll have these things because they’re not tangible.
Our social media platforms are ways to share our own time-based art, because you’re getting this very selective, very narrow snapshot of what someone is experiencing at that specific time.
Thinking about time
Pick a sense, and spend 24 hours being fully aware of it. For example, what are the sounds that you experience when you go to class? As you go home? Or commute to work? Just begin to acknowledge the way you’re moving through time, because it’s easy not to think about.
Documentation is also critical: it’s easy to experience and acknowledge these things, but how are you going to see how they’ve changed over time if you don’t document it?
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 11 minutes, 42 seconds
Daily Compliance News: March 18, 2019-the selection Monday edition
MARCH 18, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Bribery and tax breaks, only in America? (Washington Post) · When you snow plough what does it teach? (New York Times) · Victoria Beckham lunches with the FT. (Financial Times)· Why are mid-sized companies such cyber-security risks? (Houston Chronicle)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 6 minutes, 27 seconds
MTS Foreign Corrupt Practices Act Enforcement Action: Part V – Lessons Learned
We are on Episode V of a five-part exploration of the recent the Department of Justice and Securities Exchange Commission resolution of a Foreign Corrupt Practices Act enforcement action against the Russian telecom company, MTS. In this episode, I conclude with the lessons learned for the compliance professional. Today we focus on four key lessons: (1) due diligence, (2) business justification, (3) business valuation and (4) the long road of bribery.
The documents which are the subject of this series are:
MTS Deferred Prosecution Agreement (DPA);MTS Criminal Information (MTS Information);SEC Cease and Desist Order (Order);Karimova and Akhmedov Indictment (Indictment);Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); andKolorit Dizayn Ink Information (Kolorit Information);DOJ Press Release andSEC Press Release.For additional reading see the blog post, "MTS FCPA Settlement and Karimova Indictment: Part V – Lessons Learned"
Learn more about your ad choices. Visit megaphone.fm/adchoices
In a stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the Department of Justice and Securities Exchange Commission both announced settlement of a Foreign Corrupt Practices Act (FCPA) enforcement action against the Russian telecom company, Mobile TeleSystems PJSC (MTS). This podcast continues a five-part series will examine the background facts of the case, provide a detailed review of the bribery schemes involved, the compliance failures of MTS and its actions during the investigation which contributed to the size of the penalty, the individual criminal prosecutions brought by the Department of Justice as a part of this action and the key lessons learned by the compliance practitioner. In this Part 2, I consider the bribery schemes used by MTS to pay the bribes and Karimova to receive the bribe payments.
The documents which are the subject of this series are:MTS Deferred Prosecution Agreement (DPA);MTS Criminal Information (MTS Information);SEC Cease and Desist Order (Order);Karimova and Akhmedov Indictment (Indictment);Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); andKolorit Dizayn Ink Information (Kolorit Information);DOJ Press Release andSEC Press Release.For additional reading see the blog post, "MTS FCPA Settlement and Karimova Indictment: Part II - The Bribery Schemes"
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 10 minutes, 32 seconds
MTS Foreign Corrupt Practices Act Enforcement Action: Part III – Missed Red Flags and Overridden Controls
In a stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the Department of Justice and Securities Exchange Commission both announced settlement of a Foreign Corrupt Practices Act (FCPA) enforcement action against the Russian telecom company, Mobile TeleSystems PJSC (MTS). This podcast continues a five-part series will examine the background facts of the case, provide a detailed review of the bribery schemes involved, the compliance failures of MTS and its actions during the investigation which contributed to the size of the penalty, the individual criminal prosecutions brought by the Department of Justice as a part of this action and the key lessons learned by the compliance practitioner. In this Part 3, I discuss the failures in the MTS compliance regime, the override of internal controls and local business unit management actions which facilitated the bribery schemes.
The schemes involved:
a. Purchase of entities controlled by or through Karimova;
b. Purchase of telecom licenses at inflated prices; and
c. Fraudulent charitable donations.
The documents which are the subject of this series are:MTS Deferred Prosecution Agreement (DPA);MTS Criminal Information (MTS Information);SEC Cease and Desist Order (Order);Karimova and Akhmedov Indictment (Indictment);Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); andKolorit Dizayn Ink Information (Kolorit Information);DOJ Press Release andSEC Press Release.For additional reading see the blog post, "MTS FCPA Settlement and Karimova Indictment: Part III – Missed Red Flags and Overridden Controls"
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 11 minutes, 18 seconds
FCPA Compliance Report-Episode 422, Vera Cherepanova
In this episode I visit with Vera Cherepanova author of the book, “Compliance Program of an Organisation”. We visit about her recent article on the FCPA Blog and its implication. Some of the highlights from the podcast include: 1. Cherepanova’s unique professional background. 2. What led to her to pen the recent article in the FCPA Blog, “Who's to blame? The bad apple or the barrel?”3. What are the differences in the ‘situation perspective’ and the ‘personality perspective’?4. How do group dynamics inform corporate decision making?5. How can a compliance program be designed to prevent nefarious group think which might lead to bribery and corruption?6. Why is the myth of the rogue employee just that, a myth? Resources: FCPA Blog post “Who's to blame? The bad apple or the barrel?”Studio Etica websiteLinkedIn Profile
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 22 minutes, 31 seconds
MTS Foreign Corrupt Practices Act Enforcement Action: Part IV – the Individual Indictments
We are on Episode IV of a five-part exploration of the recent the Department of Justice and Securities Exchange Commission resolution of a Foreign Corrupt Practices Act enforcement action against the Russian telecom company, Mobile TeleSystems PJSC (MTS). In this episode, I look at the individual indictments, which charged Gulnara Karimova, daughter of the former President of Uzbekistan, with one count of conspiracy to commit money laundering and Bekhzod Akhmedov, a former MTS executive based in Uzbekistan with FCPA violations of one count of conspiracy to violate the FCPA, two counts of violating the FCPA, and one count of conspiracy to commit money laundering.
The indictment discussed the three companies who paid bribes to Karimova, who then laundered the money on the international stage. They were VimpelCom Ltd. (now VEON Ltd.), Telia Company AB (formerly TeliaSonera AB) (Telia) and MTS. The schemes Karimova used were so similar as to be almost identical. The only thing that changed was the name of the company she was shaking down money from in her march towards receiving over $1 billion in ill-gotten payments.
The documents which are the subject of this series are:MTS Deferred Prosecution Agreement (DPA);MTS Criminal Information (MTS Information);SEC Cease and Desist Order (Order);Karimova and Akhmedov Indictment (Indictment);Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); andKolorit Dizayn Ink Information (Kolorit Information);DOJ Press Release andSEC Press Release.For additional reading see the blog post, "MTS FCPA Settlement and Karimova Indictment: Part IV – the Individual Indictments"
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 10 minutes, 53 seconds
MTS Foreign Corrupt Practices Act Enforcement Action: Part I-Introduction
In a stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the Department of Justice and Securities Exchange Commission both announced settlement of a Foreign Corrupt Practices Act (FCPA) enforcement action against the Russian telecom company, Mobile TeleSystems PJSC (MTS). (See both the DOJ Press Release and SEC Press Release.) The FCPA enforcement action came in at $850 million which makes it Number 3 in the Top 10 of all-time FCPA settlements. This podcast opens a multi-part series will examine the background facts of the case, provide a detailed review of the bribery schemes involved, the compliance failures of MTS and its actions during the investigation which contributed to the size of the penalty, the individual criminal prosecutions brought by the Department of Justice as a part of this action and the key lessons learned by the compliance practitioner. In this Part 1, I begin with a review of the background facts, the parties and players and the fine and penalty of the MTS Foreign Corrupt Practices Act enforcement action.
The enforcement action was the third involving the same individual from the same country. That individual was Gulnara Karimova, the daughter of the former President of Uzbekistan. If that name sounds familiar to compliance professionals it is because she was also involved in the receipt of bribes paid in two other Top 10 FCPA enforcement actions; VimpelCom (now VEON Ltd.) and Telia Company AB. Contemporaneously with FCPA enforcement action involving MTS, there was a criminal indictment filed against Karimova and Bekhzod Akhmedov, a former MTS executive based in Uzbekistan. Akhmedov was charged with violating the FCPA for paying bribes to or for the benefit of Karimova and Karimova was charged she with laundering the money received as bribes.
The documents which are the subject of this series are:MTS Deferred Prosecution Agreement (DPA);MTS Criminal Information (MTS Information);SEC Cease and Desist Order (Order);Karimova and Akhmedov Indictment (Indictment);Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); andKolorit Dizayn Ink Information (Kolorit Information); DOJ Press Release andSEC Press Release.For additional reading see the blog post, "MTS FCPA Settlement and Karimova Indictment: Part I-Introduction".
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/18/2019 • 10 minutes, 33 seconds
Popcorn and Compliance: Captain Marvel
In this podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. If you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you.For this week’s offering, today we look at the Marvel-universe hero, Captain Marvel.
Some of the highlights include:
What is the backstory for Nick Fury and Phil Coulson?How and why did internet trolls tried to sabotage the film?What was the response of Rotten Tomatoes?How were Eggs used to great effect?The special effects and battle scenes were great.Who was honored in different scenes in the movie?Jay gives the movie not only a full bucket of popcorn but as second bucket as well. Tom joins with an overflow bucket of popcorn.The Compliance takeaways:Understand where you come from, know your business inside and out.Nick Fury recognized a new risk-do you have a trip system for new risks in your organization? Do you have a seat at that table?How and why did Nick Fury lose his eye? How do you assess known strategies for unknown risks?Get out of the corporate office and into the field to meet your employees.Take action, when needed to change the balance.As a CCO you may have to take a stand.
Learn more about your ad choices. Visit megaphone.fm/adchoices
MARCH 16, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Will horseracing end in California? (New York Times) · Will NAFTA 2 get thru? Texas Senator John Cornyn says it will be tough. (Houston Chronicle)· Even the FT says USC is the ‘University of Spoiled Children. (Financial Times)· VW sued by SEC. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/16/2019 • 6 minutes, 27 seconds
This Week in FCPA-Episode 146 – Ides of March (formerly St. Patty’s Day) edition
On this Ides of March with the St. Patrick’s Day weekend is upon, and we are all Irish at least for a day, Tom and Jay are joined by our favorite Irishman (and the Coolest Guy in Compliance), Matt Kelly to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.
1. Massive corruption scandal rocks college admissions across the country. 2. FARA, FARA, FARA. 3. Former KPMG national practice leader convicted in PCAOB scandal. 4. Will the US finally clamp down on shell companies? Matthew Stephenson is cautiously optimistic. General David Petraeus and Sheldon Whitehouse explain why it’s a national security issue. 5. Head coaches behaving badly as LSU head basketball coach suspended indefinitely in NCAA recruiting scandal. 6. DOJ quietly modifies Corporate FCPA Enforcement Policy. 7. Did Oracle violate the FCPA? 8. 1MDB scandal back in the news as former Goldman Sachs banker Timothy Leissner and Roger Ng banned from banking industry for life. David Simpson reports. Also-did Jho Low contribute to Trump campaign? Tom Wright and Bradley Hope report. 9. How can you engage a BOD on cyber risks? 10. Tom continues with fan fav podcast series this week, the Adventures in Compliance this week.Check out the following: Part 1-The Red Circle; Part 2-The Abbey Grange; Part 3- The Priory School; Part 4-The Six Napoleons; and Part 5-The Empty House. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotify. It is now on Corporate Compliance Insights.11. In a special guest segment, Matt Kelly reports on the highlights from Ethisphere’s Global Business Ethics Summit, which was held this past week in New York.12. Check out the latest edition of Popcorn and Compliance where Tom and Jay look at Captain Marvel. It posts Saturday, March 16 on the Compliance Podcast Network. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2019 • 49 minutes, 43 seconds
Daily Compliance News: March 15, 2019-the all-NYT edition
MARCH 15, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· No. 3 at Facebook leaves of Facebook’s new direction. (New York Times)· Admissions scandal hits USC hard. (New York Times)· Bill Powers, author of the Powers Report on Enron passes away. (New York Times)· The Wrecking Crew loses another member. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2019 • 6 minutes, 27 seconds
Everything Compliance-Episode 43, the Cohen Testifies edition-Part 2
Welcome to the only roundtable podcast in compliance. This episode is the conclusion of a special two-part episode. Today, in Episode 43 Jonathan Armstrong and Matt Kelly weigh in on issues that are on their collective minds. Last week, in Episode 42 Mike Volkov and Jay Rosen sounded off. Shout outs (and no rants) followed Part 1 in Episode 42. This week, Jonathan Armstrong discusses the UK Serious Fraud Office’s conclusion of its investigation into the individuals at Rolls Royce and GSK.This week, Matt Kelly considers the continued taunting tweets from Elon Musk, the SEC’s request for a federal court to hold Musk in contempt from his prior SEC settlement over the ‘funding secured’ tweet and what all this may mean for the SEC going forward.Last week Mike Volkov used the Cohen testimony to the House Oversight Committee to explain the process of Congressional oversight, including how a company or witness is called to testify, the testimony preparation process and the testimony process.Last week, Jay Rosen talked about the DOJ focus on new industries for FCPA investigations including Major League Baseball teams and universities and colleges.The members of the Everything Compliance panelist are:Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected] Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected] Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected] Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
For additional reading see: Cordery Compliance client alert Rolls Royce Case Sends a Strong Signal
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/14/2019 • 50 minutes, 45 seconds
Daily Compliance News: March 14, 2019-the ethics premium edition
MARCH 14, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· What is the ‘ethics premium? (Radical Compliance)· The strippings start. (Risk & Compliance Journal) · 60 Minutes episode leads to DPA. (MarketWatch)· DOJ program for self-disclosure making headway. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/14/2019 • 6 minutes, 27 seconds
Daily Compliance News: March 13, 2019-the Back to School edition
MARCH 13, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Ex-Olympus boss wins pension suit. (Financial Times)· Feds bring massive college admission scam action. (Washington Post) · The OECD is watching. (Calgary Herald)· Former KPMG partners convicted in PCAOB scandal. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/13/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 114-Lessons on Internal Control Overrides
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into the recent Bankrate DOJ enforcement action in which the company garnered a NPA and for which it paid a total penalty of $28.5 million. We feature a discussion of internal control overrides. Some of the highlights include: Ø What are the background facts of the matter?Ø Why should you never name a slush fund “Ed’s Cushion?Ø What is the difference between management over-ride of internal controls and abuse of management control override?Ø Why is robust accounting required when there is a single source of data?Ø What is the straight line from internal controls and accounting to the Board and the audit committee?Ø Where was the Audit Committee? For additional reading see Matt’s blog post Bankrate pays $28.5 million in fraud caseon Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/13/2019 • 21 minutes, 48 seconds
Daily Compliance News: March 12, 2019-the loonshot edition
MARCH 12, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Did Oracle violate the FCPA? (Tech Central)· General David Petraeus calls for the end of shell companies. (Washington Post)· Jay Clayton says prepare for market turmoil if there’s a hard Brexit. (MarketWatch)· What is a ‘loonshot’? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/12/2019 • 6 minutes, 27 seconds
Adventures in Compliance –Episode IV: The Six Napoleons
In this episode, I consider the theme of mentoring in compliance. In the story The Adventure of the Six Napoleons, Inspector Lestrade says to Holmes, “Well,” said Lestrade, “I’ve seen you handle a good many cases, Mr. Holmes, but I don’t know that I ever knew a more workmanlike one than that. We’re not jealous of you at Scotland Yard. No sir, we are very proud of you, and if you come down to-morrow, there’s not a man [...] who wouldn’t be glad to shake your hand.” This comment provides insights into how Holmes is viewed by other law enforcement officers; Holmes is a sort of living legend and the other officers respect his skills. The matter involved the theft of jewelry as Inspector Lestrade of Scotland Yard brings Holmes a seemingly trivial problem about a man who shatters plaster busts of Napoleon. One was shattered in Morse Hudson’s shop, and two others, sold by Hudson to a Dr. Barnicot, were smashed after the doctor’s house and branch office had been burgled. Nothing else was taken in any of the break-ins. It turns out that the thief had stolen several pieces of jewelry and then hid them in the Napoleonic busts. The thief, having been released from prison on an unrelated offense, was tracking down the busts in which he had placed the jewels for hiding, breaking them open and reclaiming his purloined property. What are some of the ways that you might mentor a younger or less senior compliance professional? I think there are several ways suggested by Conan Doyle as epitomized by the statement by Lestrade and his relationship with Holmes and Watson.
1. Passion- CCOs and seasoned compliance professionals tend to be passionate about compliance even if (like myself) they have a legal background and came to compliance from a corporate legal department. You should work to transmit that passion to others you are mentoring.
2. Developing Networks-Introduce your mentees to others in your organization, so that they can be exposed to different leadership styles and see how such leadership styles work in various areas and with different constituencies.
3. Develop Purpose-This can be aided through reflection, introspection and ability to change as a leader. Moreover, rather than influencing others through individual speeches or stories, the everyday connections between a compliance professional’s sense of purpose and the compliance vision can work to form an indelible impression about the importance of compliance to an organization.
4. Next Generation of Compliance Professionals-it is equally important that you communicate that to your mentee as it is certainly important that each generation of compliance leaders be fit for the future and be committed to continuous improvement going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/11/2019 • 9 minutes, 43 seconds
FCPA Compliance Report-Episode 421, Andrew Beato
In this episode I visit with Andrew Beato from the law firm of Stein Mitchell Beato & Missner LLP. We discuss the firm’s recent Federal Claims Act settlement with Walgreen on behalf of firm client Marc Baker. Walgreens agreed to pay $60 million to settle allegations that it knowingly overcharged government healthcare plans such as Medicaid for prescription drugs. With this settlement, Walgreens resolved allegations that the company defrauded the U.S. government and 39 states by submitting false and inflated prices for prescription drugs to increase its government reimbursements. The settlement is one of the largest of its kind against a retail pharmacy under the qui tam whistleblower provisions of the False Claims Act. Some of the highlights of the podcast include: · The practice at Stein Mitchell Beato & Missner LLP;· What are qui tamwhistleblower protection under the FCA;· The allegations and resolution of the lawsuit against Walgreens.· Why are qui tam actions to powerful? · How do qui tam actions benefit the individual, the government and society as a whole?· How whistleblowers in such actions are in a private-public partnership to prevent government fraud, waste and abuse?
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/11/2019 • 21 minutes, 45 seconds
Adventures in Compliance: Episode I: The Red Circle and Communication
This week I return to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over the next five days, I will be considering themes from the short stories to illustrate broader application to components of a best practices compliance program. I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind(Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes(shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes(Klinger) edited with notes by Leslie S. Klinger. IN this episode, I consider the Adventure of the Red Circle and how it informs communication in a best practices compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/11/2019 • 9 minutes, 52 seconds
Adventures in Compliance: Episode II-The Abbey Grange
Today, I consider The Adventure of the Abbey Grange. In the story The Adventure of the Abbey Grange, Holmes feels something is just not right about the story told by Lady Mary Brackenstall regarding the death of her step-father Sir Eustace Brackenstall. Holmes’ largest concern turns on the contents of three wine glasses, one of which contains beeswing and the other two do not. It turns out that Sir Eustace was killed by a companion of Lady Mary, which Holmes uncovers. However, Holmes has an adaptability for justice when the situation demands it, stating, “Once or twice in my career I feel that I have done more harm by my discovery of the criminal than ever he had done by his crime.” Satisfied the actions of the criminal and his accomplice (Lady Mary) were both warranted and just; Holmes does not report his findings to the local police. Klinger dryly noted, “his sympathies may have overridden his judgement: Many scholars believe that Holmes lets himself be fooled by a villainess clever than he credited.”
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/11/2019 • 9 minutes, 43 seconds
Daily Compliance News: March 11, 2019-the Wells Fargo edition
MARCH 11, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Wells Fargo and terrible corporate culture. (New York Times) · Martin Shekreli continues to run company (from prison). (Washington Post)· LSU suspends BB coach indefinitely. (Sports Illustrated)· Leadership Lessons from Sandra Day O’Conner. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/11/2019 • 6 minutes, 27 seconds
Adventures in Compliance: Episode III: The Priory School
Today, I consider the Adventure of the Priory School. In the story The Adventure of the Priory School, Watson meets a character, Reuben Hayes, who believes to be the most “self-evident villain” he has ever seen. The tale revolves around the disappearance of a Duke’s son who is kidnapped by the Duke’s illegitimate son, James Wilder, who has in turn hired that most evil person Hayes to kidnap the lad. In pulling off the crime, Hayes had killed the lad’s tutor, one Heidegger, who had gone off in search of the boy. Holmes resolves the matter, while Hayes swings for his crime, the illegitimate son, Wilder is packed off to Australia. This story informs criminality and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this special bonus podcast, I am joined by Mike Volkov to discuss the stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the FCPA enforcement action against the Russian telecom company, MTS. The FCPA enforcement action came in at $850 million which makes it Number 3 in the Top 10 of all-time FCPA settlement. Some of the highlights include: · The background facts;· Similarities with VimpleCom and Telia;· Criminal Indictments of Gulnara Karimova and Bekhzod Akhmedov;· Jurisdictional issues raised;· Lessons learned for the compliance professional;· The clear delineation from Yates Memo to the FCPA Pilot Program to the 2017 FCPA Corporate Enforcement Policy to this enforcement action; and final thoughts. Resources: 1. MTS Deferred Prosecution Agreement (DPA);2. MTS Criminal Information (MTS Information);3. SEC Cease and Desist Order (Order);4. Karimova and Akhmedov Indictment (Indictment);5. Kolorit Dizayn Ink Plea Agreement (Plea Agreement); 6. Kolorit Dizayn Ink Information (Kolorit Information);7. DOJ Press Release; and 8. SEC Press Release.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/10/2019 • 32 minutes, 14 seconds
FCPA Compliance Report-Episode 420, Erica Salmon Byrne on the 2019 WME-the Ethics Premium
In this episode I visit with podcast favorite Erica Salmon Byrne, the EVP and Executive Director of Business Ethics Leadership Alliance at Ethisphere on its 2019 World’s Most Ethical company awards. The companies will be honored at the upcoming Some of the highlights of the podcast include: · This year’s numbers include 128 companies honored. They were located in 21 countries and in 50 different industries;· Ethisphere now has 13 years of data, what does it show?· What is the ‘ethics premium’?· What are some of the characteristics of WME award winning companies?· What are the business benefits of transparency and open communications? · How does diversity benefit a corporation?· What can the compliance practitioner learn from these leading companies? Additional ResourcesLinkedIn Profilefor Erica Salmon Byrne.Byrne article: The Ethics Premium: Performance Founded in PurposeFor agenda and registration information on the 2019 Global Ethics Summit, click here. For information on the Dinner honoring the 2019 World’s Most Ethical companies, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/9/2019 • 17 minutes, 21 seconds
Daily Compliance News: March 9, 2019-the Podfest Expo edition
MARCH 9, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· A COI at the top is bad. (Financial Times)· There are more $100 bills than $1 bills. What does that mean for compliance? (Financial Times) · Will Justin Trudeau survive? (Financial Times)· What happens when billionaires fight? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/9/2019 • 6 minutes, 27 seconds
This Week in FCPA-Episode 145– Conferencing in America edition
Tom and Jay were both conferencing this week, albeit in different disciplines. Tom at Podfest Expo and Jay at the ABA White Collar Crime conference. In between they discussed some of this week’s top compliance and ethics stories which caught their collective eyes.
1. MTS has massive FCPA resolution. Harry Cassin breaks the story.2. CTFT to follow DOJ lead on enforcement and SEC lead on Whistleblowers. Dick Cassin reports.3. Hacienda Healthcare is one of the worst corporate governance failures ever. 4. Gulnara Karimova charged with conspiracy to commit money laundering in the whooping amount of $866MM. Harry Cassin reports. 5. Are consumers the new regulators of global business practices? Richard Young explores. 6. Are Boards getting sufficient information on risk? Kristin Broughton reports in the WSJ .Matt Kelly says compliance professionals can help. 7. Is Baker MacKenzie in deep trouble over JBS bribery settlement? Former partner to be deposed over hire of Brazilian prosecutor.8. Dutch prosecutors have told Shell the company will be criminally indicted over its role in obtain drilling rights in Nigeria. Chloe Taylor reports.9. Jay begins a new role as a Featured Columnist on Corporate Compliance Insights. Check out CCI’s cool new look. 10. Tom returns his periodic podcast series the Opinion Release Papers, with a five-part offering this week. Check out the following: Part 1-Opinion Release 10-03 on charitable donations under the FCPA; Part 2-Opinion Release 10-02 on hiring foreign officials as agents; Part 3- Opinion Release 07-01, travel for foreign officials; Part 4-Opinion Release 07-02, travel for and entertainment of foreign officials; Part 5-Opinion Release 11-01, why should you use the process. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotify. It is now also on Corporate Compliance Insights. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected]. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/8/2019 • 37 minutes, 30 seconds
Opinion Release Papers-11-01: Using the Opinion Release Procedure
The only Opinion Release of 2011 (11-01) may have left compliance practitioners initially scratching their heads. However, this collective head scratching is not because the Opinion Release is so difficult to understand and has no application to the everyday business of compliance, but for a polar opposite reason – the question posed to the Department of Justice (DOJ) is so straight-forward, and has been previously asked and answered, that it is difficult to understand how any first year compliance practitioner did not know the answer to it. Yet there is more than this facile analysis as to what may have been going on.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/8/2019 • 9 minutes, 39 seconds
Daily Compliance News: March 7, 2019-the Russian Telecom edition
MARCH 7, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Russia based MTS settles FCPA violations for $850MM (FCPA Blog)· CTFT to follow DOJ lead on enforcement and SEC lead on Whistleblowers. (CTFT Press Release)· Are you still under construction? (You should be) (Wall Street Journal)· Robert Kraft lawyers up. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2019 • 6 minutes, 27 seconds
Everything Compliance-Episode 42, the Cohen Testifies edition-Part 1
Welcome to the only roundtable podcast in compliance. This episode is Part 1 of a special two-part episode. Today, in Episode 42 Mike Volkov and Jay Rosen sound off. Next week, in Episode 43 Jonathan Armstrong and Matt Kelly weigh in on issues that are on their collective minds. Shout outs (and no rants) follow this episode only after the commentators say their peace. 1. Mike Volkov uses the Cohen testimony to the House Oversight Committee to explain the process of Congressional oversight, including how a company or witness is called to testify, the testimony preparation process and the testimony process. Volkov then flips it around to evaluation the questioning and interrogation style of the Representatives. Volkov gives his first ‘in-anticipation’ shout out to OFAC who is coming out with its recommendations on a best practices compliance program. 2. Jay Rosen talks about the DOJ focus on new industries for FCPA investigations including Major League Baseball teams and universities and colleges. Jay shouts out to the podcast “The Dropout” which tells the tale of disgraced and fallen Theranos founder, Elizabeth Holmes. 3. Next week Jonathan Armstrong will discuss the UK Serious Fraud Office’s conclusion of its investigation into the individuals at Rolls Royce and GSK. Jonathan shouts out to the Dutch anti-corruption investigators and enforcers who have recently increased not only their collective vigilance but their investigations and prosecutions. 4. Next week, Matt Kelly will consider the continued taunting tweets from Elon Musk, the SEC’s request for a federal court to hold Musk in contempt from his prior SEC settlement over the ‘funding secured’ tweet and what all this may mean for the SEC going forward. Matt shouts out to Lyft and Uber who are offering list price stock to a select group of long-time employees in their respective IPO debuts. The members of the Everything Compliance panelist are:• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]• Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].• Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected]• Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network. For additional reading see: David Chaikin and Kurt Wolfe’s article in Law360, entitled, “Potential New FCPA Enforcement Targets Come Into Focus”. Check out the podcast from Jay’s shout out, The Drop Out.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2019 • 51 minutes, 45 seconds
Compliance into the Weeds: Episode 113-Corporate Governance Nightmare
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into horrific corporate conduct engaged in by Hacienda Healthcare in Arizona over the past few months. Our discussion provides insights into failures at the Board oversight level, corporate governance, CEO, senior management and CCO position. Some of the highlights include: Ø What are the background facts of the matter?Ø How could the facility allow the rape of an incapacitated patient who is in a permanent vegetative state?Ø Why did the professional investigator brought into to investigate the crime resign so noisily?Ø Why was there such a complete total and utter failure by the Board on oversight?Ø What, if any, are the potential criminal charges which might be filed?Ø Where was compliance? For additional reading see Matt’s blog post Governance Nightmare in Arizonaon Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/6/2019 • 19 minutes, 30 seconds
Daily Compliance News: March 6, 2019-the Remember the Alamo edition
MARCH 6, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Huawei sues US claiming Bill of Attainder. (Zero Hedge)· The clown show ends. (New York Times)· Rule 29 ruling rides into the sunset. (New York Times)· Just in time to watch March Madness, Carlos Ghosen to be released on bail. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/6/2019 • 6 minutes, 27 seconds
Collusion and Conflict of Interest in Compliance
Corruption can take many forms, but its root causes often include a conflict of interest and possibly some type of collusion. In this episode, we’re illustrating these concepts and how they intertwine, and what you can do to proactively make sure your organization is secure.
Where there is collusion, there may also be a conflict of interest
While this type of fraud doesn’t necessarily involve a third party, it does involve the employee. In this case, they’re using their role as an employee, but acting outside their capacity to collude with another party for their personal benefit.
Fraud generally involves an act of concealment, but frauds that include collusion usually occur off the books. There’s nothing to conceal as there is nothing on record. In this instance, the concealment is in not disclosing the potential conflicts of interest — which can present significant fraud risks.
There are guidelines for this, like the ICC Guidelines on Conflicts of Interest in Enterprises, that recommend close monitoring and regulation of actual or potential conflicts of interest. The guidelines have examples, a discussion on communication and training, and four dilemma scenarios that are fantastic to use as a training aid.
Some common conflict of interest schemes
The Purchase Scheme involves overbilling a company for goods and services by a vendor in which an employee has an undisclosed ownership or financial interest.
The Sales Scheme involves the underselling of company goods and services by an employee to a company in which the employee maintains a hidden interest.
Activities that can create a possible conflict of interest
Nepotism:the practice of giving favors to relatives and close friends (e.g. by hiring them)
Cronyism: the appointment of friends and associates to positions of authority without proper regard to their qualifications
Self-dealing: when someone in a position of responsibility has an outside conflict of interest and acts in their own interests rather than the interest of the organization
Code of Conduct
The Sarbanes-Oxley Act Section 406c requires that all US-listed companies maintain a code of conduct, and the New York Stock Exchange Corporate Governance Rules requires companies to adopt and disclose its corporate governance guidelines and code of business conduct and ethics. So if you’re a publicly traded company, your code of conduct must define conflicts of interest — a good policy, regardless.
Final thoughts
Conflicts of interest can be problematic if not understood and managed appropriately. They increase the risk of bias and poor judgment, and usually never end well. When it comes to fraud risk management, Compliance and Internal Audit need to understand conflicts of interest and address them accordingly. All conflicts of interest must be documented in writing and make sure there is proper monitoring in place, so that your company is proactively dealing with these issues.
Resources
ICC Guidelines on Conflicts of Interest in Enterprises
The Sarbanes-Oxley Act of 2002
Sections mentioned:SOX Section 302SOX Section 906SOX Section 404 SOX Section 406SOX Section 406cNew York Stock Exchange Corporate Governance RulesCheck: Provision 10
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/5/2019 • 15 minutes, 2 seconds
Welcome to the Modern Medium Podcast!
Welcome to the Modern Medium Podcast! We talk about the tools, strategies, tactics, and possibilities in modern medium design. In our first episode, we’re exploring ideas: how they form, how they change, and how we might incorporate those ideas into graphic design.
The creative process and coming up with ideas
When you’re stuck in a creative rut, it’s difficult to know where to begin with an idea. Even when you do have an idea, it’s easy to get caught up in what you think something is supposed to be or what it’s supposed to look like. So it’s an important part of the process to learn how to let go.
Ideas can come from anywhere. You can think of anything as a base point and go from there with it. Think about what you knew before, think about what you know now, and think about how things have changed. This doesn’t have to go anywhere tangible; you can use this as a brainstorming exercise or mind map and take off from it.
The Willamette River
The Willamette River was brought up in class and it was interesting for Paris to think about the things she knew about the river, the things she didn’t know, its past, and its future. She shares her train of thought from there: how the river has served generations, the way it bisects each side of the city, what it has meant to the people living in Oregon, and how things are going to change.
It’s interesting to think about the lifetime of the river, how that can form ideas, and how those ideas will change. It’s not simply continual movement of water, but how you react to it. Paris shares the story of going down to the river, hoping to be inspired by nature, but being blocked by a barrier when she arrived. The idea that sparked was how trashed it’s been — and the group put up an art exhibition on trash the following week.
There’s so much going on around the river every day and we can have no idea what’s happening, and to Paris, she thinks of it as a continual cycle of change.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/5/2019 • 12 minutes, 49 seconds
Daily Compliance News: March 5, 2019-the Shell in in trouble edition
MARCH 5, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Uber’s GC is trying to clean up its mess. What about its culture? (New York Times)· Dutch authorities about to charge Shell with massive bribery scheme. (CNBC)· Wells Fargo Hires Strategic Enterprise Risk Chief. (Wall Street Journal)· Purdue Pharma preparing bankruptcy filing. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/5/2019 • 6 minutes, 27 seconds
Opinion Release Papers-07-02-Business Entertainment for Foreign Officials
In the second Opinion Release of 2007, 07-02, the Department of Justice (DOJ) considered another scenario where a US company desired to pay for travel to the US of foreign officials and for some business entertainment while these persons were in the US. It had some additional facts beyond those from Opinion Release 07-01 which are important for a compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2019 • 10 minutes, 13 seconds
Opinion Release Papers- 07-01-Travel for Foreign Officials
In 2007, the DOJ issued two Foreign Corrupt Practices Act (FCPA) Opinion Releases which offered guidance to companies considering whether to, and if so how to, incur travel and lodging expenses for government officials. Both Opinion Releases laid out the specific representations made to the DOJ, which led to the Department approving the travel to the US by the foreign governmental officials. These facts provided strong guidance to any company which seeks to bring such governmental officials to the US for a legitimate business purpose. In this podcast I discuss Opinion Release 07-01. In the next episode, I will take up 07-02.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2019 • 8 minutes, 55 seconds
Opinion Release Papers-10-02- Charitable Donations under the FCPA
What is a company to do if, in order to obtain a contract with a foreign government, they must agree to invest a percentage of the proceeds of the transaction into the community in which it operates as a “charitable donation”? This issue was considered in the second FCPA Opinion Procedure Release of 2010, 10-02. This issue is often negotiated with the foreign government and can include cash or in-kind contributions of computers, equipment or appliances to schools, communities or organizations. While not a payment to a governmental official, it is still a payment to a governmental entity for the purpose of securing a lucrative contract and requires careful consideration. This spectra is currently required in some countries by law and these payments have generated some questions with regard to compliance with the Foreign Corrupt Practices Act (FCPA) as such donations could be interpreted as corruptly giving or offering anything of value to any “foreign official” in order to assist “in obtaining or retaining business for or with, or directing any business to, any person . . . .” 15 U.S.C. § 78dd-2(a)(1).
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2019 • 8 minutes, 51 seconds
Opinion Release Papers- 10-03-Foreign Officials as Agents
Can you hire a foreign official as your agent? Is a foreign official always a foreign official for the purposes of the Foreign Corrupt Practices Act (FCPA)? Can a person be a foreign official yet not under a contract for third party services? After all, the FCPA does not prohibit business relations with or even payments to foreign officials as there must be evidence of corrupt intent. Put another way, while such a scenario is certainly high risk under the FCPA, just because it is high risk does not mean that it cannot be accomplished. It simply means the risk management must be higher. The problem was laid out in Opinion Release 10-03.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2019 • 9 minutes, 52 seconds
Daily Compliance News: March 4, 2019-the WSJ edition
MARCH 4, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Why is prosecuting bankers so hard? (Wall Street Journal)· Huawei fights back against jailed exec. (Wall Street Journal)· Meanwhile, Canada moves extradition hearing forward against Huawie exec. (Wall Street Journal)· Canada PM in deep trouble and its getting in deeper. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2019 • 6 minutes, 27 seconds
FCPA Compliance Report-Episode 420, Andrew Beato
In this episode I visit with Andrew Beato from the law firm of Stein Mitchell Beato & Missner LLP. We discuss the firm’s recent False Claims Act settlement with Walgreen on behalf of firm client Marc Baker. Walgreens agreed to pay $60 million to settle allegations that it knowingly overcharged government healthcare plans such as Medicaid for prescription drugs. With this settlement, Walgreens resolved allegations that the company defrauded the U.S. government and 39 states by submitting false and inflated prices for prescription drugs to increase its government reimbursements. The settlement is one of the largest of its kind against a retail pharmacy under the qui tam whistleblower provisions of the False Claims Act. Some of the highlights of the podcast include: · The practice at Stein Mitchell Beato & Missner LLP;· What are qui tamwhistleblower protection under the FCA;· The allegations and resolution of the lawsuit against Walgreens.· Why are qui tam actions to powerful? · How do qui tam actions benefit the individual, the government and society as a whole?· How whistleblowers in such actions are in a private-public partnership to prevent government fraud, waste and abuse? Resources Stein Mitchell Beato & Missner LLP websiteAndrew Beato LinkedIn profileCase Name: United States ex rel. Marc D. Baker v. Walgreen, Co., 12 Civ. 0300 (JPO) (S.D.N.Y.).
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/4/2019 • 21 minutes, 45 seconds
This Week in FCPA-Episode 144 – Farewell to Sam edition
Tom returns from London to find Sam Rubenfeld announcing his departure from the WSJ Risk and Compliance Journal via Twitter. Tom and Jay are back together to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.
1. Ethisphere’s 2019 World’s Most Ethical companies awards is announced. 2. Fresenius announces pending FCPA resolution. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal. Sam announces his departure from the Risk and Compliance Journal via Twitter.3. The UK Serious Fraud Office closes its investigation into GSK and Rolls Royce with no individuals prosecuted. How could this happen? 4. What new industries are under FCPA scrutiny? 5. Bio-Rad GC retains most of his whistleblower award. 6. What is the intersection of Supply Chain and security? 7. What are the dangers of a GC shirking their FCPA duties? 8. What is the intersection of sports and compliance? 9. Proviti’s Jim DeLoach named recipient of the 2019 Bette Steed Leadership Award by the Greater Houston Business and Ethics Roundtable. 10. Tom has a special 4-part podcast series this week, Live from Londonwhere he was interviewed Jonathan Armstrong. Check out the following: Part 1-customers emerging as corruption risks, Part 2-state of compliance in 2019; Part 3- the Cognizant Technology FCPA declination; and Part 4-regime change and compliance. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotify. It is soon to be on Corporate Compliance Insights.11. Navex Global is putting on a virtual master class-- Ethics Beyond Compliance: Retaliation, Thursday, March 14, 2019 at 8:30 AM Pacific | 10:30 AM Central | 11:30 AM Eastern | 3:30 PM GMT. Registration and agenda are availablehere. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/1/2019 • 39 minutes, 19 seconds
Daily Compliance News: March 1, 2019-Lion or Lamb? edition
MARCH 1, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· What should the SEC do about Elon Musk? (Financial Times)· Israeli PM to be arrest on corruption charges. (New York Times)· Tech companies went to Ireland to avoid taxes, now paying the (data privacy) piper. (Financial Times)· Doping arrests of skiers in Europe. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/1/2019 • 6 minutes, 27 seconds
Daily Compliance News: February 28, 2019-the farewell to February edition
FEBRUARY 28, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Bio-Rad GC retains most of his whistleblower award. (San Francisco Chronicle) · Judge orders Musk to explain tweets. (San Francisco Chronicle)· Why did Odebrecht use Dutch shell firms to pay bribes? (Reuters)· What do you do when you find $6MM in stolen assets? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/28/2019 • 6 minutes, 27 seconds
Episode 105-Leadership Lessons from the Oscars-The Last Emperor
We are back with our fan favorite Oscar movie month. During the month of February each year, we look at Oscar-winning Best Pictures and consider the leadership lessons we glean from our viewing. This month we look at three: No Country for Old Men, The Sting and The Last Emperor. In this episode of 12 O’Clock High, a podcast on business leadership, Richard Lummis and I take at the 1987 Best Picture winning film, The Last Emperor. Some of the highlights were: · This was the first movie shot in the Forbidden City;· How does one lead in an era or region of different values and different cultures?· Are the trappings of your power as a business leader only that, mere trappings? If so what does this mean?· How does your company do business outside the US? and· Why does even the best leader sometimes need to bring in an outside expert to assist?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/28/2019 • 16 minutes, 52 seconds
Compliance into the Weeds: Episode 112-Robert Kraft and Compliance
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recent imbroglio involving surrounding New England Patriots owner Robert Kraft who has been charged with solicitation of prostitution, what it means for both Kraft and the NFL and the compliance response. Some of the highlights include: Ø What are the background facts of the matter?Ø What has been the response of the NFL? Will it investigate or leave it to the public authorities?Ø What are other criminal charges involving NFL owners and what was the NFL response?Ø What are the key employee/CEO risks for an organization?Ø How much private conduct is really public in this age of social media?Ø Why is compliance the only response? For additional reading see Tom’s blog post Robert Kraft, the NFL and Complianceon the FCPA Compliance and Ethics Blog.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/27/2019 • 27 minutes, 58 seconds
Daily Compliance News: February 27, 2019-the CITGO in more trouble edition
FEBRUARY 27, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· CITGO sued for retaliation in Houston. (Houston Chronicle)· SEC says Elon Musk in contempt. (Wall Street Journal)· Wilbur Ross says he didn’t mean to lie on his financial disclosure forms. (Washington Post)· BSRG back in good graces in Guinea. (The Telegraph)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/27/2019 • 6 minutes, 27 seconds
Live from London, Part IV- Regime Change and Compliance
In this 4th and final episode of my special four-part podcast series Live from London, Jonathan Armstrong interviews me on how regime change has modified the risk calculus for the compliance practitioner. I highlight some of the emerging developments in this area and what they portend for the compliance practitioner and compliance programs. Some of the highlights include:How has democratically elected regime change impacted compliance?What can CCOs do to stay ahead of the curve on this emerging issue?Does your company have a political risk function? If so go down and have a cup of coffee with them.How will be next?How can you scrub your business operations from the compliance perspective?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2019 • 9 minutes, 43 seconds
Live from London, Part III-Cognizant Technology
In this Episode 3 of my special Live from London series, Jonathan Armstrong interviews me on the recent on the Cognizant Technology Solutions Corp FCPA enforcement action, declination and C-Suite criminal indictments which were all recently announced. I highlight the significance of the declination for for the compliance professional. Some of the highlights include:The underlying facts of the case.How did the company obtain a Declination with Disgorgement in the face of C-Suite involvement?What prior FCPA enforcement actions could provide guidance for the resolution in this matter?What are the lessons to be learned by the CCO and compliance professional from this enforcement action?What are the lessons for Boards of Directors from the Cognizant enforcement actions?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2019 • 9 minutes, 43 seconds
Live from London, Part II-State of Compliance in 2019
In this Episode 2 of my special Live from London series, Jonathan Armstrong interviews me on the state of compliance in 2019. I highlight some of the emerging developments and what they may mean for the compliance practitioner and compliance programs. Some of the highlights include:How technology and AI will play an increasing role in compliance.How and why compliance is now seen as a business process and not a legal response.As a CCO do you visibility across the spectrum of sales and procurement in your organization?What are some of the top tech tools for you to use?Why the human element will never leave compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2019 • 11 minutes, 14 seconds
Live from London, Part I-Customers as Emerging Corruption Risks
In this Episode 1 of my special Live from London series, Jonathan Armstrong interviews me on the recent several FCPA enforcement actions where customer were a part of the bribery scheme. I highlight the significance of this emerging development and what it may portend for the compliance practitioner and compliance programs. Some of the highlights include:How do you perform anti-corruption due diligence on a customer?Why is managing the contract after it is signed has taken on greater significance?What is your visibility into the life cycle of customer management as a compliance professional?What are your internal controls around discounts for customers?Do you know what is or is not a reasonable discount?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2019 • 9 minutes, 4 seconds
Daily Compliance News: February 25, 2019-the risk management edition
FEBRUARY 25, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Does power corrupt or just expose your character? (Washington Post)· Risk management has been around since Babylonians. (Wall Street Journal)· Do you count paper clips? Kraft food does and look where it got them. (Wall Street Journal)· Will Airbnb ever regulate itself? (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2019 • 6 minutes, 27 seconds
FCPA Compliance Report-Episode 419, James Tillen and Marc Bohn on Miller’s FCPA Winter Review 2019
In this episode I visit with Miller & Chevalier lawyers James Tillen and Marc Bohn on the firm’s FCPA Winter Review 2019. Miller releases a FCPA review quarterly each year and it is one of the top reports on what is going on in both FCPA enforcement and wider international anti-corruption enforcement and developments. Highlights from the podcast include: What do the overall numbers of newly opened FCPA investigations look like under the Trump Administration? What are interpretations of this amount of new cases reported?What are some of the key issues which a CCO should consider on a proactive basis given the current state of FCPA investigations and enforcement?Did the release by the DOJ of the Anti-Piling Policy, the M&A addition to the FCPA Corporate Enforcement Policy and modification to the Yates Memo change the approach a compliance program should consider?One interpretation of the Benczkowski Memo is that it lays out a road map for companies who get into FCPA hot water on how to avoid a monitor. Is that interpretation valid?Regime change overseas has more often brought investigations from the new regime into the old regime. From a corporate perspective, what should a Board, senior management or CCO-type do to prepare for democratically elected regime change?Under GDPR, have investigations in the EU/UK changed for the firm or your clients? You can check out a copy of Miller & Chevalier’s FCPA Winter Review 2019 by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/25/2019 • 24 minutes, 29 seconds
This Week in FCPA-Episode 143 –the London Homesick Blues edition
Tom in is London this week, thinking about Gary P. Nunn, the Lost Gonzo Band and London Homesick Blues(special bonus points if you have heard Nunn or his group live). He takes a look at some of this week’s top compliance and ethics stories which caught his eye, across the pond.
1. Swedish court lets Telia execs walk free. 2. How bad are things at Tesla? New GC backs out after 2 months. 3. In a stunning FCPA enforcement action, Cognizant Technologies obtains a declination. Matt Kelly is so stunned he has two blog posts on it. Tom and Mike Volkov are so stunned they have there first bonus podcast, on the the FCPA Compliance Report. Mike Volvok takes a deep dive in a four part blog post series on Corruption, Crime and Compliance.4. Former CEO and GC of Cognizant Technologies charged criminally under the FCPA. 5. What will be the impact of a Global Magnitsky Act. Kelly Swanson reports inGIR. 6. Alison Taylor continues her run of great pieces, this one on the relationship of companies to suppliers to compliance. 7. GiGo is still relevant in AI. 8. What are the basics of a Congressional investigation? 9. How do you protect the attorney-client privilege and the 5thamendment will cooperating with the government? 10. Danske Bank unceremoniously kicked out of Estonia. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected]. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/23/2019 • 44 minutes, 35 seconds
Daily Compliance News: February 22, 2019-the farewell to UK edition
FEBRUARY 22, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· The table comes to Zuckerberg. (BBC)· When is your value chain in jeopardy? (The Telegraph)· When is your supply chain in jeopardy? (UK Times)· Will Brexit damage your compliance program? (UK Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/22/2019 • 6 minutes, 27 seconds
Everything Compliance-Episode 41, the Kudos to Dick Cassin edition
Welcome to the only roundtable podcast in compliance. In this week’s episode, the gang looks at some the issues that are on their collective minds. Shout outs and one rant follow after the commentators say their peace. 1. Mike Volkov talks about trade sanctions and how the current US-Venezuela imbroglio may play out for US companies. Mike shouts out to Dick Cassin who retired on February 1 as the Publisher and Editor of the FCPA Blog. We all agreed the entire compliance community owes a huge debt of gratitude to Dick. 2. Jay Rosen talks about corporate culture and its increasing importance in the overall ethical health of an organization. Jay shouts out to his New England Patriots for their 6thSuper Bowl win in the defeat of the LA Rams. 3. Tom sits in for Jonathan Armstrong and expounds on what regime change means for the compliance professional. Tom shouts out to Frank Robinson, one of baseball’s greatest players and first African-American manager who recently died. 4. Matt Kelly considers four recent SEC enforcement actions involving internal controls and how it may portend greater scrutiny in the FCPA realm of internal controls. Matt rants about company CEOs who do not tell anyone else their passwords before they have the temerity to die. The members of the Everything Compliance panelist are:• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]• Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].• Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected]• Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/22/2019 • 50 minutes, 45 seconds
Episode 104-Leadership Lessons from the Oscars-The Sting
We are back with our fan favorite Oscar movie month. During the month of February each year, we look at Oscar-winning Best Pictures and consider the leadership lessons we glean from our viewing. This month we look at three: No Country for Old Men, The Sting and The Last Emperor. In this episode of 12 O’Clock High, a podcast on business leadership, Richard Lummis and I take at the 1973 Best Picture winning film, The Sting. Some of the highlights were: · Best Costume Design Oscar to Edith Head was key reason for the film’s success;· How many red flags did Doyle Lonnegan miss involving Gondorff and Hooker?· How did Marvin Hamlisch’s interpretation of Scott Joplin enhance the movie?· The script was discovered in an agent’s ‘slush pile’ of unread scripts; and· How can a leader use the talent and resources available to him or her to achieve a goal?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/21/2019 • 16 minutes, 52 seconds
Daily Compliance News: February 21, 2019-the Lex edition
FEBRUARY 21, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· HSBC is still compliance challenged? (Financial Times)· Manolete takes a bow. (Financial Times)· What does it mean for compliance when competitors go tete-a-tete? (Financial Times)· What happens if Wal-Mart goes online only? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/21/2019 • 6 minutes, 27 seconds
Daily Compliance News: February 20, 2019-the still in London edition
FEBRUARY 20, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· What does the fraying of Atlanticism mean for compliance? (Financial Times)· Telia execs walks free on Uzbekistan bribery. (Stockholm News)· Are Brexit fears based on reality? Ask the workers at Honda’s Swindon plant. (TheTelegraph)· Estonia orders Danske Bank to close local branch. (BBC)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/20/2019 • 6 minutes, 27 seconds
Across the Board: Episode 26-Rakhi Kumar on SSGA’s Culture Framework
I recently had the chance to visit with Rakhi Kumar, Senior Managing Director, Head of ESG Investments and Asset Stewardship, at State Street Global Advisors. We discussed the firm’s recent initiative around corporate culture and Board of Director engagement on this issue. State Street Global Advisors recently released a Letter from its President and Chief Executive Officer, Cyrus Taraporevala, in which he called upon corporate Boards to place a greater emphasis on corporate culture, which State Street Global Advisors says is a top asset stewardship engagement priority for the asset manager in 2019. But more than simply laying out the problem around Board’s assessing and monitoring corporate culture, State Street Global Advisors laid out a Framework for Boards to do so with their recently released Aligning Corporate Culture with Long-Term Strategy. We considered this and much more in this podcast. Some of the highlights include: Why should corporations align culture with long term strategy;What is corporate culture? Why is there growing regulatory and investor interest in corporate culture?What is the Board’s role in assessing and monitoring corporate culture?What is a Framework for doing so? For additional reading on my interview with Rakhi Kumar and State Street Global Advisor’sFramework for Aligning Corporate Culture with Long-Term Strategy, see the White Paper, Boards and Corporate Culture: SSGA Frameworkavailable through Corporate Compliance Insights.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/20/2019 • 20 minutes, 20 seconds
Daily Compliance News: February 19, 2019-the Financial Times edition
FEBRUARY 19, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· How green are you and your supply chain? (Financial Times)· How will a no deal Brexit negatively impact crime fighting. (Financial Times)· Who will rebuild Syria and what will the response of corporate compliance programs? (Financial Times)· Do you trust your auditors? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/19/2019 • 6 minutes, 27 seconds
Daily Compliance News: February 18, 2019-the London Times edition
FEBRUARY 18, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· How much reputational damage with PwC take? (The London Times)· PwC audit leads to potential criminal charges. (The London Times)· What standards will change after Brexit? (The London Times)· Did Domino’s Pizza throw a temper tantrum over its franchisees? (The London Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/18/2019 • 6 minutes, 27 seconds
ECI’s 2018 Global Business and Ethics Survey: Part V - Implications for Compliance Going Forward
In this podcast series I have visited with Pat Harned, Chief Executive Officer (CEO) of Ethics and Compliance Initiative (ECI), about the firm’s 2018 Global Business and Ethics Survey (GBES). In this series we have considered each of the four GBES reports released by ECI . These included The State of Ethics & Compliance in the Workplace, released in Q1 2018; Measuring the Impact of Ethics & Compliance Programs, released in Q2; Building Companies Where Values and Ethical Conduct Matter, released in Q3 and Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It, released in Q4. In our final episode we conclude by tying them all together, considering what the findings mean for the compliance profession and where the profession may be heading down the road.
I hope you enjoyed this five-part series summarizing the 2018 ECI Global Business Ethics Survey. The information can help you benchmark your compliance program, business ethics and corporate culture. I look forward to reporting on the 2019 GBES.
For more information on ECI, check out their website by clicking here.
To obtain a copy of all four of the 2018 GBES surveys, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/18/2019 • 15 minutes, 19 seconds
FCPA Compliance Report-Episode 418, Joel Androphy on Prosecuting FCA cases
In this episode I visit Joel Androphy, a co-founder of the law firm of Berg and Androphy in Houston. Androphy is a well-known white-collar defense lawyer and plaintiff’s counsel in Federal Claims Act and qui tam cases. Highlights from the podcast include: 1. FCA cases are designed to help prevent fraud, waste and abuse in government contracting. 2. FCA cases can include illegal work conditions in addition to monetary matters. 3. What are the procedural steps needed to bring a FCA action? 4. Why the right counsel is so important for a successful FCA action.5. What happens in a FCA or qui tam trial?6. What happens if the government takes over a FCA case?7. What are the potential recoveries? The firm of Berg & Androphy are leaders in trying complex commercial, financial, structured product, white collar and qui tam cases. Its attorneys prepare each case as if it is going to trial. That willingness to try lawsuits adds value to its clients’ cases and has contributed to the resounding successes that the firm has experienced over the course of its long history, both in settlements and verdicts. For more information on Berg and Androphy check out their website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/18/2019 • 32 minutes, 26 seconds
ECI’s 2018 Global Business and Ethics Survey: Part I - The State of Ethics and Compliance in the Workplace
In this podcast series I visit with Patricia Harned, Ph.D., the Chief Executive Officer (CEO) of Ethics and Compliance Initiative (ECI), about the firm’s 2018 Global Business and Ethics Survey (GBES). In this series we consider each of the four GBES reports released by ECI. These include The State of Ethics & Compliance in the Workplace, released in Q1 2018; Measuring the Impact of Ethics & Compliance Programs, released in Q2; Building Companies Where Values and Ethical Conduct Matter, released in Q3 and Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It, released in Q4. We discuss each report in a separate podcast and then in Part V, tie them all together. Today, in Part 1, we consider the state of ethics and compliance (E&C) in the workplace.
Join us tomorrow when we discuss the survey Measuring the Impact of Ethics & Compliance Programs.
For more information on ECI, check out their website by clicking here.
To obtain a copy of all four of the 2018 GBES surveys, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/18/2019 • 12 minutes, 25 seconds
ECI’s 2018 Global Business and Ethics Survey: Part II - Measuring the Impact of Ethics & Compliance Programs
I continue the discussion with Pat Harned, Chief Executive Officer (CEO) of Ethics and Compliance Initiative (ECI), about the firm’s 2018 Global Business and Ethics Survey (GBES). In this series we are considering each of the four GBES reports released by ECI. These include The State of Ethics & Compliance in the Workplace, released in Q1 2018; Measuring the Impact of Ethics & Compliance Programs, released in Q2; Building Companies Where Values and Ethical Conduct Matter, released in Q3 and Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It, released in Q4. We discuss each report in a separate podcast and then in Part V, tie them all together. Today, in Part 2, we consider the survey Measuring the Impact of Ethics & Compliance Programs.
For more information on ECI, check out their website by clicking here.
To obtain a copy of all four of the 2018 GBES surveys, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/18/2019 • 12 minutes, 34 seconds
ECI’s 2018 Global Business and Ethics Survey: Part III - Building Companies Where Values and Ethical Conduct Matter
Pat Harned, Chief Executive Officer (CEO) of Ethics and Compliance Initiative (ECI) and myself are discussing the firm’s 2018 Global Business and Ethics Survey (GBES). In this series we consider each of the four GBES reports released by ECI. These includeThe State of Ethics & Compliance in the Workplace, released in Q1 2018; Measuring the Impact of Ethics & Compliance Programs, released in Q2; Building Companies Where Values and Ethical Conduct Matter, released in Q3 and Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It, released in Q4. We discuss each report in a separate podcast and then in Part V, tie them all together. Today, in Part 3, we consider the surveyBuilding Companies Where Values and Ethical Conduct Matter.
Join us tomorrow when we discuss the survey Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It.
For more information on ECI, check out their website by clicking here.
To obtain a copy of all four of the 2018 GBES surveys, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/18/2019 • 12 minutes, 41 seconds
ECI’s 2018 Global Business and Ethics Survey: Part IV - Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It
In this podcast series I visit with Pat Harned, the Chief Executive Officer (CEO) of Ethics and Compliance Initiative (ECI) about the firm’s 2018 Global Business and Ethics Survey (GBES). In this series we consider each of the four GBES reports released by ECI. These include The State of Ethics & Compliance in the Workplace, released in Q1 2018; Measuring the Impact of Ethics & Compliance Programs, released in Q2; Building Companies Where Values and Ethical Conduct Matter, released in Q3 and Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It, released in Q4. We discuss each report in a separate podcast and then in Part V, tie them all together. Today, in Part 4, we consider the survey Interpersonal Misconduct in the Workplace: What It Is, Where It Occurs and What You Should Do About It.
Join us for Episode 5, where we conclude our series by considering the scope of what these four GBES components mean for companies, the compliance professional and the compliance profession.
For more information on ECI, check out their website by clicking here.
To obtain a copy of all four of the 2018 GBES surveys, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this special bonus episode I visit with Mike Volkov on the Cognizant Technology Solutions Corp FCPA enforcement action, declination and C-Suite criminal indictments which were all announced on Friday of this past week. Highlights from the podcast include: What were the underlying facts of the case?How did the company obtain a Declination with Disgorgement in the face of C-Suite involvement?What prior FCPA enforcement actions could provide guidance for the resolution in this matter?What are the lessons to be learned by the CCO and compliance professional from this enforcement action?What are the lessons for Boards of Directors from the Cognizant enforcement actions? Mike Volkov is running a five-part blog post series on the Cognizant Technology Solutions Corp FCPA enforcement action this week on his award-winning blog siteCorruption, Crime and Compliance. You should check it out each day and you can begin by reading Part I, by clicking here. See also, Matt Kelly’s blog post $25 Million to End the Cognizant FCPA Caseon his Radical Compliance blog. Additional Resources:SEC Cease and Desist OrderDOJ DeclinationDOJ Press ReleaseCoburn and Schwartz Indictment
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/17/2019 • 36 minutes, 7 seconds
Daily Compliance News: February 15, 2019-the coming home edition
FEBRUARY 15, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Disgraced former Goldman Sachs MD Roger Ng to waive extradition and come to US to stand trial? (New York Times)· Petrofac faces massive shareholder suit over allegations of bribery. (OCCRP)· IMF says world corruption costs $2 trillion in the international economy. (Al Arabiya)· Do bad apples cause corruption? (FCPA Blog)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/15/2019 • 6 minutes, 27 seconds
This Week in FCPA-Episode 142 - the What’s in Your Supply Chain? edition
A special guest joins the lads this week. Tom and Jay were panelists this week’s at Assent’s Supply Chain Conference as was our guest Pamela Fierst-Walsh who joins in for this special live edition of This Week in FCPA. The trio share their observations around one of the areas of renewed compliance focus and are back to at some of this week’s top compliance and ethics stories which caught their collective eyes.
1. KPMG executives go to trial in alleged theft of PCAOB audit protocols. 2. Hawiian businessman pleads guilty to FCPA violations. 3. Do you know who is in your supply chain? Matt Kelly on the Anheuser-Busch commercial featuring Bon & Viv. Matt and Tom consider more deeply in this week’s episode of Compliance into the Weeds.4. Why is the ‘ethics’ portion of a compliance and ethics program more important than ever? 5. Avoiding female colleagues is not the answer to #MeToo. It’s discrimination. 6. Why is health care in China still a minefield for compliance? 7. What are some great digital markets strategies for compliance? 8. How does organizational culture impact compliance? 9. Have you been microchipped? 10. Tom has a 5-part podcast series celebrating the 15th anniversary of the founding of Affiliated Monitors. 11. Tom and Louis Sapirman are joined by Sean Freidlin for a Hanzo sponsored webinar on February 28 on the intersection of a corporate compliance program and corporate communications and marketing. Learn about knocking down silos and using social media in your compliance program. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected]. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/15/2019 • 44 minutes, 35 seconds
Daily Compliance News: February 14, 2019-the Valentine’s Day edition
FEBRUARY 14, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Did KPMG game the audit oversight system? (Bloomberg)· Is your dog microchipped? How about you? (Compliance and Enforcement Journal)· How the NFL took down Bob Costas. (Sports Illustrated)· South Africa set to replace PIC. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/14/2019 • 6 minutes, 27 seconds
Episode 103-Leadership Lessons from the Oscars-No Country for Old Men
We are back with our fan favorite Oscar movie month. During the month of February each year, we look at Oscar-winning Best Pictures and consider the leadership lessons we glean from our viewing. This month we look at three: No Country for Old Men, The Sting and The Last Emperor. In this episode of 12 O’Clock High, a podcast on business leadership, Richard Lummis and I take at the 2007 Best Picture winning film, No Country for Old Men. Some of the highlights were: · One of the key themes of the movie is the tension between destiny and self-determination;· What have been the changes in law enforcement in the former wild west?· What does it mean to enforce laws on the former frontier?· Crime has changed and become more sophisticated. The regulator and enforcers must also change; and· What happens when a hero, or business leader grows old?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/14/2019 • 16 minutes, 33 seconds
Daily Compliance News: February 13, 2019-the Batman edition
FEBRUARY 13, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Ole Miss Vacates 33 Wins After NCAA Violations. (Sports Illustrated)· Hawaii businessman pleads guilty to FCPA offense. (FCPA Blog)· How far will Batman fall? (Bloomberg)· To Russia with Love. (Reuters)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/13/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 111- What is supply chain risk?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/13/2019 • 23 minutes, 57 seconds
Daily Compliance News: February 12, 2019-the Big Headache for AB edition
FEBRUARY 12, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Ex-Malaysia PM trial delayed. (The Straits Times)· Big Four accountants push back against breakup proposals. (City A.M.)· Will stock buy-backs be outlawed? (MarketWatch)· Bon & Viv=big headache for AB. (Radical Compliance)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/12/2019 • 6 minutes, 27 seconds
Affiliated Monitors: 15 Years of Independent Monitoring Excellence -Episode 4, the Marriage of Independent Monitors and C&E Programs
Over five podcasts, I visit with Vin DiCianni, CEO and founder of Affiliated Monitors, Inc. (AMI) as a retrospective of the company’s first 15 years. AMI sponsored this podcast series. This podcast series is much more than simply the history of AMI as it details the rise of independent monitors in the US at multiple levels: the federal government, state agencies and local authorities as well as internationally. AMI has been at the forefront of not only the use of independent monitors but also the dramatic growth of the compliance and ethics profession over the past 15 year. This podcast series is then a history of both the rise of independent monitors as well as the government’s embrace of corporate compliance and ethics programs. In this Episode 4, I visit with DiCianni on the marriage of independent monitors and compliance and ethics programs.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode I visit with three lawyers from Miller & Chevalier: Maryna Kavaleuskaya, Michael Skopets, and Ann Sultan on the firm’s Inaugural Europe-Caucasus-Asia Corruption Survey. The report provides some unique insights into regional corruption risks and mitigation strategies. Highlights from the podcast include: 1. Background on the survey.2. In measuring corruption levels in the ECA region, were the countries to be similar or were there particular outliers? 3. What findings were the most surprising by or were the most interesting? 4. The analysis about the levels of corruption in ten specific government services or functions, such as their legislatures, certain elements of the judicial system, customs, and local authorities. What were the common findings in these areas. 5. What specific findings, on compliance risk mitigation strategies are important for companies working in the region and their compliance professionals?6. Were there any country-specific findings that are particularly important?7. What are the key takeaways from the survey? To see a copy of the Miller & Chevalier inaugural Europe-Caucasus-Asia Corruption Survey, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/11/2019 • 26 minutes, 56 seconds
Daily Compliance News: February 11, 2019-the Venezuela in turmoil edition
FEBRUARY 11, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Why it’s important that PdVSA money go into a trust? (Wall Street Journal)· The Scorpions reappear in South Africa-this time to fight corruption. (The South African)· Corruption costs Europe €120 per year. (BBC)· Turkish Subsidiary Hid Iranian Activity from U.S. Parent. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/11/2019 • 6 minutes, 27 seconds
Affiliated Monitors: 15 Years of Independent Monitoring Excellence -Episode 2, The Early Days
Over five podcasts, I will visit with Vin DiCianni, CEO and founder of Affiliated Monitors, Inc. (AMI) as a retrospective of the company’s first 15 years. AMI sponsored this podcast series. This podcast series is much more than simply the history of AMI as it details the rise of independent monitors in the US at multiple levels: the federal government, state agencies and local authorities as well as internationally. AMI has been at the forefront of not only the use of independent monitors but also the dramatic growth of the compliance and ethics profession over the past 15 year. This podcast series is then a history of both the rise of independent monitors as well as the government’s embrace of corporate compliance and ethics programs. In this Episode 2, I visit with DiCianni on the early days of AMI.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/11/2019 • 17 minutes, 27 seconds
Affiliated Monitors: 15 Years of Independent Monitoring Excellence -Episode 3, the Expansion of Independent Monitors
Over five podcasts, I visit with Vin DiCianni, CEO and founder of Affiliated Monitors, Inc. (AMI) as a retrospective of the company’s first 15 years. AMI sponsored this podcast series. This podcast series is much more than simply the history of AMI as it details the rise of independent monitors in the US at multiple levels: the federal government, state agencies and local authorities as well as internationally. AMI has been at the forefront of not only the use of independent monitors but also the dramatic growth of the compliance and ethics profession over the past 15 year. This podcast series is then a history of both the rise of independent monitors as well as the government’s embrace of corporate compliance and ethics programs. In this Episode 2, I visit with DiCianni on the early days of AMI. In this Episode 3, I visit with DiCianni on how the use of independent monitors has expanded.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/11/2019 • 16 minutes, 29 seconds
Affiliated Monitors: 15 Years of Independent Monitoring Excellence -Episode 5, Final Reflections on 15 Years
Over this five-part podcast series, I have visited with Vin DiCianni, CEO and founder of Affiliated Monitors, Inc. (AMI) as a retrospective of the company’s first 15 years of existence. AMI sponsored this podcast series. This podcast series is much more than simply the history of AMI as it details the rise of independent monitors in the US at multiple levels: the federal government, state agencies and local authorities as well as internationally. AMI has been at the forefront of not only the use of independent monitors but also the dramatic growth of the compliance and ethics profession over the past 15 year. This podcast series is then a history of both the rise of independent monitors as well as the government’s embrace of corporate compliance and ethics programs. In this concluding Episode 5, I ask DiCianni to reflect on where AMI has been, where it may be going and what he is most proud of on the occasion of the 15th anniversary of the founding of AMI.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/11/2019 • 15 minutes, 54 seconds
Affiliated Monitors: 15 Years of Independent Monitoring Excellence -Episode 1, DiCianni's Idea
Over the next five podcasts, I will visit with Vin DiCianni, CEO and founder of Affiliated Monitors, Inc. (AMI) as a retrospective of the company’s first 15 years. AMI sponsored this podcast series. This podcast series is much more than simply the history of AMI as it details the rise of independent monitors in the US at multiple levels: the federal government, state agencies and local authorities as well as internationally. AMI has been at the forefront of not only the use of independent monitors but also the dramatic growth of the compliance and ethics profession over the past 15 year. This podcast series is then a history of both the rise of independent monitors as well as the government’s embrace of corporate compliance and ethics programs. In Episode 1, I visit with DiCianni on how he developed the idea which led to the founding AMI.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/11/2019 • 17 minutes, 9 seconds
This Week in FCPA-Episode 141 - the We’re on Spotify edition
The Patriots won the Super Bowl (yet again). Even more significantly This Week in FCPA is now on Spotify. To celebrate, Tom and Jay are back to at some of this week’s top compliance and ethics stories which caught their collective eyes.
1. Goldman Sachs considers clawbacks from former execs involved in the 1MDB scandal. 2. What were last year’s trends in NPAs and DPAs.3. Stupid CEO remarks=new activist investor on Board. 4. An intriguing analysis of the Wells Fargo scandal. 5. Bring out your dead.6. It’s Friday afternoon. Where are your bankers? 7. Why is tennis so susceptible to corruption? 8. Is your organization’s culture toxic? How can you assess it? 9. Did the Commerce Department violate federal law in a monitor selection? 10. Tom has a 5-part podcast series on moving from disconnected to connected compliance, sponsored by GAN Integrity.11. Tom and Jay are speaking at the Assent Compliance, Supply Chain Conference in San Diego, on February 13. If you are interested in supply chain, compliance or the FCPA, please come by and check it out. Registration and agenda are available here. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/8/2019 • 43 minutes, 14 seconds
Daily Compliance News: February 8, 2019-the what’s your password edition
FEBRUARY 8, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Former Petrofac Unit Executive Pleads Guilty to Bribery. (Wall Street Journal)· More trouble for Danske bank. (Wall Street Journal)· When is too much risk, too much? (Wall Street Journal)· Do you know your CEOs password? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/8/2019 • 6 minutes, 27 seconds
Daily Compliance News: February 7, 2019-the stupid is as stupid does edition
FEBRUARY 7, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Stupid CEO remarks=new activist investor on Board. The Papa John saga continues. (Wall Street Journal)· Reporting money costs more money. (Wall Street Journal)· First Circuit issues significant ruling protecting whistleblowers in FCA case. (LinkedIn)· What is a conflict of interest? (MarketWatch)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/7/2019 • 6 minutes, 27 seconds
Life With GDPR: Episode 22- Morrisons’ and vicarious liability
In this episode, I visit with Jonathan Armstrong on the recent UK court of appeals decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point and has significant implications in the broader data privacy-data protection space. Jonathan and I go full lawyer-geek to discuss the legal theories, underlying facts and what it all may mean. Some of the issues and highlights are: The case is instructive for how to do (or perhaps not do) regular business under GDPR on data privacy. If a file is too large to email, it presents a higher data protection risk and must be so managed.Should you do risk assessments on individual employees around data privacy-data protection? How can vicarious liability exist for ultra vires conduct by an employee?How do you properly scope an investigation to ascertain an individual’s mindset?A company must require its vendors to exercise appropriate data protection and control. Will Morrisons apply to the UK Supreme Court for relief? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/7/2019 • 27 minutes, 32 seconds
Daily Compliance News: February 6, 2019-the send in the clowns edition
FEBRUARY 6, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Send in the clowns. The NCAA investigates Sean Miller and Arizona (Sports Illustrated)· Will Australian report on bank malfeasance lead to criminal charges? (Financial Times)· Playing the blame game. Big Pharma tries to shift blame for its price raises. (Wall Street Journal)· Another tennis match-fixing scandal. (BBC)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/6/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 110- the Ralph Northam edition
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recent imbroglio involving (at least as of now) current Governor of Virginia, Ralph Northam and the pictures involving Northam in blackface and KKK robes. Some of the highlights include: Ø What is ethical leadership?Ø Why is Northam following the Trump playbook?Ø How and why employees take their cues around ethics from their leaders?Ø Why are employees looking to work for companies with a culture of accountability?Ø Why should the CCO have an ethical role in an organization? For additional reading see Matt’s blog post Northam and Ethical Accountabilityin Radical Compliance. Share Your Compliance Expertise and Help Those in Need!We need your expertise on ethics & compliance programs! If you’re involved in managing employee policies & procedures, a hotline/incident management program, training initiatives or third party risk management, please share your thoughts on your program effectiveness, success measurements, and key activities and goals for this year by taking part in NAVEX Global’s 2019 Future of Compliance Report survey.Click here to complete the survey.For every complete, $10 (USD) will be donated on your behalf to the charity of your choosing from the following charities: UNICEF, Operation Smile, St. Jude Children’s Hospital, Humane Society, Wounded Warrior Project,Médecins Sans Frontières, or Rainbow Trust Children’s Charity. Also, as a thank you for your participation in this annual study, you’ll get access to this valuable benchmark data to create a more effective compliance program.You can also copy and paste the URL below into your internet browser:
https://na1se.voxco.com/SE/?st=4P4BV59nKuYZVVwz2mHGZPBTRrG4NjahAP%2FlgrTzTYE%3D&urlimport=1&questlist=source&source=4 COMMITMENT TO ANONYMITY
All responses are confidential and will be reported only in aggregate form. Individual data will NEVER be shared with any other party (privacy policy).
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/6/2019 • 25 minutes, 14 seconds
Compliance into the Weeds: Episode 110- the Ralph Northam edition
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recent imbroglio involving (at least as of now) current Governor of Virginia, Ralph Northam and the pictures involving Northam in blackface and KKK robes. Some of the highlights include: Ø What is ethical leadership?Ø Why is Northam following the Trump playbook?Ø How and why employees take their cues around ethics from their leaders?Ø Why are employees looking to work for companies with a culture of accountability?Ø Why should the CCO have an ethical role in an organization? For additional reading see Matt’s blog post Northam and Ethical Accountabilityin Radical Compliance. Share Your Compliance Expertise and Help Those in Need!We need your expertise on ethics & compliance programs! If you’re involved in managing employee policies & procedures, a hotline/incident management program, training initiatives or third party risk management, please share your thoughts on your program effectiveness, success measurements, and key activities and goals for this year by taking part in NAVEX Global’s 2019 Future of Compliance Report survey.Click here to complete the survey.For every complete, $10 (USD) will be donated on your behalf to the charity of your choosing from the following charities: UNICEF, Operation Smile, St. Jude Children’s Hospital, Humane Society, Wounded Warrior Project,Médecins Sans Frontières, or Rainbow Trust Children’s Charity. Also, as a thank you for your participation in this annual study, you’ll get access to this valuable benchmark data to create a more effective compliance program.You can also copy and paste the URL below into your internet browser:
https://na1se.voxco.com/SE/?st=4P4BV59nKuYZVVwz2mHGZPBTRrG4NjahAP%2FlgrTzTYE%3D&urlimport=1&questlist=source&source=4 COMMITMENT TO ANONYMITY
All responses are confidential and will be reported only in aggregate form. Individual data will NEVER be shared with any other party (privacy policy).
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/6/2019 • 25 minutes, 14 seconds
Daily Compliance News: February 5, 2019-the Monty Python edition
FEBRUARY 5, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Now monitorships based upon political loyalty. (National Review)· Bangladesh sues of bank heist. (Wall Street Journal) · Former SNC-Lavalin chief pleads guilty in bribery case. (FCPA Blog)· Bring out your dead. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/5/2019 • 6 minutes, 27 seconds
Daily Compliance News: February 4, 2019-the Champion’s edition
FEBRUARY 4, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Goldman Sachs institutes a clawback provision for exec involved with 1 MDB (New York Times)· What is bad press? McKinsey and the opioid crisis. (New York Times) · Biggest surprise when going to the CEO chair? Multiple stakeholders (he should have talked to the CCO) (Wall Street Journal)· Rev rec is still a challenge. (MarketWatch)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 6 minutes, 27 seconds
The Evolution of Compliance: From Disconnected to Connected, Part V-The Human Side of Connected Compliance
In this special five-part podcast series, sponsored by Gan Integrity, we have considered the evolution of compliance, from disconnected to connected. We have explored why compliance is disconnected and what can be done to connect it, how to build a connected compliance program and technology can help in this endeavor. The series has been a fascinating exploration of where compliance is in 2019 and where it is headed down the road. In this fifth and final episode, I visit Valerie Charles, the Chief Strategy Officer at GAN Integrity on what is the human side of connected compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 15 minutes, 1 second
The Evolution of Compliance: From Disconnected to Connected-Part III-Constructing a Connected Program
In this special five-part podcast series, hosted by Gan Integrity, we consider the evolution of compliance, from disconnected to connected. Over the next five episodes we will explore why compliance is disconnected and what can be done to connect it, how to build a connected compliance program and technology can help in this endeavor and finally what is the human side of compliance in the context of connected compliance. The series is a fascinating exploration of where compliance is in 2019 and where it is headed down the road. In this third episode, I visit Peter Chang, the Head of Customer Success at GAN Integrity to consider how to construct a connected compliance program. Join us tomorrow when explore connected technology works.
For more information on how connected compliance, visit our sponsor Gan Integrity Solutions, Inc. at www.ganintegrity.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 13 minutes, 58 seconds
The Evolution of Compliance: From Disconnected to Connected- Part II – Connected, as Under One Roof
In this special five-part podcast series, hosted by Gan Integrity, we consider the evolution of compliance, from disconnected to connected. Over five episodes we will explore why compliance is disconnected and what can be done to connect it, how to build a connected compliance program, technology can help in this endeavor and finally what is the human side of compliance in the context of connected compliance. The series is a fascinating exploration of where compliance is in 2019 and where it is headed down the road. In this second episode, I visit Thomas Sehested, the founder and CEO at Gan Integrity to consider how he advocated that compliance should be connected under one roof, from his perspective as a serial entrepreneur in the tech sector. Join us tomorrow when explore how to construct a connected compliance program. For more information on how connected compliance, visit our sponsor Gan Integrity Solutions, Inc. at www.ganintegrity.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 13 minutes, 3 seconds
FCPA Compliance Report-Episode 416, James Koukios on the Morrison and Foerster Top 10 International Anti-Corruption Developments for December 2018
In this episode I visit with podcast favorite Morrison and Foerster partner James Koukios on the firm’s Top 10 International Anti-Corruption Developments for December 2018. We look at some of the key international developments. Highlights from the podcast include: 1. Serious Fraud Office prosecutions against employees from Alstom subsidiaries. How did the SFO fare in them?2. SFO also announces new charges in Petrobras spin-off investigations. 3. What is the impact of the OECD Report which found a lack of sanctions against bribe takers in foreign bribery cases?4. French court fines Total for bribes paid in Iran.5. In the domestic sphere, the Polycom FCPA enforcement action saw some of the implications from the US Supreme Court decision in the Kokesh decision. How did they play out? To see a copy of the Morrison and Foerster Top 10 International Anti-Corruption Developments for December 2018, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 23 minutes, 23 seconds
The Evolution of Compliance: From Disconnected to Connected: Part IV-How Connected Technology Works
In this special five-part podcast series, hosted by Gan Integrity, we consider the evolution of compliance, from disconnected to connected. Over the next five episodes we will explore why compliance is disconnected and what can be done to connect it, how to build a connected compliance program and technology can help in this endeavor and finally what is the human side of compliance in the context of connected compliance. The series is a fascinating exploration of where compliance is in 2019 and where it is headed down the road. In this fourth episode, I visit Martin Albertsen, the Chief Technology Officer at GAN Integrity to the role of technology in a connected compliance program. Join us tomorrow when we conclude our exploration of why compliance is disconnected and how companies can work to connect it by looking at the human side of compliance. For more information on how connected compliance, visit our sponsor Gan Integrity Solutions, Inc. at www.ganintegrity.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 14 minutes, 10 seconds
The Evolution of Compliance: From Disconnected to Connected- Part I - Introduction
In this special five-part podcast series, hosted by Gan Integrity, we consider the evolution of compliance, from disconnected to connected. Over the next five episodes we will explore why compliance is disconnected and what can be done to connect it, how to build a connected compliance program, technology can help in this endeavor and finally what is the human side of compliance in the context of connected compliance. The series is a fascinating exploration of where compliance is in 2019 and where it is headed down the road. In this first episode, I visit Valerie Charles, the Chief Strategy Officer at Gan Integrity to consider what is disconnected compliance. Join us tomorrow when explore the one roof theory of a connected compliance program.
For more information on how connected compliance, visit our sponsor Gan Integrity Solutions, Inc. at www.ganintegrity.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/4/2019 • 14 minutes, 24 seconds
Daily Compliance News: February 2, 2019-the Groundhog’s Day edition
FEBRUARY 2, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Venezuela is moving towards a divided government. What does it mean for businesses? (Financial Times)· What is material? (Financial Times) · What is credibility? (Financial Times)· Standard Chartered spanked (yet) again. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/2/2019 • 6 minutes, 27 seconds
This Week in FCPA-Episode 140 - the Godfather retires edition
The Super Bowl is Sunday. Will the ads be better than the game? Tom and Jay are back and as the pay tribute to the Godfather of compliance bloggers and commentators, Dick Cassin, who turned over Editorship of the FCPA Blog to his son, Harry Cassin. They also look at some of this week’s top compliance and ethics stories which caught their collective eyes.
1. Why lying to your bank is always a bad idea. The US government hammers Huawei with a criminal complaint. Will Huawei even be around? 2. The SEC has a busy week. 3. Got dinged by your employer for a FCPA fubar? No defamation claim for you. 4. How should a board think about its oversight role of corporate culture? 5. How should you brief a Board on Tech? 6. Where are behavioral insights in compliance? 7. Did conflicts of interest help fuel the opioid crisis? 8. Should year-end corruption perception rating be read with a grain of salt? 9. Odebrecht debarred by World Bank. 10. Fighting corruption is a money maker in Saudi Arabia. 11. Tom is back with another week of compliance lessons from The Bard as he uses Shakespeare’s Problem Play to illustrate compliance issues. Check out the following: Part 1-All’s Well that Ends Well and Compliance Resiliance; Part 2-Troilus and Cressida and Compliance as Tragedy; Part 3- Measure for Measure and Creating a Game Plan; Part 4-The Winer’s Tale and Terminating a 3rdParty; Part 5-Timon of Athens and Risk Ranking Logistics Companies. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes,JDSupra, Panoplyand YouTube. Soon to be on Spotify and Corporate Compliance Insights. 12. The Godfather of FCPA blogging retired this week as Dick Cassin stepped down from day-to-day running of the FCPA Blog, turning over the Editorship to Harry Cassin. The entire compliance community owes Dick a huge debt of gratitude. Tom and Jay reflect on how Dick and the FCPA Blog impacted their compliance trajectories. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/1/2019 • 35 minutes, 11 seconds
Daily Compliance News: February 1, 2019-the I can’t believe its February already edition
FEBRUARY 1, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Things get worse for PG&E as federal judge slams company. (Wall Street Journal)· What is due diligence? Foxxconn says it didn’t know. (New York Times) · How anti-corruption can pay (and pay and pay). (CNBC)· Fearsome foes line up to make Danske pay for laundering scandal. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/1/2019 • 6 minutes, 27 seconds
Life With GDPR: Episode 21- Cambridge Analytica Subject Access Case
In this episode I visit with Jonathan Armstrong on the recent fine levied by British regulators against the insolvent institution Cambridge Analytica for violations of the British privacy law which was in place before GDPR went live. The case involved Cambridge Analytica denying aggrieved parties subject access requests and associated rights. Some of the issues and highlights are: The case demonstrates how not to interact with regulators as Cambridge Analytica’s pleadings were unnecessarily demeaning. The settlement with the company left open the possibility of criminal charges against individuals.How wide is the jurisdiction of the ICO? This case tested the limits. Always remember data subjects have rights.What are the key takeaways on the case?A vigorous defense of a civil action can lead to higher regulatory fines. What does a corporate regime change mean for regulatory enforcement? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/31/2019 • 19 minutes, 15 seconds
Daily Compliance News: January 31, 2019-the scam season edition
JANUARY 31, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Defamation suit under based upon allegations of FCPA violations is dismissed. (Global Investigation Review)· Why would anyone send their children to MSU? (ESPN)· Did drug makers conspire, commit fraud or worse to create the opioid crisis? The first cases are about to go to trial. (New York Times)· Why is it still the scam season? (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/31/2019 • 6 minutes, 27 seconds
Daily Compliance News: January 30, 2019-the new charges and new sanctions edition
JANUARY 30, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· US levels new charges at Huawei. (Wall Street Journal)· US slaps sanctions on PdVSA. (Wall Street Journal)· Wonder why Apple does manufacture in the US? (Hint-think Supply Chain) (New York Times)· Wynn Casinos tolerance of sexual harassment comes to an end with the Nevada Gaming Control Board. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/30/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 109- Does the NFL Even Care?
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recent blown call in the Saints-Rams NFC. We consider the (non) response from the NFL under the rubric of internal controls. Some of the highlights include: Ø What is risk and how should it be considered?Ø Who are the stakeholders for professional football? Who are the stakeholders for your organization?Ø Does your risk increase the closer you get to the final goal? (IE., playing for the Super Bowl)Ø If a control failure can lead to a material adverse event, shouldn’t you have a compensating control?Ø Should an organization like the NFL even care about getting it right? For additional reading see Matt’s blog post Of Blown Calls and Internal Controlin Radical Compliance. Share Your Compliance Expertise and Help Those in Need!We need your expertise on ethics & compliance programs! If you’re involved in managing employee policies & procedures, a hotline/incident management program, training initiatives or third party risk management, please share your thoughts on your program effectiveness, success measurements, and key activities and goals for this year by taking part in NAVEX Global’s 2019 Future of Compliance Report survey.Click here to complete the survey.For every complete, $10 (USD) will be donated on your behalf to the charity of your choosing from the following charities: UNICEF, Operation Smile, St. Jude Children’s Hospital, Humane Society, Wounded Warrior Project,Médecins Sans Frontières, or Rainbow Trust Children’s Charity. Also, as a thank you for your participation in this annual study, you’ll get access to this valuable benchmark data to create a more effective compliance program.
You can also copy and paste the URL below into your internet browser:
https://na1se.voxco.com/SE/?st=4P4BV59nKuYZVVwz2mHGZPBTRrG4NjahAP%2FlgrTzTYE%3D&urlimport=1&questlist=source&source=4 COMMITMENT TO ANONYMITY
All responses are confidential and will be reported only in aggregate form. Individual data will NEVER be shared with any other party (privacy policy).
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/30/2019 • 25 minutes, 32 seconds
Daily Compliance News: January 29, 2019-the 1MDB and Nissan investigations expand edition
JANUARY 29, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Did bribery pave the way for the opioid crisis? (ABC News)· SEC open investigation into Nissan over Carlos Ghosn scandal. (Wall Street Journal)· 1MDB investigation expands to include Deloitte and KPMG. (This Week in Asia)· Of all the bankers who engaged in fraud during the Financial Crisis, why are 4 Barclays execs on trial? (BBC)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/29/2019 • 6 minutes, 27 seconds
Shakespeare's Problems Plays: Part 1 - All’s Well That Ends Well and Compliance Resilience
This podcast opens a five-part podcast series on Shakespeare’s Problem Plays. These are plays where the structure of comedy ends the plays; i.e. everyone gets married at the end of the day. Yet these were really not happy endings. Equally they are not tragedies either. Usually in the middle is some very dark part, which tests the reader, play-goer or listener with some very difficult subjects. The five we will consider for the remainder of this week are “All’s Well That Ends Well”; “Troilus and Cressida”; “Measure for Measure”; “The Winter’s Tale”; and finally, “Timon of Athens”. In “All’s Well That Ends Well” Helena is a low-born ward of a French-Spanish countess. She chases Bertram across Europe, sends another woman into bed with him and then captures his heart by all this aggressive stalking. Yet Helena is largely broken by Bertram’s actions. I thought about All’s Well That Ends Wellwhen I read a recent article in the Harvard Business Review (HBR) by Roger L. Martin, entitled The High Price of Efficiency. In this article, he posited that the relentless pursuit of business process efficiency can actually make an organization less resilient. As they become less resilient, they are more at risk for a catastrophic failure or a likelihood of a control failure which could lead to something akin to a major ethical violation or even legal violation such as under the Foreign Corrupt Practices Act (FCPA). The points adapted for compliance are: 1. The first is to limit scale. 2. The second is to introduce friction. This is the situation where a company creates an artifice so clean that if something untoward enters the system, it can wipe it out. You should is to bring in someone from the outside to review your compliance program on a two- or three-year basis, to provide an outside perspective but also put some sand in your shoes at times. 3. The third prescription should be high on every Chief Compliance Officer’s (CCO’s) game plan. It is to “create good jobs.” 4. CCOs must also work to teach resilience in their organizations. Tomorrow, Troilus and Cressida.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 9 minutes, 38 seconds
Shakespeare’s Problems Plays: Part 5- Timon of Athens and Risk Ranking Logistics Companies
Today, I round out the series by discussing the final play considered in this oeuvre, “Timon of Athens”. While the first four Problem Plays are most generally described as a play where the mask of comedy (not the mask of tragedy) ends the plays; i.e. everyone gets married at the end of the day, even though these were really not happy endings. However today’s offering is a Problem Play for yet another reason - it does not seem to be finished. The Foreign Corrupt Practices Act (FCPA) world is littered with cases involving freight forwarders, brokers and agents in the shipping and express delivery arena. How can a company respond to protect itself or at least reduce its potential FCPA risk with regards to a logistics company, freight forwarder or express delivery company? Timon of Athens did not seem to have a process in mind when he gave all his possessions away. In the forest, he could only seethe with rage and contemplate the destruction of his former city and friends. Creative uses of your own risk ranking tools will go a long way in determining your company’s FCPA liability. You must have a thoughtful process and document that process.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 9 minutes, 43 seconds
Shakespeare’s Problem Plays: Part 3 - Measure for Measure and Creating a Game Plan
Next, we consider Measure for Measure. In the age of #MeToothis play has taken on a renewed and frankly disturbing existence. Seeing the play in the past year was a much difference experience for me than the 20 years or so ago when I last saw it. Once again while there are comic elements, largely around the switching out of partners in a bedroom farce and a marriage proposal to end the play, there are some dark, indeed very dark, parts in the middle of the play. These include demeaning and the debasement of the female protagonist Isabel, leading to what modern day critics see as a rape scene of Isabel. The basic plot line is the Duke of Vienna leaves town ostensibly on a diplomatic mission but, in reality, goes undercover to see how the city fairs in his absence from his appointed Judge, Angelo, who will lead a moral crackdown. Claudio get his fiancé pregnant and although ready, willing and able to do the right thing and marry her, Angelo condemns him to death. Claudio’s sister, who is about to join a convent, goes to Angelo to plead for his life. Angelo offers to spare her brother if she will cede her virginity to Angelo. She refuses and says she will report his conduct and then is one of the most chilling lines in all of Shakespeare “Who will believe thee, Isabel?” In “How to Clean Up a #MeToo Mess”, Mary Pilon details the story of Cynthia Marshall, the new CEO of the Dallas Mavericks, who was brought in to the organization after the devastating Sports Illustrated article detailed both sexual harassment and sexual assault by Mavericks senior management upon female employees. 1. Own the mistake(s) but move forward. Cooperate with the investigators. Make clear there are new values and you are going to support them going forward. 2. Create supportive communities for employees. No company’s employees want to be known as the bribery company or the cheaters. This can be a powerful tool to help unearth unethical or even illegal conduct. 3. Make the new values clear.Continually drive home the message that unethical behavior will not be tolerated. 4. Do not be afraid to ask for help, both inside and outside.If you need subject matter expertise, go get it. Use the talent inside your organization as well. 5. Invest in talent. If there is talent that has not been brought forward do so now. In this era of #MeToo, Measure for Measure may be more important than ever. Tomorrow The Winter’s Tale.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 9 minutes, 47 seconds
Shakespeare’s Problem Plays: Part 4-The Winter’s Tale and Terminating a Third Party
Today, we consider The Winter’s Tale. In this play, King Leontes of Sicily and King Polixenes of Bohemia are old friends and Polixenes is about to return home after a six month visit to Sicily. Leontes wants him to remain longer and asks his wife to persuade him to stay. At this point the green-eyed monster of jealously takes hold of Leontes and he becomes obsessed with the idea that his wife has been unfaithful to him with Polixenes. He tries to have her killed but she escapes and so he puts her in prison where she gives birth. The baby daughter is taken away to the Kingdom of Bohemia and as you might guess she ends up falling in love with the son of King Polixenes. They return years later to Sicily and father and daughter are united and reconciled. The daughter also marries the son of King Polixenes, hence the confusion which makes this a Problem Play. I thought of the difficulties of King Leontes when it comes to terminating a third party. At some point, you will be required to terminate a third-party and there will be multiple legal, compliance and business issues to navigate going forward. If you are stuck doing it in the middle of a Foreign Corrupt Practices Act (FCPA) investigation, there may well be some tension to do so and do so quickly. If you have not thought through this issue and created a process to follow before it all hits the fan, you may well be in for a very tough road. The key theme in termination is planning. The Office of Comptroller of the Currency, OCC Bulletin 2013-29, said that regarding third-party termination, a bank should develop a “contingency plan to ensure that the bank can transition the activities to another third party, bring the activities in-house, or discontinue the activities when a contract expires, the terms of the contract have been satisfied, in response to contract default, or in response to changes to the bank’s or third party’s business strategy.” In an article entitled “Breaking Up Is Hard To Do”, Carol Switzer related how to avoid pain by planning for the end of a third-party relationship. She said it all should begin with “an exit strategy, a transition plan or a pre-nup—whatever the title, it’s best to begin by planning for the end which, in the case of business at least, will always eventually come. Although rarely considered, the termination of a third-party relationship can be as important a step as any other in the management of the third-party lifecycle. While having the contractual right to terminate is a good starting point, it is only the starting point. You not only need to have a compliance and legal plan in place but a business plan as well. If you do not, the cost in both monetary and potential business reputation can be quite high. Tomorrow, we conclude with Timon of Athens.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 10 minutes, 8 seconds
Shakespeare’s Problem Plays: Part 2 - Troilus and Cressida and Farce in Compliance as Tragedy
We continue our consideration of Shakespeare’s Problem Plays with today’s offering on Troilus and Cressidaas an introduction to problems in compliance. Today, we consider Troilus and Cressidaand how the title character was portrayed as a fool but the main action is around the death of other characters. The title characters of this play are not the main story, which takes place during the Trojan War. Troilus loves Cressida, who are both Trojans. Unfortunately Cressida is exchanged for another Trojan who has been captured by the Greeks. This part of the play concludes with Troilus going into battle in a very frenzied manner. Shakespeare seems to portray him as a hot-headed fool in love, but he does not die. We recently saw the tragedy of the victims of Larry Nassar go to a new level when Michigan State University (MSU) Interim President John Engler said (on the record) to the Editorial Board of the Detroit News, “There are a lot of people who are touched by this, survivors who haven’t been in the spotlight. In some ways they have been able to deal with this better than the ones who’ve been in the spotlight who are still enjoying that moment at times, you know, the awards and recognition. And it’s ending. It’s almost done.” This is not the first time Engler has played the fool in this horrific tragedy. He has consistently attacked, belittled and demeaned the victims of Nassar’s abuse. Yet, as Matt Kelly wrote in a Radical Compliance blog post entitled “Another Compliance Lesson from Michigan State, “The crisis at MSU is, foremost, a crisis of mistrust." In “Michigan State Reorgs Compliance Again”, Kelly wrote about the University’s effort to so obscure any compliance function as to make it basically non-functioning. What does that tell you about MSU’s commitment to ethics? Unfortunately everything you need to know. Perhaps the best way to sum all this is up is as a tragedy. Tomorrow Measure for Measure.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 9 minutes, 55 seconds
Daily Compliance News: January 28, 2019, the rooftop edition
JANUARY 28, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Why the Beatle rooftop (and final) concert still resonate? (Financial Times)· Has #MeToomade men afraid to mentor women? (New York Times)· What happens if there is regime change in Venezuela? (BBC)· Nigerian election thrown into chaos as Buhari suspends country's top judge. (CNN)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 6 minutes, 27 seconds
FCPA Compliance Report-Episode 415, Michael DeBernardis on Hughes Hubbard 2018 FCPA & Anti-Bribery Alert
In this episode I visit with Hughes Hubbard partner Michael DeBernardis on the Hughes Hubbard 2018FCPA & Anti-Bribery Alert. We look at some of the key DOJ pronouncements, key enforcement actions, key cases and key international developments. Highlights from the podcast include: 1. What is the Hughes Hubbard FCPA & Anti-Bribery Alert?2. The key DOJ policy pronouncements in 2018 around the FCPA Corporate Enforcement Policy, including the anti-piling on policy, M&A safe harbor and how to avoid a corporate monitor.3. A review of the key FCPA enforcement actions from 2018, including Petrobras, Credit Suisse, Panasonic Avionics and Société Générale.4. 2018 saw two rare cases at the Supreme Court impacting the FCPA--Cohen& Hoskins.What do they mean for the compliance practitioner?5. How did the final decision in the UK in the case ENRC protect internal investigations?6. What does GDPR mean for FCPA investigations and enforcement going forward. To see a copy of Hughes Hubbard 2018’s FCPA & Anti-Bribery Alert, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2019 • 39 minutes, 45 seconds
Daily Compliance News: January 26, 2019-the Shutdown ends edition
JANUARY 26, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· What happens when fired CEO is asked to repay expenses? (Wall Street Journal)· Is Davos elite out to kill compliance? (New York Times)· Four styles of communication every CCO needs to learn. (Fast Times)· South Africa withdraws corruption charges against Zuma's son. (Reuters)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/26/2019 • 6 minutes, 27 seconds
Popcorn and Compliance: Aquaman
In this podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. So if you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you. Today, we are joined by a special guest commentator, Lisa Fine, co-founder of the podcast Great Women in Compliance. For this week’s offering, today we look at the DC-universe hero,Aquaman. Some of the highlights include: Ø Hero take a journey is great troupe.Ø Aquaman’s star Jason Momoa appears to be in on the joke and has a ton of fun.Ø Nicole Kidman plays an usual role in this film.Ø Does the cinematography work in the numerous underwater shots? Ø The special effects and battle scenes were great. Ø Tom and Lisa give the move a ¾ bucket of popcorn as they both felt the script could have been more faithful to the original origin story. Ø Jay gives the movie not only a full bucket of popcorn but an overflow basket as well. The Compliance takeaways:
1. When you are on the compliance journey always remember from whence you came. Use the best of both worlds when melding culture. 2. Use the best of both worlds when melding corporate culture. 3. Tone at the Top-the kingdom of Atlantis is not well run and it starts from the top.4. Use social media to communicate your compliance program-the financial success of the movie has been attributed in part to the studio’s use of social media in its marketing campaign. 5. Get out of the office-another contributing factor to the success of the marketing campaign was the worldwide tour by the cast. 6. High risk does not mean no, it means high risk management-Director James Wu wanted crisp underwater scenes particularly involving hair movement. Industrial Light and Magic had to invent an entire new process for making the hair movement more realistic.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/26/2019 • 24 minutes, 52 seconds
This Week in FCPA-Episode 139 - the Worst Officiating (Non) call ever edition
As the Pats and Rams advance, Tom and Jay ask if the NFL even cares about get it right? They also look at some of this week’s top compliance and ethics stories which caught their collective eyes.
1. Google becomes first US company fined under GDPR. 2. What is good corporate governance under German law? 3. Deutsche Bank under US scrutiny for it role in Dansk Bank scandal. 4. Should some parts of a compliance program be kept secret? 5. Academic evidence that frauds mar a firm’s reputational value is even greater than previously thought. 6. Siloed compliance and how to overcome it. 7. Matt Kelly looks at some of the specific corruption issues around distributors. 8. Where will Bribery Act enforcement head in 2019? 9. How to handle an internal investigation in Russia. 10. This Week Tom was joined by AMI’s Vin DiCianni and Eric Feldman for a 5-part sponsored podcast series on the Benczkowski Memo and related DOJ guidance on compliance programs from 2018. 11. What is arrogance in leadership? The lads debate how the NFL can be so incompetent and seemingly not care one iota about it. Tom Fox is the Compliance Evangelist and can be reached at [email protected]. Jay Rosen is Mr. Monitor and can be reached at [email protected].
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2019 • 30 minutes, 46 seconds
Life With GDPR: Episode 20-Google Fined €50 for GDPR Violations
In this episode I visit with Jonathan Armstrong and André Bywater on the recent fine levied by the French Data Privacy regulator CNIL against Google for violations under GDPR. Some of the highlights are: The case is the first major GDPR fine against a US company.It demonstrates the lack of forum shopping available to US companies which are looking for a softer regulatory approach.How did the regulators investigate, review and assess a fine and penalty so quickly as GDPR only came into effect last May?What were the two basis of legal violations under GDPR?What are the key takeaways on the case?How was the quantum amount determined? Is it reasonable? Will Google appeal to the European Court of Justice? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2019 • 27 minutes, 35 seconds
Daily Compliance News: January 25, 2019-the Damasian moment edition
JANUARY 25, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Renault (finally) replaces Ghosn. (New York Times)· South African President vows to clean up graft. (New York Times)· Alstom investigated in Romania for bribery. (Romania-Insider)· Former head of Abu Dhabi sovereign wealth fund says he’s a 1MDB scapegoat? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2019 • 6 minutes, 27 seconds
Daily Compliance News: January 24, 2019-the Golden Visa edition
JANUARY 24, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Oversight in EU ‘golden visa’ programs missing. (Wall Street Journal)· Waters says she’ll investigate Mick Mulvaney’s actions at CFPB. (MarketWatch)· Ex-Arizona Assistant Coach Pleads Guilty to Bribery Charge. (New York Times)· Can a hacker be a whistleblower? (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2019 • 6 minutes, 27 seconds
Everything Compliance-Episode 40, the Carnac the Magnificent edition
Welcome to the only roundtable podcast in compliance. In this week’s episode, the gang looks at what 2019 might bring in the ethics and compliance field. Rants follow this week’s episode. 1. Mike Volkov considers what FCPA enforcement may look like in 2019. 2. Jay Rosen considers what 2019 might mean for the compliance practitioner and corporate compliance programs. 3. Jonathan Armstrong considers what may be some of the key developments in data privacy and data protection in the EU and UK in 2019. 4. Matt Kelly considers how the change in the US House of Representatives will increase scrutiny and oversight of companies and what this may mean for compliance professionals. The members of the Everything Compliance panelist are:• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]• Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].• Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected]• Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2019 • 1 hour, 3 minutes, 41 seconds
Compliance into the Weeds: Episode 108- Distributors and Compliance
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into some of the difficulties around distributors in anti-corruption compliance. Some of the highlights include: Ø The recent Polycom FCPA enforcement action highlighted several FCPA enforcement actions from 2018 involving distributors.Ø How do discounts, coupons, rebates, and sales devices circulate among your company, distributors, and end customers? Distributors present these and other issues separate from sales agents and employees.Ø What do the Sanofi and Stryker enforcement actions tell us around compliance?Ø Why does Document Document Document continue to be a mantra for anti-corruption compliance? For additional reading see Matt’s blog posts Distributors, FCPA, and Internal Controls — Lessons for Anti-Bribery & Corruption Programsin Navex Global’s Ethics and Compliance Matters For more on the Polycom FCPA enforcement action, see Tom’s blog post, “Follow the Money Through Distributors”
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/23/2019 • 23 minutes, 23 seconds
Daily Compliance News: January 23, 2019-the horsemeat trial edition
JANUARY 23, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Horsemeat scandal opens in France. (BBC)· Theranos whistleblowers speak for transparency. (The Stanford Daily)· What should you do (and not do) in an internal investigation Russia? (FCPA Blog)· MasterCard spanked in Europe (to the tune of $570MM) for restricting competition. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/23/2019 • 6 minutes, 27 seconds
Daily Compliance News: January 22, 2019-the integrity of the game edition
JANUARY 22, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Google is fine $57 MM for GDPR violations by French regulators. (Washington Post) · OECD to evaluate Ireland’s anti-corruption laws. (Irish Times)· Oxford University turns down research dollars from Huawei. (Houston Chronicle)· Is the NFL losing the integrity of the game? (Sports Illustrated)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/22/2019 • 6 minutes, 27 seconds
Compliance Strategies Under the Benczkowski Memo: Part III-Using External Resources
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I visit with Vincent DiCianni, founder and President of AMI, and Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) announcements over the past year and back to the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. DiCianni and I have considered how companies can use this information internally to bolster their compliance programs and today we consider this same issue from the external perspective.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 15 minutes, 45 seconds
Compliance Strategies Under the Benczkowski Memo: Part II-Internal Use
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I visit with Vincent DiCianni, founder and President of AMI, and Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) announcements over the past year and back to the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. Over this series we will explore what companies can do both internally and externally to incorporate the Benczkowski Memo (the “Memo”) and other DOJ guidance into their organizations, show how to use a strong compliance program as both a sword and a shield and the benefits of using a third-party to fulfill the compliance mandate. In Episode 2, I consider with DiCianni how companies can use this information internally to bolster their compliance programs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 15 minutes, 13 seconds
Daily Compliance News: January 21, 2019-the MLK edition
JANUARY 21, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Meg Whitman sits down for Lunch with the FT. (Financial Times)· Trump continued to negotiate for hotel in Moscow through the 2016 election. (NYT)· Ghosn increases bail offer. (New York Times)· Brazilian President Jair Bolsonaro questioned on his commitment to fighting corruption. (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 6 minutes, 27 seconds
Compliance Strategies Under the Benczkowski Memo: Part IV-New Guidance as Both a Sword and Shield
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I visit with Vincent DiCianni, founder and President of AMI, and Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) announcements over the past year and back to the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. Over this series we have explored what companies can do both internally and externally to incorporate the Benczkowski Memo (the “Memo”) and other DOJ guidance into their organizations. In Episode 4, we discuss how the new DOJ Guidance from 2018 on Foreign Corrupt Practices Act (FCPA) compliance can be used as both a sword and a shield.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 15 minutes, 20 seconds
FCPA Compliance Report-Episode 414, Jim Garcia on auditing the San Diego Zoo
What is one of the most fulfilling audit assignments of a 30+ year audit professional? His audit at the San Diego Zoo. In this episode of the FCPA Compliance Report, I visit with internal auditor Jim Garcia, whose career has spanned work from the FCPA to fraud to gap analysis of internal controls. He talks about his career and his audit work at the San Diego Zoo. In this podcast we discuss: Jim’s lengthy professional background in internal audit and fraud prevention.Why was he asked to audit the San Diego Zoo?How does auditing a non-profit, with multiple stakeholders and interest groups differ from auditing a commercial entity?What are the high-risk areas for a zoo?How did the San Diego Zoo remediate its gaps in internal controls. What were some of Jim’s FCPA audits? See Jim Garcia’s professional profile here.
Jim can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 22 minutes, 56 seconds
Compliance Strategies Under the Benczkowski Memo: Part V-Proactive Monitoring
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI) I have visited with Vincent DiCianni, founder and President of AMI, and Eric Feldman, Senior Vice President of AMI. We have been reviewing the Department of Justice (DOJ) announcements over the past year and back to the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. Over the series we have explored what companies can do both internally and externally to incorporate the Benczkowski Memo (the “Memo”) and other DOJ guidance into their corporate compliance programs. In our concluding episode, we discuss proactive monitoring, which demonstrates the benefits of using a third party to fulfill the compliance mandates that have been laid out by the DOJ
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 16 minutes, 15 seconds
Compliance Strategies Under the Benczkowski Memo: Part I-Introduction
This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I visit with Vincent DiCianni, founder and President of AMI, and Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) announcements over the past year and back to the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. Over the next five podcasts we will explore what companies can do both internally and externally to incorporate the Benczkowski Memo (the “Memo”) and other DOJ guidance into their organizations, show how to use the Memo as both a sword and a shield and the benefits of using a third-party to fulfill the compliance mandate. In Episode 1, we introduce the Memo and new DOJ announcements over the past year and what they mean for the compliance practitioner.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/21/2019 • 14 minutes, 37 seconds
This Week in FCPA-Episode 138 - the The (Burger) King at the White House edition
As Trump serves Burger King to the national champion Clemson Tigers, the Pats, Chiefs, Saints and Rams roll into the NFL’s version of the final four. Will the new guard arise (Mahomes and Goff) or will this be the last stand of the old guard (Brady and Brees)? Tom and Jay are back in the saddle for a look at some of this week’s top compliance and ethics stories.
1. Dick Cassin bookends 2018 and 2019 with the big story on compliance was from 2018and what he thinks the big story for compliance will be in 2019. Both in the FCPA Blog. 2. Robert Zink becomes the acting head of the DOJ Fraud Section. 3. First head of SEC Whistleblower Office blasts SEC proposal to gut whistleblower awards. 4. Italy adopts ‘bribe destroyer’ law (similar to the Doomsday device on TOS). 5. Be wary of false prophets (and benchmarking). 6. MSU Interim President puts foot in mouth, then eats it. 7. What will the CCO of the future look like? What does it mean? 8. Willaim Barr changes position on whistleblower. 9. What the top 10 cyber security issues for 2019. 10. This Week Tom was joined by John Gill VP of Education at the ACFE for a 5-part podcast series on the famous fraudsters. Check out the following: Part 1-Nathan Mueller; Part 2-Mark Whitacre; Part 3- Andrea Baxendale; Part 4-James Brandolino; Part 5-Joseph Grmovsek. 11. Join the Greater Houston Business and Ethics Roundtable on January 24 for a presentation by Control Risk on its 2018 Heat Map. Details and Registration are here. 12. Check in next week for a 5 part podcast series with Eric Feldman and Vin DiCianni on the DOJ’s 2018 Guidance, what it means and how a compliance professional can use it going forward.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/19/2019 • 34 minutes, 27 seconds
Daily Compliance News: January 17, 2019-the drugs can kill edition
JANUARY 17, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· MSU Interim President in (more) deep water. (ESPN)· SEC gets hacked. (CNBC)· I am not a crook, er spy. Huawei CEO denies wrong-doing. (New York Times)· Yesterday we saw that compliance failures are deadly. Today we find out that unethical behavior is just as deadly. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/17/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 107- Management Review Controls
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into management review controls. Some of the highlights include: Ø Will the PCAOB up its game in this area?Ø When will the SEC provide updated guidance on the issue? Ø Will it be up to COSO to formulate an appropriate new standard? Ø How does all of this apply to the compliance professional? For additional reading see Matt’s blog posts Deloitte Inspection Report ReleasedandTalking Compliance Analytics at AB-InBevin Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/16/2019 • 29 minutes, 34 seconds
Daily Compliance News: January 16, 2019-the $100 MM bribe edition
JANUARY 16, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Deutsche Bank launches yet another internal AML probe. (Financial Times)· How to keep your head up in an office reorg. (Wall Street Journal)· Did former President of Mexico take a $100mm bribe? (New York Times)· When compliance failures are deadly. (Houston Chronicle)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/16/2019 • 6 minutes, 27 seconds
Daily Compliance News: January 15, 2019-a very bad day for PG&E edition
JANUARY 15, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· PG&E faces collapse. (Wall Street Journal)· PG&E CEO resigns. (Wall Street Journal)· PG&E announces it will file for bankruptcy in January. (New York Times) · Will PG&E be able to keep the lights on? (San Francisco Chronicle)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/15/2019 • 6 minutes, 27 seconds
Five Famous Fraudsters-Episode 1, Nathan Mueller and the Fraud Triangle
In this special five-part podcast series, I interview John Gill, the Vice President for Education at the Association of Certified Fraud Examiners (ACFE). In this series, John discusses five well-known fraudsters; including what caused them to engage in fraud, the fraud scheme they employed and how they were caught. More significantly we tie this what compliance professionals need to have in place to detect and prevent corruption. In this Episode 1, we discuss Nathan Mueller and the Fraud Triangle. Some of the highlights include: How does the Fraud Triangle help to explain Mueller’s fraud?How can everyday pressures lead to an employee engaging in fraud?How does a merger provide cover for a subsequent fraud?What led to Mueller’s downfall and being caught? For a free Fraud Risk Assessment Tool, click here. For more information on the ACFE, click ACFE.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2019 • 13 minutes, 57 seconds
Five Famous Fraudsters-Episode 2, Mark Whitacre and Tone at the Top
In this special five-part podcast series, I interview John Gill, the Vice President for Education at the Association of Certified Fraud Examiners (ACFE). In this series, John discusses five well-known fraudsters; including what caused them to engage in fraud, the fraud scheme they employed and how they were caught. More significantly we tie this what compliance professionals need to have in place to detect and prevent corruption. In this Episode 2, we discuss Mark Whitacre. Some of the highlights include: How do employees take their cues from management about ethics and compliance?If an employee knows where the corporat?How fraud incidents are handled in an organization communicates tone and corporate culture.What led to Whitacre turning informant for the government?People who cooperate may not always be as pure as the driven snow. For a free Fraud Assessment Tool, click here. For more information on the ACFE, check out their website, ACFE.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2019 • 13 minutes, 38 seconds
Daily Compliance News: January 14, 2019-the 2020 Olympic corruption edition
In today’s edition of Daily Compliance News:
· Boeing probed by SEC. (Seattle Times)· Ghosn faces more woes. (New York Times)· Sloan Kettering cuts back on industry ties. (New York Times) · Was corruption involved in selection of Tokyo for 2020 Olympic Games? (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2019 • 6 minutes, 27 seconds
FCPA Compliance Report-Episode 413, Scott Shaffer and Tom Engelhart on the Human Element of Due Diligence
Last year brought several FCPA enforcement actions where the underlying due diligence performed on third parties was insufficient. While many companies have gone to automated due diligence as a part of their compliance program, in many cases that is insufficient. In this episode I visit with Scott Shaffer, Managing Director of the Kreller Group and Tom Engelhart, Director at the Kreller Group. We discuss the need to have a human perform substantive due diligence and perform an adequate evaluation. In this podcast we discuss:2018 saw two FCPA enforcement actions this past year which focused on due diligence, Kinross and Panasonic Avionics. What do these enforcement actions communicate about the need for the human element in due diligence?How can a compliance professional evaluate when this human element is needed in due diligence?How does a compliance profession think through a high-risk entity, person or situation where enhanced due diligence is appropriate?Is due diligence a one-time or an ongoing process?
For additional reading, see Scott Shaffer’s blog post on Due Diligence Will Always be a Human Skillon the FCPA Blog. See Scott Shaffer’s professional profile here. See Tom Engelhart’s professional profile here. For information on the Kreller Group, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2019 • 18 minutes, 53 seconds
Five Famous Fraudsters-Episode 3, Andrea Baxendale and What is risk?
In this special five-part podcast series, I interview John Gill, the Vice President for Education at the Association of Certified Fraud Examiners (ACFE). In this series, John discusses five well-known fraudsters; including what caused them to engage in fraud, the fraud scheme they employed and how they were caught. More significantly we tie this what compliance professionals need to have in place to detect and prevent corruption. In this Episode 3, we discuss Andrea Baxendale and explore what is fraud risk. Some of the highlights include: How does the Fair Process Doctrine help in fraud detection and prevention?Why is segregation of duties is a key anti-fraud and anti-corruption control?Institutional fairness is a critical question for the fraud examiner to consider.Equal pay for equal work isn’t just a good idea, it’s the law.Trust by verify applies to even the most loyal employee. For a free Fraud Risk Assessment Tool, click here. For more information on the ACFE, check out their website, ACFE.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2019 • 14 minutes, 16 seconds
Five Famous Fraudsters-Episode 5, Joseph Grmovsek and the human cost of fraud
In this special five-part podcast series, I interview John Gill, the Vice President for Education at the Association of Certified Fraud Examiners (ACFE). In this series, John discusses five well-known fraudsters; including what caused them to engage in fraud, the fraud scheme they employed and how they were caught. More significantly we tie this what compliance professionals need to have in place to detect and prevent corruption. In this Episode 5 and concluding episode, we discuss Joseph Grmovsek and explore what is the human cost of fraud. Some of the highlights include: The matter involved insider trading at a Canadian company. This is a type of fraud.How do you secure your information inside your organization?What controls do you have against data thieves inside your organization? What is the human cost to a fraudster? For a free Fraud Risk Assessment Tool, click here. For more information on the ACFE, check out their website, ACFE.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2019 • 15 minutes, 5 seconds
Popcorn and Compliance: Mary Poppins Returns
In this new podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. So if you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you. Today we look at the classic favorite, Mary Poppins Returns. Some of the highlights include: Ø Can you successfully remake a beloved classic?Ø How do eggs come into play in Hollywood and beyond?Ø Where is Dick Van Dyke when you need him?Ø Does the cinematography still work some 50 years after the original? Ø Why you need to watch the original Mary Poppins before seeing Mary Poppins Returns. Ø Jay feels that while Mary Poppins Returns had the support and investment of the Walt Disney Company and it faithfully tried to recreate the original, the artistic returns fall short of the sum of its parts. The Compliance takeaways:1. Document Document Document-the parable from the share certificates to save the house on Cherry Tree Lane.2. Change in corporate culture needed-Mr. Dawes Jr. (Dick Van Dyke) fired Bank President William Wilkins.3. Tone at the Top-As bank President, William Wilkins had taken the bank far afield from its mission and core values.4. If you lack the passion, you may fail. 5. You cannot simply follow the road map, but you must design your compliance program to be fresh, as you are taking this journey for the first time. Not that you must re-invent the wheel, but you need to keep your colleagues and employees engaged on their journey.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/12/2019 • 20 minutes, 48 seconds
This Week in FCPA-Episode 137- the Double Doink edition
The Texans stink up their playoff game, the Bears double-doink their way out, the Seahawks lose but have a great backdoor cover, while in the college ranks Clemson absolutely destroys the previously undefeated Crimson Tide; all while the Trump Shutdown continues into its 3rdweek. Tom and Jay are back in the saddle for a look at some of this week’s top compliance and ethics stories.
1. Nissan and Carlos Ghosn are back in the news. Nissan is investigating other senior exec). Ghosn says the Board approved all his illegal conduct, making it legal. His lawyers try to get him bail. Where is the Magna Carta when you need it 2. Will Credit Suisse skate liability in the Tuna Bond scandal? 3. OFAC goes after Venezuealans for PdVSA embezzlement scheme. Jonathan Rusch discusses it his great blog.4. What are some of the top elements for a culture assessment? 5. Want to know how to prevent fraud by using effective internal controls. 6. What does NAFTA 2 mean for the fight against corruption. 7. The DOJ Fraud Section sees hike in individual prosecutions. What does it mean? 8. What will be the impact of the Yates Memo? 9. New pharma code bans all gifts..Tom is joined by Amii Barnard-Bahn with a 5-part podcast series on the top corporate scandals from the Board perspective on Across the Board. Check out the following: Part 1-CBS and Les Moonves; Part 2-the 1MDB and Goldman Sachs; Part 3- Facebook;Part 4-Tesla and Elon Musk; Part 5-Nissan and Carlos Ghosn. 10. Start your new year off with the Compliance Evangelist in the Compliance Master Class training. The first session, hosted by Baker Tilly, will be in San Francisco on January 28 and 29.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2019 • 44 minutes, 44 seconds
Daily Compliance News: January 11, 2019-the Bad Money edition
JANUARY 11, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· When is the color of your money B-A-D? (Wall Street Journal)· Think CEOs aren’t involving in kickbacks? Think again. (Reuters)· SEC Commissioner proud of whistleblower program. (MarketWatch)· FCA to investigate culture at Royal Bank of Canada. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2019 • 6 minutes, 27 seconds
Episode 102-Review of 2018 and Preview of 2019
In this episode of 12 O’Clock High, a podcast on business leadership, Richard Lummis and I take a look back at some of our favorite (and listener favorites as well) episodes from 2018 and where we may take the podcast in 2019. Some of the highlights were: · Leadership lessons (or not) from the US Presidents from the first half of the 19thCentury;· The ongoing and continued leadership challenges for GE;· Our exploration of leadership lessons from early 20thcentury Antarctic explorers Ernest Shackleton, Robert Falcon Scott, Roald Amundsen and Henry Worsley; and the modern explorers and Pole racers;· Our fan favorite leadership lessons from Oscar winning Best Pictures; and· Top corporate, business and leadership scandals from 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2019 • 11 minutes, 34 seconds
Daily Compliance News: January 10, 2019-the Board OK’d it edition
JANUARY 10, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· No mooncakes for you this year. (BNA)· Carlos Ghosn says Nissan Board approved his conflicts of interest, unethical actions and fraudulent accounting. (New York Times)· Magna Carta is looking pretty good about now. (Financial Times)· Malaysian court denies bail to Roger Ng. (Nasdaq)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 106- the Nine for 2019 Edition
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into a recent blog post by Matt on his top nine story lines for 2019. We slice and dice them and try to consider how they will impact the compliance profession going forward. Some of the highlights include: Ø A US data privacy law and GDPR enforcement.Ø What do restive employees have to do with Adam Smith? Ø Private equity sees money to be made in the GRC vendor space. What will it mean for compliance? Ø Forgiveness seems to be the byword for the DOJ in 2018 FCPA enforcement. Will it encourage more self-disclosure? For additional reading see Matt’s blog post “Nine Compliance Issues for 2019” in Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/9/2019 • 32 minutes, 45 seconds
Daily Compliance News: January 9, 2019-the SODDIT edition
JANUARY 9, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Peru AG who tried to scuttle Odebrecht corruption investigation forced to resign. (Reuters)· Carlos Ghosn say SODDIT. (Wall Street Journal)· Think politics is crazy, trying working at Nissan. (Financial Times) · A fixer is good for lots of things. (Bloomberg)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/9/2019 • 6 minutes, 27 seconds
Daily Compliance News: January 8, 2019-the getting a raise edition
JANUARY 8, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· You thought “The Wolf of Wall Street” was bad? Leonard DiCaprio testifies to Grand Jury on 1MDB corruption scandal. (The Telegraph)· Top non-Fed financial regulator named as new head of NY DFS (Wall Street Journal)· What are some of the new ways companies can get hacked in 2019? (Fast Company)· Need a raise? Trying using hostage negotiation tactics. (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/8/2019 • 6 minutes, 27 seconds
Top Five Corporate Scandals of 2018: Episode II-1MDB and Goldman Sachs
In this five-part podcast series, I visit with Amii Barnard-Bahn to consider five of the top corporate scandals from 2018. The five we discuss are CBS, 1MDB/Goldman Sachs, Facebook, Tesla and Nissan. We explore the failures at the Board of Directors and at senior management and these companies need to do to not only solve the legal imbroglios they now find themselves in but to also regain the trust of their various stakeholder. In this second episode we consider the ongoing scandal at the Malaysian sovereign wealth fund 1MDB and the fallout for Goldman Sachs. Some of the highlights include: · Why is this matter on our Top 5 list?· Will this scandal be the largest geo-political scandal going forward into 2019?· What is the legal liability of the 1MDB Board of Directors?· How high up at Goldman did this scandal go?· How could there have been such a blatant override of internal controls at Goldman Sachs?· How pervasive was the ‘win at all costs’ culture at Goldman Sachs?· What will be the DOJ/SEC penalty on Goldman Sachs?
Amii Bernard-Bahn is an experienced executive who has worked at Fortune 20 companies and nonprofits such as McKesson, Allianz and the California Dental Association, leading multiple functions, including Human Resources, Compliance, Legal, IT, and Communications. Now as an executive coach and strategic advisor Amii helps boards and leaders design exceptional work environments that enable organizations to outbehave and outperform the competition.
Amii is a leadership columnist at Compliance Week and a favorite guest on the Compliance Podcast Network, covering CEO, board and governance best practices. She is a Fellow at the Institute of Coaching at McLean Hospital - Harvard Medical School. Current clients include First Republic Bank, The Gap, and Adobe. A lifelong diversity advocate, Amii recently testified in multiple legislative committees on the successful passage of CA SB826, the first law in the U.S. requiring corporate boards to include women. She can be reached via email at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 12 minutes, 32 seconds
Top Five Corporate Scandals of 2018: Episode I-CBS and Les Moonves
In this five-part podcast series, I visit with Amii Barnard-Bahn to consider five of the top corporate scandals from 2018. The five we discuss are CBS, 1MDB/Goldman Sachs, Facebook, Tesla and Nissan. We explore the failures at the Board of Directors and at senior management and these companies need to do to not only solve the legal imbroglios they now find themselves in but to also regain the trust of their various stakeholder. In this first episode we consider the ongoing scandal at CBS around its former CEO Les Moonves and the claims of not only sexual harassment but also sexual assault. Some of the highlights include: · Why is this matter on our Top 5 list?· Was there actual knowledge of the complaints by individual members of the Board or the entire Board of Directors?· Should Viacom blow up the CBS Board or start over?· What is the role of a CCO?· Why should the CCO be separate and apart from the legal function? Amii Bernard-Bahn is an expert on organizational culture, ethics, and leadership and frequently speaks and writes about these passions. She is a tireless advocate for diversity in leadership, serving on the Bay Area 2020 Women on Boards Leadership Council and testified in multiple committees for the successful passage of California’s #SB826. She specializes in accelerating the success of C-Suite executives and partners with leaders, corporate boards and their teams to help scale their business. She also consults with large to mid-sized organizations hire me to help them achieve exceptional results and cultivate an environment that inspires employees to do their best work. She can be reached via email at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 14 minutes, 18 seconds
FCPA Compliance Report-Episode 412, Philip Urofsky on Shearman & Sterling’s 2019 FCPA Digest
At the start of each year are a number of reviews of the prior year in FCPA and more general anti-corruption compliance enforcement. One of the top reviews is the Shearman & Sterling annual digest. This year is no exception. In this podcast, I have firm partner Philip Urofsky who discusses some of the top highlights from this year’s digest. In this podcast we discuss: • The number of corporate enforcement actions, with total sanctions of approximately $2.9 billion, made 2018 a fairly typical year in terms of level of FCPA enforcement activity. Although only four more enforcement actions were brought in 2018 than in 2017, the total assessed sanctions were nearly $900 million higher than in 2017, making the penalties assessed in 2018 the second-highest of any year. • Three outlier enforcement actions (Petrobras, Société Générale, and PAC) greatly distort the picture, raised the average corporate sanction for 2018 to $170.8 million, whereas the true average, with outliers excluded, is significantly less than this figure ($17.9 million). This type of difference between the true average and average excluding outliers is typical: in 2017 the true average was $151.2 million while the average excluding outliers was $83.3 million, and in 2016 the true average was $223.4 million while the average excluding outliers was $13.2 million. • The median sanction of $9.2 million is down from recent years ($29.2 million in 2017, $14.4 million in 2016, and $13.4 million in 2015). • What are some of the implications from the Second Circuit’s decision in Hoskins? Does it have the potential to alter the scope of FCPA prosecutions and alter the investigation process by limiting the number of defendants that are within the jurisdictional grasp of the enforcement authorities? • 2018 saw the first coordinated resolution with French authorities in a foreign bribery case, Société Générale. Does it herald the emergence of France as an important global anti-corruption authority? • The DOJ continued its recent trend of updating enforcement policies, announcing: (i) the new anti-piling on policy in matters involving multiple enforcement authorities; (ii) an updated policy on corporate monitors; and (iii) updates to the policy on cooperation credit originally set forth in the Yates Memo. In addition, the effect of the 2017 FCPA Corporate Prosecution Policy, was also apparent in 2018’s DOJ matters. You can link to the Shearman & Sterling 2019 FCPA Digest at:https://www.shearman.com/perspectives/2019/01/shearman-fcpa-digest-2019-and-recent-trends-and-patterns-in-fcpa The link to Shearman & Sterling’s new FCPA site is, http://fcpa.shearman.com/
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 33 minutes
Top Five Corporate Scandals of 2018: Episode V-Nissan and Carlos Ghosn
In this five-part podcast series, I visit with Amii Barnard-Bahn to consider five of the top corporate scandals from 2018. The five we discuss are CBS, 1MDB/Goldman Sachs, Facebook, Tesla and Nissan. We explore the failures at the Board of Directors and at senior management and these companies need to do to not only solve the legal imbroglios they now find themselves in but to also regain the trust of their various stakeholder. In this fifth and final episode we consider the Nissan, the arrest of its former CEO Carlos Ghosn and what it means for both of them and the French auto company Renault. Some of the highlights include: · Why is this matter on our Top 5 list?· Where was the Nissan Board when Ghosn was using company funds for private purposes literally across the globe?· Has there ever been such a high-profile situation where a Board of Directors had its CEO criminally charged and arrested?· Is this a situation of Japan Inc. trying to clean up its scandal plagued image?· How CEO entitlement can negatively impact an organization?· The worldwide automotive industry continues is scandal plagued cultures.· What is the role of Board oversight on a CEO? Amii Bernard-Bahnis an expert on organizational culture, ethics, and leadership and frequently speaks and writes about these passions. She is a tireless advocate for diversity in leadership, serving on the Bay Area 2020 Women on Boards Leadership Council and testified in multiple committees for the successful passage of California’s #SB826. She specializes in accelerating the success of C-Suite executives and partners with leaders, corporate boards and their teams to help scale their business. She also consults with large to mid-sized organizations hire me to help them achieve exceptional results and cultivate an environment that inspires employees to do their best work. She can be reached via email at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 11 minutes, 44 seconds
Daily Compliance News: January 7, 2019-the COI edition
JANUARY 7, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Carlos Ghosn scheduled to a court appearance in Tokyo on Tuesday. What could go wrong? (New York Times)· PG&E to shake up its Board. Will it matter? (Wall Street Journal)· Marriott reveals more bad news on its hacker matter. (Washington Post)· House of Representatives set to ban members from sitting on corporate boards. (MarketWatch)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 6 minutes, 27 seconds
Top Five Corporate Scandals of 2018: Episode III-Facebook’s Drip, Drip, Drip
In this five-part podcast series, I visit with Amii Barnard-Bahn to consider five of the top corporate scandals from 2018. The five we discuss are CBS, 1MDB/Goldman Sachs, Facebook, Tesla and Nissan. We explore the failures at the Board of Directors and at senior management and these companies need to do to not only solve the legal imbroglios they now find themselves in but to also regain the trust of their various stakeholder. In this third episode we consider the Facebook’s continued drip, drip, drip of self-inflicted releases of its customers data without permission or even bothering to inform them. Some of the highlights include: · Why is this matter on our Top 5 list?· Facebook has nearly 2.2 billion users worldwide, when will accept responsibility for its actions?· Facebook’s problems have moved into the realm of the geo-political, requiring nuance and skill to manage. Is the Board and Senior Management up to the task?· What will be the legal liability of Facebook in the EU and UK after the implementation of GDPR?· Has Facebook become evil or were Mark Zuckerberg and Sheryl Sandberg just overwhelmed by the stunning growth of the organization?· What will be the regulatory response to Facebook’s selling of its customer’s data?· What will be the Facebook business model a year from now?· Has Facebook become a bellwether for how we relate to each other in the 21stcentury? Amii Bernard-Bahnis an expert on organizational culture, ethics, and leadership and frequently speaks and writes about these passions. She is a tireless advocate for diversity in leadership, serving on the Bay Area 2020 Women on Boards Leadership Council and testified in multiple committees for the successful passage of California’s #SB826. She specializes in accelerating the success of C-Suite executives and partners with leaders, corporate boards and their teams to help scale their business. She also consults with large to mid-sized organizations hire me to help them achieve exceptional results and cultivate an environment that inspires employees to do their best work. She can be reached via email at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 13 minutes, 14 seconds
Top Five Corporate Scandals of 2018: Episode IV-Tesla and its Elon Problem
In this five-part podcast series, I visit with Amii Barnard-Bahn to consider five of the top corporate scandals from 2018. The five we discuss are CBS, 1MDB/Goldman Sachs, Facebook, Tesla and Nissan. We explore the failures at the Board of Directors and at senior management and these companies need to do to not only solve the legal imbroglios they now find themselves in but to also regain the trust of their various stakeholder. In this fourth episode we consider the Tesla and how do you solve a problem like Elon Musk. Some of the highlights include: · Why is this matter on our Top 5 list?· Will the Tesla Board ever reign in Elon Musk? Should they?· Musk is probably the most widely media-reported CEO in the US. His every move is watched? Is the Board of Directors up to the task?· Will the latest changes to the Tesla Board change anything?· His ‘funding secured’ tweet was the most expensive ever. Has anyone learned any lessons from this cockup?· What will be the regulatory response to Facebook’s selling of its customer’s data?· From the business perspective, Tesla’s production woes continue. Can they be solved?· Did the SEC and Jay Clayton cave into the Cult of Elon in its settlement? Amii Bernard-Bahn is an expert on organizational culture, ethics, and leadership and frequently speak, research and write about these passions. She is a tireless advocate for diversity in leadership, serving on the Bay Area 2020 Women on Boards Leadership Council and testified in multiple committees for the successful passage of California’s #SB826. She specializes in accelerating the success of C-Suite executives and partners with leaders, corporate boards and their teams to help scale their business. She also consults with large to mid-sized organizations hire me to help them achieve exceptional results and cultivate an environment that inspires employees to do their best work. She can be reached via email at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2019 • 11 minutes, 46 seconds
This Week in FCPA-Episode 136
The Texas Longhorns won the Sugar Bowl and Tom is still celebrating. Will he come down to earth with both the Cowboys and Texans playing on Saturday in the first round of the NFL playoffs? Tom and Jay are back in the saddle for a look at some of this week’s top compliance and ethics stories.
1. McKinsey may well find out that nit is ever good to be on the front page of the NYT accused of advocating bribery. 2. In what is the biggest corruption scandal in 2019 (to date) 2 ex-Credit Suisse bankers, a Lebanese businessman and the former finance minister from Mozambique all charged in a massive, $2 billion bribery and corruption scandal. 3. What issues should compliance professionals be alert for in 2019? 4. When (if ever) will the bleeding ever stop for Wells Fargo paying fines and penalties for its illegal conduct? They paid another $575MM in December to state regulators. 5. Want a quick wrap up of all FCPA enforcement actions in 2018. 6. Colombian anti-corruption chief sentenced to 4 years in jail for engaging in corruption. 7. Sloan Kettering facing massive conflict of interest scandal. 8. Where is blockchain and compliance going in 2019? 9. Miller & Chevalier’s James Tillen and Ann Sultan make 3 predictions for the 2019 FCPA year. 10. Tom starts off the year with a 5-part podcast series on leadership based on General Stanley McChrystal’s book Leaders-Myth & Reality. Check out the following: Part 1-The Founders, Walt Disney and Coco Chanel; Part 2-the Geniuses, Leonard Bernstein and Albert Einstein; Part 3- the Heroes, Zheng He and Harriet Tubman; Part 4-the Power Brokers, Boss Tweed and Margaret Thatcher; Part 5-the Reformers, Martin Luther and MLK, Jr. The podcast is available on multiple site: the FCPA Compliance Report, iTunes,JDSupra, Panoply and YouTube. Soon to be on Spotify.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2019 • 35 minutes, 56 seconds
This Week in FCPA-Episode 136
The Texas Longhorns won the Sugar Bowl and Tom is still celebrating. Will he come down to earth with both the Cowboys and Texans playing on Saturday in the first round of the NFL playoffs? Tom and Jay are back in the saddle for a look at some of this week’s top compliance and ethics stories.
1. McKinsey may well find out that nit is ever good to be on the front page of the NYT accused of advocating bribery. 2. In what is the biggest corruption scandal in 2019 (to date) 2 ex-Credit Suisse bankers, a Lebanese businessman and the former finance minister from Mozambique all charged in a massive, $2 billion bribery and corruption scandal. 3. What issues should compliance professionals be alert for in 2019? 4. When (if ever) will the bleeding ever stop for Wells Fargo paying fines and penalties for its illegal conduct? They paid another $575MM in December to state regulators. 5. Want a quick wrap up of all FCPA enforcement actions in 2018. 6. Colombian anti-corruption chief sentenced to 4 years in jail for engaging in corruption. 7. Sloan Kettering facing massive conflict of interest scandal. 8. Where is blockchain and compliance going in 2019? 9. Miller & Chevalier’s James Tillen and Ann Sultan make 3 predictions for the 2019 FCPA year. 10. Tom starts off the year with a 5-part podcast series on leadership based on General Stanley McChrystal’s book Leaders-Myth & Reality. Check out the following: Part 1-The Founders, Walt Disney and Coco Chanel; Part 2-the Geniuses, Leonard Bernstein and Albert Einstein; Part 3- the Heroes, Zheng He and Harriet Tubman; Part 4-the Power Brokers, Boss Tweed and Margaret Thatcher; Part 5-the Reformers, Martin Luther and MLK, Jr. The podcast is available on multiple site: the FCPA Compliance Report, iTunes,JDSupra, Panoply and YouTube. Soon to be on Spotify.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2019 • 35 minutes, 56 seconds
Daily Compliance News: January 4, 2019-the ‘Just Kidding’ edition
JANUARY 4, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Peru AG reverses course on derailing Odebrecht investigation. (Reuters)· Do you have a succession plan? (Wall Street Journal)· US drops corruption on charge against former Barbados Minister. (Caribbean360)· Former Colombian anti-corruption chief jailed for, you guessed engaging in corruption. (FCPA Blog)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2019 • 6 minutes, 27 seconds
Everything Compliance-Episode 39, the Post-Election edition, Part II
Welcome to the only roundtable podcast in compliance. This week’s episode is the second of a two-part podcast series where we consider the results of the 2018 mid-term elections and what it may mean for compliance professionals going forward. Last week we had Jonathan Armstrong and Matt Kelly. This week, Jay Rosen and Mike Volkov will conclude the two-part series. Rants follow this week’s episode. Mike Volkov considers what, if anything the changes to the top of the Department of Justice might mean for FCPA enforcement going forward.Jay Rosen who works as a vendor during in the ethics and compliance space, considers the John Cronan speech about the DOJ requirement for effective compliance programs.The members of the Everything Compliance panelist are:Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected] Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected] Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected] Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2019 • 31 minutes, 4 seconds
Daily Compliance News: January 3, 2019-the All Things Must Pass edition
JANUARY 3, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:Peru AG kills Odebrecht investigation. (New York Times)How the Dallas Mavericks responded to their #MeToo moment. (Bloomberg)Another guilty plea in the NCAA corruption scandal. (Washington Post)In the age of deregulation, Adam Smith returns. (Forbes)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2019 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 105- the Polycom FCPA Enforcement Action
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into the recent announced Polycom Inc. FCPA enforcement action. We both blogged on it and we bring two difference perspectives to this matter. I take a deep dive into the nuts and bolts lessons learned for the compliance practitioner. Matt takes a step back and considers the larger picture of corporate culture, corrupt CEOs and how these can lead to the destruction of the company. Some of the highlights include: Ø There were two forces at work which amplified the negative actions and effects.Ø How the CEO’s corrupt nature permeated the entire organization. Ø Oversight means more than simply asking questions and accepting the proffered answers. Ø Data analytics are critical for a best practices compliance program going forward. For additional reading see Matt’s blog post “Many Lessons in Polycom FCPA Case” in Radical Compliance. See also Tom’s blog “Following the Money Through Distributors” in the FCPA Compliance and Ethics Blog.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2019 • 27 minutes, 47 seconds
Daily Compliance News: January 2, 2019-Sugar Bowl champs edition
JANUARY 2, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Is Facebook facing a reckoning? (Financial Times)· Can nudges make your workplace better. (New York Times) · Sloan Kettering facing massive conflict of interest scandal. (New York Times)· The FBI and Broadway. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2019 • 6 minutes, 27 seconds
Daily Compliance News: January 1, 2019-Welcome to the New Year edition
JANUARY 1, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:
· Data abuses abound but will the FTC take action? (New York Times)· Never good to be on the front page of the NYT accused advocating bribery. (New York Times) · Polycom’s culture failure and its FCPA enforcement action. (Radical Compliance)· Ten great blogs posts from Grand Jury Target. (GrandJury Target)
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/1/2019 • 6 minutes, 27 seconds
McChrystal on Leadership: Part 2- the Geniuses, Albert Einstein and Leonard Bernstein
In this special five-part podcast series, we consider the business leadership issues raised by General Stanley McChrystal (ret.) recent book Leaders-Myth and Reality, which he co-authored with Jeff Eggers and Jason Mangone. Using Plutarch’s Livesas their model they considered multiple leaders and leadership styles. These include: Founders, Walt Disney and Coco Chanel; Geniuses, Albert Einstein and Leonard Bernstein; Heroes, Zheng He and Harriet Tubman; Power Brokers, Boss Tweed and Margaret Thatcher. In this episode II, we take up the Geniuses, Albert Einstein and Leonard Bernstein. Some of the highlights include: 1. There is more to their genius than intelligence, just as there is more to their leadership than genius. 2. Einstein’s correspondence and collaboration demonstrated that the lone genius (and solitary mad scientist) not realistic.3. Bernstein demonstrated that even the most outgoing person needed solitude to compose. 4. They both made genius accessible.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2018 • 13 minutes, 41 seconds
Daily Compliance News: December 31, 2018-the farewell to 2018 edition
DECEMBER 31, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:Larry Ellison joins the Tesla board. What could go wrong? (Wall Street Journal)The rise and fall of Carlos Ghosn. (New York Times)Lesson from Siemen’s (10 years later). (The Conversation)Lessons from the Polycom FCPA enforcement action.(FCPA Compliance and Ethics Report)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2018 • 6 minutes, 27 seconds
McChrystal on Leadership: Part 1- the Founders-Walt Disney and Coco Chanel
In this special five-part podcast series, we consider the business leadership issues raised by General Stanley McChrystal (ret.) recent book Leaders-Myth and Reality, which he co-authored with Jeff Eggers and Jason Mangone. Using Plutarch’s Livesas their model they considered multiple leaders and leadership styles. These include: Founders, Walt Disney and Coco Chanel; Geniuses, Albert Einstein and Leonard Bernstein; Heroes, Zheng He and Harriet Tubman; Power Brokers, Boss Tweed and Margaret Thatcher. In this episode I, we take up the Founders, Walt Disney and Coco Chanel. Some of the highlights include: 1. What are creative and obsessive perfectionism?2. How do they help (or hurt) the leadership process. 3. Right Place, Right Time-founders must take advantage of opportunity when it knocked. 4. Founder Dilemma-is it to manage or to create?5. Is leadership about the Mission or People?
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2018 • 13 minutes, 15 seconds
McChrystal on Leadership: Part 5- the Reformers-Martin Luther and Martin Luther King, Jr.
In this special five-part podcast series, we consider the business leadership issues raised by General Stanley McChrystal (ret.) recent book Leaders-Myth and Reality, which he co-authored with Jeff Eggers and Jason Mangone. Using Plutarch’s Livesas their model they considered multiple leaders and leadership styles. These include: Founders, Walt Disney and Coco Chanel; Geniuses, Albert Einstein and Leonard Bernstein; Heroes, Zheng He and Harriet Tubman; Power Brokers, Boss Tweed and Margaret Thatcher. In this episode V, we take up the Reformers-Martin Luther and Martin Luther King, Jr. Some of the highlights include: 1. Reformers must agree to shoulder burdens when asked to or they were thrust upon them. 2. The leadership of Reformers comes through existing structures. King’s leadership came through the framework of the SCLC and strategy of the civil rights movement. Luther’s leadership was more based on commentary. 3. Both used new technologies. Luther used the printing press and King used television.4. Reformers must seize the moment, as demonstrated by King’s ad libs in his I have a dreamspeech.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2018 • 18 minutes, 4 seconds
McChrystal on Leadership: Part 3- the Heroes, Harriett Tubman and Zheng He
In this special five-part podcast series, we consider the business leadership issues raised by General Stanley McChrystal (ret.) recent book Leaders-Myth and Reality, which he co-authored with Jeff Eggers and Jason Mangone. Using Plutarch’s Livesas their model they considered multiple leaders and leadership styles. These include: Founders, Walt Disney and Coco Chanel; Geniuses, Albert Einstein and Leonard Bernstein; Heroes, Zheng He and Harriet Tubman; Power Brokers, Boss Tweed and Margaret Thatcher. In this episode III, we take up the Heroes, Harriett Tubman and Zheng He. Some of the highlights include: 1. The Hero’s Journey is Separation->initiation->return. Tubman demonstrates setting forth into the unknown, emerging victorious and then returning. 2. Leadership is not magic. It occurs at a specific time and place in certain circumstances. Once again, the right person must be at the right time and the right place. 3. Great leaders must be surrounded by people who enable their activities and find meaning in what they have to offer.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2018 • 13 minutes, 48 seconds
McChrystal on Leadership: Part 4- the Power Brokers-Boss Tweed and Thatcher
In this special five-part podcast series, we consider the business leadership issues raised by General Stanley McChrystal (ret.) recent book Leaders-Myth and Reality, which he co-authored with Jeff Eggers and Jason Mangone. Using Plutarch’s Lives as their model they considered multiple leaders and leadership styles. These include: Founders, Walt Disney and Coco Chanel; Geniuses, Albert Einstein and Leonard Bernstein; Heroes, Zheng He and Harriet Tubman; Power Brokers, Boss Tweed and Margaret Thatcher. In this episode IV, we take up the Power Brokers-Boss Tweed and Thatcher. Some of the highlights include: 1. A power broker wields influence and symbols like a tangible good. 2. Power is an arrangement among stakeholders. 3. Tweed used the social identity of the Irish as the basis for his power.4. Margaret Thatcher resurrected the feeling of national pride for the British people. 5. There must be a consolidation of and working with groups with which they shared power. Tweed had his lunch club and Thatcher had her breakfast club. 6. The true leadership of power brokers is to manage the followers and institutions which enable them.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2018 • 11 minutes, 42 seconds
This Week in FCPA-Episode 135 - the Shutdown edition
While Trump has shut down the government over the holidays, compliance and ethics has not been shutdown. With Jay taking some time off to spend time with the family over this holiday week, Tom takes a solo pull on this week’s top compliance and ethics stories.
1. Two FCPA settlements this week. Polygram receives a Declination with disgorgement from the DOJ and SEC resolution. Sam Rubenfeld reports in the WSJ Risk & Compliance Journal. Electrobras settles with the SEC. Dick Cassin reports in the FCPA Blog. 2. Why is it important to fight money-laundering? ISIS has $400MM to spend on terrorism. Jonathan Rausch explains on Dipping Through Geomotries. 3. How can the US prosecute foreign bribe takers? Tom Firestone and Maria Piontkovska suggest ways to do so in the FCPA Blog. 4. What is ‘Brexhaustion’ and how does it impact compliance? Neil Hodge explores in Compliance Week. (sub req’d)5. What are four top cybersecurity issues every small business should address going into 2019? Pamela Passman explores in Navex Global’s Ethics and Compliance Matters. 6. Ten ways to improve your risk assessment process. Jim DeLoach in Corporate Compliance Insights. 7. Measuring and assessing corporate culture becomes more important in the UK. Op-Ed piece in the Financial Times(sub req’d)8. Colin Brady completes first ever unassisted trek across Antartica. Adam Skolnick reports in the NY Times. 9. In the post holiday blahs? Get back some of that holiday spirit with the new podcast series, Popcorn and Complianceas Tom and Jay consider the holiday favorite Elffor some compliance lessons. The podcast is available on multiple site: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. 10. Start your new year off with the Compliance Evangelist in the Compliance Master Class training. The first session, hosted by Baker Tilly, will be in San Fransicso on January 28 and 29. For information and registration details, click here.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/28/2018 • 23 minutes, 50 seconds
Daily Compliance News: December 28, 2018-the Trek across the Pole edition
DECEMBER 28, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· Polycom receives declination with disgorgement in FCPA enforcement action. (FCPA Blog)· ISIS has $400MM to spend on terrorism. (Dipping Through Geometries) · Measuring corporate culture becomes more important in the UK. (Financial Times)· Solo trek across the South Pole. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/28/2018 • 6 minutes, 27 seconds
Everything Compliance-Episode 38, the Post-Election edition, Part I
Welcome to the only roundtable podcast in compliance. This week’s episode will be the first of a two-part podcast series where we consider the results of the 2018 mid-term elections and what it may mean for compliance professionals going forward. This week we have up Jonathan Armstrong and Matt Kelly. Next week, Jay Rosen and Mike Volkov will conclude the two-part series. Rants will follow next week’s episode. 1. Jonathan Armstrong considers what all this may mean from the EU/UK regulatory enforcement given the Trump Administration’s ongoing attacks on America’s allies. 2. Matt Kelly considers what the administration’s actions will mean for the CCO and compliance practitioner in the trenches. For instance, what if an employee comes to work flying the Confederate Stars and Bars on their pickup truck and parks next to an African-American employee. 3. Mike Volkov considers what, if anything the changes to the top of the Department of Justice might mean for FCPA enforcement going forward. 4. Jay Rosen who works as a vendor during in the ethics and compliance space, considers the John Cronan speech about the DOJ requirement for effective compliance programs. The members of the Everything Compliance panelist are:• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]• Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].• Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at [email protected]• Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected] The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/27/2018 • 40 minutes, 27 seconds
Daily Compliance News: December 27, 2018-Betting in Tennis edition
DECEMBER 27, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· India getting more foreign investment monies. Is your compliance program ready? (Wall Street Journal)· How closely to you vet your sponsors? (Wall Street Journal)· Former Nissan director released from jail in Japan. (New York Times)· Should there be betting in tennis? (BBC)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/27/2018 • 6 minutes, 27 seconds
Daily Compliance News: December 26, 2018-The Boxing Day edition
DECEMBER 26, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:How did the Gupta family capture the South African government? (New York Times)How did GE burn out? ( Wall Street Journal)Goldman Sachs responds, will it help? (Wall Street Journal)Would you want your head examined by Bob Diamond?(Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/26/2018 • 6 minutes, 27 seconds
Daily Compliance News: December 24, 2018-The Christmas Eve edition
DECEMBER 24, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· Want teamwork, think of Shackleton? (Financial Times)· The Big Story profiles Tim Leissner. (Financial Times)· Did Facebook put growth ahead of governance? (Financial Times)· Will 2019 be the ‘Year of the Handshake’? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/24/2018 • 6 minutes, 27 seconds
Daily Compliance News: December 21, 2018-What is sophisticated corruption ?
DECEMBER 21, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· What is ‘sophisticated corruption’? (FCPA Blog)· Rivals beating up SNC-Lavalin for the corruption. (Bloomberg)· Arrests begin in Estonia over money-laundering. (The Local)· What happens when a CCO attacks a whistleblower? (Radical Compliance)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2018 • 6 minutes, 27 seconds
This Week in FCPA-Episode 134
As the lads put on their final holiday push to make sure they are on the nice list, they consider some of the companies that may be on the naughty list, including Les Mooves and CBS, Goldman Sachs and some of the week’s other top compliance and ethics stories. Goldman Sachs criminally indicted over its role in the 1MDB scandal. CBS denies Les Moonves $120MM in severance. Matt Kelly looks at the broader CBS culture, compliance and whistleblower protection failures. Tom and Matt hash it out on Compliance into the Weeds.What is the role of a CCO and compliance in life sciences? How to attack the demand side of bribery and corruption. The FCPA Accounting provisions govern more than bribery. Former CEO and CFO of Panasonic Avionics settle individual FCPA violations. The roundup of top matters from 2018 has been. Jaclyn Jaeger on the top 5 ethics and compliance failures of 2018.SFO finally scores bribery conviction against an individual in court. Tom premiers a five-part podcast series on how whistleblower reporting systems improve corporate profitability. Get into the holiday spirit with some Popcorn and Compliance as Tom and Jay consider the holiday favorite Elf for some compliance lessons. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2018 • 35 minutes
Popcorn and Compliance: Elf
In this new podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. So if you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you. For the holiday season, today we look at the classic favorite, Elf.
Some of the highlights include:Is this movie a story of hero who takes a journey or stranger who comes to town? Or both?A man child uses simple lovable logic to teach lessons to those overwhelmed by their lives or current position.Once Buddy allows his Dad Walter (James Caan), his love interest (Zooey Deschanel) and his little brother to see the world though his childlike eyes, they can find their way forward in the world.How does the director’s Filmography inform this picture?Jay explains how the story structure worked in this movie.The Compliance takeaways:Things are not always as they seem (just like Buddy). The fact that there are no calls on your helpline may be a sign that everything is ok, but maybe no calls means that your organization lacks a speak up culture.It takes time to learn about your environment and discover how to act accordingly.This argues for CCOs and compliance practitioners to get out of your corner office and onto the floor or out into the field to meet with and interact with your employees.Buddy came from a foreign culture, but he continued to act like he was back in the North Pole. Even though he was warned not to pick up hidden candy on the streets of NY, he still did. In time, Buddy did learn the rules of the city and by using his sweet nature, he combined what he knew to get results in the Big (Bad)Apple.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2018 • 22 minutes, 35 seconds
Daily Compliance News: December 20, 2018-What is a wolf culture?
DECEMBER 20, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· Barclays fined $15MM by NY-DFS for attempted whistleblower unmasking. (Wall Street Journal)· CBS on hook for Moonves legal fees. (NewYork Times)· What is a ‘wolf’ culture? (Hint-it is not over-active males). (NewYork Times)· Two former Panasonic Avionics execs hit with FCPA enforcement actions by the SEC. (FCPABlog)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/20/2018 • 6 minutes, 27 seconds
Daily Compliance News: December 19, 2018-Will the Moonves family get presents this year?
DECEMBER 19, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· CBS will not pay Les Moonves $120MM in severance. (BBC)· UBS draws $15MM fine for AML violations. (Wall Street Journal)· When will CITGO, go? (Wall Street Journal)· Trump Foundation agrees to dissolve. (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/19/2018 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 104- Culture and Compliance Structure Failures at CBS
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into the recent report in the New York Timesabout the settlement of CBS with the actor Eliza Dushku over allegations of retaliation for reporting sexual harassment by CBS series star in the TV drama Bull, Michael Weatherly. The entire episode exposed the culture at CBS and the failure in the structure of the company’s compliance program. After reporting unwanted and/or inappropriate behavior, Dushku’s character was literally written out of the series. She went to mediation over the retaliation for her internal reporting. In a formal mediation process, CBS’s attempted to assassinate her character but the evidence presented backfired on CBS as it proved the harassment. Worse yet the character assassination attempts were made by a CBS lawyer who is also the company’s Chief Compliance Officer. Some of the highlights include: Ø There were two forces at work which amplified the negative actions and effects.Ø The interest of CBS legal was to attack the accuser and settle the lawsuit. Ø The interest of a CCO should have been was to prevent, detect and remediate the issue so that it would create a speak up culture. Ø When you subordinate an ethical culture to a legal position, it works to destroy employee trust and morale. For additional reading see Matt’s blog post “CBS Compliance, Culture Under Fire” in Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/19/2018 • 23 minutes, 44 seconds
Daily Compliance News: December 18, 2018-Goldman Criminally Indicted over 1MDB
DECEMBER 18, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· Goldman Sachs criminally indicted in Malaysia. (Wall Street Journal)· Facebook has another breach, this time on photos. (Washington Post)· What is a naked release of ADRs? Apparently its not sexy but SEC levies big fine to BNY for doing so. (MarketWatch)· Odebrecht fined $250 for corruption in Colombia.(Reuters)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/18/2018 • 6 minutes, 27 seconds
Advantages of a Whistleblower Reporting System: Part II - Internal v. External Reporting
In this podcast series, I interviewed Dr. Kyle Welch, Assistant Professor at George Washington University (GWU), on his recently released paper, co-authored with Stephen Stubben, Associate Professor from The University of Utah, entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems” (Report). In this paper, Welch and Stubben reviewed some 15 years of anonymized data from NAVEX Global, Inc., the sponsor of this podcast series. This data was from the company’s hotline reporting systems. Some of the key findings included that companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets (ROA) and there were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur. Finally, there were fewer external whistleblower reports to regulatory agencies and other authorities. This podcast series takes a deep dive into the Report. Today we consider the impact of internal v. external reporting.
This 5-part podcast series is sponsored by NAVEX Global, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 16 minutes, 12 seconds
FCPA Compliance Report-Episode 411, Doreen Edelman CFIUS for Compliance Professionals, Part II
The FCPA Compliance Report is the longest running podcast in compliance. In this episode, I visit with Doreen Edelman, partner at Lowenstein Sandler. She is a noted trade law and trade policy expert. Our discuss is around the Committee on Foreign Investment in the United States or CFIUS. In the prior podcast, we considered the background to CFIUS and how it is being used under this Administration. In this second episode we take a deep dive into the requirements for mandatory filings under the Pilot Program which went live in November. In this podcast we discuss: What qualifies for a mandatory filing? What is some of the information you will need to gather to make a determination of a mandatory or voluntary filing? The 4 national security concerns of (1) Critical Infrastructure; (2) Access to sensitive personal data; (3) Access to Material Nonpublic Technical Information; and (4) Location of real estate. How long does the CIFUS process take?Why should you discuss with CFIUS counsel whether the structure of the transaction and the critical technology at issue may fall outside of the CFIUS parameters? How the compliance professional should work with CIFUS counsel? For more information on the CFIUS Pilot Program, check out the LowensteinSandler client alert here. For additional information on CFIUS, see Doreen’s article in Industry Week, entitled, “Foreign Investors Should Not Let Fear of CFIUS Limit Investment in US Manufacturers”. For more information on Doreen Edelman, see her professional profile here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 25 minutes, 21 seconds
Advantages of a Whistleblower Reporting System: Part V - For Compliance Practitioners
Over this special five-part podcast series, I have visited with Dr. Kyle Welch, Assistant Professor at George Washington University (GWU), on his recently released paper, co-authored with Stephen Stubben, Associate Professor from The University of Utah, entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems” (Report). In this paper, Welch and Stubben reviewed some 15 years of anonymized data from NAVEX Global, Inc., the sponsor of this podcast series. This data was from the company’s hotline reporting systems. Some of the key findings included that companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets (ROA) and there were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur. Finally, there were fewer external whistleblower reports to regulatory agencies and other authorities. This podcast series has taken a deep dive into the Report. Today, we bring it all by considering what it means for compliance practitioners.
The sponsor of this special five-part podcast series is NAVEX Global, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 15 minutes, 14 seconds
Advantages of a Whistleblower Reporting System: Part I – Introduction to Research on Whistleblowing Systems
In this special five-part podcast series, I interviewed Dr. Kyle Welch, Assistant Professor at George Washington University (GWU), on his recently released paper, co-authored with Stephen Stubben, Associate Professor from The University of Utah, entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems”. In this paper, they reviewed some 15 years of anonymized data from NAVEX Global, Inc., the sponsor of this podcast series. This data was from the company’s hotline reporting systems. Some of the key findings included that companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets (ROA) and there were fewer material lawsuits brought against the company overall and lower settlement costs if a lawsuit did occur. Finally, there were fewer external whistleblower reports to regulatory agencies and other authorities. This podcast series will take a deep dive into the Report. Today we introduce the Report and why he engaged in the research that led to it.
This 5-part podcast series is sponsored by NAVEX Global, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 16 minutes, 26 seconds
Advantages of a Whistleblower Reporting System: Part III - Impact on Power Users
In this podcast series, I interviewed Dr. Kyle Welch, Assistant Professor at George Washington University (GWU), on his recently released paper, co-authored with Stephen Stubben, Associate Professor from The University of Utah, entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems” (Report). In this paper, Welch and Stubben reviewed some 15 years of anonymized data from NAVEX Global, Inc., the sponsor of this podcast series. This data was from the company’s hotline reporting systems. Some of the key findings included that companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets (ROA) and there were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur. Finally, there were fewer external whistleblower reports to regulatory agencies and other authorities. Throughout this series we are taking a deep dive into the Report. Today we find out the impact of whistleblower reporting systems on power users and expand the definition of litigation.
This series is sponsored by NAVEX Global, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 15 minutes, 14 seconds
Daily Compliance News: December 17, 2018-Lying will put you on the Naughty List
DECEMBER 17, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· Why was the CFO of Huawei charged with criminal conduct? She lied to HSBC. (New York Times)· Why with Michael Flynn prosecuted by the Feds. He lied to the FBI. (National Review)· Why has the Senate asked for the FBI to investigate the former head of USOC? He (allegedly) lied to Congress. (New York Times)· What does Huawei arrest portend for Chinese elites? (Financial Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 6 minutes, 20 seconds
Advantages of a Whistleblower Reporting System: Part IV - Key Findings of the Report
During this podcast series, I have been interviewing Dr. Kyle Welch, Assistant Professor at George Washington University (GWU), on his recently released paper, co-authored with Stephen Stubben, Associate Professor from The University of Utah, entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems” (Report). In this paper, Welch and Stubben reviewed some 15 years of anonymized data from NAVEX Global, Inc., the sponsor of this podcast series. This data was from the company’s hotline reporting systems. Some of the key findings included that companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets (ROA) and there were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur. Finally, there were fewer external whistleblower reports to regulatory agencies and other authorities. We continue to take a deep dive into the Report and today, we go into the weeds to consider the key findings of the Reports.
This podcast series is sponsored by NAVEX Global, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/17/2018 • 17 minutes, 4 seconds
This Week in FCPA-Episode 133 - the NYC at Christmastime edition
As Tom prepares to head to NYC for a magical December weekend in the big city, he celebrates the Cowboys taking control of the NL East and Jay mourns yet another Patriot loss to the Dolphins in Miami, they consider the trade war on China, PdVSA and some of the week’s other top compliance and ethics stories. Is Bernie Madoff’s gift to compliance whistleblowers? Bad news on the international fight against bribery and corruption. The UN finds the global loss of $3.6t trillion through bribery and corruption. The OECD finds bribe takers are rarely arrested. What is your investigation protocol? What will the NFL do? What is your investigation protocol? What will the NFL do? .David Boies bets big on representing PdVSA. Charges in Panama Papers Probe Shine Light on ‘Enablers’. What is a conflict of interest? Rudy Giuliani working as the President’s lawyer and signing on as lobbyist for foreign governments? The SEC and PCAOB join in the Trump Administration’s trade war on China. Key Witness In Embraer Case Avoids Prison For Saudi Bribe. Join Tom and Mike Volkov in a webinar, hosted by Convercent, on where FCPA enforcement has been in 2018 and where compliance may be going in 2019. For registration and information click here.
Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/14/2018 • 31 minutes, 27 seconds
Daily Compliance News: December 14, 2018-What is a COI?
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/14/2018 • 2 minutes
Daily Compliance News: December 13, 2018-Bribes of $1 Illegal in Singapore
DECEMBER 13, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· What is your investigation protocol? What will the NFL do? (Sports Illustrated)· OECD finds fewer penalties levied on bribe takers. (OECD Press Release)· How low can bribes go? In Singapore, bribes of $1 are illegal. (Reuters)· DOJ opens FCPA inquiry into alleged Colombian corruption (and suspicious deaths). (Bloomberg)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/13/2018 • 6 minutes, 27 seconds
Daily Compliance News: December 12, 2018-CBS Worried (and its not a good worry)
DECEMBER 12, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· CBS Corp more concerned that internal investigation leaked than substance of the report. (Wall Street Journal)· UN estimates that $3.6 trillion is lost the world’s economy annually due to bribery and corruption. (UN Press Release)· Former PdVSA procurement officer pleads guilty to obstruction in FCPA investigation? (FCPA Blog)· Elon Musk does not respect the SEC. You are surprised why? (Washington Post)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/12/2018 • 6 minutes, 27 seconds
Compliance into the Weeds: Episode 103- Conspiracy or Coincidence?
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into two recent announcements by SEC Chairman Jay Clayton and PCAOB Chairman Will Duhnke that their agencies will turn a more critical eye towards Chinese companies and their lack of transparency in the audit process and in financial reporting. We introduce two characters, Conspiracy Tom and Conspiracy Matt to evaluate whether these announcements, made the same week as the arrest of the Chinese CFO of Huawei in Canada, are a part of the larger trade war the Trump Administration is waging against China (Conspiracy Tom) or just coincidence (Matt). For additional reading see Matt’s blog post “US Regulators Warn on China” in Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/12/2018 • 28 minutes, 8 seconds
Daily Compliance News: December 11, 2018-Shopping for Christmas?
DECEMBER 11, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:Two British banks ensnared in Huawei scandal. (Wall Street Journal)How exposed is Goldman Sachs in the 1MDB scandal? (New York Times)Fallout for SFO in the Tesco fraud trial continues. (Financial Times)Shopping for Christmas? Check out these great gifts from Jho Low. (NewYork Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/11/2018 • 6 minutes, 27 seconds
Daily Compliance News: December 10, 2018-Send in the Clowns
DECEMBER 10, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· China threatens Canada over Huawei arrest. (Wall Street Journal)· Huawei accused of fraud in indictment. (New York Times)· Peruvian vote on anti-corruption law. (Washington Post)· NCAA will slow walk corruption investigation. (ESPN)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 6 minutes, 15 seconds
International Due Diligence Investigations: Episode 4 - M&A
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 16 minutes, 23 seconds
International due diligence investigations-Episode 3, What is and is not working
Over this series, I am visiting with Candice Tal, founder and Chief Executive Officer (CEO) of Infortal Worldwide, the sponsor of this podcast series. We consider various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. Tal will help us through that maelstrom to find useful and actionable information for your compliance program. In Part III, we consider what works and what does not work in due diligence investigations today.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 14 minutes, 37 seconds
International due diligence investigations-Episode 2, Insights from Recent Enforcement Actions
During this series, I will be visiting with Candice Tal, founder and Chief Executive Officer (CEO) of Infortal Worldwide, the sponsor of this podcast series. We will be considering various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. Tal will help us through that maelstrom to find useful and actionable information for your compliance program. In Part II, we consider some recent Foreign Corrupt Practices Act (FCPA) enforcement actions wherein insufficient due diligence was a key takeaway.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 16 minutes, 36 seconds
International due diligence investigations: Episode 1-When basic due diligence is no longer enough
Over the next five episodes, I will be visiting with Candice Tal, founder and Chief Executive Officer (CEO) of Infortal Worldwide, who is the sponsor of this podcast series. We will be considering various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. Tal will help us through that maelstrom to find useful and actionable information for your compliance program. In Part I, we consider why basic Level I due diligence is not enough and how levels of due diligence are accomplished.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 15 minutes, 45 seconds
FCPA Compliance Report-Episode 410, Doreen Edelman CFIUS for Compliance Professionals, Part I
The FCPA Compliance Report is the longest running podcast in compliance. In this episode, I visit with Doreen Edelman, partner at Lowenstein Sandler. She is a noted trade law and trade policy expert. Our discuss is around the Committee on Foreign Investment in the United States or CFIUS. As foreign direct investment in the U.S. has increased, many members in Congress have become concerned about foreign acquisitions of U.S. manufacturers that are perceived to be essential to U.S. national and economic security. This is the first of a two-part series. In this podcast we discuss: What is the Committee on Foreign Investment in the United States or CFIUS?What changed in November with the introduction of the Pilot Program?What are mandatory and voluntary filings?How long does the CIFUS process take?Are they any appeals from a negative decision?How should CIFUS counsel work with transaction counsel? For more information on the CFIUS Pilot Program, check out the LowensteinSandler client alert here. For additional information on CFIUS, see Doreen’s article in Industry Week, entitled, “Foreign Investors Should Not Let Fear of CFIUS Limit Investment in US Manufacturers”. For more information on Doreen Edelman, see her professional profile here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 21 minutes, 27 seconds
International Due Diligence Investigations: Episode 5 - Global Investigations and Innovation
Over this series, I have been visiting with Candice Tal, founder and Chief Executive Officer (CEO) of Infortal Worldwide, who sponsored this podcast. We have considered aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. Tal helps us through that maelstrom to find useful and actionable information for your compliance program. In this concluding Part V, we consider how the changing nature of international anti-corruption compliance programs, through data privacy laws such as General Data Protection Regulation (GDPR), and technical innovations, such as Artificial Intelligence (AI), are prompting innovation in investigative due diligence.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2018 • 15 minutes, 56 seconds
Popcorn and Compliance: Bohemian Rhapsody
In this new podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and I will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. To jump start the series, Jay and I revisited the intersection of Star Wars and compliance in five episodes this week. Today for our first full episode, we look at the recently released music bio-pic Bohemian Rhapsody. So if you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you. Some of the highlights include: Ø How the movie came together after years in development and how it could have been a much different picture. Ø The stars were spot on in their portrayals of the band members (living and dead).Ø How do you wrap a story of redemption around a character you know will die of a terminal illness?Ø Tom indulges in his love of tracking shots. Ø Jay explains how the story structure worked in this movie. The Compliance takeaways: 1. A compliance program must continually innovate. 2. You must bake continuous improvement into your compliance program.3. Every compliance professional should be ready for the opportunity; whether it be to move up in your profession or sell a new compliance initiative. 4. The creative process in music can inform your innovation in compliance—engage your audience. 5. Use the design thinking model, listen to what your audience wants from compliance. 6. Learn from your mistakes and move forward incorporating the lessons learned into the next iteration.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/8/2018 • 34 minutes, 33 seconds
Daily Compliance News: December 7, 2018-Better Late Than Never
DECEMBER 7, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
· US has Canada arrest Huawei CFO. Markets roiled. (New York Times)· Some 5 years after scandal broke, Wells Fargo fires area chiefs. (Wall Street Journal)· UK executive extradited to India over bribery allegations. (Huffington Post)· Why good compliance is good for business (as learned by United Airlines) (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/7/2018 • 6 minutes, 15 seconds
Daily Compliance News: December 6, 2018, How Bad is Bad-Very Bad
What are some of the top compliance and corruption stories of December 6, 2018? Sit back with a cup of coffee and join Tom Fox, the Compliance Evangelist and listen in on the Daily Compliance News. In today’s edition of Daily Compliance News:How bad was Les Moonves behavior? Much worse than you thought. (Slate)Former Hong Kong Home Secretary convicted of paying bribes in violation of the FCPA. (FCPA Blog)Andy Spalding opines on whether the proposed $50MM Penthouse to Putin could have violated the FCPA. (Huffington Post)Urban Meyer resigns. Was it related to the scandal? (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/6/2018 • 6 minutes, 15 seconds
Daily Compliance News: December 5, 2018-Does the NFL Even Care?
DECEMBER 5, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
Is ‘forced hugging’ sexual harassment? (Washington Post)Is the NFL simply incompetent or does it intentionally ignore evidence of domestic abuse?(New York Magazine)Another day, another data breach announced. This time its Quora but only 100MM impacted? (Wall Street Journal)Glencore probe in Canada nears end. What about the US? (Wall Street Journal)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/5/2018 • 6 minutes, 20 seconds
Daily Compliance News: More Bad on 1MDB
DECEMBER 4, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
Goldman Sachs says it will use monitoring for high-risk transactions. (Financial Times)·
Did Marriott meet the SEC standards for data breach disclosure?(MarketWatch)·
Did Jho Low bribe US government officials? (Dipping Through Geometries)
Farming giant CHS discloses FCPA investigation into Mexico border bribes. (FCPA Blog)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/4/2018 • 6 minutes, 15 seconds
A New Hope-What is Risk?
Today I begin a new podcast series with recovering screenwriter, Jay Rosen. The Podcast series is entitled Popcorn and Compliance-at the Movies with Tom and Jay. In this new offering from the Compliance Podcast Network, Jay and I will consider compliance, business, leadership and life lessons from the movies. We will look at both contemporary and classic movies. We will begin with one of our favorite series, Star Wars.
We begin with Episode IV - A New Hope. One of the plotlines is that the Galactic Empire has created a Death Star with enough firepower to destroy a planet. The Rebel Alliance is determined to destroy the Death Star and has blueprints detailing the defensive posture of the Death Star. A computer analysis determines a weakness in the Death Star’s defensive shield. At one point, the Death Star’s commander, Grand Moff Tarkin, played by Peter Cushing, is told there is a ‘risk’ in the Rebel’s plan of attack. Tarkin dismisses this risk as insignificant. Of course, Luke Skywalker then proceeds to exploit this risk and destroy the Death Star.
Tarkin’s incorrect assessment of this risk was lethal. It informs how you evaluate compliance risk under the FCPA or an economic sanctions regime. Failure to appreciate risk can lead to some very serious and perhaps lethal consequences.
Whether you utilize one approach or another, analyzing the results of your risk assessment is as important as doing the risk assessment. With the recent Department of Justice (DOJ) remarks around how they will review the effectiveness of compliance programs during an enforcement action to determine potential credit or even granting a declination, the stakes have never been higher. Of course, for Grand Moff Tarkin, his refusal to analyze the risk assessment presented to him was fatal.
What does the geographic area you conduct business in mean for your company’s risk? This is beyond the Transparency International-Corruption Perceptions Index (TI-CPI) for payments to corrupt local officials, although that could certainly come into play. What if you have to make payments to criminals to secure your supply chain and the safe movement of your employees. What is the liability for a company which puts its employees in such a high-risk environment?
If you do not ask those questions and then pay attention to the answers, you may find yourself in the same position as Grand Moff Tarkin.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 10 minutes, 49 seconds
Rogue One and the Myth of the Rogue Employee
We conclude our 5-part series on the intersection of Star Wars and compliance by looking at the only stand-alone entry in the Star War series, Rogue One. This movie tells the tale of the spies who stole the schematics from the original Death Star and transmitted it to Princess Leia and thereby the Rebel Alliance. Rogue Oneis the first film in the Star Wars Anthology series, a series of stand-alone spin-off films in the Star Wars franchise. It is not clear where the name of the movie came from; although my personal nomination is that in the attack led by Luke on the original Death Star, his squadron was Rogue Two so the movie title is a tribute to those Rebel Alliance X-wing fighters and their pilots.
As long as 24 years ago, Lynn S. Paine wrote about the myth of the rogue employee in the Harvard Business Review (HBR), in an article entitled “Managing for Organizational Integrity”. In this article she wrote, “executives are quick to describe any wrongdoing as an isolated incident, the work of a rogue employee. The thought that the company could bear any responsibility for an individual’s misdeeds never enters their minds. Ethics, after all, has nothing to do with management. In fact, ethics has everything to do with management.” How prescient she was in her article. For it is management who sets the tone throughout the organization, whether that is something along the lines of a wink and a nod towards ethics and compliance or the more ubiquitous miss your numbers for two quarters and you will be history, Paine noted, “More typically, unethical business practice involves the tacit, if not explicit, cooperation of others and reflects the values, attitudes, beliefs, language, and behavioral patterns that define an organization’s operating culture. Ethics, then, is as much an organizational as a personal issue.” However, a company’s responsibility is more than simply to set the right tone then sit back and do nothing. The drafters of the Foreign Corrupt Practices Act recognized this when they included the requirement for internal controls to be included in the law. For, as Paine said, “Managers who fail to provide proper leadership and to institute systems that facilitate ethical conduct share responsibility with those who conceive, execute, and knowingly benefit from corporate misdeeds.”
The three basic tenets of a best practices compliance program are to prevent, detect and remedy. By claiming employees who engage in bribery and corruption have ‘gone rogue’; companies are attempting to divest themselves of responsibility for actions from which they benefit, particularly if the bribery and corruption generated business sales and revenue. We hope you have enjoyed our five-part podcast series on the intersection of Star Wars and compliance as much as we enjoyed producing it. Always remember the storytelling component of compliance. Reciting rules, regulations, policies and procedures is the way to engage effectively in compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 13 minutes, 23 seconds
Return of the Jedi – Effective Compliance Training
Today we continue our celebration and exploration of the original trilogy of Star Wars movies with a look at Episode VI. Return of the Jedi. In this final movie from the original three, the good guys win in the end after overcoming incredible odds. Many fans and critics panned it for including the incredibly cute and furry Ewoks on the moon named Endor as a part of the storyline. Many thought one very tall Wookie was enough cuteness for the series. Yet the Ewoks did provide the setup to one of the movies best lines. The Ewoks thought one of Luke’s robots, C-3PO, was a god. Solo asked him to demonstrate some ‘god-like’ powers to which C- 3PO replied, “It is against my programming to impersonate a deity.”
This movie’s big reveal was that Luke and Princess Leia were twins and that she was now free to unabashedly pursue bad boy Han Solo. While Episode VI was the lowest grossing film of the original three, coming in at only $572MM worldwide, it was still a great ride and visually stunning. George Lucas’ in-house organ, Industrial Light & Magic (ILM), certainly earned their title for their special effects in the movie. The Sarlacc battle sequence was great, the speeder bike chase on the Endor moon was way cool and the space battle between Rebel and Imperial pilots was a great ride. At the Academy Awards ceremony for movies of that year, Richard Edlund, Dennis Muren, Ken Ralston, and Phil Tippett, all from ILM, received the Special Achievement Award for Visual Effects Oscar award.
I thought about this entry in the Star Wars oeuvre in the context of compliance training. One of the key changes from the Department of Justice articled in the 2017 Evaluation of Corporate Compliance Programs was the change in training. The DOJ wants both targeted and effective training. This means you must be able to demonstrate how your training has been received and utilized by your employee base.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 10 minutes, 44 seconds
The Force Awakens and Disruptive Innovation in Compliance
Today Jay and I consider the first ‘new’Star Wars movie entry, Episode VII –The Force Awakens. I say it is a new Star Wars movie as it was the first one not created by LucasFilms, as George Lucas had sold his company to Disney, which produced the 2016 entry into the Star Wars oeuvre. It was directed by JJ Abrams and told the story of the Star Wars universe some 30 years after the destruction of the last Death Star. It is this disruptive nature of the Star Wars franchise that I will focus on today as it relates to disruption innovation in compliance.
The film introduced several new characters: Rey, Finn and Poe Dameron, Kylo Ren and the First Order, a successor to the Galactic Empire. The film was largely one giant search for Luke Skywalker who had gone into isolation after his failure to re-establish the Jedi order. In addition to introducing the new characters, we are reunited with Han, Chewbacca and Princess Leia, who is now General Leia Organa. The First Order has developed new weapon, Starkiller, a deliciously worthy successor to the Death Star; the Rebel Alliance majorly disrupts the weapon and the First Order by destroying it, in the film’s climactic battle.
One of the key things the Department of Justice (DOJ) has communicated over the past few months is the importance of doing compliance rather than having a paper compliance program in place. In releasing the new Foreign Corrupt Practices Act Corporate Enforcement Policy, the DOJ emphasized the clear delineation of factors they will consider in determining if a company has an operationalized best practices compliance program in place in the context of a FCPA enforcement action. All of this has required disruptive innovation in compliance beyond the simple paper compliance program which until recently was seen as the norm.
This leads to three key elements of disruption theory, which fit the compliance context. The first is that compliance is a process. The second key point is that Compliance 3.0 is very different from compliance programs of the past decade. The third point is that not all disruptive innovations succeed. As many compliance practitioners are lawyers, we are naturally reticent to embrace such change, however I think the pronouncements of the DOJ throughout the year have made even clearer the need for continued evolution of anti-corruption compliance going forward.
In The Force Awakens, there were numerous disruptions. We saw the death of one of the most beloved characters in the series, Han Solo, the growing awareness by Rey of her powers and the return of Luke Skywalker. It totally disrupted the First Order and destroyed its most lethal weapon. You can draw on this inspiration for your compliance regime.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 11 minutes, 31 seconds
The Empire Strikes Back - Due Diligence
Second in our 5-part series on compliance through the lens of Star Wars is Episode V - The Empire Strikes Back, which is my personal favorite of the original three movies. The film begins with a cool battle on the ice planet of Hoth and has some great HR lessons as Darth Vader executes officers for work place failures; demonstrates some dangers involving ineffective training for Luke Skywalker on the tropical plant of Dagobah, where he travels to learn under the Jedi master Yoda who utters the immortal line “Try not! Do, or do not. There is no try”; and ends in Cloud City, a floating gas mining colony in the skies of the planet Bespin run by Han Solo’s old buddy, Lando Calrissian. It also has one of the greatest movie lines of all-time, thundered by Darth Vader to Luke Skywalker, near the end of the film. Today, we consider it for the continued issue of due diligence.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 10 minutes, 52 seconds
FCPA Compliance Report-Episode 409, Ann Sultan on the Miller & Chevalier’s Autumn FCPA Report 2018
The FCPA Compliance Report is the longest running podcast in compliance. In this episode, I visit with Ann Sultan, Counsel and Miller & Chevalier. We discuss the firm’s Autumn FCPA Report 2018. It is one of the top quarterly reviews of all things FCPA, anti-corruption and bribery, both domestically and internationally. In this podcast we discuss: 1. What are the key themes and numbers that standout for the past quarter?2. We discuss three key cases for the quarter: a. Beam Suntory-role of Kokesh and strategic use of a tolling agreement b. Credit Suisse-compliance risk for hiring in China 3. Sanofi-what are the insights into SEC expectations around distributors? 3. We consider some of the key International developments: a. Argentinian Officials Launch Investigation Based on "Bribery Notebooks" Kept by former Government Chauffeur; b. English Appellate Court Reverses Lower Court Opinion Regarding Attorney Client
c. In this UK-Privilege in Internal Investigations (ENRC); d. Russian Government Enacts Rules Exempting Companies from Bribery Liability.
4. We consider where enforcement may be going in the final quarter of 2018 and then into 2019. Check out Miller & Chevalier’s Autumn FCPA Report 2018 by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 29 minutes, 2 seconds
Daily Compliance News: December 3, 2018-Autonomy CEO Indicted
In today’s edition of Daily Compliance News:Former Autonomy CEO indicted in US over HP deal. (The Guardian)Marriott hit with huge data breach.(Wall Street Journal)Former Nissan CEO jail time extended. (New York Times)US Federal Reserve investigating Goldman Sachs over 1MDB scandal. (Bloomberg)
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/3/2018 • 6 minutes, 15 seconds
This Week in FCPA-Episode 131
As Tom and Jay prepare for the December holiday season, they consider the DOJ/SEC’s strong affirmation that aggressive FCPA enforcement is here to stay, changes to the Yates Memo/plea for increased cooperation and some of the week’s other top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/30/2018 • 29 minutes, 14 seconds
Daily Compliance News: November 28, 2018-Banks Behaving Badly
Why are banks continuing to behave badly? Will they ever learn their lesson? Find out the latest news on the Daily Compliance News with Tom Fox, on the Compliance Podcast Network.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/30/2018 • 5 minutes, 25 seconds
Life With GDPR: Episode 19-Class Actions around Data Privacy
What are your risks of a data privacy breach? Do they include disgruntled employees turning over personal payroll data to the Fourth Estate? Have you performed a Data Privacy Impact Assessment? If not, find out why you should do so.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/29/2018 • 21 minutes, 50 seconds
Daily Compliance News: November 29, 2018-Need a Yacht?
What are some of the top compliance and corruption stories for November 29? Sit back with a cup of coffee and Tom Fox, the Compliance Evangelist and listen to the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/29/2018 • 5 minutes, 25 seconds
Compliance into the Weeds: the Vantage Drilling FCPA Enforcement Action
In this episode, Matt Kelly and I take a deep dive into the recent Vantage Drilling FCPA enforcement action. It is a highly unusual enforcement action with some very different facts from the standard FCPA case. It provides some new lessons learned for the compliance professional (and some old ones as well).
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/28/2018 • 18 minutes, 5 seconds
Daily Compliance News: Parliament Steps In
What are some of the top compliance stories for November 28, 2018? Sit back with a cup of coffee and listen in with Tom Fox on the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/28/2018 • 5 minutes, 25 seconds
Daily Compliance News: Parliament Steps In
What are some of the top compliance and corruption stories for November 27? Sit back with a cup of joe and Join Tom Fox, the Compliance Evangelist to find out.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/27/2018 • 5 minutes, 26 seconds
Compliance Lessons from Venice: How the Lion’s Mouth Informs Your Hotline
As podcast series on compliance lessons from Venice draws to an end, I am reminded how much the western world has to thank the Republic of Venice. From the forms of republican democracy, to helping to establish a world-wide trade and banking system which still reverberates today. But, if you look closer, ancient Venice had many good government techniques which also still inform the modern world. Straight from the lion’s mouth to your company’s internal reporting system is just one of them.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 10 minutes, 4 seconds
Compliance Lessons from Venice: How the Venetian Gondolier Informs Your Compliance Program
If there is one thing that is ubiquitous throughout this city it is the Gondolier. In addition to having a stout pairs of lungs, the Gondolier are in very good physical condition. As a CCO, the more you can get out of the office and into the field, the more fit your compliance program will become.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 8 minutes, 30 seconds
Compliance Lessons from Venice: Doing Compliance the Old-Fashioned Way
Today I begin a five-part podcast series on compliance lessons I observed from a recent holiday in Venice. I start the series with a look at the manner in which building repairs are done in the city and how this old-fashioned way of construction informs your modern day compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 9 minutes, 29 seconds
Compliance Lessons from Venice: Arsenale and Incentivizing Compliance
I continue with my Venice themed podcast series by focusing on the Arsenale. This is not a precursor to that famous north London football club, the Arsenal Gunners, but the district in Venice where one of the main commercial enterprises of the city took place, that being ship building and ship repair. But I also picked up some interesting compliance insights in learning more about the Arsenale.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 11 minutes, 6 seconds
Compliance Lessons from Venice: Selfie-Sticks and Risk Assessments
Today our compliance insight comes not from the old Venice but from the new and ever-changing Venice, its street vendors. It is about using their ‘invisible hand’ to inform your risk assessments.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 8 minutes, 21 seconds
FCPA Compliance Report-Episode 408
In this episode I have back noted data protection expert Brad Davis. Our topic is data protection and Davis’ advocacy of social engineering as the first line of defense for every corporation from hackers, phisher and all manner of nefarious actors who will endeavor to hack into you corporate site.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 17 minutes, 53 seconds
Life With GDPR: Emergency Episode-Facebook Files
In this episode, Jonathan Armstrong and I record our first emergency podcast on Life with GDPR. It relates to documents obtained by the UK Parliamentary Digital, Culture, Media and Sports Committee through its subpoena of an American executive of the US company Six4Three. This exec just happened to be in London with Facebook documents his company had obtained in unrelated litigation between Six4Three and Facebook. We present the Facebook Files.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 25 minutes, 1 second
Daily Compliance News: Lunch with the FT
What are some of the top compliance and corruption stories for November 26? Sit back with a cup of coffee and Tom Fox, the Compliance Evangelist to find out.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/26/2018 • 5 minutes, 26 seconds
This Week in FCPA-Episode 130
As Tom and Jay move from eating way to much to watching some great college football on this Thanksgiving holiday weekend, they look at some of the week’s top compliance and ethics stories on This Week in FCPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/23/2018 • 27 minutes, 36 seconds
Daily Compliance News: Post Thanksgiving Edition
What are some of the top compliance and corruption stories for November 23? Find out on the Daily Compliance News, with Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/23/2018 • 5 minutes, 25 seconds
Daily Compliance News: Danske Bank scandal spreads
What are some of the day's top compliance and corruption stories? Sit back with a cup of coffee and find out with Tom Fox on the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/21/2018 • 5 minutes, 26 seconds
Daily Compliance News: Year of the Whistleblower?
What were some of the top compliance and corruption stories for November 20, 2018? Sit back with a good cup of joe and listen to Tom Fox on the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/20/2018 • 5 minutes, 26 seconds
Daily Compliance News: Stranger than Fiction
What are some of the top corruption and compliance stories to read to start your day? Find out with Tom Fox on the Daily Compliance Podcast.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/19/2018 • 5 minutes, 25 seconds
This Week in FCPA-Episode 129 the Farewell to Stan Lee edition
As Tom and Jay mourn the death of cultural icon Stan Lee, they consider that story and look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/16/2018 • 35 minutes, 33 seconds
Daily Compliance News: Facebook Attacks
What are some of the day's top compliance and corruption stories? Find out on the Daily Compliance News. Today we consider Facebook and its response to various scandals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/16/2018 • 5 minutes, 26 seconds
Everything Compliance-Episode 37
Welcome to the only roundtable podcast in compliance. This week’s episode was is dedicated to considering one article which recently appeared in the New York Times, entitled, “Trump Administration Spares Corporate Wrongdoers Billions in Penalties”. Each panelist considers the piece and its underlying principals from their own perspective.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/15/2018 • 57 minutes
Daily Compliance News: A Public Spanking
What were some of the top compliance and corruption stories for November 15? Check in with the Tom Fox, the Compliance Evangelist, a cup of coffee and the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/15/2018 • 5 minutes, 26 seconds
Daily Compliance News-Bad Blood
What are some of the top compliance stories for November 14, 2018? Check with a cup of coffee, the Compliance Evangelist on the Daily Podcast News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/14/2018 • 5 minutes, 26 seconds
Daily Compliance News: Farewell to Stan Lee
What were today's top compliance, leadership and corruption stories? Find out on November 13, 2018 edition of the Daily Compliance News, with a tribute to Stan Lee.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/13/2018 • 5 minutes, 25 seconds
Ethics and Compliance Monitoring Across the EU and Beyond: Part 5
In this concluding Part 5, I discuss some of the challenges for monitors in the international arena with Feldman. AMI has a long history of working with internationally based companies. It is therefore well positioned to observe some of the challenges for monitors working internationally.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 14 minutes, 9 seconds
Ethics and Compliance Monitoring Across the EU and Beyond: Part 1
In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries where they do business. In this Part I, I visit with Vin DiCianni on the trends he sees in the global arena around ethics, compliance and monitoring.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 14 minutes, 54 seconds
Ethics and Compliance Monitoring Across the EU and Beyond: Part 2
In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries. In this Part II, I discuss international enforcement trends with Feldman.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 13 minutes, 41 seconds
FCPA Compliance Report-Episode 407
In the Episode, I visit with podcast favorite Mike Volkov and we consider FCPA enforcement and compliance programs over the past five years and where it may be going in the future.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 27 minutes, 22 seconds
Ethics and Compliance Monitoring Across the EU and Beyond: Part 4
In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries where. In this Part IV, I discuss the changing face of monitors in the international arena with DiCianni.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 13 minutes, 51 seconds
Ethics and Compliance Monitoring Across the EU and Beyond: Part 3
In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries. In this Part III, I discuss trends in ethics and compliance programs in Spain with DiCianni.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 14 minutes, 12 seconds
Daily Compliance News: Honoring Veterans
What are some of the top stories in compliance and ethics for November 12, 2018? Grab a cup of coffee and join Tom Fox, the Compliance Evangelist to find out.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2018 • 5 minutes, 25 seconds
This Week in FCPA-Episode 128
Goldman Sachs has a very bad week, most particularly around its role in the 1MDB scandal. Tom and Jay consider that story and look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/9/2018 • 35 minutes, 15 seconds
Daily Compliance News-November 9
What are some of the top compliance and corruption stories for November 9, 2018? Sit down with a cup of coffee and Tom Fox, the Compliance Evangelist to find out on the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/9/2018 • 5 minutes, 26 seconds
Across the Board-Episode 25
In this episode of Across the Board, I visit with Doreen Lilienfield. She is a partner at Shearman & Sterling in New York. Today we visit on the firm’s Shearman & Sterling Annual Corporate Governance & Executive Compensation Survey.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/8/2018 • 20 minutes, 52 seconds
Compliance into the Weeds: Episode 100
In this episode, Matt Kelly and I take a deep dive into the recently announced reorganization of the Michigan State University compliance function, rolling it into the newly created Office of Audit, Risk, and Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/7/2018 • 16 minutes, 39 seconds
Daily Compliance News: November 7
What were some of the day's top compliance and corruption stories? Find out on the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/7/2018 • 5 minutes, 26 seconds
Daily Compliance News-November 6, 2018
What are some of the top stories around bribery, corruption, compliance and ethics for November 6, 2018? Find out on the Daily Compliance News.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/6/2018 • 5 minutes, 26 seconds
Life With GDPR: Episode 18
In this episode I visit with Jonathan Armstrong and we update the current status of Privacy Shield in EU, US and UK. On both sides of the Atlantic, Privacy Shield is still a topic of hot conversation
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/6/2018 • 22 minutes, 52 seconds
FCPA Compliance Report-Episode 406
In the episode, I visit with James Koukios, a partner at Morrison and Foerster in Washington DC. Koukios is a former prosecutor from the Department of Justice who worked in the FCPA Unit. He is back to discuss the firm’s monthly newsletter the Top 10 International Anti-Corruption Developments for August 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/5/2018 • 31 minutes, 54 seconds
Daily Compliance News, November 5, 2018
The top compliance and ethics stories for November 5, 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/5/2018 • 5 minutes, 26 seconds
Daily Compliance News: November 2, 2018
In today’s edition of Daily Compliance News:
Maryland football coach DJ Durkin fired one day after Systems Board of Regents reinstated him. (New York Times)
Big news in the 1MDB scandal. Tim Leissner pleads guilty. Roger Ng and Jho Low are indicted. (FCPA Blog)
New study shows the monetary cost for reputational damages. (WSJ Risk and Compliance Journal)
Leslie Caldwell and Christopher Ting aver compliance is still critical to the DOJ. (Law360)
Adventures in Compliance looks at Sherlock Holmes as a teacher. (Compliance Podcast Network)
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/2/2018 • 5 minutes, 26 seconds
This Week in FCPA-Episode 127
The Boston Red Sox thrashed the LA Dodgers in World Series, bringing the trophy back to Boston for the 4th time in 15 years. What’s it like to support such a loveable winner? Jay shares some of the secrets as the lads look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/1/2018 • 41 minutes, 41 seconds
Across the Board-Episode 24, Amii Barnard-Bahn
In this episode of Across the Board, I visit with Amii Barnard-Bahn. Today’s topic is the Board’s failures at Theranos and how they helped lead to the demise of the company.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/1/2018 • 27 minutes, 36 seconds
Daily Compliance News-November 1, 2018
Check out the compliance news for November 1, 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/1/2018 • 5 minutes, 50 seconds
Life With GDPR: Episode 17
In this episode I visit with Jonathan Armstrong on some of the themes that have emerged in the nearly six months since GDPR has gone live. Armstrong has traveled literally across the globe to work on data protection/data privacy matters and has been able to talk to a wide variety of those impacted by GDPR, from regulators in Europe to companies in America.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/31/2018 • 18 minutes, 2 seconds
Adventures in Compliance - Episode 6
In this episode, I consider Conan Doyle’s third Sherlock Homes novel, The Hound of the Baskervilles. The novel, originally serialized in The Strandfrom 1901 to 1902, is generally recognized by Sherlockians as the premier Doyle work regarding his fictional detective. I use this novel to illustrate how you can plan out and schedule 90 days to innovation for your compliance function.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/29/2018 • 13 minutes, 48 seconds
Adventures in Compliance - Episode 8
In this podcast, we celebrate Doyle’s final novel, The Valley of Fear. It was notable for two reasons. The first that it was at least inspired by events in America involving the Molly Maguires, the Pinkerton Agency and its undercover agent James McParland. Also, it informs the topic of virtual teams.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/29/2018 • 11 minutes, 24 seconds
Adventures in Compliance- Episode 10
In this podcast, I consider Sherlock Holmes as a teacher and the role he sets out for every Chief Compliance Officer.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/29/2018 • 10 minutes, 23 seconds
Adventures in Compliance - Episode 9
How are you using power? While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the FCPA; this type of leadership model is now becoming outmoded in today’s world.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/29/2018 • 11 minutes, 52 seconds
Adventures in Compliance - Episode 7
How does a Chief Compliance Officer or compliance professional think through the innovation process? In this podcast I lay out four steps for doing so.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/29/2018 • 11 minutes, 36 seconds
FCPA Compliance Report-Episode 405
In the Episode, I visit with Yvette Lingom, Associate Director, Programming at C5 Communications Ltd. We discuss the opening of the nomination process for C5’s Women in Compliance Awards which are presented annually in conjunction with the Women in Compliance conference put on by the organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/28/2018 • 1 minute, 30 seconds
This Week in FCPA-Episode 126
What were the top stories in compliance and ethics over the past week? Find out in This Week in FCPA with Tom Fox and Jay Rosen.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/26/2018 • 38 minutes, 24 seconds
Everything Compliance-Episode 36
Welcome to the only roundtable podcast in compliance. The genesis of Everything Compliance was our first podcast three years ago at SCCE in Chicago. We reconvene for this week’s episode at the SCCE 2018 Compliance and Ethics Institute. This year we record in Las Vegas. We have a potpourri of topics and free flowing conversation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/25/2018 • 53 minutes, 8 seconds
Compliance into the Weeds: Episode 99
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive the upcoming Navex Global Virtual Conference, which is scheduled for Thursday, November 8.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/24/2018 • 20 minutes, 16 seconds
FCPA Compliance Report-Episode 404
In the Episode, I visit with Dave Lefort, the Editor in Chief of Compliance Week. We visit on Dave’s route as a journalist and online sports leader to compliance. We discuss some of his new initiatives at Compliance Week and the upcoming Compliance Week virtual open House.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/22/2018 • 16 minutes, 37 seconds
This Week in FCPA-Episode 125
The Boston Red Sox storm into the World Series after defeating the Houston Astros in the ALCS. Will the team with the best record in baseball take home the trophy this year? Jay and Tom (well really just Jay) hit the highlights from the Sox 4-1 shellacking of Houston. Tom takes his medicine as they take a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/19/2018 • 36 minutes, 35 seconds
Across the Board-Episode 23
In this episode of Across the Board, I visit with Amii Barnard-Bahn. Today’s topic is the ongoing turmoil at Tesla around its founder and CEO Elon Musk and his ‘funding secured’ tweet from the corporate governance perspective.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/18/2018 • 27 minutes, 36 seconds
Compliance into the Weeds: Episode 98
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive into the Benczkowski Memo and what it means for not only the monitor selection process but for compliance officers who may be in front of the Justice Department in a FCPA investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/17/2018 • 24 minutes, 55 seconds
Adventures in Compliance – Episode I
This week I return to one my favorite themes for every Chief Compliance Officer, compliance professional and compliance program: Sherlock Holmes. Over this new podcast series, I will be considering themes from the short stories to illustrate broader application to components of a best practices compliance program. In this Episode I, I consider the theme of communication.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/15/2018 • 9 minutes, 47 seconds
Adventures in Compliance - Episode V
This podcast series returns to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. In Adventures in Compliance, I consider themes from the short stories found in Holmes storiesto illustrate broader application to components of a best practices compliance program. Today, I consider the theme of imagination in your compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/15/2018 • 9 minutes, 31 seconds
Adventures in Compliance - Episode II
This week returns to one my favorite themes for every Chief Compliance Officer, compliance professional and compliance program: Sherlock Holmes. In this podcast series I will be focusing on themes from Sherlock Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of institutional justice.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/15/2018 • 10 minutes, 7 seconds
Adventures in Compliance - Episode III
This week I have returned to one my favorite themes for every Chief Compliance Officer, compliance professional and compliance program: Sherlock Holmes. I am using themes from the Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of criminality and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/15/2018 • 9 minutes, 56 seconds
Adventures in Compliance – Episode IV
This week is a return to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over this week, I am considering themes from the Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of mentoring in compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/15/2018 • 9 minutes, 22 seconds
This Week in FCPA-Episode 124
The reigning World Series Champions, the Houston Astros storm into the ALCS with a sweep of Cleveland. The team with the best record in baseball, the Boston Red Sox destroy the Yankees. The ALCS opens Saturday in Boston and comes to Houston Tuesday. Will the top podcasting duo in compliance survive? Also, Tom and Jay discuss and take a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/12/2018 • 44 minutes, 10 seconds
Across the Board-Episode 22
In this very special episode of Across the Board, I continue my celebration of 1000 podcasts on the Compliance Podcast Network. In this episode of Across the Board. I visit with Sheila Hooda about the changes she has seen at the Board level over the past five years.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/11/2018 • 24 minutes, 6 seconds
Compliance into the Weeds: Episode 97
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive into the continuing saga of Elon Musk, the SEC settlement, corporate governance at Tesla and his ongoing twitter feed.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/10/2018 • 25 minutes, 37 seconds
The Opinion Release Papers: Opinion Release 12-01
Opinion Release 12-01is significant as it demonstrated not only the evolving nature of best practices under the FCPA but also the DOJ’s thinking on the subject.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2018 • 12 minutes, 56 seconds
The Opinion Release Papers: Opinion Release14-02
In this episode of the Opinion Release Papers, we consider Opinion Release 14-02.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2018 • 14 minutes, 1 second
The Opinion Release Papers: Opinion Release 12-02
In Opinion Release 12-02, certain Requestors, which were 19 non-profit adoption agencies located in the US, asked the DOJ about bringing certain foreign governmental officials involved in the foreign country’s adoption process to the US. Can the Requestors do so, without running afoul of the FCPA?
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2018 • 11 minutes, 36 seconds
The Opinion Release Papers: Opinion Release 13-01
Late in 2013 the DOJ issued its only Opinion Release, that being Opinion Release 13-01. One of the things that this Opinion Release stands for is that each fact scenario presented under the FCPA must be evaluated on its own facts. While this maxim is certainly true, I believe that the Opinion Release goes further and provides significant information to the compliance practitioner for charitable donations going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2018 • 12 minutes, 43 seconds
The Opinion Release Papers: Opinion Release 14-01
In this episode, we consider Opinion Release 14-01, where the Department of Justice opined that paying a foreign government official for monies he was owed in the sale of a business interest that he owned prior to becoming a foreign government official would not be prosecuted as a Foreign Corrupt Practices Act violation. As intuitive as this decision might sound, there is, nevertheless, significant information for the compliance practitioner to take away from 14-01.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2018 • 13 minutes, 6 seconds
FCPA Compliance Report-Episode 402
In the Episode, I visit with one of the top outside counsel in field of FCPA and compliance. It is Stephen Martin, a partner at Arnold & Porter. In this episode we deconstruct the Petrobras FCPA enforcement action.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/8/2018 • 28 minutes, 34 seconds
This Week in FCPA-Episode 123
The baseball playoffs are here. For the Sox, the hated Yankees. For the Astros, they begin their World Series defense against the Cleveland Indians. Tom and Jay discuss and take a look at some of the week’s top compliance and ethics stories.
Styker is now a two-time FCPA loser. Will there be a third? Sam Rubenfeld reports in the WSJ Risk and Compliance Journal. Dick Cassin reports in the FCPA Blog.
In a pique of sanity, Elon Musk settles his SEC lawsuit which might have barred him from serving on the Board of a public company. Tim Higgins and Dave Michaels consider the fallout in the WSJ. Both James Stewart, writing in the NYTand Tom Zanki, in Law360 say the Board needs better oversight.
Former Chile mining official settles FCPA charges. Dick Cassin reports in the FCPA Blog. Sam Rubenfeld reports in the WSJ Risk & Compliance Journal.
The commentary from the Petrobras FCPA enforcement action continues. Tom runs a 3-part series (Part 1, Part 2& Part 3). Mike Volkov weighs in on Corruption, Crime and Compliance. Andy Webb-Vidal explores the 10 ten takeaways from Operation Car Wash on Corporate Compliance Insights. Jonathan Marks looks at it from the ‘Realm of the Obvious’ in his Board and Fraud blog.
MLB reportedly under investigation for FCPA violations in Latin America. Cheryl Ring reports in Fangraph.
More on ruling on attorney-client privilege in UK. Sam Rubenfled in WSJ Risk & Compliance Journal reports SFO will not appeal ENRC ruling. Andrew Reeves provides five key takeaways in the FCPA Blog.
Panasonic Avionics finally get a monitor. Kelly Swanson reports in GIR.
Robbing a national bank, think big. Margot Patrick, Gabriele Steinhauser and Patricia Kowsmann report in the WSJ.
Women who have behaved badly. Rosmah Mansor, wife of former Malaysian PM Najib Razak charged with money-laundering, Harry Cassin in the FCPA Blog. SFO moves to sieze assets of Gulnara Karimova the eldest daughter of the late Uzbek President Islam Karimoa. Dick Cassin the FCPA Blog.
Want a 50% discount to one of the top compliance conferences around? Join Tom and AMI’s Eric Feldman at CONVERGE18 in Denver on October 9-11. I hope you can join me at the event. For information on the event, click here. As an extra benefit to fans of This Week in FCPA, CONVERGE18 is offering a 50% discount off the registrationEnter discount code TOMFOXVIP.
The baseball playoffs are here. Tom and gutless wonder Jay discuss. Tom explains why Jay is a gutless wonder.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/5/2018 • 38 minutes, 58 seconds
Everything Compliance-Episode 35
Welcome to the only roundtable podcast in compliance. This week’s episode is entirely dedicated to the spectacle of the Ford-Kavanaugh hearings from the past week. Jonathan Armstrong is on assignment so Tom Fox sits in for Armstrong. After the commentary we follow with rants.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/4/2018 • 47 minutes, 31 seconds
Compliance into the Weeds: Episode 96
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a very deep dive into the increased prevalence of non-GAAP financial reporting.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/3/2018 • 16 minutes, 15 seconds
How Tech Informs Compliance to Create Business Efficiency: Part III
In this special five-part podcast series, I have visit with Thomas Sehested, Valerie Charles, and Peter Chang all from Gan Integrity. In this Part III, I visit with Thomas Sehested how tech solutions can make not only compliance more efficient but companies run more efficiently and at the end of the day more profitably.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2018 • 15 minutes, 16 seconds
How Tech Informs Compliance to Create Business Efficiency: Part I
In this special five-part podcast series, I visit with Thomas Sehested, founder and CEO of Gan Integrity. In this series, we will consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In this Part I, I visit with Thomas Sehested on his journey from professional athlete to tech entrepreneur to compliance solution provider.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2018 • 14 minutes, 55 seconds
How Tech Informs Compliance to Create Business Efficiency: Part II
In this special five-part podcast series, I visit with Thomas Sehested, founder and CEO of, Valerie Charles, Chief Strategy Officer and Peter Chang, Head of Customer Success of Gan Integrity. In this series, we will consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In this Part II, I visit with Charles on her journey from legal to compliance to tech.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2018 • 15 minutes, 47 seconds
How Tech Informs Compliance to Create Business Efficiency: Part V
In this special five-part podcast series, I have visited with Thomas Sehested, founder and CEO of, Valerie Charles, Chief Strategy Officer and Peter Chang, Head of Customer Success of GAN Integrity. In this series, we will consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In this Part V, I visit with Charles some of her birdseye view of compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2018 • 13 minutes, 59 seconds
How Tech Informs Compliance to Create Business Efficiency: Part IV
In this special five-part podcast series, I visit with Thomas Sehested, founder and CEO of, Valerie Charles, Chief Strategy Officer and Peter Chang, Head of Customer Success of Gan Integrity. In this Part IV, I visit with Chang on the Gan approach to client success and how it acts towards continuous improvement of a compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/1/2018 • 14 minutes, 24 seconds
FCPA Compliance Report-Episode 401
In the episode, I visit with Doug Allen, Managing Director at Ethisphere. We discuss the application process for Ethisphere’s 2019 World’s Most Ethical company designation. We consider the process for application, why a company should go through the process and the benefits even if your organization does not receive the designation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
This month I am celebrating 1000 podcasts by discussing with my colleagues and friends from professional community on past, present and future of compliance. Today we have Timur Khasanov-Batirov, my co-host in Compliance Man Goes Global podcast series on trends in compliance in emerging markets.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/28/2018 • 20 minutes, 44 seconds
This Week in FCPA-Episode 122
Both the Astros and Red Sox have over 100 wins. Who will come out on top this year? Tom and Jay are back to tackle the week's top ethics and compliance stories on This Week in FCPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/27/2018 • 33 minutes, 28 seconds
FCPA Compliance Report-Episode 400
In this very special 400th anniversary episode, I visit with Ben Reiter, the author of Astroball—The New Way to Win It All. The Astros experience, Reiter’s book and our discussion directly apply to the compliance professional and the use of data and data science in an operationalized, best practices compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/24/2018 • 40 minutes, 46 seconds
CONVERGE18-Preview Podcasts-Philip Winterburn
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Philip Winterburn, Chief Product Officer at Convercent. We discuss the issue of KPIs around benchmarking your ethics and compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/22/2018 • 14 minutes, 15 seconds
CONVERGE18-Preview Podcasts-Philip Winterburn
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Philip Winterburn, Chief Product Officer at Convercent. We discuss the issue of KPIs around ethics and compliance related surveys.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/22/2018 • 14 minutes, 30 seconds
This Week in FCPA-Episode 121
As Tom and Mrs. Compliance Evangelist trek to Ann Arbor MI to attend his law school reunion, Go Blue and watch the Wolverines trounce Nebraska and enjoy some cool autumn weather, he and Jay are back with a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/21/2018 • 36 minutes, 34 seconds
Compliance into the Weeds: Episode 95
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a very deep dive into the process surrounding the allegations made against Supreme Court nominee Brett Kavanaugh by Christina Ford. We consider these allegations from the compliance perspective
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/19/2018 • 24 minutes, 35 seconds
CONVERGE18-Preview Podcasts- Susan du Becker
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Susan du Becker, Global Compliance Enablement at Cisco Systems. We discuss some of her strategies for breaking down silos to facilitate compliance training.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 11 minutes, 30 seconds
CONVERGE18-Preview Podcasts- Amy Much
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Amy Much, Ethics and Compliance Officer at Under Armor. We discuss some her presentation at Converge18 “Learn From My Mistakes, Fits and Starts When Building a New C&E Program”.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 12 minutes, 23 seconds
CONVERGE18-Preview Podcasts- Jacki Cheslow
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Jacki Cheslow, the Director Business Ethics & Compliance, Avis Budget. We discuss breaking down silos to facilitate compliance training and communications.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 10 minutes, 59 seconds
CONVERGE18-Preview Podcasts- David Deitchman
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Jacki David Deitchman, Deputy General Counsel, Employment, Ethics & Compliance at HP. We discuss some of his tactics and techniques for dealing the Board of Directors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 14 minutes, 39 seconds
The Evolving Role of Risk, Compliance, and Ethics-Part V
In this final episode of my 5 part exploration of the evolving nature of risk, ethics, and compliance, I visit Paul Johns on the need for an integrated approach to risk management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 14 minutes, 59 seconds
The Evolving Role of Risk, Compliance, and Ethics-Part IV
In this Part IV of this five-part series on the evolving nature of risk, ethics and compliance, I visit Rebecca Turco on the current trends she is seeing in culture, ethics and compliance and where it all may be headed.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 14 minutes, 1 second
The Evolving Role of Risk, Compliance, and Ethics-Part I
In this Part I, I visit Paul Johns on the evolving nature of the ethics and compliance marketplace and what that means for compliance programs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 12 minutes, 28 seconds
The Evolving Role of Risk, Compliance, and Ethics-Part III
In this Part III of my five-part series on the evolving nature of risk, compliance and ethics, I visit Rebecca Turco on the new SAI Global training solution at EthicsAnywhere.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 13 minutes, 45 seconds
The Evolving Role of Risk, Compliance, and Ethics-Part II
In this Part II of my five-part podcast series on the evolving nature of risk, compliance and ethics, I visit Rebecca Turco on the shifting compliance mindset.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/17/2018 • 13 minutes, 53 seconds
FCPA Compliance Report-Episode 399
In this episode, I visit with podcast favorite Matt Ellis, a member at Miller & Chevalier on the firm’s always excellent FCPA Summer Review 2018. The first half of 2018 has brought some very interesting FCPA enforcement actions, packed with lots of information for the compliance practitioner. We unpack the key enforcement actions, international developments and some key statistics.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/16/2018 • 30 minutes, 43 seconds
This Week in FCPA-Episode 120
As Hurricane Florence is headed to the Carolinas and beyond, Hurricane Issac is hurtling towards the Gulf of Mexico and Storm X is taking aim at Texas, Tom and Jay are back with a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/14/2018 • 42 minutes, 54 seconds
CONVERGE18-Preview Podcasts- Keturah Pestel
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Keturah Pestel, Program Manager, Business Ethic and Legal Support Office at Thrivent. We discuss her company’s innovative use of internal reporting.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/13/2018 • 18 minutes, 38 seconds
Everything Compliance-Episode 34
Welcome to the only roundtable podcast in compliance. Inspired by our UK colleague, Jonathan Armstrong who inquired if we could explore the guilty plea of Michael Cohen and the guilty verdict against Paul Manafort, we dedicate the next two episodes to issues surrounding, raised by or related to these two events. In this episode we have commentary by Jay Rosen and Jonathan Armstrong (last week was Mike Volkov and Matt Kelly). After the commentary we follow with rants.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/13/2018 • 47 minutes, 4 seconds
Compliance into the Weeds: Episode 94
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a very deep dive into the recent SEC whistleblower award of $54MM to two separate individuals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/12/2018 • 18 minutes, 16 seconds
CONVERGE18-Preview Podcasts-Sheryl Zaworski
In this episode of the CONGERGE18 Preview Podcasts series, I visit with Sheryl Zaworski, VP, Director of Global Ethics Escalation, Investigation and Analytics at U.S. Bank. We discuss the the data project at US Bank.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/11/2018 • 14 minutes, 33 seconds
Assessing Ethics and Compliance in M&A-Episode 5
Over these past five episodes, I have visited with Eric Feldman, Senior Vice President, Don Stern, Corporate and Rod Grandon, Managing Director Government Services; from Affiliated Monitors, Inc., sponsor of this series. We explored how to go about assessing ethics and compliance in the mergers and acquisition context. In this fifth and concluding episode I visit with Stern to tie together how an independent integrity monitor can benefit the entire mergers and acquisition process.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2018 • 14 minutes, 33 seconds
Assessing Ethics and Compliance in M&A-Episode 1
Over the next five podcast episodes, I will visit with Eric Feldman, Senior Vice President, Don Stern, Corporate and Rod Grandon, Managing Director Government Services; all from Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explore how to go about assessing ethics and compliance in the mergers and acquisition context. In this first episode I visit with Feldman on whys, whats and hows of an independent assessment of a target.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2018 • 15 minutes, 5 seconds
Assessing Ethics and Compliance in M&A-Episode 2
Over the next five episodes, I will visit with Eric Feldman, Senior Vice President, Don Stern, Corporate and Rod Grandon, Managing Director Government Services; all from Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explore how to go about assessing ethics and compliance in the mergers and acquisition context. In this second episode I visit with Stern on the impact that a merger & acquisition has on both the acquired entity and the acquirer.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2018 • 15 minutes, 46 seconds
Assessing Ethics and Compliance in M&A-Episode 4
Over the next five episodes, I will visit with Eric Feldman, Senior Vice President, Don Stern, Corporate and Rod Grandon, Managing Director Government Services; all from Affiliated Monitors, Inc., who is the sponsor of this series.. In this fourth episode I visit with Grandon about the types of things a monitor would review to determine if a company adequately considered ethics and compliance during the mergers and acquisition process.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2018 • 15 minutes, 14 seconds
Assessing Ethics and Compliance in M&A-Episode 3
Over this special five-part podcast series, I will visit with Eric Feldman, Senior Vice President, Don Stern, Corporate and Rod Grandon, Managing Director Government Services; all from Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explore how to go about assessing ethics and compliance in the mergers and acquisition context. In this third episode I visit with Feldman planning out your post-acquisition merger strategy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2018 • 14 minutes, 49 seconds
FCPA Compliance Report-Episode 398
In this episode, I visit with podcast fan favorite Laura Perkins, a partner at Hughes, Hubbard and Reed. We discuss the recent 2ndCircuit Court of Appeals decision in the Hoskins matter. With Laura’s background as a former Justice Department prosecutor in the FCPA Unit, she brings a wealth of knowledge to what the decision may portend for the prosecution of FCPA cases going forward and how may impact corporate compliance programs as well.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2018 • 22 minutes, 24 seconds
This Week in FCPA-Episode 119
As the Houston Texans head to Boston for the NFL Season Opener and the Houston Astros head to Boston for a preview of the ALCS , Tom and Jay are back with a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/7/2018 • 37 minutes, 20 seconds
Everything Compliance-Episode 33
Welcome to the only roundtable podcast in compliance. Inspired by our UK colleague, Jonathan Armstrong who inquired if we could explore the guilty plea of Michael Cohen and the guilty verdict against Paul Manafort, we dedicate the next two episodes to issues surrounding, raised by or related to these two events. In this episode we have Mike Volkov and Matt Kelly.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/6/2018 • 56 minutes, 14 seconds
12 O'Clock High-Episode 100
In this episode of 12 O’Clock High, a podcast on business leadership, Richard Lummis and I continue to explore leadership lessons from GE. Today, we continue our exploration of the travails at GE, focusing on the mergers and acquisition strategy which led to the company’s problems
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/5/2018 • 18 minutes, 14 seconds
Converge18 Preview-David Bunker
In this episode of the CONVERGE18 Preview Podcasts series, I visit with David Bunker, Compliance Officer at Vulcan Inc. We discuss managing the risk of conflicts of interest when employing workers in the GIG economy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/4/2018 • 13 minutes, 50 seconds
Converge18-Preview of Eric Feldman
In this episode of the CONVERGE18 Preview Podcasts series, I visit with Eric Feldman, Senior Vice President at Affiliated Monitors. We discuss the issue of perverse incentive and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/4/2018 • 12 minutes, 6 seconds
Converge18 Preview-Ellen Hunt
In this episode of the CONVERGE18 Preview Podcasts, I visit with Ellen Hunt, Senior Vice President, Audit, Ethics & Compliance Officer at AARP. We discuss the role of the Board of Directors and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/4/2018 • 11 minutes, 37 seconds
Converge18-Preview of Philip Winterburn
In this episode of the CONVERGE18 Preview Podcasts series, I visit with Philip Winterburn, Chief Product Officer at Convercent. We discuss the issue of perverse incentive and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/4/2018 • 12 minutes, 44 seconds
This Week in FCPA-Episode 118
You can put away your all white linen suits and your seer sucker suits as well. With that hint of fall in the air, we are upon the (unofficial) end of summer with the Labor Day Weekend, Tom and Jay are back with a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/31/2018 • 40 minutes, 30 seconds
Life With GDPR: Episode 15
The Administration’s attacks on allies, perhaps former allies and other in the area of trade and sanctions has not occurred in vacuum. Many other countries and groups such as the EU have retaliated with counter-sanctions. One area that the current administration does not seem to have considered too well is EU data privacy and data protection. In this episode of Life with GDPR we explore this issue in the age of trade policy as conflict.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/30/2018 • 16 minutes, 21 seconds
12 O’Clock High-Episode 99
What is due diligence? What is zero tolerance? How do these impact employee morale? How do these concepts link together? Richard Lummis and I explore these questions and more in considering the July Houston Astros trade for closer Roberto Osuna.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/29/2018 • 17 minutes, 40 seconds
King Arthur Week: Part V
We conclude our Arthurian themed week with the Holy Grail, which has fired the imagination of artists for millennia. What was the Holy Grail? It means many things to many people. The quixotic quest for the Holy Grail informs the same quest to append a compliance defense to the FCPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2018 • 14 minutes, 27 seconds
King Arthur Week: Part IV
As I end this month of the Land of 1000 podcasts, I conclude with a week of King Arthur and his Roundtable themed-podcasts. It turns out there are many compliance lessons from the entire oeuvre of Arthurian legends. Many of the tales can inform your (modern day) compliance program. Today we consider one of the most interesting characters in the Arthur canon, The Green Knight and how this character presages the ever-growing protections for whistleblowers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2018 • 11 minutes, 45 seconds
King Arthur and Compliance: Part III
As I end this month of the Land of 1000 podcasts, I conclude with a week of King Arthur and his Roundtable themed-podcasts. It turns out there are many compliance lessons from the entire oeuvre of Arthurian legends. Many of the tales can inform your (modern day) compliance program. Today we consider that most Arthurian piece of furniture, Arthur’s Round Table.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2018 • 10 minutes, 41 seconds
King Arthur Week: Part II
As I end this month of the Land of 1000 podcasts, I conclude with a week of King Arthur and his Roundtable themed-podcasts. It turns out there are many compliance lessons from the entire oeuvre of Arthurian legends. Many of the tales can inform your (modern day) compliance program. I begin with King Arthur and some leadership lessons that might apply to a Chief Compliance Officer, compliance practitioner. Today we consider Arthur’s Pentecostal Oath and your corporate Code of Conduct.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2018 • 10 minutes, 50 seconds
King Arthur, the Roundtable and Compliance
As I end this month of the Land of 1000 podcasts, I conclude with a week of King Arthur and his Roundtable themed-podcasts. It turns out there are many compliance lessons from the entire oeuvre of Arthurian legends. Many of the tales can inform your (modern day) compliance program. I begin with King Arthur and some leadership lessons that might apply to a Chief Compliance Officer or the compliance practitioner.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2018 • 8 minutes, 27 seconds
FCPA Compliance Report-Episode 397
In this episode, I chat with Erica Salmon Byrne, the EVP and Executive Director of Business Ethics Leadership Alliance for Ethisphere. We visit on Ethisphere’s 2018 World’s Most Ethical Company awards.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/27/2018 • 32 minutes, 57 seconds
This Week in FCPA-Episode 117
Jay has returned from an Alaskan Disney cruise with the family. As OSU suspends its head coach and added a new phrase to our compliance and ethics lexicon significant memory issues; Tom and Jay are back with a look at some of the week’s top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/24/2018 • 49 minutes, 10 seconds
Life with GDPR-Episode 14
The recent case involving the Jehovah's Witnesses and data privacy in the UK raised some very interesting legal issues. It also demonstrated just how broad the reach of GDPR could be. In this podcast Jonathan Armstrong and I unpack the case, detailing the underlying facts, the Court's rationale behind its decision and conclude with some of the implications for not only corporations but also individuals and data privacy practitioners.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/23/2018 • 28 minutes
12 O'Clock High-Episode 98
In this episode, Richard Lummis and I consider how the Houston Astros went from literally the worst team ever in baseball to World Series Champions, as been chronicled by Sports Illustrated writer Ben Reiter in his book “Astroball: The New Way to Win It All”.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/22/2018 • 24 minutes, 45 seconds
Ethical Culture-Episode 4
Over these five podcast episodes, I have been visiting with Vin DiCianni, founder and CEO and Eric Feldman, Senior Vice President both of Affiliated Monitors, Inc., who is the sponsor of this series. In it, we have explored corporation culture and its relationship to ethics and compliance. In this fourth episode, I visit with Feldman on how a company can begin to assess its own culture.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 12 minutes, 31 seconds
Ethical Culture-Episode 5
Over the past five podcasts, I have visited with Vin DiCianni, founder and CEO and Eric Feldman, Senior Vice President both of Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explored an organization’s ethical culture and its relationship to ethics and compliance. In this fifth and final episode I visit with DiCianni on how ethical culture is a part of an overall ethics and compliance program assessment and how to go about it.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 14 minutes, 18 seconds
Ethical Culture-Episode 2
Over the next five episodes, I visit with Vin DiCianni, founder and CEO and Eric Feldman, Senior Vice President both of Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explore corporation culture and its relationship to ethics and compliance. In this second episode I visit with DiCianni on what some of the factors are which influence the ethical culture of an organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 14 minutes
Ethical Culture-Episode 1
Over the next five episodes, I visit with Vin DiCianni, founder and CEO and Eric Feldman, Senior Vice President both of Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explore ethical culture and its relationship to ethics and compliance. In this first episode I visit with Feldman on what is ethical culture and why it matters.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 13 minutes, 20 seconds
FCPA Compliance Report-Episode 396
In this episode, I visit with Jonathan Marks, a partner at Baker & Tilly. This podcast part of my Land of 1000 podcasts celebration. In this special series of podcasts I am reviewing the growth, maturation and development of topics over the past five years. Marks visits with my about some of the key developments in the field in forensic investigation and compliance from his perspective as an internal auditor and forensic investigator.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 23 minutes, 13 seconds
Ethical Culture-Episode 3
Over this five-part podcast series, I am visiting visit with Vin DiCianni, founder and CEO and Eric Feldman, Senior Vice President both of Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explore corporation culture and its relationship to ethics and compliance. In this third episode I visit with Feldman on what is the role of a CCO in strengthening the ethical culture of an organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 12 minutes, 43 seconds
Ethical Culture-Episode 5
Over the past five podcasts, I have visited with Vin DiCianni, founder and CEO and Eric Feldman, Senior Vice President both of Affiliated Monitors, Inc., who is the sponsor of this series. In it, we explored an organization’s ethical culture and its relationship to ethics and compliance. In this fifth and final episode I visit with DiCianni on how ethical culture is a part of an overall ethics and compliance program assessment and how to go about it.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/20/2018 • 14 minutes, 18 seconds
Compliance into the Weeds: Quarterly Reporting Discussion
In this episode, Matt Kelly and I take a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a very deep dive the implications from President Trump’s tweet on Friday, August 17th about quarterly financial reporting by public companies.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/18/2018 • 15 minutes, 28 seconds
This Week in FCPA-Episode 116
Jay is on an Alaskan Disney cruise with the family. Through the prism of Trump’s attacks on the US free press and their robust response, Tom takes a solo look at some of the top compliance stories from the past week. Jay returns next week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/17/2018 • 26 minutes, 2 seconds
Everything Compliance-Episode 32
To celebrate the Month of 1000 podcasts I am running for each of my podcasts this month, in this episode, the Everything Compliance gang focuses on the past five years; giving a retrospective of where we were, where we are and where we are going from their own perspectives. After the commentary we follow with rants and shout outs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/16/2018 • 1 hour, 10 minutes, 51 seconds
The Future of Audit, Compliance, and Analytics: Part II
In this special five-podcasts series, Matt Kelly and I are exploring the future of internal audit, compliance and analytics. In today’s Part II, we go through the three steps of evolution that an internal audit function must traverse so that it can move beyond its traditional audit duties under Sarbanes-Oxley (SOX) compliance and testing of financial controls.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/13/2018 • 12 minutes, 47 seconds
The Future of Audit, Compliance, and Analytics: Part III
In this special five-podcasts series, Matt Kelly and I are exploring the future of internal audit (IA), compliance and analytics. For Part III, we consider three examples of how a framework of a risk management process could be used. The examples are (1) Invoice before PO; (2) Travel and Entertainment (T&E) spending at $49; and (3) Hotline metrics for compliance and culture analysis.
Invoices and no POs
The first one actually comes from Cisco Systems, Inc. (Cisco) where they develop all their technology in house and while the technology they are using is not important, it is interesting to think through the theory of what they are trying to accomplish. Cisco wanted to determine how many times they get an invoice hitting the accounting department to be paid before a Purchase Order (PO) has been received by the accounting department. What Cisco was trying to do was track every instance where an invoice arrived before the PO. The company created a visualization tool so there would be a little red dot for each instance and studied how often this happened across several quarters.
Through this visualization tool Cisco was able to classify every expense by such criteria as: When did we get the purchase order? When did we get the invoice? What department is this for? From this point, the company could begin to detect and analyze. Equally important, with the use of the visualization tool, literally anyone in the company could see and use the data. By defining the practice as it violated internal company policy, quantifying it and then putting it into a visual format, this led to a reduction in the number of times this situation occurred because employees were more attentive to their spending.
T&E Spend at $49
The second example came from a public utility company in the Midwest. The company had a policy where any employee with a T&E expense for more than $50 had to submit a receipt. For any expense at $49 or less, the employee could submit an expense without the receipt and it would be processed and paid. This process was an anti-fraud measure to see if any employee(s) were trying to slip something by at the $49 level where they were not required to supply documentation.
Interestingly, the company did not find any instances of egregious fraud. However, they were able to communicate to all employees it could monitor such reimbursement requests and could impose strong fraud controls in the situation where there was no requirement for the employee to supply documentation. This innovation gave them the opportunity to monitor when the $49 threshold was “just a little bit too often or a little bit too frequently where it seemed shifty”. Kelly emphasized that this is the clear analytics which improve the company's bottom line and risk management because (1) you are improving your ability to find instances of fraud in the transaction and (2) it communicates to the employees the strength of the control environment. This can be an important signal to send from a control environment perspective.
Hotline metrics for compliance and culture analysis
The third example was one of hotline metrics and analysis. Many Chief Compliance Officers (CCOs) and compliance professionals focus on metrics from hotlines such as are you having a lot of calls or having no calls? Is that good or bad? Is your program working or is it not? What does it say about the culture tracking hotline calls themselves? However, following such metrics does not tell a CCO anything really about the culture. Kelly believes the better way to do this is to configure your intake system to get as many characteristics about the call as possible, specifically around retaliation complaints.
Kelly said such analysis would include looking at questions, such as how many retaliation complaints relative to: all complaints; a type of manager; a specific time of year; in specific markets; at specific levels of the company or even against specific people if you can track it all the way down? What you are trying to do is identify where the problem areas are and where people seem to be retaliating more than usual. If you track those metrics over time, not only does it tell you about your culture but it gives insight into why we have this retaliation problem in the first place. It can lead to an analysis around your ethics training if it is working because if complaints about retaliation continue to increase, that tells you that maybe the ethics and anti-retaliation training you are providing to your managers is not working.
Kelly concluded by noting that these three examples on invoices before PO orders, a T&E reimbursement expense request without documentation and examining retaliation complaints to get a better sense of your corporate culture can provide very practical steps you can take today which you might not have been able to accomplish 10 years ago because the tech was not available. However, with the evolution in the IA function and capabilities, you should be able to do going forward.
In Part IV we will consider new working relationships based upon the evolution of IA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/13/2018 • 13 minutes, 57 seconds
The Future of Audit, Compliance, and Analytics: Part IV
In Part IV of this five part exploration of the future of internal audit, we consider the new working relationships internal audit will need to develop with for this risk management framework.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/13/2018 • 12 minutes, 13 seconds
The Future of Audit, Compliance, and Analytics: Part V
In this special five-podcasts series, Matt Kelly and I have been exploring the future of internal audit (IA), compliance and analytics. In the final episode, Part V, we discuss how IA can get started and provide some concluding remarks. We consider whether the technology is here today to implement the suggestions put forward in this series.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/13/2018 • 14 minutes, 58 seconds
The Future of Audit, Compliance, and Analytics: Part I
Over the next five podcasts, Matt Kelly and I will be exploring the future of internal audit, compliance and analytics. In today’s Part I, we introduce the topic, explaining why internal audit is in the midst of a profound transformation, how this transformation will enable to move past its traditional detect function into a more proactive prevent role and how all of these transformations will lead to a more robust, operationalized risk management process.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/13/2018 • 12 minutes, 16 seconds
Life With GDPR: Episode 13
The General Data Protection Regulation (GDPR) which went live on May 25, 2018. What has happened since then in the data privacy and data protection world? In this episode, Jonathan Armstrong, partner at Cordery Compliance and I explore what is going on publicly and what has been going on behind the scenes as well. Armstrong provides his thoughts, reflections and observations on the activity which have and will impact companies and individuals going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/9/2018 • 18 minutes, 17 seconds
FCPA Compliance Report-Episode 394
What is the purpose of rehabilitation in a best practices compliance program? In this episode, I use the recent trade by the Houston Astros for closer Roberto Osuna last week as an introduction into several areas around compliance, discipline, punishment and zero tolerance. Osuna had been charged with violating the Major League Baseball (MLB) policy on domestic abuse. This weekend Osuna came off a 75-game suspension.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/6/2018 • 15 minutes, 56 seconds
Everything Compliance-Episode 31
As we begin the dog days of summer and the long spell between July 4thand Labor Day, the Everything Compliance gang returns to its four focused topics. After the commentary we follow with rants.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/2/2018 • 1 hour, 6 minutes, 22 seconds
Across the Board-Episode 21
In this episode of Across the Board, I visit with Amii Barnard-Bahn. She is a strategic advisor to Boards of Director and executive coach many C-Suite members. She specializes in accelerating the success of C-Suite executives and partner with leaders and teams to help scale their business.
We discuss the recent turmoil at Papa John’s pizza around first racial comments by its founder John Schnatter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/26/2018 • 25 minutes, 27 seconds
Compliance into the Weeds: Episode 90
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive into the imbroglio Salesforce found itself in when it came out the company did work for ICE.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/25/2018 • 21 minutes, 56 seconds
The Bard & Compliance -Day III: Much Ado About Nothing
One of the first companies to embrace social media as a key tool in their compliance strategy was Dun & Bradstreet (D&B) who actively uses social media to make more effective the company’s compliance regime. The D&B experience provides three key insights for the Chief Compliance Officer (CCO) and compliance practitioner.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2018 • 10 minutes, 51 seconds
The Bard & Compliance -Othello
One of the more difficult things to predict in a merger and acquisition context is how the cultures of the two entities will merge. While many mergers claim to be a ‘merger of equals’ the reality is far different as there is always one corporate winner that continues to exist and one corporate loser that simply ceases to exist. This is true across industries and countries; witness the debacle of DaimlerChrysler and the slow downhill slide of United after its merger with Continental.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2018 • 11 minutes, 29 seconds
The Bard & Compliance -King Lear
If your corporate culture is such that you not only communicate internally about illegal conduct but also record those communications in the form of PowerPoint presentations, it speaks to a culture that supports and embraces skirting the rules.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2018 • 10 minutes, 47 seconds
The Bard & Compliance - Henry IV, Part II
What is the most famous line in Shakespeare about lawyers? That is an easy one because lawyer-haters across the world (and lawyer-lovers as well) know it - First thing we do is kill all the lawyers. It comes from Henry IV, Part II. Most lawyers understand that by killing all the lawyers, it will create an atmosphere that would allow for tyranny and anarchy. Unfortunately this clear import is not as widely seen by civilians (i.e. non-lawyers).
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2018 • 10 minutes, 25 seconds
The Bard & Compliance-Henry V
Most people remember the St. Crispin’s Day speech in Henry V as one of the greatest speeches in all of Shakespeare. However many people do not focus on what led to that speech which was that Henry went out among his troops, disguised as a commoner to ask they what they thought and to hear what they had to say about the upcoming battle with the French. It was an early use of social media.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2018 • 11 minutes, 14 seconds
FCPA Compliance Report-Episode 392
In this podcast, I chat with one of the authors, Jonathan Marks, a partner at Marcum LLP, on the limitations of the Fraud Triangle and why a new model can be helpful in the modern fraud detection and prevention context.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2018 • 21 minutes, 44 seconds
Everything Compliance-Episode 30
This week the gang returns to its four focused topics. After the commentary we follow with rants.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/19/2018 • 55 minutes, 23 seconds
A Strategic Culture Framework to Manage Risk: Part II
Over this five-part series I, visit with Caterina Bulgarella on the recently released white paper by SAI Global, entitled “Predicting Risk: A Strategic Culture Framework for the C-Suite”. In this Part II, we discuss what the Board of Directors and C-Suite needs to know about ethical risks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/16/2018 • 14 minutes, 33 seconds
A Strategic Culture Framework to Manage Risk: Part V- the Ins and Outs of Ethical Reasoning
Over this five part podcast series I have been visiting with Caterina Bullgarella on the recently released white paper by SAI Global entitled, Predicting Risk: A Strategic Culture Framework for the C-Suite. In this concluding Part V, we review of the ins and outs of ethical reasoning and take a veiled look into the future.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/16/2018 • 20 minutes, 58 seconds
A Strategic Culture Framework to Manage Risk: Part IV
Over this week’s five part podcast series I have been visting with Caterina Bullgarella on the recently released white paper by SAI Global entitled, Predicting Risk: A Strategic Culture Framework for the C-Suite. In this Part IV, we consider the Wells Fargo fraudulent accounts scandal within the structure of the strategic culture framework.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/16/2018 • 15 minutes, 22 seconds
A Strategic Culture Framework to Manage Risk: Part I
Over a five-part series I will visit with Caterina Bulgarella on the recently released white paper by SAI Global, entitled “Predicting Risk: A Strategic Culture Framework for the C-Suite. Today we introduce the strategic cultural framework.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/16/2018 • 13 minutes, 35 seconds
A Strategic Culture Framework to Manage Risk: Part III
I am visiting with Caterina Bullgarella on the recently released white paper by SAI Global entitled, Predicting Risk: A Strategic Culture Framework for the C-Suite. In this Part III, we discuss what the gap between an organization’s espoused ethics and its actual values and how this can lead to a tension and risks that arise from conflicting priorities and goals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/16/2018 • 12 minutes, 26 seconds
Monitoring in Healthcare: Episode 4
In this five-part podcast series, I am taking a deep dive into health care monitoring and how the pro-active use of a health care monitor can positively impact all stakeholders in the healthcare industry: the regulators, the health care industry and the consumers of health care services, the public. In this Episode 4, I visit with Catherine Keyes to discuss how an independent integrity monitor can be used in non-disciplinary administrative proceedings.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/9/2018 • 18 minutes, 20 seconds
Monitoring in Healthcare: Episode 2
In this five-part podcast series, I am taking a deep dive into health care monitoring and how the pro-active use of a health care monitor can positively impact all stakeholders in the healthcare industry. In this Episode 2, I visit with Jesse Caplan on the significance of proactive assessment in healthcare ethics and compliance program in determining culture.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/9/2018 • 18 minutes, 48 seconds
Monitoring in the Healthcare Sector: Episode 1
In this five part podcast series, I will be taking a deep dive into health care monitoring and how the pro-active use of a health care monitor can positively impact all stakeholders in the healthcare industry: the regulators, the health care industry and the consumers of health care services, the public. In this first episode, I visit with Jesse Caplan to introduce the use of an independent integrity monitor in the healthcare sector and explain how such a monitor can increase value.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/9/2018 • 17 minutes, 41 seconds
Monitoring in Healthcare: Episode 5
Over this five-part podcast series, I have been taking a deep dive into health care monitoring and how the pro-active use of a health care monitor can positively impact all stakeholders in the healthcare industry: the regulators, the health care industry and the consumers of health care services, the public. Today, I conclude with Jesse Caplan on using an independent integrity assessment and monitoring to limit the adverse consequences.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/9/2018 • 17 minutes, 18 seconds
Monitoring in Healthcare: Episode 3
In this five-part podcast series, I am taking a deep dive into health care monitoring and how the pro-active use of a health care monitor can positively impact all stakeholders in the healthcare industry: the regulators, the health care industry and the consumers of health care services, the public. In this third episode, I visit with Catherine Keyes to discuss how an independent integrity monitor can be used in healthcare licensing and disciplinary proceedings.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/9/2018 • 17 minutes, 52 seconds
FCPA Compliance Report-Episode 390
In this episode I podcast favorite James Koukios returns to discuss some of the highlights from the Morriston and Foerster April newsletter on Top Ten International Anti-Corruption Developments for April 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/9/2018 • 33 minutes, 46 seconds
This Week in FCPA-Episode 110
As we begin the post-holiday portion of our 4thof July week, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/6/2018 • 37 minutes, 38 seconds
Compliance into the Weeds: Episode 88
In this episode Matt Kelly and I unpack the proposed changes to the SEC Whistleblower program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/5/2018 • 24 minutes, 27 seconds
FCPA Compliance Report-Episode 389
In this episode I visit with Shawn Rogers, Lead Counsel, Compliance Training and Communications at General Motors. Rogers was brought in to beef up the company’s compliance training after the ignition switch scandal. He talks about his design, creation and implementation of a tailored and focused compliance training program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/2/2018 • 37 minutes, 23 seconds
This Week in FCPA-Episode 109
As get ready for a holiday week, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/29/2018 • 32 minutes, 58 seconds
Compliance into the Weeds: Episode 87
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the impact of the Trump Administration’s attack on friend and foe alike with tariffs, trade wars, embargoes and sanctions. This is also our first live podcast from Matt’s stomping grounds in Cambridge, MA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/28/2018 • 25 minutes, 44 seconds
Life After GDPR: Episode 11
How does a company transfer data from the European Union (EU) to the US under the General Data Protection Regulation (GDPR) which went live on May 25, 2018? I recently had the opportunity to visit Jonathan Armstrong, partner at Cordery Compliance in London and an internationally renowned data privacy/data protection expert on this topic. Armstrong noted there have been some changes which may significantly impact this issue going forward. There are basically four ways to affect such a transfer.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/27/2018 • 14 minutes, 42 seconds
FCPA Compliance Report-Episode 388
The ACFE report to the Nations is an excellent reference tool for all compliance practitioner to show where fraudsters explode weak points. It also has important data around corruption and from this information you can make your compliance program more robust around these areas which can be exploited.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/25/2018 • 27 minutes, 27 seconds
This Week in FCPA-Episode 108
Before we head to Boston for bagels, coffee and compliance at the offices of AMI, Jay Rosen and I review the week's top ethics and compliance stories on This Week in FCPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/23/2018 • 44 minutes, 29 seconds
Life With GDRP-Epiosde 10
While most practitioners focused on the heavy fines and penalties available under GDPR of up to 4% of total global revenues or other very large fines, there are other remedies that each EU and UK data regulator can levy or put into place that may require considerable corporate cost and effort.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/21/2018 • 16 minutes, 38 seconds
Compliance into the Weeds: Episode 86
In this episode, Matt Kelly and I take a deep dive back into the issue of the ZTE monitorship announced recently as a part of the settlement with the Department of Commerce on the death penalty sanctions levied on the company in April.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/20/2018 • 24 minutes, 27 seconds
FCPA Compliance Report-Episode 387
In this episode, I visit with Kristy Grant-Hart, founder of Spark Compliance Consulting and author of now three books in the compliance arena. We discuss her most recent book “How to Have a Wildly Successful Career in Compliance", which will be released on Amazon.com on June 19. For those of you who have seen Kristy speak you know she is high energy and very passionate about compliance and the compliance profession. She channels that energy and passion into her latest book.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/18/2018 • 28 minutes, 41 seconds
Everything Compliance-Episode 29
Everything Compliance is the only roundtable podcast in compliance, with four of the top compliance practitioners around. This week the gang returns to its four focused topics on its Four of a Kind edition. After the commentary we follow with rants.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/14/2018 • 1 hour, 4 minutes, 29 seconds
Compliance into the Weeds-Episode 85
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the issue of the decline in Initial Public Offerings (IPOs).
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/13/2018 • 24 minutes, 32 seconds
FCPA Compliance Report-Episode 386
In this episode, I visit with Rick Pearl, the Global Corporate Responsibility Officer and Vice President of Corporate Citizenship at State Street Corp. We discuss the 2017 State Street Corporation, Corporate Responsibility Report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/11/2018 • 24 minutes, 11 seconds
This Week in FCPA-Episode 106, the Back in the (FCPA) Saddle Again edition
With a wild ride of FCPA cases over the past week, Jay Rosen and myself are back in the FCPA saddle again to take a look at some of the top compliance stories from the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/7/2018 • 34 minutes, 21 seconds
Compliance into the Weeds-Episode 84
In this episode, Matt Kelly and I take a deep dive into the issue of two factor authentication of cloud-based solutions and the intersection with compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/6/2018 • 22 minutes, 7 seconds
Suspension and Debarment: Part 3
Today, we discuss some of the convergence between the FCPA and suspension and debarment. The bottom line is that conduct which violates the FCPA can become the basis for a suspension or debarment, even if the conduct is outside a contract with the Federal government.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2018 • 12 minutes, 58 seconds
FCPA Compliance Report-Episode 385
In this episode I visit with John Torres, the COO of Guidepost Solutions. We discuss the recent SEC enforcement action involving Yahoo and its failure to disclose data breaches in 2014, 2015 and 2016. As this was the first SEC enforcement action involving a public company for the failure to disclose to investors and shareholders information of a data breach which materially impacts an organization, Torres and I take a deep dive into the matter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2018 • 25 minutes, 6 seconds
Suspension and Debarment: Part 2
I continue my five-part series on Suspension and Debarment, with Rod Grandon, Managing Director at Affiliated Monitors, Inc., the sponsor of this series. In this episode, we consider the differences between suspension and debarment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2018 • 12 minutes, 31 seconds
Suspension and Debarment: Part 1
Today, I begin a five-part series on Suspension and Debarment, with Rod Grandon, Managing Director at Affiliated Monitors, Inc., the sponsor of this series. We start this Part I with introduction to suspension and debarment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2018 • 13 minutes, 44 seconds
Suspension and Debarment: Part 5
Today, we conclude the series with a discussion of remedies and compliance in suspension and debarment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2018 • 18 minutes, 56 seconds
Suspension and Debarment: Part 4
I continue my five-part series on Suspension and Debarment, with Rod Grandon, Managing Director at Affiliated Monitors. In this episode, we discuss present responsibility and its determination.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/4/2018 • 14 minutes, 12 seconds
This Week in FCPA-Episode 105
With The Complete Compliance Handbook still sitting at the top of the rankings in its first week of sales, Jay Rosen and myself take a look at some of the top compliance stories over the past week, in the we're still no.1 Edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/1/2018 • 38 minutes, 36 seconds
Compliance into the Weeds-Episode 83
In this episode, Matt Kelly and I take a deep dive into the travails of Roseanne, her television network ABC and compliance over her vile and racist tweet comparing Obama advisor Valerie Jarrad to an ape. We consider the corporate response in light of corporate ethics, values and priorities.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/31/2018 • 26 minutes, 1 second
12 O'Clock High-Episode 86
One of the challenges many compliance practitioners face when they move up in their careers is to move from tactical to strategic thinking. It is a requirement for any Chief Compliance Officer (CCO) to be able to think strategically as well as tactically but as you move up the corporate ladder, the strategic becomes more important. Strategic thinking is not something taught in law schools and in most business programs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/30/2018 • 20 minutes, 46 seconds
Excerpts from The Complete Compliance Handbook
The 2012 FCPA Guidance stated “mergers and acquisitions present both risks and opportunities. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2018 • 12 minutes, 19 seconds
Excerpts from The Complete Compliance Handbook-Hallmark VIII
The call, e-mail or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2018 • 12 minutes, 16 seconds
Excerpts from The Complete Compliance Handbook-Hallmark IX
Hallmark Nine of Ten Hallmarks of an Effective Compliance Program, as articulated in the 2012 FCPA Guidance, states: "a good compliance program should constantly evolve."
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2018 • 12 minutes, 19 seconds
Excerpts From the Complete Compliance Handbook-Hallmark VII
As every compliance practitioner is well aware, third-parties still present the highest risk under the FCPA. The Department of Justice Evaluation of Corporate Compliance Programs devotes an entire prong to third-party management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2018 • 11 minutes, 54 seconds
Excerpts from the Complete Compliance Handbook-Hallmark VI
Both incentives and discipline are critical in any best practices compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2018 • 12 minutes, 16 seconds
Excerpts from The Complete Compliance Handbook-Root Cause Analysis
One new and different item was laid out in the Evaluation of Corporate Compliance Program, supplementing the Ten Hallmarks of an Effective Compliance Program from the 2012 FCPA Guidance. This was the performance of a root cause analysis for any compliance violation which may led to a self-disclosure or enforcement action.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/29/2018 • 12 minutes, 7 seconds
This Week in FCPA-Episode 104
With The Complete Compliance Handbooksitting at the top of the rankings in its first week of sales, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/25/2018 • 39 minutes, 10 seconds
Everything Compliance-Episode 28
This week the gang sticks a roundtable Q&A, with a focus on the Michael Cohen imbroglio. Jay Rosen considers the lessons to be learned in hiring third-parties. Matt Kelly considers issue from the COSO angle: the control environment v. compliance activities. Mike Volkov weighs in search warrant and Bank Secrecy Act perspective. Jonathan Armstrong adds his own unique British perspective (IE., snark) to the conversation. In addition to the commentary we follow with rants.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/24/2018 • 55 minutes, 22 seconds
Countdown to GDPR: Episode 8
Today we consider Subject Access Requests (SARs) under General Data Protection Regulation (GDPR). As always, I am joined in this exploration by Jonathan Armstrong, a partner in Cordery Compliance in London. SARs may turn out to be one of the most onerous, costly and time-consuming issues for companies after the go-live of GDPR on May 25, 2018. Of all the requirements of GDPR, this may be the single one which companies are least prepared for going into the new regime.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/23/2018 • 12 minutes, 6 seconds
Working with Monitors-Part IV
I continue my five-podcast exploration of working with monitors. I am joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. on working with monitors. Today we consider the various manners in which regulators at all levels, from the federal, to state and local levels, use monitors. We also consider how monitors can be used outside the regulatory context in areas as diverse as mergers and acquisitions, business ventures, IP and licensing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/7/2018 • 13 minutes, 58 seconds
Working with Monitors-Part III
I continue my five-podcast exploration of working with monitors. I am joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. on working with monitors. Today we consider how monitors work.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/7/2018 • 16 minutes, 41 seconds
Working with Monitors-Part I
Over the next five podcasts, I will visit with Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. on working with monitors. At the end of this series you will have a much broader appreciation on the benefits of an independent monitor, how monitors work and how the different types of monitorships can benefit a wide variety of businesses, transactions and business relationships.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/7/2018 • 14 minutes, 58 seconds
Working with Monitors-Part II
I continue my five-podcast exploration of working with monitors. I am joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. (the sponsor of this five-part series) on working with monitors. Today we take up the impact using a monitor can have on an organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/7/2018 • 13 minutes, 21 seconds
Working with Monitors-Part V
I conclude this five-podcast exploration of working with monitors, where I have been joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. (the sponsor of this five-part series) on working with monitors. In this final episode we consider lawyers using monitors, most typically where the clients are under investigation for some regulatory issue, such as a Foreign Corrupt Practices Act (FCPA) enforcement action.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/7/2018 • 13 minutes, 1 second
This Week in FCPA-Episode 101
As we celebrate all things Star Wars on the May the Fourth Be With You edition, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/4/2018 • 49 minutes, 46 seconds
Across the Board-Episode 18
In this episode of Across the Board, I visit with Preston Pugh and AIysha Hussain from the firm of Miller & Chevalier on their recent paper entitled, “A More Effective Way For Corporate Boards To Respond In A #MeToo World” which they authored with Ian Herbert. In this paper they suggest ways Boards of Directors could begin to address corporate harassment scandals. We use their article as a starting point to explore the roles and responses of Boards to the #MeToo and other corporate scandals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2018 • 27 minutes, 16 seconds
Compliance into the Weeds-Episode 80
In this episode, Matt Kelly and I take a continued deep dive the underlying assumptions around the reasons for lack of IPOs by small and mid-cap sized firms. We focus on a speech by SEC Commissioner Robert Jackson recently gave exploring possible reasons why middle market companies aren’t going public.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/2/2018 • 24 minutes, 23 seconds
FCPA Compliance Report-Eposide 381
In this episode I visit with Morrison and Foerster partner James Koukios on the firm's January and February Top Ten international anti-corruption cases, issues and developments.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/30/2018 • 31 minutes, 18 seconds
This Week in FCPA-Episode 100
After being joined by Jay’s girls to celebrate our 100th anniversary episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2018 • 31 minutes, 50 seconds
This Week in FCPA-Episode 99
With Wells Fargo about to be fined $1 billion for behaving badly, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/20/2018 • 37 minutes, 13 seconds
Everything Compliance-Episode 27
This week the gang goes for more of a roundtable Q&A with a couple of topics. We first consider the testimony of Facebook CEO Mark Zuckerberg before Congress and his company’s imbroglio with Cambridge Analytica and then the search warrant issued to Michael Cohen.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2018 • 1 hour, 16 minutes, 47 seconds
Compliance into the Weeds-Episode 78
In this episode, Matt Kelly and I go meta as we go into the weeds about Weed, in the context of the recent announcement by the administration that it would not prosecute persons or producers in states where marijuana sales are legal.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/18/2018 • 18 minutes, 23 seconds
FCPA Compliance Report-Episode 379
In March the SEC made its biggest-ever whistleblower award giving one person $33 million and in the same case split nearly $50 million between two others. All three whistleblowers were represented by the law firm of Labaton Sucharow and the awards were based upon SEC enforcement actions against Merrill Lynch. Today, I have with me Steve Durham, a partner at the firm to talk about the awards and its implications in light of the recent Supreme Court decision in Digital Realty Trust v. Somers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/16/2018 • 36 minutes, 21 seconds
This Week in FCPA-Episode 98
With the Red Sox leading the AL with a 10-2 start and back to brawling with the NY Yankees, Jay Rosen and myself take a look at some of the top compliance stories over the past week
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/13/2018 • 32 minutes, 32 seconds
Countdown to GDPR-Episode 5
In this episode of Countdown to GDPR, Jonathan Armstrong, a partner at Cordery Compliance in London and I consider the roles of vendors in GDPR. These roles are both in complying with GDPR and substantively following the regulation itself. The first area is a vendor which is a subject matter expert in the areas of data protection and data privacy. The second is in managing vendor risk under GDPR.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/12/2018 • 14 minutes, 46 seconds
Compliance into the Weeds-Episode 77
Privilege and Arrogance at the EPA
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/11/2018 • 20 minutes, 31 seconds
FCPA Compliance Report-Episode 378
In this episode of the FCPA Compliance Report, I visit Hogan Lovells partner Stephanie Yonekura on the always difficult decision on whether a company should self-disclose a potential FCPA violation or even allegations of a potential FCPA violation to the Justice Department.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/9/2018 • 24 minutes, 41 seconds
This Week in FCPA-Episode 97
With the Astros off to a 6-1 start and the Facebook FUBAR continuing, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/7/2018 • 40 minutes, 58 seconds
Everything Compliance-Episode 26
The top compliance roundtable podcast is back with a wrap up of the some of the top compliance stories over the first quarter of 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/5/2018 • 1 hour, 22 minutes, 2 seconds
12 O'Clock High-a podcast on leadership-Episode 83
The golden age of polar exploration lasted from about 1895 to 1912 during which time explorers reached both the North Pole and the South Pole. Yet even today their explorations and expeditions raise admiration and even awe. In this episode, we discuss the race to the South Pole and what leadership lessons may be drawn from it. The three principals we discuss in this episode are Englishmen Ernest Shackleton and Robert Falcon Scott and Norwegian Roald Amundson.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/4/2018 • 28 minutes, 56 seconds
Corporate Monitorships-Episode 5
This week, in a five-part podcast series, I have been exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. Today, for our final episode in this series, we consider the always controversial topic of monitorship costs and expenses.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2018 • 16 minutes, 27 seconds
Corporate Monitorships-Episode 1
In this five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I am joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for AMI. Today, we consider what is a corporate monitorship?
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2018 • 14 minutes, 18 seconds
Corporate Monitorships-Episode 2
This week, in a five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. Today, we consider what is a post-resolution monitorship.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2018 • 14 minutes, 52 seconds
Corporate Monitorships-Episode 4
This week, in a five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. Today, we consider what issues a company should consider when hiring or retaining a corporate monitor.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2018 • 16 minutes, 27 seconds
FCPA Compliance Report-Episode 377
In this episode, Tom Sporkin explains how whistleblowers has different, yet complimentary rights and obligations under SOX and Dodd-Frank.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2018 • 26 minutes, 35 seconds
Corporate Monitorships-Episode 3
This week, in a five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. Today, we consider what is a pre-settlement monitorship and how it can be such a powerful tool for the compliance professional.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/2/2018 • 14 minutes, 54 seconds
This Week in FCPA-Episode 96
With Opening Day and the Astros raising the WS banner only a couple of days away, Jay and Tom take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/30/2018 • 36 minutes, 41 seconds
Countdown to GDPR-Episode 4
In this episode, we take up a key element in the upcoming General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, that being the issue of the Data Protection Impact Assessment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2018 • 13 minutes, 25 seconds
Compliance into the Weeds-Episode 76
Today we consider the plight of soon-to-be former Facebook Chief Information Security Officer Alex Stamos who was seemingly retaliated against for his actions to try and bring the data hacking of Facebook to the attention of senior management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/28/2018 • 19 minutes, 56 seconds
FCPA Compliance Report-Episode 376
In this episode, I visit with Donna Bucella, the President-Compliance at Guidepost Solutions. Guidepost Solutions is well-known in the monitorship realm, but the company has a much wider focus, which Bucella discusses in this podcast
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/26/2018 • 31 minutes, 50 seconds
This Week in FCPA-Episode 95
In the midst of this true madness in the NCAA tournament this year, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/23/2018 • 42 minutes, 14 seconds
Across the Board-Episode 17
Managing Director of Strategy at LRN. We discuss how leading with principles has become even more important after the current wave of corporate scandals all in the context of Board of Directors accountability.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/22/2018 • 28 minutes, 54 seconds
Compliance into the Weeds-Episode 75
In this episode, Matt Kelly and I take a deep dive into the recent SEC enforcement action against Elizabeth Holmes, the disgraced founder of Theranos, for her massive fraud around the former unicorn.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2018 • 22 minutes, 56 seconds
FCPA Compliance Report-Episode 375
In this episode, I welcome back Steve Durham, a partner with Labaton and Sucharow to discuss the continued reverberations from the recent Supreme Court decision narrow the definition of whistleblowers in Digital Realty Trust v. Somers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/19/2018 • 25 minutes, 56 seconds
This Week in FCPA-Episode 94 the March Madness edition
March Madness is upon us, with the first ever #16 knocking off a Number 1 see. In the midst of this true madness, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/17/2018 • 47 minutes, 10 seconds
12 O'Clock High-Episode 82
Henry Worsley and Ernest Shackleton are related by more than blood. They are related by their souls. In this episode, we explore leadership lessons from both in the Antarctic expeditions.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/14/2018 • 31 minutes, 19 seconds
Compliance into the Weeds-Episode 74
In this episode, Matt Kelly and I continue our exploration of the fallout from the recent Supreme Court decision in Digital Realty Trust v. Somers in light of the filing by BioRad in its appeal of the whistleblower award to its former General Counsel, Sanford Wadler.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/13/2018 • 19 minutes, 58 seconds
FCPA Compliance Report-Episode 374, John Davis
In this episode, I visit with Miller & Chevalier Member John Davis on the firm’s FCPA Winter Review 2017. We discuss the key FCPA enforcement actions from 2017 and developments in compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/12/2018 • 30 minutes, 54 seconds
This Week in FCPA-Episode 93
Check out the week's top FCPA, compliance and ethics stories in This Week in FCPA, with Tom Fox and Jay Rosen.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/9/2018 • 37 minutes, 59 seconds
Across the Board-Episode 16
In this episode I consider the role of the Board of Directors in having a Compliance Committee and having a compliance expert on the Board itself. This lack of a key resource to the Board is something which has now drawn the attention of regulators and prosecutors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/8/2018 • 24 minutes, 8 seconds
Countdown to GDPR-Episode 3
In this episode we explore the basic policies and procedures that you need to have in place to comply with the General Data Protection Regulation or GDPR.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2018 • 16 minutes, 9 seconds
Compliance into the Weeds-Episode 73
In this episode, Matt Kelly and I explore the recent revelations of systemic sexual harassment and abuse present in the front office of the Dallas Mavericks. The allegations were not lodged against owner Mark Cuban but against his former team CEO, Terdema Ussery, who was CEO of the Mavericks from 1997 to 2015.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/6/2018 • 24 minutes, 42 seconds
FCPA Compliance Report-Episode 373
In this podcast I welcome back John Hanson, founder and President of the International Association of Independent Compliance Monitors (IAICM) the only professional group for independent corporate monitors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/5/2018 • 22 minutes, 2 seconds
This Week in FCPA-Episode 92
In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week as we celebrate Texas Independence Day.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/2/2018 • 39 minutes, 52 seconds
Acorss the Board-Episode 14
In this episode, I visit with Joel Solomon on his new book "The Clean Money Revolution".
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/1/2018 • 20 minutes, 56 seconds
Countdown to GDPR-Episode 2
In today’s episode of Countdown to General Data Protection Regulation (GDRP), Jonathan Armstrong, a partner at Cordery Compliance Ltd in London, and myself consider the role of the Data Protection Officer (DPO) in complying with the new regulations which go live on May 25, 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/28/2018 • 14 minutes, 18 seconds
Compliance into the Weeds-Episode 72
In this episode, Matt Kelly and I take a deep dive into the implications flowing from the Supreme Court’s decision last week in the Digital Realty Trust v. Somers decision. Matt initiated a ‘tweetstorm’ in articulating his thoughts on the effects of the decision, including its effect on corporations, Chief Compliance Officers, corporate compliance functions and the Securities and Exchange Commission.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/27/2018 • 23 minutes, 13 seconds
FCPA Compliance Report-Episode 372
In this episode, I split it into two parts. The first is a legal analysis of the recent Supreme Court decision narrowing the definition of whistleblowers, Digital Realty Trust v. Somers. In part 2, I am joined by SCCE President Roy Snell to discuss the implications of the decision for corporate America, compliance functions, the SEC and whistleblowing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/26/2018 • 42 minutes, 13 seconds
This Week in FCPA-Episode 91
In this episode Jay Rosen and myself discuss the week's top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/23/2018 • 38 minutes, 54 seconds
Everything Compliance-Episode 25
The top compliance roundtable podcast is back with a wrap up with a review of the first year of the Trump Administration and its impact on the compliance profession. Stayed tuned to the end for riffs and rants in this edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/22/2018 • 1 hour, 15 minutes, 18 seconds
Compliance into the Weeds-71
In this episode Matt Kelly and I go meta as we podcast about another podcast that Matt posted this week on his site, Radical Compliance, where he interviewed Paul Sobel, the incoming Chairman of COSO. We discuss how Sobel sees his new role at COSO, some of the initiatives that he has in mind for the organization and how companies can use the various COSO frameworks, including the Internal Controls and ERM frameworks to better manage risk some the strategic perspective.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/21/2018 • 23 minutes, 22 seconds
Countdown to GDPR-Episode 1
Whether you are ready or not, the EU General Data Protection Regulation (GDPR) goes live on May 25, 2018. It will impact companies doing business in London as much as any other EU legislation. To help US companies prepare, Jonathan Armstrong and myself have started a countdown to GDPR podcast. In this premier episode we discuss what is GDPR and why it is so important that you begin preparing now.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/20/2018 • 17 minutes, 12 seconds
FCPA Compliance Report-Episode 371
In this episode, podcast favorite James Koukios returns to discuss highlights from international anti-corruption efforts, enforcement actions and developments highlighted in Morrison and Foerster’s December report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/19/2018 • 26 minutes, 32 seconds
This Week in FCPA-Episode 90
In this episode, Jay Rosen and I discuss some of the week's top compliance and ethics stories on the only weekly compliance podcast wrap-up.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/16/2018 • 37 minutes, 19 seconds
Across the Board-Episode 15
One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/15/2018 • 13 minutes, 9 seconds
Compliance into the Weeds-Episode 70
In this episode, Matt Kelly and I go into the weeds on the fascinating subject relating to the intersection of compliance and technology: AI and hotlines. We explore how this phone app can assist the compliance practitioner by using technology to overcome the inherent tension in an anonymous reporting system where the reporter may desire anonymity while the CCO wants and needs as much information as possible.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/14/2018 • 18 minutes, 24 seconds
12 O'Clock High-Episode 77
On of the traditions of this podcast is each February, Richard Lummis and I rewatch Oscar winning movies with an eye towards the leadership lessons that might be drawn from them. It is a great way to honor the Oscars, rewatch some great old movies and garner some interesting perspectives on leadership. We continue that tradition this month as we are back with more leadership lessons from Oscar-winning Best Picture movies and today’s offering is the 1981 film Chariots of Fire 1981.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/13/2018 • 20 minutes, 59 seconds
FCPA Compliance Report-Episode 370
In this episode I visit with Carlos Ayres, partner at Medea, Ayres and Sarubbi in Sao Paulo. We visit on the past year in anti-corruption enforcement in Brazil and where it may lead in 2018
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/12/2018 • 23 minutes, 16 seconds
This Week in FCPA-Episode 89 - the Eagles Soar edition
Is Jay still in mourning over the Patriots Super Bowl loss? Find out in Episode 89 of This Week in FCPA where Jay and myself take a look at some of the top compliance stories over the past week.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/10/2018 • 44 minutes, 59 seconds
Compliance into the Weeds-Episode 69
In this episode, Matt Kelly and I take a deep dive into the events which led to the resignation of Steve Wynn as the CEO and Chairman of Wynn Casinos for sexual harassment and misconduct.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/8/2018 • 21 minutes, 38 seconds
FCPA Compliance Report-Episode 369
In this episode I visit with Dr. Marsha Ershaghi Hames, Managing Director, Strategy Development at LRN. We discuss the ongoing national conversation about sexual harassment which has been ongoing from Weinstein to #METOO.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/6/2018 • 28 minutes, 17 seconds
This Week in FCPA-Episode 88
In this edition, Jay Rosen and I celebrate the birthdays of daughters, mothers, grandmothers and a great-grandmother in discussing the weeks top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/2/2018 • 44 minutes, 44 seconds
Compliance into the Weeds-Episode 68
In this episode Matt Kelly and myself take a deep dive into the weeds of the recent remarks by Neomi Rao, head of the Office for Information and Regulatory Affairs (OIRA), the Administration’s top regulatory review office outlining ambitious plans for more deregulation in 2018 — including efforts to sweep independent federal agencies into her purview and to crack down on the “sub-regulatory” guidance that corporate compliance professionals consume all the time.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/31/2018 • 22 minutes, 9 seconds
Compliance Report International Edition
Welcome to Episode 9 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on things, which actually could kill compliance in the organization. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/30/2018 • 17 minutes, 52 seconds
This Week in FCPA-Episode 87
In this special Supplemental edition Jay Rosen reports on Friday’s SCCE Southern California Regional Compliance and Ethics Conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/27/2018 • 17 minutes, 25 seconds
This Week in FCPA-Episode 86, the Headin' to Minneapolis edition
As the Patriots and Eagles head to Minneapolis for Super Bowl LIII, join Tom and Jay for the week's top compliance related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/26/2018 • 35 minutes, 31 seconds
Across the Board-Episode 13
In this episode I visit again with Rakhi Kumar, the Managing Director, Head of ESG and Asset Stewardship at State Street Global Advisors. We discuss the firm’s role in advocating for greater Board of Director Diversity. With a campaign which began with the ‘Fearless Girl” statue in Wall Street, to pushing companies in the US, UK, England, Canada and Japan to include more female candidates at the Board of Director level.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2018 • 19 minutes, 28 seconds
12 O'Clock High-Episode 75
In this episode, I visit with Andi Simon, the Principal of Simon Consulting and author of On the Brink: A Fresh Lens to Take Your Business to New Heights. Simon is a corporate anthropologist and works with corporations to improve culture and effect change. She discusses why she wrote On the Brink and how leaders can use it to effect cultural change, bring businesses greater success and drive profits. Andi details her six steps for changing culture in an organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2018 • 30 minutes, 20 seconds
Compliance into the Weeds-Episode 67
In this episode Matt Kelly and I take a deep dive into the absolutely stunning indictment of five former partners or employees of KPMG and one former employee at the Public Company Oversight Accounting Board (PCAOB). L
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2018 • 24 minutes, 58 seconds
FCPA Compliance Report-Episode 368
In this episode I visit with Damon Brenner, partner at Control Risks on the 2018 Control Risk Map. He details some of the company’s findings in the document entitled RiskMap 2018. Jonathan Wood, Director at Control Risks will present to the Greater Houston Business and Ethics Roundtable on the Risk Map this coming Thursday, 25th January, from 8-10 AM at the offices of Marathon Oil, here in Houston.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/23/2018 • 10 minutes, 39 seconds
FCPA Compliance Report-Episode 367
Today I visit with James Shields, the Creative Director for Twist and Shout Communications, a UK company which creates training video using comedy as the touchstone. You can check out a selection of the company’s offerings on its sight, Tuesday’s with Bernie. The company has found that comedy generates a visceral reaction, a reaction based on feeling rather than intellect.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/22/2018 • 18 minutes, 30 seconds
This Week in FCPA-Episode 85
In this episode, Jay Rosen and I return for a review of some of the week's top compliance and ethics stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/19/2018 • 43 minutes, 8 seconds
Everything Compliance-Episode 24
In this episode, the top compliance roundtable podcast is back with a look at some of the top FCPA, compliance and data privacy/data security issues from 2017 and how they inform what will be the top such issues in 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/18/2018 • 1 hour, 2 minutes, 19 seconds
Compliance into the Weeds-Episode 66
In this episode Matt Kelly and I take a deep dive into a fascinating paper from Harvard Business School. Boris Groysberg and George Serafeim, worked with a global recruitment firm to study more than 2,000 executive-level job placements from 2004 to 2011, examining a wide range of job placements and pay data since 2004. They found that the stigma of listing a discredited company on your resume, even if you had nothing to do with the misconduct there, leads recruiters at your next employer to pay you less.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/17/2018 • 28 minutes, 34 seconds
FCPA Compliance Report-Episode 366 Jonathan Marks
In this podcast, I visit Jonathan Marks, a partner at Marcum LLP on how to perform a root cause analysis and it uses in the remediation phase of a best practices compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/15/2018 • 25 minutes, 40 seconds
This Week in FCPA- Episode 84
Jay and Tom weigh in on the week's top compliance related stories in This Week in FCPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/12/2018 • 44 minutes, 58 seconds
Across the Board-Episode 12
In this episode I discuss a Board of Director's obligations for a compliance program and how a Board might prudently discharge that obligation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2018 • 22 minutes, 46 seconds
Compliance into the Weeds-Episode 65
In this episode Matt Kelly and I take deep dive into the issue of non-GAAP metrics and its implications. We were inspired an article in this quarter's MIT Sloan Management Review entitled, "The Pitfalls of Non-GAAP Metrics". It is fascinating review of this topic, which "Lurking within the financial statements and communications of public companies is a troubling trend. Alternative metrics, once used sparingly, have become increasingly ubiquitous and more detached from reality."
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2018 • 21 minutes, 38 seconds
Compliance Report-International Edition
Today, I visit with Mark Rainsford and Jason Sugarman, principals with RS Legal Strategies which is a pioneering Queen’s Counsel led business crime, fraud and legal strategy boutique. Its world-class professionals include leading and junior counsel, a solicitor, a former member of the judiciary and special advisor to the Serious Fraud Office, two former investigators, analysts, researchers, tax fraud and compliance specialists.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/9/2018 • 31 minutes, 37 seconds
FCPA Compliance Report-Episode 365
In this episode, I visit with QuantaVerse CEO/Founder David McLaughlin on the company’s new tool, the Chief Audit Checkup service, which leverages the QuantaVerse AI Financial Crime Platform to analyze enterprise data and more efficiently and effectively identify insider threats, bribery, corruption, money laundering, fraud, terrorism financing and third-party risks that traditional internal audit investigations routinely miss. T
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/8/2018 • 24 minutes, 6 seconds
This Week in FCPA-Episode 83
In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week. Jonathan Marks joins us to discuss his new Board and Fraud blog.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/5/2018 • 32 minutes, 2 seconds
Across the Board-Episode 11
In this episode, Richard Lummis and I consider the recent revelations which came to light that during the tenure of the former Chief Executive Officer, Jeff Immelt, he had an empty plane fly behind his jet on corporate trips. There were several points a Board of Directors can learn from these revelations going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2018 • 24 minutes, 41 seconds
Across the Board-Episode 11
In this episode, Richard Lummis and I consider the recent revelations which came to light that during the tenure of the former Chief Executive Officer, Jeff Immelt, he had an empty plane fly behind his jet on corporate trips. There were several points a Board of Directors can learn from these revelations going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2018 • 24 minutes, 41 seconds
Compliance into the Weeds-Episode 64
In this episode, Matt Kelly and I take a look at some of the more intriguing issues in compliance and ethics, FCPA and greater GRC issues in the new year of 2018.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2018 • 26 minutes, 47 seconds
FCPA Compliance Report-Episode 364
In this episode, I visit with SCCE incoming President Gerry Zack about his new role with the organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2018 • 19 minutes, 27 seconds
This Week in FCPA-Episode 82
Jay and I take things in a different direction this week. We take the top five podcasts from 2017 and each of us, gives a highlight from that episode to highlight some of the key compliance issues from 2017, for our year end wrapup edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/31/2017 • 39 minutes, 55 seconds
Everything Compliance-Episode 23
In Part II of a two-part series, the top compliance roundtable podcast is back with a review of the new Justice Department’s FCPA Corporate Enforcement Policy. This episode features Jay Rosen and Jonathan Armstrong.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/28/2017 • 49 minutes, 40 seconds
FCPA Compliance Report-Episode 363
In this episode, I visit with Keith Read, Advisor to Convercent and Angus Robertson, Senior Vice President for Convercent on some of the key trends they observed in the marketplace in 2017, from the vendor perspective. I found this an interesting perspective as both of these gents spend quite a bit of time listening to compliance practitioner on what their needs are for their organizations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/27/2017 • 23 minutes, 41 seconds
12 O’Clock High-Episode 71
In this special 2017 year-end wrap up, host Richard Lummis and myself reflect back on the leadership lessons we explored over the past year. In this momentous year for leadership, both in business and the wider polis, we considered academics, numerous Presidents, movies, sports figures and some of the current corporate scandals which populated the year.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/27/2017 • 21 minutes, 41 seconds
This Week in FCPA-Episode 81
Jay Rosen and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, in this special holiday edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/22/2017 • 34 minutes, 36 seconds
May the Podcast Be With You-Part V
Welcome to the Part V and our final entry of this five-part podcast series Jay Rosen and I produced in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I reviewed a In this final entry, we consider Rogue One and the myth of the rogue employee.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/22/2017 • 13 minutes, 46 seconds
Everything Compliance-Episode 22
In Part I of a two-part series, the top compliance roundtable podcast is back with a review of the new Justice Department’s FCPA Corporate Enforcement Policy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2017 • 40 minutes, 50 seconds
New Revenue Recognition Standard-Part I
In May 2014, FASB issued Accounting Standards Update, Revenue from Contracts with Customers for public business entities, certain not-for-profit entities, and certain employee benefit plans. In addition to changing things dramatically in the accounting and financial realms, this new revenue recognition standard which may significantly impact the compliance profession, programs and practitioners going forward. In this episode, we introduce the new revenue recognition standard.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/11/2017 • 14 minutes, 27 seconds
FCPA Compliance Report-Episode 361
In this episode, I visit with Don Fischer, a San Francisco and Washington, based lawyers who is one of the country’s leading practices dedicated to assisting corporations, universities and research institutions with the development of comprehensive Export Control compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/11/2017 • 29 minutes, 36 seconds
This Week in FCPA-Episode 79
Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week ending December 8, 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/8/2017 • 36 minutes, 15 seconds
12 O'Clock High-Episode 68
In this episode Richard Lummis and I explore the leadership lessons from the Battle of Hue in Vietnam in 1968. We consider the failures of the American high command, the role of leaders on the ground and the NVA and Viet Cong perspectives.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/5/2017 • 29 minutes, 54 seconds
Compliance Report-International Edition
Welcome to Episode 5 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we focus on typical concepts (or probably myths) of ways a Compliance professional might become a more valuable member of the management team rather than becoming most hated person in the organization. We will do it in plain language and in the simple game form.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/15/2017 • 20 minutes, 34 seconds
Compliance into the Weeds-Episode 60
In this podcast, we consider the joint role of a GC-CCO and the potential corporate governance issues involved when the roles are held by one person. Does this create an irreconcilable conflict? What are the different functions of the General Counsel and the Chief Compliance Officer.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/14/2017 • 21 minutes, 53 seconds
FCPA Compliance Report-Episode 357
What does the release of the Paradise Papers and the corruption crackdown in Saudi Arabia mean for the compliance program of a US or UK company? In this episode I explore some of the compliance related issues.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/13/2017 • 15 minutes, 38 seconds
This Week in FCPA-Episode 76
This Week in FCPA is the only weekly FCPA, compliance and ethics podcast show. Find out the top compliance stories in a short 30 minutes listen.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/10/2017 • 40 minutes, 14 seconds
12 O'Clock High-Episode 65
It is difficult to imagine today a harder situation than the country faced when FDR came to power in 1933. The task must have seemed overwhelming. Starting a new compliance leadership position at a new company can seem equally daunting. You need to not only think through your steps going forward but also how to execute them for maximum performance in this early part of your corporate career.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/10/2017 • 13 minutes, 2 seconds
Compliance Report-International Edition
In this episode, I have New Yorker writer and reporter Adam Davidson on his recent article entitled, "Piercing the Veil of Secrecy Shrouding the Trump Deal in the Republic of Georgia”. In this article Davidson looks at some of the business practices of the Trump organization
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/9/2017 • 32 minutes, 38 seconds
Compliance into the Weeds-Episode 59
What will be the fate of the Justice Department's Evaluation of Corporate Compliance Programs going forward under the Sessions Department of Justice.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/8/2017 • 21 minutes, 23 seconds
FCPA Compliance Report-Episode 356
In this episode, I visit Lauren Briggerman and Dawn Murphy-Johnson on the Fall 2017 issue of Executives at Risk. It is newsletter put out by the law firm of Miller & Chevalier.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/6/2017 • 35 minutes, 34 seconds
This Week in FCPA-Episode 75 the World Series Champs Edition
Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories for the week ending November 3, 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/3/2017 • 30 minutes, 37 seconds
Across the Board-Episode 9
In this episode I visit with Stuart Levine. We focus on Board optimization and try to answer the question of why your Board is not optimized. We consider what is an optimized board and are you serving on one?
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/2/2017 • 18 minutes, 59 seconds
Compliance into the Weeds-Episode 58
In this episode, Matt Kelly and I take a deep dive into the scandal around Harvey Weinstein. We consider it from the compliance perspective, both programatic and for the CCO. We consider the different types of harassment which comes may face claims of from the fallout. We also consider the Board response by The Weinstein Company board and for the claims involving Bill O'Reilly.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/1/2017 • 26 minutes, 7 seconds
Compliance Report-International Edition
n this episode, I visit with Doreen Edelman, a partner at Baker Donelson. We discuss the current state of NAFTA negotiations and some of the key issues together with important dates and milestones.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/31/2017 • 34 minutes, 11 seconds
FCPA Compliance Report-Episode 355
We consider the recent speech by Deputy Attorney General Rod Rosenstein on the comprehensive review the Justice Department will go through looking at various and sometimes disparate Memos regarding corporate and individual prosecutions.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/30/2017 • 27 minutes, 8 seconds
This Week in FCPA-Episode 74 the Coming Home Tied Edition
In this episode of This Week in FCPA, Jay Rosen and I discuss a wide range of FCPA, compliance and ethics related topics.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/27/2017 • 42 minutes, 12 seconds
Everything Compliance-Episode 20
In this episode, we report from the SCCE 2017 Compliance and Ethics Institute, which was recently concluded in Las Vegas. We are joined by Roy Snell, the President of SCCE. We all relate some of our highlights of this year's events and look at some of the most recent compliance and ethics stories which caught our collective eyes.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/26/2017 • 1 hour, 3 minutes, 34 seconds
12 O'Clock High-Episode 64
In this episode, I consider the book Multipliers: How the Best Leaders Make Everyone Smarter. It focuses two different types of leaders, Diminishers and Multipliers. Multipliers are leaders who encourage growth and creativity from their workers, while Diminishers are those who hinder and otherwise keep their employees’ productivity at a minimum. The authors give what they consider to be solutions and guidance to the issues they bring up in the book.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/25/2017 • 15 minutes, 11 seconds
Compliance Man Goes Global
Welcome to Episode 4 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on typical myths and mistakes regarding compliance trainings. We will do it in plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/24/2017 • 20 minutes, 1 second
FCPA Compliance Report-Episode 354
This podcast continues the theme I have been following on the evolution of best practices compliance program, continually moving away from the simple paper program approach articulated by some. The Justice Department’s Evaluation of Corporate Compliance Programs is designed, in large part to get companies to think about and ask questions about their compliance program. The proactive use of a monitor is one of the key innovations in this path.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/23/2017 • 26 minutes, 35 seconds
This Week in FCPA-Episode 73
In this episode, Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/20/2017 • 30 minutes, 51 seconds
Across the Board-Episode 8
In this episode, I visit with branding expert Linda Justice. We discuss the role of a Board of Directors in corporate branding. We discuss ‘what is branding?’
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/19/2017 • 22 minutes, 21 seconds
Twelve O'Clock High-Episode 63-Dan Norris
We discuss the work of the Holt Development company and how it interacts with other organizations. He explains what makes the method work for such a disparate group of organizations: from non-profits to commercial businesses to sports franchises, including his work with the San Antonio Spurs. Dan discusses the work on influence by Bob Cialdini informs the work of Holt Development.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/18/2017 • 23 minutes, 38 seconds
This Week in FCPA-Episode 72
In this episode, Jay and I are joined by Louis Sapirman, CCO at Dun & Bradstreet for a look the the 2017 SCCE Compliance and Ethics Institute. We discuss the pro-conference events, what we hope to achieve at this year's event and why it is important to give back to the compliance community. We end with a discussion on why the Harvey Weinstein affair may well change the face of compliance going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/16/2017 • 44 minutes, 3 seconds
FCPA Compliance Report-Episode 353
In this episode, I visit with Doreen Edelman, a partner at Baker Donaldson on the top FCPA enforcement action of 2017, the Telia Company matter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/16/2017 • 31 minutes, 51 seconds
This Week in FCPA-Episode 71
Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/6/2017 • 35 minutes, 5 seconds
Everything Compliance-Episode 19
Join the Everything Compliance panel for a discussion of Uber in London, Telia, the NCAA and Equifax.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/5/2017 • 55 minutes, 14 seconds
12 O'Clock High-Episode 61
What branding lessons can the business leader draw from Count Dracula?
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/4/2017 • 17 minutes, 7 seconds
Compliance into the Weeds-Episode 56
In this episode, Matt Kelly and I take a deep dive into an article by Todd Haugh, in the most recent issue of the MIT Sloan Management Review entitled, “The Trouble With Corporate Compliance Programs” that even best practices compliance program fail to take into account behavioral best practices and one important but too often overlooked key to strengthening both individual and overall corporate behavior is eliminating rationalizations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/3/2017 • 25 minutes, 44 seconds
FCPA Compliance Report-Episode 351
We discuss how the use of AI can bring a more holistic approach to compliance as a business process rather than simply policies and procedures so that the end of the day a company is more profitable. The implications for the compliance profession are profound and these concepts will lead improvements on compliance efficiencies.
Learn more about your ad choices. Visit megaphone.fm/adchoices
10/2/2017 • 31 minutes, 28 seconds
This Week in FCPA-Episode 70
In this episode Jay and I take a look at the week's top FCPA, compliance and ethics related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/29/2017 • 38 minutes, 19 seconds
Across the Board-Episode 3
Today, I visit with noted fraud examiner, Jonathan Marks, a partner at Marcum LLP on the relationship of the internal auditor, fraud good governance and board governance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/28/2017 • 21 minutes, 21 seconds
Compliance Report-International Edition
In this Episode 2 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition, we focus on real priorities of the corporate compliance programming at high-risk markets.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/27/2017 • 21 minutes, 57 seconds
Compliance into the Weeds-Episode 55
The Telia FCPA enforcement action is the Number 1 all-time for fines and penalties. What can you learn from it?
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/26/2017 • 26 minutes, 1 second
FCPA Compliance Report-Episode 350
Linda Justice bring Nancy Drew to your side to fill all those knowledge gaps in your pursuit of clients. Using her technical background in corporate investigations, brings experience to business development, strategic management of risk and compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/25/2017 • 24 minutes, 55 seconds
This Week in FCPA-Episode 69
Jay Rosen and I review the week's top FCPA, compliance and ethics related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/22/2017 • 36 minutes, 30 seconds
Everything Compliance-Episode 18
The top roundtable podcast in compliance is back with Part II of the Post Harvey edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/21/2017 • 25 minutes, 38 seconds
Compliance into the Weeds-Episode 54
Matt reports live from TEC 2017, the Workiva user summit
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/20/2017 • 22 minutes, 15 seconds
Compliance Report-International Edition
In this new podcast series, we take two typical concepts or more-probably misconceptions from in-house compliance conventional wisdom. We check out if these concepts work in emerging jurisdictions.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/19/2017 • 27 minutes, 33 seconds
FCPA Compliance Report-Episode 349, The Chickenshit Club
In this episode, I interview with book author, Jesse Eisinger and Paul Pelletier, a key source for the book. The interview is fascinating and I urge you to take a listen for both the substance and the interplay between Eisinger and Pelletier.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/18/2017 • 44 minutes, 20 seconds
This Week in FCPA-Episode 68
Jay and I return to discuss some of the week's top compliance and ethics related stories, with a special guest rant from Matt Kelly.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/15/2017 • 40 minutes, 46 seconds
Everything Compliance-Episode 17
The top compliance roundtable podcast is back with another episode of Everything Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/14/2017 • 49 minutes, 38 seconds
Episode 21-Unfair and Unbalanced-the 2017 Compliance and Ethics Institute
In this episode, Roy Snell and I have a wide ranging discussion on the SCCE's Compliance and Ethics Institute.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/12/2017 • 35 minutes, 28 seconds
FCPA Compliance Report-Episode 348
The implications to and applications for the anti-corruption compliance profession from data lineage are significant for transparency and accountability in data for sales, third party sales agents and payments, data flow in an organization and vendors in the Supply Chain.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/11/2017 • 25 minutes, 50 seconds
This Week in FCPA-Episode 67
After a two week absence, Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories which happened while we were off.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/8/2017 • 55 minutes, 50 seconds
Across the Board-Episode 6
What is your Board's protocol for considering climate impact risk and broader strategic risks?
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/7/2017 • 24 minutes, 41 seconds
Compliance into the Weeds-Episode 52
In this episode, Matt Kelly and I take a deep dive into the good, bad and ugly of Hurricane Harvey for the compliance professional. We discuss what lessons may be drawn from the storm and its aftermath for the greater compliance, ERM and business communities and the need to take a much greater holistic approach to the consideration of your risk management strategy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/6/2017 • 20 minutes, 7 seconds
FCPA Compliance Report-Episode 347, Adam Turteltaub
We discuss the upcoming 2017 Compliance and Ethics Institute, which is one of the primary education and networking event for professionals working in the Compliance and Ethics profession across all industries around the world.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/5/2017 • 24 minutes, 29 seconds
Across the Board-Episode 5
What does a Board of Directors need to facilitate an unstructured dialog with management?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/24/2017 • 23 minutes, 10 seconds
Compliance into the Weeds-Episode 51
What is the intersection of the PCAOB, auditing and compliance? Matt Kelly and I explore in this week's episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/23/2017 • 27 minutes, 46 seconds
12 O'Clock High-Episode 56
What are the leadership lessons to be drawn from the fifth President of the US, James Monroe.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/22/2017 • 20 minutes, 43 seconds
FCPA Compliance Report-Episode 346, Mike Skopets
In this episode, I visit with Mike Skopets, from Miller & Chevalier on the firm’s Summer 2017 FCPA Report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/21/2017 • 27 minutes, 9 seconds
This Week in FCPA-Episode 66
The week's top FCPA and compliance related events and stories; all in one podcast.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/18/2017 • 29 minutes, 14 seconds
Across the Board-Episode 4
In this episode, I explore why Wells Fargo needs a true compliance expert on its Board of Directors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/17/2017 • 18 minutes, 33 seconds
Compliance into the Weeds-Episode 50
What is the upside to any US business engaging with the Trump Administration after its tepid response to the events in Charlottesville?
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/16/2017 • 26 minutes, 1 second
12 O'Clock High-Episode 55
There are several leadership lessons which I believe can be learned from the British (and German) experiences at Dunkirk.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/15/2017 • 23 minutes, 53 seconds
FCPA Compliance Report-Episode 345
In this episode, Mike Volkov and I discuss two declinations with disgorgement issued in June 2017 and their significance for the compliance practitioner.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/14/2017 • 31 minutes, 34 seconds
This Week in FCPA-Episode 65
Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories for the week ending August 11.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/11/2017 • 36 minutes, 57 seconds
Everything Compliance-Episode 16
In this episode, the Everything Compliance trio of Matt Kelly, Jay Rosen and Tom Fox unpack our first book review. We consider the recently released The Chickenshit Club by Jesse Eisenger and it may mean for the compliance practitioner.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/10/2017 • 53 minutes, 5 seconds
12 O'Clock High-Episode 54
The OODA feedback loop provides a framework for the obtaining and consideration of information; then using it going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/9/2017 • 20 minutes
Compliance into the Weeds-Episode 49
The Mattis Memo on ethics is so significant that every CCO and compliance practitioner should read it and the Memo's substance into your compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/9/2017 • 26 minutes, 19 seconds
Across the Board-Episode 2, Sheila Hooda
In this episode we discuss the key role Board of Directors around oversight of strategy and risk.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/8/2017 • 27 minutes, 36 seconds
Compliance Report-International Edition
In this episode, Tim Khasanov and I look at the former Soviet Union states, one of the most interesting region for Compliance professionals. we will touch 10 hot questions on corporate ethics in this region.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/7/2017 • 25 minutes, 51 seconds
This Week in FCPA-Episode 64
In this special Saturday edition, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/5/2017 • 28 minutes, 36 seconds
Across the Board-Episode 1
This podcast discusses the Holder Report and the role of the Uber Board.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/3/2017 • 16 minutes, 38 seconds
Compliance into the Weeds-Episode 48
We consider the enforcement action around the issue of internal controls, their effectiveness (or lack thereof) and management over-ride of internal controls.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/2/2017 • 23 minutes, 4 seconds
12 O'Clock High-Episode 53, Margaret Johnson
In this episode, I visit with Margaret Johnson, the author of the book from From SOS to WOW. This book can help you to move your leadership skills to a new level through by helping you bust through assumptions, unleashing your creative ideas and taking courageous action to finally make the move to where you really want to be personally or professionally.
Learn more about your ad choices. Visit megaphone.fm/adchoices
8/1/2017 • 16 minutes, 14 seconds
FCPA Compliance Report-Episode 344, Virginia Suveiu
in this episode, I visit with Virginia Suveiu, who writes upon theories of risk. She also teaches risk management strategies as UC-Irvine.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/31/2017 • 32 minutes, 3 seconds
This Week in FCPA-Episode 63
This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/28/2017 • 34 minutes
Everything Compliance
We take things a different way in this episode as the commentators throw out five topics for consideration by the group. Last week we had topics from Jay and Matt; this week from Jonathan and Tom.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/27/2017 • 41 minutes, 29 seconds
Compliance into the Weeds-Episode 47
In this episode, Matt Kelly and I take a deep dive into the Dodd-Frank and Sarbanes-Oxley reform initiatives in the House of Representatives and as articulated by incoming SEC Chairman Jay Clayton. Will the new administration gut SOX and Dodd-Frank compliance requirements? For more see Matt Kelly's blog post SEC Chair Clayton Talks Compliance Costs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/26/2017 • 26 minutes, 8 seconds
12 O'Clock High-a Podcast on Business Leadership
In this episode, Richard Lummis and I explore leadership lessons from Toussaint Louverture, who held the only successful slave revolt in the Western Hemisphere. Our remarks are based on the recent biography of him entitled, Toussaint Louverture by Phillipe Gerrard. While not an obvious character for study in a business leadership podcast, Louverture nonetheless presented several important lessons which translate into to today’s business environment.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/25/2017 • 17 minutes, 37 seconds
Day 15 of One Month to More Effective Internal Controls
The updated Framework retained the core definition of internal controls; those being control environment, risk assessment, control activities, information and communication, and monitoring activities. However, it built up Objectives. The 17 principles represent fundamental concepts associated with the five components of internal control. Together, the Objectives and Principles constitute the criteria will guide companies in assessing whether the components of internal controls are present, functioning and operating together within their organization.
I. Objective-Control Environment The first of the five objectives is Control Environment and it sets the tone for the implementation and operation of all other components of internal control. It begins with the ethical commitment of senior management, oversight by those in governance, and a commitment to competent employees. The five principles of the Control Environment object are as follows:
Principle 1 - The organization demonstrates a commitment to integrity and ethical values.
Principle 2 - The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
Principle 3 - Management establishes with board oversight, structures, reporting lines and appropriate authorizes and responsibility in pursuit of the objectives.
Principle 4 - The organization demonstrates a commitment to attract, develop and retain competent individuals in alignment with the objectives.
Principle 5 - The organization holds individuals accountable for their internal control responsibilities in the pursuit of the objective.
A. Principle 1 - Commitment to integrity and ethical values What are the characteristics of this Principle? First, and foremost, is that an entity must have the appropriate tone at the top for a commitment to ethics and doing business in compliance. It also means that an organization establishes standards of conduct through the creation of a Code of Conduct or another baseline document. The next step is to demonstrate adherence to this standard of conduct by individual employees and throughout the organization. Finally, if there are any deviations, they would be addressed by the company in a timely manner. From the auditing perspective, this requires an auditor to be able to assess if a company has the met its requirements to ethics and compliance and whether that commitment can be effectively measured and assessed.
B. Principle 2 - Board independence and oversight This Principle requires that a company’s Board of Directors establish oversight of a compliance function, separate and apart from the company’s senior management so that it operates independently in the compliance arena. Next there should be compliance expertise at the Board level which allows it actively to manage its function. Finally, and perhaps most importantly, a Board must actively provide oversight on all compliance control activities, risk assessments, compliance control activities, information, compliance communications and compliance monitoring activities. Here, internal auditors must interact with a Board’s Compliance Committee (or other relevant committee such as the Audit Committee) to determine independence. There must also be documented evidence that the Board’s Compliance Committee provides sufficient oversight of the company’s compliance function.
C. Principle 3 - Structures, reporting lines, authority and responsibility This may not seem as obvious but it is critical that a compliance reporting line go up through and to the Board. Under this Principle, you will need to consider all the structures of your organization and then move to define the appropriate roles of compliance responsibility. Finally, this Principle requires establishment of the appropriate authority within the compliance function. Here your auditors must be able to assess whether compliance responsibilities are appropriately assigned to establish accountability.
D. Principle 4 - Attracting, developing and retaining competent individuals This Principle gets into the nuts and bolts of doing compliance. It requires that a company establish compliance policies and procedures. Next there must be an evaluation of the effectiveness of those compliance policies and procedures and that any demonstrated shortcomings be addressed. This Principle next turns the human component of a compliance program. A company must attract, develop and retain competent employees in the compliance function. Lastly, a company should have a demonstrable compliance succession plan in place. An auditor must be able to demonstrate, through its compliance policies and, equally importantly its actions, that it has a commitment to attracting, developing and retaining competent persons in the compliance function and more generally employees who accept the company’s general principle of doing business ethically and in compliance.
E. Principle 5 - Individuals held accountable This is the ‘stick’ Principle. A company must show that it enforces compliance accountability through its compliance structures, authorities and responsibilities. A company must establish appropriate compliance performance metrics, incentives to do business ethically and in compliance and, finally, clearly reward such persons through the promotion process in an organization. Such reward is through an evaluation of appropriate compliance measures and incentives. Interestingly a company must consider pressures that it sends through off-messaging. Finally, each employee must be evaluated in his or her compliance performance; coupled with both rewards and discipline for employee actions around compliance. This Principle requires evidence that can demonstrate to an auditor there are processes in place to hold employees accountable to their compliance objectives. Conversely, if an employee does not fulfill the compliance objectives there must be identifiable consequences. Lastly, if this accountability is not effective, the internal controls should be able to identify and manage the compliance risks that are not effectively mitigated.
II. Discussion Both Board of Directors’ independence and Compliance Committee (or other applicable committee) oversight issue are essential to this Objective because the Compliance Committee needs to be actively engaged to be comfortable that the company has implemented the internal controls under Sarbanes-Oxley (SOX) 404(a); as required under Principles 1 & 2. The external auditors must then be comfortable this requirement is met. Finally, there must be evidence the company has appropriate disclosure controls in place because that is central to the Objective itself. This is all tested against Board independence and Compliance Committee oversight over those activities that management has undertaken and their engagement and conversations with their external auditor.
Howell related that under Principle 3, “structures in reporting lines, authority and responsibility are essential to the recognition of revenue. An entity’s internal controls or financial reporting details there are processes, there are policies, there is documentation, the authority and documentation of the judgments are being made, the review of those in responsibility for making those ultimate judgments about the recognition of revenue and the recognition or timing of the revenue and the expenses, that those need to be in place.”
Under Principle 4, a business must attract and develop, then retaining competent talent. Of course, this is good business as well. But it is more than simply some appropriate levels of staffing, as Howell stated, “One of the big reasons that companies have said do not have money to invest again the deep dive study and process improvement necessary to implement it [the 2013 Framework], is that it comes down to both to commitment level from the top and the tone at the top that this important and these financial disclosures are critical to the ability of the investors to rely on the company's disclosures.” You must only “put in place the right team, give the team the right tools, but also ensure the team has the ability to access the right level of technical accounting talent and business process and controls talent to make the judgments.”
All these leads of course ties into Principle 5, which mandates individuals being held responsible. This requires someone to document that they have made a judgment based upon the evidence that they have been able to accumulate, that the company has analyzed that evidence and has gone through the process of comparing this to the COSO 2013 Framework and to the spirit of the standard. Howell said, “those individuals are being held responsible for having done that properly. I think when you tie all that back together, when you get to the control environment, that the COSO principle number one is it can be completely tied back to what is being required.”
Three Key Takeaways
What controls do you have in place to measure conduct at the top?
Reporting lines must be clear and functioning.
You must provide the right personnel with the right resources.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/24/2017 • 12 minutes, 9 seconds
FCPA Compliance Report-Episode 343, James Koukios
In this episode I visit with James Koukios, a partner at Morrison and Foerster on the firm’s newsletter, Top Ten International Anti-Corruption Developments for May 2017. Our topics include:
FCPA Assistant Chief BJ Stieglitz has been selected for detail to UK Financial Enforcement Authorities. We discuss how does a prosecutor work overseas, what this might mean for prosecutions going forward both in the US and UK and what is the relationship of the DOJ with its British counterparts?
The DOJ has moved to terminate its DPA over Hewlett-Packard. We discuss what it means to have a DPA terminated and what is the role of the DOJ in this phase? We also consider what is the decision-making process if a DPA has to be extended due to continued or new conduct by a company under such an agreement.
Finally, we consider some of the difficulties of some of the DOJ’s Challenges in Obtaining Foreign Evidence, through a recent ruling in Civil Forfeiture Case. On May 9, 2017, In the case of United States v. Prevezon Holdings Ltd., Southern District of New York Judge William H. Pauley III, ruled that certain evidence obtained by prosecutors from foreign sources was admissible in a civil asset forfeiture case, notwithstanding that the documents lacked the requisite certifications under the Federal Rules of Evidence. We consider the process for getting information from overseas; why it takes so long, what happens if it does not meet US evidentiary or even admissibility standards?
To see a full copy of the firm’s publication, Top Ten International Anti-Corruption Developments for May 2017, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/24/2017 • 22 minutes, 18 seconds
Day 14 of One Month to More Effective Internal Controls
This week we turn our attention to COSO, with an introduction to the organization and its framework for internal controls. I will go through the internal controls and how they relate to compliance. Finally, I will end with a discussion of evaluation of internal controls through the COSO Framework. Once again, I am joined in this exploration by internal controls and accounting expert Joe Howell, EVP at Workiva, Inc.
What is COSO? That acronym stands for Committee of Sponsoring Organizations of the Treadway Commission, which originally adopted in 1992, as a framework for basis to design and then test the effectiveness of internal controls. It was deemed necessary to update this more than 20-year old COSO Framework, to provide a more supportable approach when adversarial third parties challenge whether a company has effective internal controls (such as the SEC). While the COSO Framework is designed for financial controls, I believe that the SEC will use the 2013 Framework to review a company’s compliance internal controls. This means that you need to understand what is required under the 2013 Framework and can show adherence to it or justify an exception if you receive a letter from the SEC asking for evidence of your company’s compliance with the internal controls provisions of the FCPA.
COSO has produced three volumes detailing the 2013 Framework. The first lays out the Framework and is entitled “Internal Control – Integrated Framework”, herein ‘the Framework volume’. The second is an Illustrative Guide, entitled “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls”, herein ‘the Illustrative Guide’, which discusses how best to assess your internal control regime and provides forms and work sheets to use in this exercise. The third volume is the Executive Summary of the first volume, herein ‘Executive Summary’. All three works form an excellent starting point for exploration of the COSO Framework and how you might use it for your best practices anti-corruption compliance program.
In the 2013 update the basic framework was retained with substantial support from user companies, and 3 specific objectives were added: (I) Operations Objectives – effectiveness and efficiency of operations, including safeguarding assets against loss; (II) Reporting Objectives – internal and external financial reporting; and (III) Compliance Objectives – adherence to laws and regulations to which the entity is subject. According to the guidance in the 2013 update, the system of internal controls can be considered effective only if it provides reasonable assurance the organization, among other things, complies with applicable laws, rules, regulations and external standards. With the addition of those specific objectives, the COSO framework now specifically includes the need for controls to address compliance with laws and regulations.
The COSO Framework defines internal controls, from bottom to top, with the following Objectives: (a) Control Environment, (b) Risk Assessment, (c) Control Activities, (d) Information and Communication, and (e) Monitoring. From these five Objectives come 17 Principles which we will be exploring throughout this series.
Larry Rittenberg, in his book “COSO Internal Control-Integrated Framework”, said that the original COSO framework from 1992 has stood the test of time “because it was built as conceptual framework that could accommodate changes in (a) the environment, (b) globalization, (c) organizational relationship and dependencies, and (d) information processing and analysis.” Moreover, the updated 2013 Framework was based upon four general principles which include the following: (1) the updated Framework should be conceptual which allows for updating as internal controls [and compliance programs] evolve; (2) internal controls are a process which is designed to help businesses achieve their business goals; (3) internal controls applies to more than simply accounting controls, it applies to compliance controls and operational controls; and (4) while it all starts with Tone at the Top, “the responsibility for the implementation of effective internal controls resides with everyone in the organization.” For the compliance practitioner, this final statement is significant because it directly speaks to the need for the compliance practitioner to operationalize internal controls for compliance and not to simply rely upon a company’s accounting, finance or internal audit function to do so.
The primary object is to keep in mind that even if an organization adopts the Framework, there will be very few people within that organization who will have the unique knowledge that a compliance officer has that would impact all the elements of the Framework. The compliance officer's role is to provide the input to the Chief Financial Officer (CFO) and others involved in the implementation, to be sure that there is a proper focus on the risks that really are part of the compliance world. This primarily comes through the risk assessment component, the control activities, and then the monitoring. Companies typically do risk assessment from an operational standpoint and address business risks going forward and then develop the controls that deal with those business risks, which could be project financial results, doing business in certain countries, strategic decisions and similar issues. All of this puts the compliance function in the unique position to be the fulcrum on many issues which will come up with a COSO based analysis or implementation.
The updated Framework retained the core definition of internal controls; those being control environment, risk assessment, control activities, information and communication, and monitoring activities. Further, these five operational concepts are still visually represented in the well-known three-dimensional “COSO Cube”. In addition, the criteria used to assess the effectiveness of an internal control system remain largely unchanged. The effectiveness of internal control is assessed relative to the five components of internal controls and the underlying principles supporting the components. However, it is the emphasis on the principles, which is new to the 2013 Framework.
Joe Howell noted that the COSO Framework can be seen as both a prevent and detect control. He also related that your internal controls need to be sustainable over the long haul. He stated, “You cannot just build one off things that allow you to do one period and not have a process in place that is going to help you through all of the periods that you need to cover. The controls cannot just be a one and done. Many companies are going to find that their initial approach to all of this is one and done.” As we explore the COSO Framework, the compliance practitioner should understand how the entire Framework interacts and intersects with the compliance function in a manner which is sustainable throughout the organization.
Three Key Takeaways
You must use the COSO Framework or a similar source for your internal controls structure.
The 2013 Framework identifies the following areas: (a) Control Environment, (b) Risk Assessment, (c) Control Activities, (d) Information and Communication, and (e) Monitoring.
Your internal controls must be sustainable.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/23/2017 • 11 minutes, 33 seconds
This Week in FCPA-Episode 62
This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:
Will Canada approve DPAs for use in anti-corruption prosecutions? TI-Canada recommends they come into use. See article in Corporate Compliance by clicking here. Also see interview with RCMP Superintendent Denis Desnoyers in GIR.
Midyear FCPA enforcement report by Stanford Law Journal. See article in WSJ.
The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in Compliance Week.
Are Mexican anti-corruption efforts moving forward or not. See pro see article entitled, New Mexican Anti-Corruption Law Enters into Force Global Compliance News. For con see article by Juan Montes Mexican Antigraft Efforts Falter, in WSJ.
With the departure of Walter Shaub from the US Office of Governmental Ethics and Hui Chen as the Compliance Counsel, who will lead the US ethics and compliance efforts. See Jaclyn Jaeger’s article in the Compliance Week.
Everything Compliance-Episode 14 is out. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Episode 15 will go up on July 27.
Former Haitian Telco exec pleads guilty, Dick Cassin reports in the FCPA Blog. Dmitrij Harder jailed five years for FCPA offenses. See article by Dick Cassin the FCPA Blog.
The twins are back home from summer camp. What does it mean for the Rosen household?
Jay previews his weekend report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/21/2017 • 30 minutes, 52 seconds
Day 13 of One Month to More Effective Internal Controls
Last year, one of the most interesting non-Foreign Corrupt Practices Act (FCPA) enforcement actions was announced by the Securities and Exchange Commission (SEC). It involved a clear quid pro quo benefit paid out by United Airlines to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United Airlines operations at the company’s huge east coast hub at Newark, NJ.
The reason that it is so interesting from an enforcement prospective is that it is not foreign corruption but domestic corruption, therefore not subject to the FCPA. However, the actions of United’s former Chief Executive Officer (CEO), Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials. That sounds suspiciously like a books and records violation of the FCPA. The $2.4 million civil penalty levied on United was in addition to the Non-Prosecution Agreement (NPA) settlement with the Department of Justice (DOJ), which resulted in a penalty of $2.25 million. Chairman Samson has also pled guilty in July for putting pressure on United to reinstitute a flight service which was near his weekend residence.
The scandal also cost the resignation of Smisek and two high-level executives from United. In a Press Release at the time of the resignation, the company stated, “The departures announced today are in connection with the company’s previously disclosed internal investigation related to the federal investigation associated with the Port Authority of New York and New Jersey. The investigations are ongoing and the company continues to cooperate with the government.”
Adding another twist to this also fascinating case was that it all came out of the Bridgegate scandal from New Jersey, although it was not related to the original claim that the New Jersey Governor’s office ordered the closing of certain traffic lanes around Fort Lee, NJ to punish the mayor for not supporting the Governor. The entire affair involved a flight from Newark to Columbia, South Carolina. The flight was reported to be a money-losing route, yet it was reinstated by United at either the request of the Chairman of the Port Authority of New York and New Jersey, Samson, or was reinstated by United to obtain a benefit from Samson.
It turned out Samson had a weekend home at Aiken, which is near Columbia, SC and was not happy there was no direct flight service from Newark. So he got a direct flight. The flight was money loser it was derisively named “the chairman’s flight.” The SEC Cease and Order (Order) said that United lost some $945,000 on the flight.
However, at the time United was in the midst of trying to renegotiate its lease at Newark airport with the Port Authority. The flight from Newark to Columbia was cancelled after Samson resigned his post as Chairman.
According to the Order, “In the summer and fall of 2011, representatives of United and the Port Authority’s Aviation Department (which manages Newark Liberty) negotiated a proposed agreement that the Port Authority would lease approximately three acres of land at Newark Liberty to United for the construction and operation of a wide-body aircraft maintenance hangar (the “Hangar”). The Hangar would facilitate United’s ability to perform maintenance on its incoming fleet of wide-body aircraft at Newark Liberty, rather than having to perform such maintenance at a suitable United facility at another airport. Based on preliminary assessments and using information available at the time, United estimated that the Hangar would result in efficient routings that would drive $47.5 million in value to the United network on an annual basis post-construction.
During this time period, Samson was communicating to a third party his desire that United reinstate the Chairman’s Flight. This culminated in a dinner meeting between Smisek, his senior team and Samson. Samson once again pressured for a reinstitution of the route, “Samson stated that Continental Airlines used to have a non-stop route between Newark Liberty and Columbia, South Carolina and asked the CEO to consider re-establishing that non-stop route.”
United’s “Network Planning Group analyzed the projected financial performance of the South Carolina Route… United’s standard process for initiating new routes generally included: the preparation and consideration of financial forecasts and other market data of how the route could be expected to perform, review and approval by several levels of United’s Network Planning Group, including approval by the Chief Revenue Officer (“CRO”) or his staff, and thereafter presentation of the route and its details to a group of senior United executives at a regularly scheduled marketing meeting.”
This review determined that the Chairman’s Flight would likely be a money loser and, indeed, when it was previously operated by Continental Airlines, prior to its merger with United, the route “was continually one of the hubs poorest performing markets”. (Recall the Order reflected the flight did lose United $945K.) However, after United declined to reinstitute the Chairman’s Flight, Samson pulled the proposal from consideration by the full Board, effecting scuttling the arrangement. Shortly after this development, “the CEO (Smisek) approved the establishment of the [Chairman’s]route.” On the same day, United’s contract for the new hangars was approved by the Port Authority.
At the time United’s Code of Conduct prohibited “United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to improperly influence the recipient.” Only the United Board of Director’s could grant a waiver to the Code and none was sought or obtained by Smisek. The Order concluded, “The [Chairman’s] Route was initiated in violation of United’s Policies.”
Mike Volkov has often worried that if that companies create internal controls and then do not follow those internal controls, will be prosecuted for such action (or perhaps inaction). This is the situation which led to the SEC enforcement action against United. The company had a Code of Conduct, it was not followed but was violated by the CEO and this caused the company to violate Section 13 of the Securities Exchange Act of 1934. It would be easy enough to see this resolution in the FCPA context but this was all domestic conduct and jurisdiction. This may be the first time the violation of a Code of Conduct resulted in an enforcement action by the SEC around domestic bribery and corruption.
Yet the company was also sanctioned for not having internal controls in place to prevent such actions as those taken by Smisek, with the SEC also finding this was a violation of Section 13. This was in the face of detailing the protocol for United instituting or reinstituting a route. The Order stated, “In particular, United had insufficient internal accounting controls in place to prevent approval of the South Carolina Route in derogation of United’s Policies.”
All the underlying facts, enforcement theories and remediation points towards the use of failure of internal controls when domestic bribery corruption occurs. This might well be a new enforcement theory to use inside the United States, for domestic bribery allegations. Imagine if United’s profit estimates of $47.5 million had been used as the basis of a profit disgorgement order.
Three Key Takeaways
It is very unusual for the FCPA to form the basis of a domestic bribery violation.
A Code of Conduct can be an internal control.
Even a CEO must follow internal controls.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/21/2017 • 13 minutes, 27 seconds
Day 12 of One Month to More Effective Internal Controls
Is a Board of Directors a compliance internal control? I think the clear answer is yes. In the FCPA Guidance, in the Ten Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board in a best practices compliance program. The first in Hallmark No. 1 states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, which says the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).”
Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? The DOJ’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.
I believe that a Board must not only have a corporate compliance program in place but also actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward.
Lawyers often speak to and advise Boards on their legal obligations and duties. If a Board’s oversight is part of effective financial controls under Sarbanes Oxley (SOX), that also includes effective compliance controls. Failure to do either may result in something far worse than bad governance. It may directly lead to a FCPA violation and could even form the basis of an independent FCPA violation.
A company must not only have a corporate compliance program in place it must also actively oversee that function. A failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Internal controls work together with compliance policies and procedures are an interrelated set of compliance control mechanisms. There are five general compliance internal controls for a Board or Board subcommittee role for compliance:
Corporate Compliance Policy and Code of Conduct - A Board should have an overall governance document which will inform the company, its employees, stakeholders and third parties of the conduct the company expects from an employee. If the company is global/multi-national, this document should be translated into the relevant languages as appropriate.
Risk Assessment - A Board should assess the compliance risks associated with its business.
Implementing Procedures - A Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy.
Training - There are two levels of Board training. The first should be that the Board has a general understanding of what the FCPA is and it should also understand its role in an effective compliance program.
Monitor Compliance - A Board should independently test, assess and audit to determine if its compliance policies and procedures are a ‘living and breathing program’ and not just a paper tiger.
There have been recent FCPA enforcement actions where the DOJ and SEC discussed the failure of internal controls as a basis for FCPA liability. With the questions about the Wal-Mart Board of Directors and their failure to act in the face of allegations of bribery and corruption in the company’s Mexico subsidiary, or contrasting failing to even be aware of the allegations; there may soon be an independent basis for an FCPA violation for a Board’s failure to perform its internal controls function in a best practices compliance program.
Three Key Takeaways
GTE compliance internal controls are low hanging fruit, pick them.
Compliance internal controls can be both detect and prevent controls.
Good compliance internal controls are good for business.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/20/2017 • 11 minutes, 12 seconds
Everything Compliance-Episode 14
Show Notes for Everything Compliance-Episode 14
Topics from Matt:
Trump Administration & FCPA enforcement— we have two declinations now; maybe a compare-and-contrast, and speculation on what a tough Trump Admin enforcement WOULD look like;
EU’s GDPR— Do EU regulators really know what they want to do with enforcement of this law; although if they follow the lead of the anti-competition people whacking Google, it could be a big deal;
Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted; and
Ethical leadership and the lack thereof; the menace of abusing perks and privilege, connecting my posts about Uber’s leaders and Chris Christie vacationing on a closed beach.
Topics from Jay:
How do the Campaign Finance Laws mirror/or differ from the FCPA?
Will the Russian Collusion Investigation reveal the ultimate FCPA violation?
Regarding Walter Shaub’s departure from Office of Governmental Ethics (OGE), does it matter? What is OGE supposed to do and why did it work for the past 40+ years, but fell on deaf ears with the Trump administration?
Dovetailing with Matt’s question about a slow H1 for FCPA enforcement and in light of the just released Gibson Dunn FCPA Mid-Year Report, does the current climate (and lack of vigorous enforcement) provide a perfect storm for companies to look the other way if they fall off the E&C wagon, or do we think that companies are still being vigilant in spite of a perception of decreased enforcement?
Rants are at the end of this week’s episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/20/2017 • 1 hour, 12 minutes, 53 seconds
Day 11 of One Month to More Effective Internal Controls
Joe Howell, EVP of Workiva, Inc. as noted that it is reasonable to expect that internal controls over gifts, travel and entertainment (GTE) be designed to ensure that all satisfy the criteria as defined in company policies. Generally speaking, these are fairly narrow, including a definition of the dollar limit, which must not be exceeded in order for gifts to be permissible, coupled with some subjective criteria such as the legality of the gifts for the recipient and whether the practice is customary within the country where the gift is delivered. The question I focus on is how to enforce the policies so that employees are not free to disregard them at will?
The Department of Justice (DOJ), in several enforcement actions and the FCPA Guidance has emphasized the importance of risk assessment and effective controls and building a program tailored to those risks. Many companies effectively minimize the risk of inappropriate gifts through stringent pre-approval requirements because a sufficiently robust and enforced pre-approval policy can reduce the number of gifts simply because of the headache of getting the pre-approval. This has the added benefit of ensuring enforcement of internal controls, largely because of the reduced volume of gifts being included in expense reports. In considering the effectiveness of controls, you must always keep in mind the most frequently used method for defeating an internal control, which is driven by a dollar amount criteria, is splitting the item into multiple parts in order to appear to stay under the limit and to avoid the defined approval authority based on the amount of the gift.
The key analysis is whether there are controls in place to enforce the policies and whether those controls are documented. There are four issues to evaluate.
Is the correct level of person approving the payment / reimbursement for the gift?
Are there specific controls, including signoffs, to demonstrate that the gift had a proper business purpose?
Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls?
If controls are not followed, is that failure detected by other internal controls or the compliance protocols?
While many compliance practitioners believe that employee expense reports are a sufficient internal control regarding gifts, because there are other ways in which a gift can be presented, there need to be other controls. Once your company policy on gifts has been finalized, the internal controls over expense reports fall into three basic areas: (1) The expense report format, including what information it requires; (2) Controls over the submitting employee and the preparation of the expense report; and (3) Controls to ensure the approvers do their review process properly.
Consider the format itself of an expense report, which can be a prevent control. First it is important to have preprinted representations and certifications within the form because these can lead to “stop and think” type of controls, meaning the person submitting the expense report has to at least consider the information being submitted. The form can be signed without reading the preprinted representations, but if the employee and reviewers have been trained on how to review the expense report, it can be difficult to say later that the submitting employee did not understand what they were signing.
Next consider the Preparer’s representations and the Approver’s representations. The Preparer’s representations include ensuring that all items representing a proper business purpose comply with the company’s code of conduct, comply with local law and custom, and comply with all applicable company policies. The Approver’s representations ensure that all supporting documentation has been examined and that all documentation complies with applicable company policies, including the submission of original receipts. Further, the approver should certify that they have complied with all company policies regarding the review and approval of the expense report.
Some companies have two basic forms of expense reports. One pertains to US locations and does not involve any expenses incurred outside the US. The second is for items involving locations or persons outside the US. The international reporting form might have more stringent requirements and should provide for more detailed disclosures. It could require reporting, in a separate section of the expense report, all items that involve government officials, so that these items are not “buried” elsewhere in the expense report. Just as an added measure, the expense report includes a column where other expenses are reported which requires the submitter to check “Government Official YN?” this type of format should require sufficient disclosure of information regarding each item involving government officials. The next step in such an enhanced protocol would require a senior officer from the business unit to approve any reimbursements that meet certain criteria, for example, certain geographical areas or countries. Finally, such an enhanced representation could also include separate sections for each item requiring a description of the business purpose of meals, entertainment, names and business affiliation of all attendees, description of gifts and their business purpose, etc. A typical expense report requires this information to be on the receipt. Howell believes that moving beyond simply requiring receipts and requiring such detail to be incorporated directly onto the expense reimbursement forms highlights the presence or absence of proper documentation much more readily. Howell ended by noting it was incumbent to ensure reviewers sign off that each such item has documentation that required pre-approvals were obtained, if necessary.
Internal controls around gifts can be used in a variety of ways in your best practices compliance program. They can certainly be used to detect an issue and perhaps even prevent an issue from becoming a full-blown FCPA violation, however, by using some of the techniques that Howell has suggested you can move your compliance program to a proscriptive phase where you not only stop an issue from becoming a violation but through identification, you can move towards remediation as a part of your ongoing compliance efforts. The bottom line is good internal controls make for good business processes; if you can move your compliance program’s internal controls forward, you can help make them a part of your financial controls and thereby have a better run company.
Three Key Takeaways
GTE compliance internal controls are low hanging fruit, pick them.
Compliance internal controls can be both detect and prevent controls.
Good compliance internal controls are good for business.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/19/2017 • 12 minutes, 20 seconds
Compliance into the Weeds-Episode 46
In this episode, Matt Kelly and I discuss the recent Second Circuit Court of Appeals decision in HSBC v. Moore. In this case a federal district court had ordered the release of redacted monitor’s report in the HSBC money-laundering Deferred Prosecution Agreement (DPA), based upon the request of an interested citizen. Both the Department of Justice (DOJ) and HSBC appealed the order and the Court of Appeals supported their position in overturning the trial court’s decision. The case is about a hook, line and sinker overturning of any trial court jurisdiction as one can have. The district court tried to claim it did not have the same role as a “potted plant” but the Court of Appeals left no doubt that is the only role it sees for any district court where a DPA is filed. We discuss the implications for the compliance practitioner, FCPA enforcement and any potential changes going forward.
For additional reading, see my blog post on this case by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/19/2017 • 21 minutes, 51 seconds
Episode 51- Andrew Jackson
In this episode, I consider the leadership lessons which can be drawn from our 7th President Andrew Jackson. I focus largely on the crisis surrounding the charter of the Second National Bank of the United States, which played out over 5 years from 1831 to 1836. This conflict pitted Jackson against most the nation’s political and financial elites, most prominently Nicolas Biddle, the President of the Bank. However, the great politicians of the day, including Henry Clay and Daniel Webster were lined up against President Jackson as well.
The crisis came to a head in the summer of 1832 when both the House and Senate passed a bill renewing the Charter of the Second Bank of the US early. Not only did Jackson veto the bill and give one of the most memorable veto addresses of any President, he then took on Biddle directly by removing first removing persons in the administration and government who were pro-Bank and pro-Biddle. In the coup de grace for the Bank, Jackson the gold species from the Bank and moving into state banks across the country. Jackson won the battle completely. His actions were not without negative consequence as the distribution of the species across the country led to rampant inflation and the Panic of 1837. However, by that time, Jackson had departed the Presidency and the fallout was left to his successor Martin Van Buren.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/18/2017 • 18 minutes, 26 seconds
Day 10 of One Month to More Effective Internal Controls
Today I want to look at internal controls for third parties. One of the questions that GSK faced during the bribery and corruption investigation of its Chinese operations is how an allegedly massive bribery and corruption scheme occurred? The dollars paid out went upwards of $500MM, which coincidentally was the amount of the fine levied by the Chinese court on GSK. It is not as if the Chinese medical market is not well known for its propensity towards corruption, as prosecutions of the Foreign Corrupt Practices Act (FCPA) are littered with the names of US companies which came to corruption grief in China. GSK itself seemed to be aware of the corruption risks in China. In a Reuters article, entitled “How GlaxoSmithKline missed red flags in China”, Ben Hirschler reported that the company had “more compliance officers in China than in any country bar the United States”. Further, the company conducted “up to 20 internal audits in China a year, including an extensive 4-month probe earlier in 2013.” GSK even had PricewaterhouseCoopers (PwC) as its outside auditor in China. Nevertheless, he noted, “GSK bosses were blindsided by police allegations of massive corruption involving travel agencies used to funnel bribes to doctors and officials.”
Where were the appropriate internal controls? You might think that a company as large as GSK and one that had gone through the ringer of a prior Department of Justice (DOJ) investigation resulting in charges for off-label marketing and an attendant Corporate Integrity Agreement (CIA) might have such controls in place. It was not as if the types of bribery schemes in China were not well known. In an article in the Financial Times (FT), entitled “Bribery built into the fabric of Chinese healthcare system”, reporters Jamil Anderlini and Tom Mitchell wrote about the ‘nuts and bolts’ of how bribery occurs in the health care industry in China. The authors quoted Shaun Rein, a Shanghai-based consultant and author of “The End of Cheap China”, for the following “This is a systemic problem and foreign pharmaceutical companies are in a conundrum. If they want to grow in China they must give bribes. It’s not a choice because officials in health ministry, hospital administrators and doctors demand it.”
Their article discussed the two primary methods of paying bribes in China: the direct incentives and indirect incentives method. Anderlini and Mitchell reported, “The 2012 annual reports of half a dozen listed Chinese pharmaceutical companies reveal the companies paid out enormous sums in “sales expenses”, including travel costs and fees for sales meetings, marketing “business development” and “other expenses”. Most of the largest expenses were “travel costs or meeting fees and the expenses of the companies’ sales teams were, in every case, several multiples of the net profits each company earned last year.””
It would be reasonable to expect that internal controls over gifts would be designed to ensure that all gifts satisfy the required criteria, as defined and interpreted in Company policies. It should fall to a Compliance Officer to finalize and approve a definition of permissible and non-permissible gifts, travel and entertainment and internal controls will follow from such definition or criteria set by the company. These criteria would include the amount of the spend, localized down into increased risk such the higher risk recognized in China. Within this context, there are four general internal controls to consider. (1) Is the correct level of person approving the payment / reimbursement? (2) Are there specific controls (and signoffs) that the gift had proper business purpose? (3) Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls? (4) If controls are not followed, is that failure detected?
Below are 10 specific inquires you can make regarding your compliance internal controls specific to third parties.
1: Prior to entering the relationship, did management: confirm alignment with business strategy; analyze strategic risk; perform risk/reward analysis; and review its ability to provide adequate oversight and management on an ongoing basis?
2: Can the third-party’s activities be viewed as predatory, discriminatory or abusive?
3: Does your compliance regime include: policies and procedures to help manage third-party relationships; proper internal controls; training; monitoring; and auditing procedures to ensure consistent and ongoing compliance?
4: Was adequate due diligence conducted that included a review of all available information about the third-party (e.g. financial condition, reputation, knowledge of laws, complaints, operations and controls, internal controls and marketing materials?
5: Are expectations and obligations of both the company and the third-party outlined in a written contract prior to entering the relationship?
6: Does the board of director’s review and approve any material third-party relationships?
7: Does the contract outline fees to be paid, management information reports, audit rights, limit use of consumer information, exclusivity language, complaint management process, specifies circumstances that constitute default, dispute resolution process, and provides indemnification provisions?
8: Did the board initially approve the third-party relationship and does it review each significant third-party relationship on at least an annual basis?
9: Is there a process to verify the third-party’s operations are consistent with the written agreement and that risks are being controlled?
10: Does management allocate sufficient qualified staff to monitor significant third-party relationships and provide necessary oversight (and are these activities reported to the board of directors or designated committee)? What is the frequency of exceptions and how are they analyzed/documented/reported to management? When applicable, are you comparing and analyzing the third-party’s sales patterns?
Obviously, the use of third-parties can be a powerful and effective way for a business to achieve its strategic goals. This may be one of the key reasons why third-parties are still one of the leading indicia of bribery and corruption. Every compliance program should regularly review its third-party service providers and evaluate internal policies and procedures to ensure compliance.
Three Key Takeaways
GSK in China continues to be an example of the lack of internal controls for an effective compliance program.
General areas of review for compliance internal controls.
Third parties are still the highest risk of corruption related issues.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/18/2017 • 11 minutes, 24 seconds
Day 9 of One Month to More Effective Internal Controls
As they made clear with several FCPA enforcement actions in 2016, the SEC has placed a renewed interest in the accounting provisions of the FCPA, specifically the internal controls provisions. The BHP enforcement continued this trend, where there was no evidence that bribes were paid or offered in violation of the FCPA, the poor internal compliance controls at BHP led to a $25MM fine. Kara Brockmeyer, the former Chief, FCPA Unit; Division of Enforcement of the SEC, reiterated that the SEC was committed to protecting investors in US public companies and those which list other securities in the US, through enforcement of the accounting provisions, including internal controls provisions of the FCPA. It would seem that the reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.
What can you do around the FCPA’s requirements for internal controls and current SEC emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the FCPA Guidance. While most compliance practitioners are familiar with the Ten Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Internal Controls Framework as your starting point.
As a lawyer or compliance practitioner you may not be familiar with all the internal controls that you have in place. This exercise would give you a good opportunity to meet with the heads of Internal Audit, Finance and Accounting (F&A), Treasury or any other function in your company that deals with financial controls. Talk with them about the financial controls you may already have in place. An easy example is employee expense reports. Every company I have ever worked at or even heard about requires expenses for reimbursement to be presented, in documented form on some type of expense reimbursement form. This is mandatory for IRS reporting; so all entities perform this action. See how many controls are in place. Is the employee who submits the expense reimbursement required to sign it? Does his/her immediate supervisor review, approve and sign it? Does any party in the employee’s direct reporting chain review, approve and sign? Do any personnel from accounts payable review and approve that expenses have the requisite receipts attached? Is there any other review in accounts payable? Is there any aggregate review of expense reports? Is there a monetary limit over which additional reviews and approvals occur?
Now if an employee has submitted expenses for activities that occurred outside the US are there are any foreign government officials involved? Were those recipients of any such gift, travel or entertainment identified on the expense reimbursement form? Was the business purpose of the meal, gift or entertainment recorded? Can you aggregate the monies spent on any one foreign official or by a single employee in your expense reporting system? All of these are internal controls that can be mapped to the appropriate prong of the Ten Hallmarks or other indicia of your compliance program.
You can take this exercise through each of the five objectives under the COSO 2013 Internal Controls Framework and its attendant 17 Principles. From this mapping you can then perform a gap analysis to determine where you might need to implement internal compliance controls into your anti-corruption compliance program. This can lead to remedial steps that you can take. For example, you can recommend procedures be written for all key compliance areas in which there are currently no procedures and your existing procedures can be updated to include compliance issues and clear definition how controls are to be evidenced. Through this you can move from having detect controls in place, to having prevent controls, whenever possible.
As a Chief Compliance Officer (CCO) or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. Compliance is a straightforward exercise; this does not mean that it is easy, you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.
Three Key Takeaways
Learn the internal controls your company currently has in place.
Map your compliance internal controls to the COSO 2013 Framework,
Use your gap analysis as a basis for remediation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/17/2017 • 10 minutes, 30 seconds
FCPA Compliance Report-Episode 342, Melanie Johnson
In this episode, I visit with Melanie Johnson, co-founder of Elite Online Publishing, which aids entrepreneurs, business leaders, and professional athletes to create, publish, and market their books, to build their business and brand. Melanie talks about her professional journey which led to this venture and how her career in broadcasting gave her a unique understanding for the world of online publishing. She discusses using your skills and passion to develop your own business.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/17/2017 • 22 minutes, 59 seconds
This Week in FCPA-Episode 61
This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:
HSBC monitor report protected from release. See article in Reuters by clicking here.
The Odebrecht scandal continues to resonate across South America. See Dick Cassin’s post in the FCPA Blog.
The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in Compliance Week.
Roy Snell says it’s not who’s who but who gets it. See article in SCCE Compliance and Ethics Blog.
Tom announces the rollout of the Compliance Podcast Network. It includes This Week in FCPA, FCPA Compliance Report, Compliance Report-International Edition, 12 O’Clock High, Unfair and Unbalanced, Compliance into the Weeds, Across the Board, Everything Compliance, One Month to a More Effective Compliance Program. See Tom’s article in the FCPA Compliance and Ethics Blog.
The next Everything Compliance podcast is in production. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Part I will go up on Thursday, July 20.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/15/2017 • 37 minutes, 32 seconds
Day 8 of One Month to More Effective Internal Controls
A gap analysis is a method of assessing the differences in performance between a business' internal controls to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully. Moreover, it is a determination of the degree of conformance of your organization to the requirements of an internal controls standard. A gap analysis is mainly a document review or a “show me the evidence” type activity, evidence which usually will come in the form of a record or document. During a gap analysis, there is some auditing accomplished, through key stakeholders providing the evidence they may have –or not- for each of the requirements set forth in the relevant internal controls standard.
Gap analysis are very often conducted at the beginning of the journey of an organization seeking compliance to an internal controls standard or it can be used as the basis for internal controls enhancement. Interestingly this can lead to more or even less internal controls, as sometimes in the realm of internal controls, less is more. The primary reason why a gap analysis is conducted at the beginning of the development phase or after some development has occurred is because the organization wants to know where they stand regarding meeting the relevant internal controls standard and they want to know specifically what they need to do to close the gaps. Companies need to understand where their gaps in internal controls are located, how large those gaps might be and what they need to do to close those holes and get closer to fully meeting the requirements of the chosen specification or standard.
Gap analysis is a technique that can be used to assess if an enterprise can meet its needs using its present capabilities. The capabilities that may be examined for improvement include staff competencies, facilities, applications, technical infrastructure, processes and lines of business; all with an eye towards (1) improving the compliance environment and (2) operationalizing compliance into the functional business units.
Miriam Boudreaux posed the following, “Imagine a situation where you have been asked to improve the performance or efficiency of a particular unit of an organization. You have no clue whatsoever as to what set of factors is the real cause of the degraded performance you have been asked to improve. Identifying the gap between what is expected and what you are delivering, that is, the difference between the current state and the future state, is referred to as “Gap Analysis”.”
She goes on to state that a “gap analysis can be defined in a number of ways, which more or less point towards the same meaning:
It is the process through which a company compares its current or actual performance to its expected performance to determine whether it is meeting its objectives and using its resources effectively.
It is a technique that businesses use to determine what steps need to be taken in order to move from their current states to their desired future states.
From both definitions, it is evident that gap analysis is a technique that can help a business reach its peak eventually. By defining and analyzing gaps, a project team can create an action plan to move the business forward and fill performance gaps.”
After the completion of the gap analysis there should be a report which presents a clear summary or where the major gaps exist between the company’s documentation and the internal controls requirements. It also should show a detail recount of each requirement and the degree of compliance, with corresponding actions that need to be taken to close these gaps. Here lies a major difference between an Audit report for example and a gap analysis report: the gap analysis report has some inherent advice to it, which makes it suitable to be accomplished by consultants or experts in the chosen specification or standards.
Another way to consider a gap analysis is the steps you should take. These include:
Accurately defining the future goals: If you are not clear about the organization’s goals, all your efforts will be in vain. The first and foremost thing to be done is to identify what exactly the goals of the business are and the changes needed to achieve these goals. If the goal is not clear, the improvement exercise will keep on deviating from its desired path.
Identifying the current scenario and associated issues: To reach the place you desire, you should first assess where you are located in your internal controls regime. For example, a failure to see the real reason behind the poor compliance performance of your business units may affect profit and growth on the long run. At this stage, the analyst may organize brainstorming sessions, employee interviews, document review sessions to gain insight into present challenges. Only after a comprehensive definition of present challenges can one get a clear picture of the situation.
Devising the action plan: Now that you know the present and future expectations, you can think of the how factor, which is in form of a plan. How will you implement the action plan to close the identified gaps? The solutions may include several steps like hiring more employees, procuring extra machines and equipment, offering perks and incentives to get the best out of employees and so on.
Report: Finally, you will want to report your findings with the appropriate data and analysis presented. To do this, you may wish to use our gap analysis report template. In your report, you will include things like the background of the company and analysis, problems that have occurred, and even reasons for undertaking the analysis. Then, you will present your findings, showing the strategic objectives, current standing, deficiencies, and whether the current situation is acceptable. If the situation is unacceptable, you will present a course of action for improvement. Finally, all your analysis will be backed up with the data gathered during the analysis.
Three Key Takeaways
Be prepared to require evidence from key stakeholders.
Use a multistage approach to a gap analysis.
To get to where you want to be, you have to know where you are.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/14/2017 • 12 minutes, 59 seconds
Day 7 of One Month to More Effective Internal Controls
Today, I consider some ways in which a compliance professional can work to implement internal controls in a multi-national organization. The first step is to convert your company’s compliance risks into internal control objectives. The internal control objectives are then given to each business unit with instructions to develop controls, which meet the objectives. This process should allow more of a fine tuning approach within existing systems than the development of specific controls by corporate which all business units must adopt and will give the business unit a sense of buy-in and participation in the process.
One example of how the process might work in the situation where the compliance risk is that a third-party representative may be paid for an invoiced amount before that third-party representative has gone through your company’s full third party approval process. Here your control objective is that internal controls should be in place to ensure that no vendors are added to the vendor master file until the vendor has been approved. If your company has a sophisticated ERP system such as SAP where checks are generated using the vendor master file and signed by the computer, this control objective may be met by adding a field to the vendor master file in which inserts the date the vendor is approved and by programming such a requirement the vendor information cannot be inserted into the check to pay the vendor unless the designated fields are populated. There would also be manual controls over the input of the date to ensure the data is not entered inappropriately. These internal controls would translate into form for changes to the vendor master file which is initiated by the person in charge of vendor due diligence and requires a ‘second set of eyes’ requiring sign off by a second person, such as the controller. Through this mechanism you have created a primary control through your third party approval process and validated that process if a change is made.
What if your location or business unit involved does not have a sophisticated ERP system such as SAP, for instance at another location QuickBooks is used? Then the control objective could be satisfied by using a similar form for changes to the vendor master file combined with the requirement that a report of all changes are printed and submitted to both check signers, along with the applicable approved vendor change request.
One of the banes of any compliance practitioner is the push back they inevitably receive when they attempt to institute something new or different. The same can be true of internal controls. What happens when the compliance function receives push back and is told the controls are too burdensome and will also make operations less efficient? Many business development types will raise the hue and cry that internal controls prevent them from effectively running the business. Finally, there are many groups in any company that may well say that a re-work of internal controls will cost too much money.
One of the areas available to a compliance professional is benchmarking from other company’s compliance experiences. However, this can be expanded into solid presentations about why it is important to assess and mitigate compliance risks using your corporate peers that have been the subject of a Foreign Corrupt Practices Act (FCPA) enforcement action. This is some of the best sources of information a compliance practitioner can avail his or herself of to provide good insight into why it was never expected that the company would be subject to FCPA enforcement and insight into the extreme disruption, cost, and anxiety which accompanied the enforcement actions.
The premise is that the cost of controls should not exceed the benefits to be obtained, so it really comes down to internally selling a cost benefit analysis. If the selling is done after at least a basic risk analysis, then it should be relatively easy to obtain concurrence that certain risks must be mitigated and that the benefits exceed the expected costs. Furthermore, there are occasions where there are no costs associated with improving controls. A good example is when re-alignment of duties using existing staff achieves an improved set of internal controls. Another example is when manual controls can be converted to electronic controls such that the only cost is the programming and re-training costs.
Another key factor, as with all compliance initiatives, is ‘Tone at the Top’. This means that you should meet with and present the case for compliance-focused internal controls to your company’s Executive Leadership Team, Audit Committee of the Board or other appropriate group of senior executives. The presentation should include, with examples, the importance of identifying and mitigating compliance and fraud risks. Some of these might include the following:
Illustrating the examples of how the controls can prevent bribery as well as many other types of occupational fraud;
Illustrating that the controls needed are all sound business controls, nothing exotic or out of the ordinary;
With proper control design, it may be possible to eliminate some existing detect controls in favor of more useful preventive controls or even prescriptive controls;
As a result of your business changes and resulting changes in assessed risks, it may be that some procedures now being performed are no longer needed and the resources can be shifted to more necessary controls; and
It may be possible to build in more electronic controls, which can replace existing manual controls.
What if your company does an assessment of the internal controls over financial reporting as part of Sarbanes Oxley (SOX) compliance and that the Chief Financial Officer (CFO), or other appropriate corporate officer, annually certifies the internal controls are effective? How should such a situation be dealt with or conversely how might a compliance professional respond?
There are two primary reasons why the assessment under SOX is not sufficient for a Compliance Officer’s purposes. One is the scope of the SOX assessment and the second is the design of the SOX assessment. This means that the SOX process addresses only the internal controls over financial reporting, that is, the controls in place to prepare the financial statements for presentation to third parties. That process does not address the risks or the control needs with respect to FCPA. Another example is internal controls over disbursements, which may be evaluated as being effective if there is a three-way match of the approved purchase order, the vendor invoice, and the receiving report. Those controls do not address the risk that an agent may submit an invoice before the agent has been vetted and the invoice will be paid. It also does not address whether the agent’s invoice was reviewed for proper description of business purpose and for being consistent with the approved contract with the agent.
The second primary reason SOX certification of financial internal controls itself is not enough is the design criteria. SOX allows a materiality threshold. This means that operations outside the US may be excluded from scope due to materiality. It may also mean that some functions are operating below the financial internal controls level. Compliance professionals need to continually remind others that there is no materiality requirement in FCPA enforcement.
Good compliance internal controls are not some standalone protective measure. They can help to make a company run more efficiently as the internal controls that prevent FCPA violations are the same ones that prevent fraud in the workplace. So the presence of good internal controls saves money by preventing fraud. It is a business best practice to prevent fraud, which includes preventing corruption. I have long wondered about Ethisphere and its annual survey of the world’s most ethical companies because they seem to exceed the Standard & Poor’s (S&P) index of average profits and growth. What I have come to believe is that one of the keys ways such companies do seem to have better than average profitability is that they have better internal controls.
Three Key Takeaways
Convert your compliance risks into internal control objectives.
As with many components of a best practices compliance program, tone at the top is critical.
If you receive pushback from the business folks, always remember, good internal controls make for a better run, more efficient and more profitable business.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode I visit with Carlos Ayers on steps you can take to make your compliance program more effective to employees in Latin America. This includes such things are localizing your training and presentations, consideration of local laws, use of language and regionalizing your approach.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/13/2017 • 23 minutes, 51 seconds
Day 6 of One Month to More Effective Internal Controls
Next, I will review how to use the risk assessment you have performed as a tool to provide a structured approach to establishing effective internal controls. After preparation of the risk assessment, the next step is to prioritize the listing of the risks and which locations they are common. This begins by mapping existing internal controls to risks and then assess whether the internal controls are sufficient to mitigate the risks.
To help with consistency in this evaluation process, it may be useful to assign a risk weight to each of the elements in the risk assessment. For example, a construction company might assign a higher weight to the presence of movable fixed assets while a company which sells exclusively through local distributors, might assign a higher weight to the sales function than one that exclusively uses company employees for sales activities. However it is structured, the assessment should result in the assignment of individual risk scores and a composite risk score for each location. These scores can then be used to prioritize the locations in terms of dealing with control risks.
One of the biggest risks under the FCPA is where sales are conducted through third parties. If your company is moving to new geographic markets or new products and does not plan to use an internal sales team to facilitate these new efforts it presents a high compliance risk. The Securities and Exchange Commission FCPA enforcement action against Smith & Wesson (S&W) was just such a situation, where a newly emerging international sales operation was executed through third party agents.
The compliance function should understand the corporate or business unit controls over the international business generally, in addition to the necessary controls over agents. Some of the questions you might consider are the following. Is there a US based International Sales Manager who is responsible for growing the international business? What is the incentive compensation plan? How good are the segregation of duties? In other words, can the International Sales Manager unilaterally make high-risk decisions, or must a senior officer of the business unit or the corporate home office be part of the approval process? Finally, and in a point not to be forgotten or dismissed, how are all of these internal controls documented?
What about a situation in opposite to the above scenario, where your company’s primary sales channel uses a US based sales force which only travels to locations outside the US for temporary visits of generally short duration. This situation minimizes some compliance risks, retains some compliance risks, and shifts some other compliance risks. The minimized compliance risks come from the lessening on the reliance of third parties so that a company, at least in theory, would have more control over its own work force than those employed outside your company.
The retained risks are the risks associated with gifts, entertainment, hospitality, and travel, approval of credit terms to customers, product pricing, special arrangements with customers such as providing product samples, knowing who the ultimate customer is and where the goods are ultimately shipped, and use of freight forwarders and customs agents. The shifted risks are created if there is no physical location outside the US because the accounting must be done in the US. This means that compliance risks regarding the accounting function simply shift to the US accounting department where transactions are processed and recorded and where the financial statements are prepared.
These identified risks need to be subject to appropriate internal controls because it is well established that the issuance of a Code of Conduct and/or compliance policy and training of said policy’s requirements is a good practice, but it does not provide reasonable assurance that employees will comply with the policies. What is needed are written procedures and work instructions, in the native language of the respective employees, that defines exactly what the procedures to be performed are and how they will be evidenced. As difficult as it is for US employees to translate, by themselves, what it means to comply with policies, it may be significantly more difficult for employees outside the US, not only due to language but also due to traditional local business practices, cultures and customs.
You can also utilize the COSO 2013 Internal Controls Framework, which created a more formal structure to design or assess the effectiveness of internal control within the five COSO components. A companion document, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples, catalogued possible approaches and examples in the context of internal control over financial reporting, and could be useful for companies complying with compliance internal controls under the FCPA. COSO has also published an additional companion document, Illustrative Tools for Assessing Effectiveness of a System of Internal Control, which provides templates that may be used to support an assessment of internal control and includes various scenarios which illustrate several practical examples of how the templates may be used.
Finally, consider a business unit in a geographic area such as the Far East where there is a significant amount of deference to supervisors in the local culture; such that, even if an employee saw inappropriate behavior it would not be expected that the employee would make any report or comment. Such situations can have huge impact on your internal controls environment.
Three Key Takeaways
Third party risks are still your highest risks under the FCPA so use your internal controls appropriately to help prevent this risk from becoming a violation.
Use mapping and a gap analysis to collate risks to existing controls.
Always consider the regional and geographic variances.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/12/2017 • 11 minutes, 6 seconds
Leadership Lessons from John Adams
In an article entitled, 12 Leadership Qualities of An Often-Overlooked President, Matt Myatt, writing in forbes.com online reviewed the leadership qualities of John Adams as laid out in David McCullough’s Pulitzer Prize winning biography, appropriately entitled John Adams. Adams presidency was glossed over with little more than a brief mention, most probably because he was President between two of our more memorable presidents – Washington and Jefferson. Samuel Eliot Morrison once said that history teaches us how to behave and Adams provides a great example on it. The following list contains 12 qualities that made him a great man and a great leader:
He valued education. He began his education at college when he was fifteen and he never lost his curiosity. He passed this tenet to his children, stressing education to his children and played a large role in their learning. The more Adams thought about the future of America, the more he was convinced it was through education.
He strove for a good reputation. As a young lawyer, Adams knew he would get nowhere without a good reputation. The same is even more so today.
He loved his wife. McCullough’s book made clear the love story that was of John and Abigail Adams. As much as he was apart from his wife, the more he sought her counsel. The benefit for the historian and for us is that such counsel came through correspondence preserved for posterity. Adams never operated in a bubble and neither should you.
He fought for what was right. Adams knew that defending the British soldiers involved in the Boston Massacre would harm his reputation and it did but it was also the right thing to do.
He was a great communicator. This surprised me a bit as I had always thought this was a weakness of Adams. Yet he made himself into both a great writer and speaker, through study of the Classics.
He recognized his weaknesses and brought in others to fill those talent gaps. When Adams found himself in a situation where he felt inadequate, he did one of two things: recommend someone else, and if that was not possible; he would learn what he had to, and then work diligently to achieve the desired outcome.
He could spot talent. This is perhaps where Adams shined the brightest, as Adams was the first to submit George Washington’s name for general of the Continental Army, a post being clamored for by many. He also recruited the pen of Thomas Jefferson to draft the Declaration of Independence and the wisdom of Benjamin Franklin to help edit it.
Physical courage. Leaders should always stand up for others and exhibit courage in the face of danger and Adams was exception. Particularly during the revolutionary years, Adams demonstrated great personal courage.
He had unwavering integrity. Many people disliked Adams for his political views, but they never could say that he was not a man of integrity. He was loyal to a fault to those he called friends.
He had perseverance. Adams was in the long line of hearty and dogged New Englanders. Yet when he was a diplomat he found it did not suit him but he preserved and helped negotiate favorable treaties for the colonies and later United States.
He had the ‘vision thing’. Long before it was so articulated, Adams was able to articulate a vision for the fledgling colonies as an independent nation that many others could not. Being able to see the bigger picture is a trait that leaders must possess if they are going to be successful in the long-run.
He was a true public servant. The public career of John Adams can be described as nothing other than service beyond self. Adams believed in something bigger – he literally gave his life so that every American might have the freedom and liberty to live the life we choose.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/12/2017 • 20 minutes, 26 seconds
Day 5 of One Month to More Effective Internal Controls
Today, I want to discuss how to assess for your internal controls regime for international operations. It is incumbent that you need to review as much information so you can to understand the financial and operational structure of an entity and how the financial and operation structure outside the US is integrated with the corporate headquarters, or the US business unit’s financial and operation structure, if the foreign operation is part of a US business unit.
You could begin with the Transparency International (TI) Corruption Perceptions Index (CPI) to garner a sense of the reputation of the country in which your business unit is located, as well as the CPI for all other countries in which the location either markets business or has current customers. Another area for inquiry or review is the scope of your operations at a location outside the US. This means you will need to consider your sales model, whether employee based or primarily using third party representatives. You will also need to consider if such third party representatives are coming into a commercial relationship with your company through your supply chain.
Other areas of inquiry should include whether your company’s finance and accounting staff produce financial statements that are integrated into the parent’s financial statements; whether your international business locations utilize a local bank account for local sales receipts as well as funds transfers from the US and whether the account has local check signers and whether dual signatures are required on the checks. You may also want to consider the extent to which local disbursements are made in local currency and, of course, is there a local petty cash fund.
As with many other areas around internal controls, it is important to consider the local Delegation of Authority (DOA) and whether it is consistent with your corporate DOA. Some of the considerations regarding the local DOA should extend to which corporate or US business unit approvals are required for transactions initiated locally, such as: (1) Approval of vendor invoices, (2) Disbursements of funds, including wire transfers; (3) Execution of facilities leases; (4) Execution of contracts with agents; and (5) Approval of pricing and credit terms to customers and distributors. You should also review whether the local DOA provides appropriate segregation of duties at the local business unit level.
You should consider how sales of product are conducted. For example, is an inventory maintained at the local operation for shipment to customers? Are products drop shipped from US directly to the customers of the local operation? Are products drop shipped to distributors for delivery to the ultimate customer?
Hopefully you are already doing the above but you should review what is being done to determine if employees or local contractors who are local nationals have gone through your due diligence process so that they have been properly vetted to determine whether they are government officials in any capacity or are relatives of government officials. Along the lines of a more formal FCPA analysis you should review to see if there has been any investigation of alleged fraud, including FCPA violations, at the location and if so, what were the results of the investigation? In the area of customers, you should review with whom each international location does business to determine the extent to which its current customers are local government entities as well as the extent to which the location is pursuing sales activities for other local government entities.
If there has not been a sufficient assessment of controls, the compliance professional must then decide how to best determine whether the local controls are sufficient to satisfy the requirement of the FCPA and accurately reflect all transactions and prevent concealment of improper transactions. Some of these considerations would be an inadequate segregation of duties because the separation of responsibility for physical custody of an asset from the related record keeping is a critical control. In practice, this means that persons who can authorize purchase orders (Purchasing) should not be capable of processing payments (Accounts Payable). Further, the employee who prepares the deposit should not post the receipts to the customer accounts.
You should look to see if there is inappropriate access to assets. If there is internal controls should be created to provide safeguards for physical objects such as inventory and cash, restricted information, critical forms, and update applications. This means that an employee who only needs to view computer information should be restricted to Read and File Scan access and should not be granted Write and Create access. Moreover, controls should prevent the unauthorized removal of resale inventory and movable fixed assets from the premises.
It is not necessary to prove a bribe to have been paid in order to have an enforcement action against a company for violation of the internal controls provisions of the FCPA. In the SEC enforcement action against Smith & Wesson, that was the situation. It was this lack of effective internal controls, not the payment of a bribe, which was the basis for the civil enforcement action. This means that you should look to make certain the situation is not one of form over substance, where controls can appear to be well designed but still lack substance, as is often the case with required approvals.
Such a situation could arise in several different scenarios. The first is where an account manager's signature attests to the accuracy of the payroll voucher information, but if the account manager does not have assurance that the supporting time records are accurate, the approval process lacks substance. Other examples are where a supervisor who approves expense reports but routinely does not look at the supporting documentation; a Country Manager provides a true control as an approver; or where the Country Manager or the local Finance Manager has ability to conceal the true nature of transactions without detection by anyone else.
Another important area involves sales and compensation for the international business unit in question. On the sales side of the equation, you review the three-year historical sales for the location and what are the budgeted sales for the upcoming year. This can give insight into the relative pressure on employees to grow the business and, accordingly, the possibility of an employee seeing a bribe as a good way to grow the business. The inquiries can lead to questions about compensation such as what is the sales incentive compensation plan for local sales personnel and for the Country Manager; as this inquiry gives insight into the possibility of personal benefit which might result from someone paying a bribe in order to win a contract which results in a large sales incentive compensation to the employee.
All of these reviews, questions, inquiries and analyses are designed to locate the pressure points involved in any company’s sales processes. This is because pressure is a key element of occupational fraud and the risk of fraud, including corruption, increases as the pressure increases. Since corruption is viewed as a subset of fraud, it might be a good time to review the Fraud Triangle, which lays out breeding ground for fraud in the corruption context:
Pressure which has financial implications, whether it be personal financial needs that are unmet or pressure to reach sales goals;
Rationalization – a fraud perpetrator always rationalizes that he / she is not a criminal and when committing fraud for personal benefit, the perpetrator intends to repay the money; when committing fraud for company benefit, the perpetrator rationalizes that the company really wants to meet its goals and that the perpetrator’s actions are in furtherance of the company’s goals; and
Opportunity – the perpetrator must be in a situation where the internal controls do not prevent the fraud and its necessary concealment.
Three Key Takeaways
You must understand the financial and operational structure of your company and how the financial and operation structure outside the US is integrated with the corporate headquarters.
Are your financial statements and reporting systems integrated?
Always consider the fraud triangle?
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/11/2017 • 13 minutes, 9 seconds
Compliance into the Weeds-Episode 45
In this episode, Matt Kelly and I take a deep dive into the 4th of July weekend use of the New Jersey beaches by Governor Chris Christie. Governor Christie had closed the beaches in a budget dispute but was still able, as Governor, to give himself and his family full access to the now wide open beaches on the recently passes holiday weekend. We consider Governor Christie’s example of undeserved privilege in the context of ethical leadership and tone at the top. Matt draws upon his Catholic school education to remind us that undeserved privilege is private law, as “privilege” comes from the Latin privus, private law; and lex, law. It’s a private law that benefits only one person, who doesn’t deserve it.
Read more about the issue and Matt’s thoughts on his blog post Tone at the Top Gone Wrong: The Christie Example.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/11/2017 • 17 minutes, 37 seconds
Day 4 of One Month to More Effective Internal Controls
Next, I want to consider some of the issues around internal controls outside the US and why your company’s internal controls might require changes for different countries across the globe. However, this provides an opportunity to further operationalize your compliance program through internal controls more narrowly tailored to mirror your business practices.
Every Chief Compliance Officer (CCO) should consider your entity-wide internal controls for a company. Under the FCPA accounting provisions, issuers can be held liable for the conduct of their foreign subsidiaries, even though the improper conduct occurred outside of the US. The scope of liability is based on the issuer’s incorporation of the subsidiary’s financial statements in its own records and Securities and Exchange Commission (SEC) filings. So, as with the use of third party distributors to sell product, FCPA enforcement looks past the structure of the transaction and makes enforcement decisions based upon the substance.
While a CCO should expect (or at least hope) that internal controls at locations outside the US are of the same effectiveness as internal controls within US business units and at the US corporate office; unfortunately, that might not always be the case. It is often the case that corporate level internal controls are stronger than those in foreign business units. There may well be several reasons for this. First, the company’s Chief Financial Officer (CFO) may be paying closer attention to the corporate level internal controls, with the idea that the corporate level internal controls are the final “filter” to detect issues. This follows partly from the focus in most companies on the controls over financial reporting, which does not include all controls needed for compliance. A second reason is that many companies were built through acquisitions, resulting in many business units (both in and outside the US) having completely different accounting and internal control systems than the corporate office. There is often a tendency to leave acquired companies in the state in which they were acquired, rather than trying to integrate their controls and conform them to those of current business units. After all, the reason for the acquisition was the profitability of the acquired company and nobody wants to be accused of negatively impacting profitability.
A third situation may exist at locations outside the US that began simply as a sales office. Then the location gradually expanded its scope of operations to become a full scope business unit with its own accounting and data processing functions. Unfortunately, it is not often the situation in which there was a master plan for internal controls as the location’s scope grew. Often processes were added internally and were usually designed by the local personnel that in practice meant the Country Manager had total control over financial affairs and was not really accountable to the Corporate Office. This can be particularly true as long as a country business unit’s profits continue. In such situations, there will rarely be any focus on effective preventive internal controls for compliance risk.
The next area for inquiry is where should a CCO begin in any of the above scenarios? The initial first step is to determine the extent of centralization or decentralization of relevant processes or put another way, to what extent are relevant processes performed at the corporate offices? In some companies it is common, for example, to have all vendor invoices paid from the corporate office. In other companies, the corporate accounting function only aggregates information received from business unit accounting departments. This translates into a varying analysis of risk regarding locations outside the US, depending on the degree of accounting decentralization. A good starting point is to determine the extent to which the financial statements of business units outside the US are reviewed and analyzed by the corporate accounting function. This will give good insight into whether the corporate accounting function provides an element of internal control or merely serves as a data aggregator.
The first step for the CCO is to determine the possible universe of risks and to assess the risks to result in a priority of how attention will be focused. One useful approach advocated is performing a Location Risk Assessment, whose purpose is to capture in one place each location outside the US where your company conducts business and to assess the compliance risks posed by the nature of operations at each location. Once the risks at each location have been properly categorized, you can then prioritize your approach to dealing with the risks.
Three Key Takeaways
Modifying your internal controls can work to more fully operationalize your compliance program.
Check the effectiveness of your internal controls for your international locations.
Revisit your internal controls when a country or region experience large growth or other disruption.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/10/2017 • 11 minutes, 2 seconds
FCPA Compliance Report-Episode 341
The issue of beneficial ownership is one which still bedevils many compliance professionals. Today, I visit with Brian Alster, Dun & Bradstreet’s Global Head of Supply and Compliance about the problem this issue continues to raise in the anti-corruption compliance space. Beneficial ownership is a critical inquiry for financial institutions and financial services companies but is becoming more important to non-financial commercial corporations. KYC is a well-worn phrase in the financial industry and Alster explains how it is becoming more important to the anti-bribery compliance specialist.
Alster discusses the new D&B service; D&B Beneficial Ownership, a solution that delivers quick and reliable data for actionable management of regulatory compliance. D&B Beneficial Ownership provides companies a fast and comprehensive picture of corporate hierarchy with entity and individual level share ownership based on Dun & Bradstreet’s 265 million verified business records. D&B Beneficial Ownership capabilities can be easily embedded into companies’ current workflows to help accelerate due diligence and ensure regulatory compliance.
You can learn more about this service, D&B Beneficial Ownership by visiting: http://www.dnb.com/products/corporate-compliance/beneficial-ownership.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/10/2017 • 26 minutes, 4 seconds
This Week in FCPA-Episode 60
This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance related stories, including:
U.S. charges top Colombia anti-graft prosecutor with money laundering. See article by Dick Cassin the FCPA Blog.
US Supreme Court may finally settle one of the fiercest debates arising from the Dodd-Frank Act: What is a whistleblower and when are they protected against corporate retaliation? See Joe Mont’s article in Compliance Week.
Alstom obtains ISO 37001 certification but does it mean anything?
Benefits of FCPA Pilot Program becoming clear after two 2017 declination. See article by Jaclyn Jaeger in Compliance Week.
Head of federal government ethics office to step down. See article in The Hill.
At nearly the half-way mark, the Astros lead the majors with the best record. See Tom’s article on how and why in the FCPA Compliance Report.
New eBook on Trump and Compliance: the First 100 Days is out. It collects the musings from the four amigos on the Everything Compliance podcast (+1). You can download your copy by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/7/2017 • 28 minutes, 40 seconds
Day 3 Of One Month to More Effective Internal Controls
There are four significant controls that he would suggest the compliance practitioner implement initially. They are: (1) Delegation of Authority (DOA); (2) Maintenance of the vendor master file; (3) Contracts with third parties; and (4) Movement of cash / currency.
Your DOA should reflect the impact of compliance risk including both transactions and geographic location so that a higher level of approval for matters involving third parties, for fund transfers and invoice payments to countries outside the US would be required inside your company. While it is quite often true that a DOA is prepared without much thought given to compliance risks, once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or does not define authority in a way even the approvers could understand it. Therefore, it is incumbent that the DOA be integrated into a company’s accounts payable (AP) processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this, you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval BEFORE they are paid.
Furthermore, if a DOA is properly prepared and enforced, it can be a powerful preventive tool for compliance. Consider the following example: A wire transfer between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of the same amount to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the compliance function, and one officer. In this situation, the DOA should specify who must give the final approval for engaging third parties. Finally, a DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US.
The vendor master file, can be one of the most powerful PREVENTIVE control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.
Near and dear to my heart as a lawyer, contracts with third parties can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. I would caution that for contracts to provide effective internal controls, relevant terms of those contracts, including for instance the commission rate, reimbursement of business expenses, use of subagents, etc.,) should be made available to those who process and approve vendor invoices. If there are nonconforming service descriptions, commission rates, are present in a contract, the terms must be approved not only by the original approver but also by the person so delegated in the DOA. Unfortunately, contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.
The Hewlett-Packard FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. All situations where funds can be sent outside the US, including such methods AP computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances; should all be reviewed from the compliance risk standpoint. This means you need to identify the ways in which a country manager or a sales manager, could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.
To prevent these types of activities internal controls, need to be in place. This means all wire transfers outside the US should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.
The bottom line is that internal controls are just good financial controls. The internal controls that detailed for third party representatives in the compliance context will help to detect fraud, which could well lead to bribery and corruption.
Three Key Takeaways
Remember the top four internal controls for an effective compliance program.
Effective internal controls should do more than protect but also prevent internal program violations.
Effective internal compliance controls are good financial controls.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/7/2017 • 12 minutes, 7 seconds
Day 2 of One Month to More Effective Internal Controls
Today, New York Times columnist David Brooks’ thoughts on building and maintaining order inform our discussion on internal controls. In the area of internal controls, I believe it is incumbent to consider not only the most obvious risk areas for your internal controls but also the universe of potential transactions within the operations of a particular company. There is a clear need for rigor in your internal controls protocols and adherence to that rigor can increased operationalization around the internal controls a company should consider including gifts, travel and entertainment (GTE).
One area that companies need to be mindful of is corporate checks and wire transfers, in response to falsified supporting documentation, such as check requests, purchase orders, or vendor invoices. The Delegation of Authority (DOA) is a critical internal control. So, for example a wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the compliance function, and one officer. The key is that the DOA should specify who must give the final approval for such an expense.
Petty cash disbursements in locations outside the US have unique control issues. Some petty cash funds outside the US have small balances but substantial throughput of transactions. Your DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US, including those who travel from the US to work outside US.
Another area for concern is travel, the reason for this being that a company’s corporate travel department and independent travel agencies can buy tickets, hotel rooms, etc., for non-employees. Internal controls might be needed to ensure policies are enforced when travel for non-employees can be purchased through a corporate travel department or through independent travel agencies. As was demonstrated with GlaxoSmithKline PLC (GSK) corruption enforcement action in China, a company must not discount the risk related to abuse of power internally and collusion with independent travel agencies. You should implement procedures to ensure compliance with your company policies regarding payment of travel and related expenses for third parties, for not only visits to manufacturing or job sites but also any compliance restrictions that might be in place.
An area for fraud, corruption and corporate abuse has long been Procurement cards or “P Cards”. If your company uses procurement cards, assume this to be a very high-risk area, not just for bribery and corruption but also for fraud risk generally. Banks have made a great selling job to corporations for the use of P-Cards to help to facilitate “cash management” but, more often than not, they can simply be a streamlined way to allow embezzlement and misbehavior to go undetected. Here a control objective should be put in place along the lines of a written policy and procedures defining the acceptable and unacceptable use of company Procurement Cards, required forms, required approvals, documentation and review requirements.
If the pre-approval process and strong controls over expense reports prevent misbehavior, employees who wish to misbehave will seek other ways to do it where controls are not so strong. This means you should use your risk assessment process to help prioritize where controls are most needed. If your company prohibits gifts and any travel other than for the submitting employee from being included in the expense report, you should consider requiring instead a check request form be used, which would be subject to stringent controls. In such cases a checklist should be completed and attached to the check request which includes questions and disclosures designed to flush out exactly what was provided in the way of a business class airline, pocket money, event tickets, side trips, leisure activities, spouses or other relatives who might be traveling and why the travel had business purpose. Such an internal control would allow for a more streamlined processing of expense reports and still elevates the GTE items to the appropriate level of review and requires appropriate documentation.
One question I am often asked is why does a company need internal controls in place regarding gifts because in many companies, where there internal audits of these expense reports are common. It is important to keep in mind that, with respect to GTE, internal audits most often constitute, at best, a detect control, which only gives comfort for some historical period and is not necessarily representative of the controls in place to prevent future violations. So, it will be a false sense of security if a Compliance Officer relies on the internal audit of expense reports to be the control needed over violation of Gift policies.
David Brooks’ has said, “Building and maintaining order…requires toughness of mind and rigid discipline to properly serve your own work.” By having the rigor to institute and enforce the types of internal controls Howell has identified, you can go a long way towards detecting and more importantly preventing a FCPA violation from occurring.
Three Key Takeaways
You must maintain rigor around your internal controls.
Controls against fraud can also help to prevent corruption.
Building and maintaining good internal controls requires rigor.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/6/2017 • 12 minutes, 1 second
FCPA Compliance Report-Episode 340
In this episode, I visit with Patrick Henz, a compliance practitioner and author of Access Granted: Tomorrow’s Business Ethics. Henz has written one of the most fascinating books on compliance going forward into the future that I have recently read. His book analyzes actual and future technological developments to discuss how these will affect tomorrow's business reality and its impact on the human. Henz believes that robotization and the implementation of Artificial Intelligence will change companies and societies. This does not mean automatically a shift for the better or worse, but life will be different, and it is in our hands to use technology for the first.
Artificial Intelligence, robots, 3D printing, micro-learnings, virtual reality, self-driving cars and all other autonomous software and machines will be a part of tomorrow's business. We should start thinking about the consequences. A chance and challenge for management, where the Ethics & Compliance function can position itself as a key-player and include AI inside its responsibilities.
In addition to the above, we discuss the role of gamification of training going forward. How will AI impact compliance. We also consider how the German electro-rock group Kraftwerk influences compliance to this day. Finally, we consider how the movie Minority Report and Asimov’s Three Laws of Robotics will inform your compliance program going forward.
Patrick Henz can be reached at [email protected].
You can check out his book Access Granted on amazon.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/6/2017 • 35 minutes, 51 seconds
Day 1 of One Month to More Effective Internal Controls
What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. The starting point is the FCPA itself, requires the following:
Section 13(b)(2)(B) of the Exchange Act (15 U.S.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to:
devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—
(i) transactions are executed in accordance with management’s general or specific authorization;
(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and
(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any
differences ….
The Justice Department (DOJ) and Securities and Exchange Commission (SEC), in their 2012 FCPA Guidance, stated, “Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.”
Aaron Murphy, Assistant Solicitor General in the Office of the Attorney General for the state of Utah and the author of “Foreign Corrupt Practices Act: A Practical Resource for Managers and Executives”, said, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”
Internal controls expert Joe Howell, EVP at Workiva, Inc. has said that internal controls are systematic measures, such as reviews, checks and balances, methods and procedures, instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Howell adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) in its 2013 Internal Controls Framework defined internal controls, in its publication entitled “Internal Controls – Integrated Framework”, as follows:
Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. This definition reflects certain fundamental concepts. Internal control is:
Geared to the achievement of objectives in one or more categories—operations, reporting, and compliance
A process consisting of ongoing tasks and activities - a means to an end, not an end in itself
Effected by people - not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to affect internal control
Able to provide reasonable assurance - but not absolute assurance, to an entity’s senior management and board of directors
Adaptable to the entity structure - flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process.
The Integrated Framework goes on to note, “This definition is intentionally broad. It captures important concepts that are fundamental to how organizations design, implement, and conduct internal control, providing a basis for application across organizations that operate in different entity structures, industries, and geographic regions.”
Why are internal controls important in your compliance program? Two FCPA enforcement actions demonstrate the reason. The first came in late 2013 when the DOJ obtained a criminal plea from Weatherford International (WFT). There were three areas where WFT failed to institute appropriate internal controls. First, around third parties and business transactions, limits of authority and documentation requirements. Second, on effectively evaluating business transactions, including acquisitions and joint ventures (JVs), for corruption risks and to investigate those risks when detected. Finally, around excessive gifts, travel, and entertainment, where such expenses were not adequately vetted to ensure that they were reasonable, bona fide, and properly documented.
The second case involved the gun manufacturer Smith & Wesson (S&W). The case did not include a criminal charge filed by the DOJ but a civil matter was prosecuted administratively by the SEC. In its Administrative Order, the SEC stated, “Smith & Wesson failed to devise and maintain sufficient internal controls with respect to its international sales operations. While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy.” Moreover, the company did not “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accordance with management’s general or specific authorization; transactions are recorded as necessary to maintain accountability for assets, and that access to assets is permitted only in accordance with management’s general or specific authorization”.
The whole concept of internal controls is that companies need to focus on where the risks are, whether they be compliance risks or other, and they need to allocate their limited resources to putting controls in place that address those risks, and in the compliance world, of course, your two big risks are the assets or resources of a company. Not just cash but inventory, fixed assets etc., being used to pay a bribe, and then the second big element would be diversion of company assets, such as unauthorized sales discounts or receivables and write offs, which are used to pay a bribe.
As an exercise, I suggest that you map your existing internal controls to the Ten Hallmarks of an Effective Compliance Program or some other well-known anti-corruption regime to see where control gaps may exist. This will help you to determine whether adequate compliance internal controls are present. From there you can move to see if they are working in practice or ‘functioning’. Internal controls will only become more important in FCPA enforcement. This month you will learn how to get ahead of the curve.
Three Key Takeaways
Effective internal controls are required under the FCPA.
Internal controls are a critical part of any best practices compliance program.
The Weatherford and Smith & Wesson FCPA enforcement actions demonstrate the enforcement spotlight on internal controls.
For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/5/2017 • 13 minutes, 1 second
FCPA Compliance Report-Episode 339, Ed Buthusiem of BRG
In this episode, I visit with Ed Buthusiem, with BRG Business Transformation. BRG partners with companies and their stakeholders to deliver sustainable results with speed and transparency through a data-driven and expert-led approach. We discuss the work of BRG and how BRG helps companies to drive a value proposition. We explore what this means for a Chief Compliance Officer or compliance practitioner and how can BRG help compliance professionals to operationalize compliance. We also discuss how compliance can become a more integrated part of the business process. You can find out more about BRG by checking out their website by clicking here.
This episode is sponsored by Ark-Group publishing who recently released my latest book 2016-The Year in Corporate Enforcement. This is the only book which details one of the most significant years of FCPA and global anti-corruption enforcement. You can check more on this book at the Ark Group website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
7/5/2017 • 20 minutes, 50 seconds
This Week in FCPA-Episode 59
In this week which starts the 4th of July holiday weekend, Jay and I return for a wide-ranging discussion on some of the week’s top compliance related stories, including:
The second Declination of the Session’s Justice Department, CDM Smith. For a copy of the Declination click here. For article in the FCPA Blog, click here.
The son of Equatorial Guinea's president went on trial this week in France for embezzlement of funds from the country. See trial reports of Days 2 & 3 in the Global Anti-Corruption Blog.
Is the DOJ afraid to go to trial in white collar prosecutions. Jesse Eisinger considers this issue in his new book The Chickenshit Club. See review of Eisinger’s book in the Financial Times by clicking here.
Tom nominates former Uber engineer Susan Fowler for top blog of the year (so far). Who is your nominee from the first half of the year? See Tom’s article in the FCPA Blog.
Hui Chen talks to Matt Kelly on a podcast on Radical Compliance.
Jay discusses his weekend report, which came out yesterday. You can read by clicking here.
At nearly the half-way mark, the Astros lead the majors with the best record.
Tom announces the premier of the Compliance Podcast Network, which will make its debut the week of July 10. It will be the only Podcasting Network dedicated to compliance, the compliance profession and compliance practitioners.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/30/2017 • 28 minutes, 37 seconds
Day 22 of One Month to Better Investigations and Reporting
Yesterday I considered an article by Ryan Hubbs, entitled “10 Factors Leading to Reporting Mechanism Distrust”, in which he detailed 10 factors leading to hotline distrust. Today I want to pick up on that article with Hobbs' tips for building a trusted hotline reporting program and culture, talk about the SEC whistle blowing program, and conclude with a few thoughts on why experienced, invested counsel is so critical in these.
Organizations implement and maintain hotlines, trusted programs, hotline programs differently depending on their sizes, cultures, geography, and many other factors if they must decide if they'll construct such programs. Many organizations find benefit to taking it outside from the experience and expertise, the appearance of independence which can increase employee trust. A smaller organization may not be able to do so. Nevertheless, there are many competent companies that put on hotline services for small individuals.
What can you do to help build trust for your reporting system?
1. Training and awareness. Increased awareness of the program will help build employee's confidence around it, and organization should continually strive to help employees know that the hotline reporting system program works, why the organization believes in it, who operates it, and why it's a critical part of the culture of the company and the compliance ethos of the company. Organizations should include hotline frequently asked questions and answers for all employee new hires and supervisory training.
Ongoing communication. Communication about a hotline reporting program, recent compliance issues, and messages from management should be a routine and commonplace. I have talked about putting posters in workrooms and coffee rooms to announce hotlines, but you have to continually communicate it. Think of the example of Louis Sapirman at Dun & Bradstreet, where they are continually communicating via the company's internal social media program about the hotline.
Accessibility. Information on a hotline reporting program and how to report a concern should be within one click of the organization's intranet or external website. An organization should communicate program information in as many languages is as necessary to provide coverage. Certainly here, the Department of Justice and Securities Exchange Commission have made clear in the 2012 guidance that local languages must be respected and utilized. Web-based reporting platforms should be available to facilitate anonymous reporting and allow for inclusion of attachments. Conversely, you may have a situation where a large amount of your workforce does not have access to a computer. They may be in a country where there's limited internet or, frankly, they may not be trained on computers, so you be required to maintain other mechanisms as well.
Transparency. Prominently display your organization's hotline reporting and investigative process including the expertise and contact information of your trained investigators, what employees should expect, plus the organization's responsibilities, cooperate, and protecting against retaliation. We have talked about anti-retaliation before, but I'm going to emphasize it again because it is so important. You must incorporate the fair process doctrine, you must not retaliate, and you must make clear to your employees that you will not tolerate retaliation.
Proficiency and objectivity. Those who manage the hotline and investigation process should be technically proficient, professional, well trained, and experienced in the handling and reporting of concerns. The organization should also install adequate systems, processes, and technologies to support the investigators and ultimately the employees. This includes an in depth and routine training, I would say no less than annually, for the organization's investigative, legal, HR, and compliance staff, but you've got to get the word out. You got to have proficiency and objectivity. Prong three of the 2016 Department of Justice pilot program required compliance expertise. You must have that proficiency and it should include into your investigative staff.
Ongoing assessment. Is your organization assessing your compliance program and your hotline? How do employees currently view the hotline reporting program and corporate culture? Can people get the information to the appropriate disciplines within your organization? Here you can think about Wells Fargo, where there was clear evidence that the culture had failed yet even with a reporting mechanism in place and use of that mechanism, management did not follow up to determine the issues which led to the company’s catastrophic reputational damage.
Next, is an assessment on whether the ethics and hotline policies, procedures, and technology are meeting the needs of the organization and the employees. Here let me emphasize technologies, because I earlier about a situation where an employee does not have access to a computer. What if the employees are out on a drilling rig? Would they have access to a cell phone, or could they report in that manner? Maybe not. They may have to use a computer. You must have the appropriate technology for your diverse workforce.
What about after the report is made? Are your internal investigations and resulting disciplinary actions consistent with the organization's desired culture of compliance? Here you need to make sure that the actions you have taken really are consistent because employees understand this and they will watch and see what happens. Are independent reviews conducted by internal audit or external professionals with ongoing oversight by an audit committee of the hotline and results? Finally, are complaints and resolutions disclosed to or discussed with external auditors? Are you bringing in outside experts to help you?
All of this is important because of Dodd-Frank and its creation of a Whistleblower program for securities violations, such as the Foreign Corrupt Practices Act (FCPA) for issuers. As of April, of 2017, the Securities and Exchange Commission (SEC) has made 43 whistle blowers awards of over $153 million to whistle blowers under the Whistleblower program established under Dodd-Frank. This is a direct result of failure of corporate hotlines. Any regulator will tell you that 95% of all employees attempted to report internally first and they were either rebuffed, they were retaliated against, or in some other way rejected. The amount of money, fines and penalties, paid out for ignoring whistle blowers, people who report anonymously, is significant.
Finally, as I end this one-month series, I would just like to re-emphasize the need for experienced investigative counsel for serious matters. Recently had a declination issued in the Linde Gas case by the Department of Justice (DOJ), and it really was clear that the counsel used by Linde in in addition to the decision self-disclose, was a critical factor in Linde getting the superior decision it did, which was a declination to prosecute. The investigation was a very difficult set of facts, very convoluted, very muddled up over many countries with shell companies, direct companies, and others. You really must have experienced investigative counsel for things that are outside the routine. Having an experienced, season and competent FCPA bar-lawyer who could both investigate it and negotiate with the government is very critical going forward.
Three Key Takeaways
Work to engender employee trust.
The SEC Whistleblower program is a huge success and is not going away.
Use experienced investigative counsel for hotlines reports of serious wrongdoing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/30/2017 • 12 minutes, 40 seconds
Day 21 of One Month to Better Investigations and Report
Today I want to consider some factors which can lead to employees’ distrust of an internal reporting system. Ryan Hubbs wrote an excellent article entitled “10 Factors Leading to Reporting Mechanism Distrust”.
The guidance and mandates for companies on reporting mechanism reporting are numerous, overlapping and sometimes very broad. There are the US Sentencing Guidelines; regulations under Sarbanes-Oxley (SOX), the Dodd-Frank Act and the 2012 FCPA Guidance. There are international guidelines from the EU, US and London based stock exchanges and even the United Nations deems reporting mechanism reporting a necessary good business practice. Dodd-Frank attempted to strengthen accountability by specifically providing protections for those who come forward as whistle blowers but also allows regulators to respond to misconduct through finding some legal action. While the goal of whistleblowers and reporting mechanisms might be to identify and correct wrongdoing, they do not guarantee success and they do not even guarantee effective and trusting programs.
Trust is a primary factor as to whether an employee will come forward with a concern. Management might try a quick-fix reaction to a messy investigation with more reporting mechanisms, posters or asking a CEO to use compliance training to generally get the word out. Nevertheless, employees view it as a trust issue, and you must have that trust. If an employee chooses not to report and an outside source later discovers misconduct, the organization will certainly be subject to potential financial losses and reputational damage that could have been avoided. If the employee does report, but the culture of trust is lacking or they faced retaliation, up to and including termination, then you have a disgruntled employee who is most likely going to go to the Securities and Exchange Commission.
What are Hubbs’ 10 factors leading to distrust of internal reporting mechanisms? Number one is that employees do not understand the reporting mechanism system. Some the questions include, “who answers the reporting mechanism number? Will they know that I filed a reporting mechanism complaint if I do so anonymously? Will they tell my boss that I've reported a concern? Where does my complaint go and who reviews it?” Employee doubt and uncertainty can impede an employee's decision to report a concern. Transparency is also noted to aid in trust and the more likely an employee is to come forward.
Number two is inadequate reporting mechanism resources and poor reporting program design. Companies can demonstrate their commitment to a reporting mechanism by spending money on well-designed reporting mechanism programs and professionally trained, efficient responders and investigate, fully integrated case management systems and all necessary supported tools. Anything less, will engender employee mistrust.
Number three is the lack of personalization of employee concerns. Utilizing an internal reporting mechanism can be a very personal experience for an employee as the whistleblower might be a victim, the employee could well have witnessed significant wrongdoing. He or she may view using the reporting mechanism as simply taking a personal chance by coming forward and doing the right thing. This means that if an employee only hears a recorded message or an automated response; they may view the entire program as machine-like and indifferent. Having qualified and experienced compliance or investigative professionals who should follow a predesigned investigative protocol, should immediately follow up on reported concerns. Moreover, concerned employees need support and reassurance they have done the right thing and the organization will address their concerns and that they will be protected from retaliation. There should also be a strong written statement against retaliation.
Number four is the improper handling of whistleblower complaints and lack of training of investigators. The mishandling of complaints and poor training of reporting mechanism calls and investigations can cause reporting errors in which the company conducts an inadequate investigation and/or comes to the wrong conclusion. As noted above an investigative protocol coupled with skilled investigators early in the reporting process. Employees who experience mishandled complaints will almost certainly communicate their dissatisfaction with colleagues, and that can certainly destroy reporting mechanism morale.
Number five is the always dicey question of whether management is involved in the reporting mechanism. If local management gets involved early when they may be the problem, or complicit in allowing concerns to go forward or unaddressed. Local HR professionals might also appear to employees to be closely aligned with management, they also might be inadequately trained and show bias or favoritism. To ensure transparency and objectivity, often when it's effective to use a third-party administrator for your reporting mechanism. At the point when concern becomes part of an investigation, the organization can involve management, including internal audit, compliance, legal and HR, depending on the type of complaint.
Number six is too many reporting mechanisms. Your corporate reporting mechanism should be the primary entry point for all concerns regardless of who reports or how companies identify them. Unfortunately, companies also have avenues such as emails, web portals, writing and of course, in person. These can require companies to struggle to determine who owns the proactive and reactive assessments of reporting and responses. Many companies offer reporting mechanisms just beyond the centralized reporting mechanism, but you should have a professionalized, centralized, clearly articulated program that help streamline reporting, increase communication and awareness, and decrease confusion to help build trust.
Number seven is there is too much emphasis placed on reports which must be based solely on “credible complaints. Employees who file fictitious or malicious complaints against companies and colleagues defend pending terminations or to get others into trouble or retaliate for some perceived personal slight.” While some companies attempt to reduce meritless complaints by communicating that employees should only report credible or good-faith complaints, others might go a step further by saying employees could be subject to disciplinary action for filing complaints that are not found to be credible. However, these tactics may well deter employees from reporting any concerns.
Number eight are the twin obstacles of negative incidences and retaliation. If I have had one key theme throughout this series on reporting, and indeed, throughout this month of investigations, it is an absolute prohibition against retaliation. Companies must prevent retaliation. When an employee is mistreated for following the organization's reporting policy, the reporting mechanism can sustain severe damage to its credibility and viability as a safe and secure mechanism. The damage from mismanagement and reprisals is memorialized on the internet and court records or public documents can create a devastating silent, do-not-report culture. Companies must communicate they have a zero tolerance for retaliation and deal with any retaliation swiftly and publicly.
Number nine is the problem of inconsistent outcomes. Companies must demonstrate that consistent and fair outcomes are routine, regardless of people, relationships or scenarios. Employees will learn through the grapevine if the organization delivers fair, consistent discipline, regardless of how confidentially an organization hides such outcomes. Of course, if employees view outcomes as fair, they will be more compelled to report concerns. Employees know that inconsistency equals personal risk.
Finally, number 10 is the time worn adage that actions speak louder than words. Employees critique, judge and evaluate what an organization says about its reporting mechanism reporting program by what it does, rather than what it says. Does it follow policies and procedures as assigned? Does it really have a zero-tolerance policy on retaliation? Are outcomes consistent, fair and appropriate? Does it truly allow employees to report concerns anonymously?
Three Key Takeaways
What are today's three key takeaways? Well, number one, you must not retaliate. That is probably the biggest destroyer of credibility and trust in a reporting mechanism reporting.
There must be ongoing communications and there must be follow up with the employees who made the anonymous reports.
Celebrate your reporting mechanism. Let employees know that it is acceptable to raise your hand because that is all you are doing at the end of the day, raising your hand. It is incredibly important and it is something that will make your reporting mechanism work much better.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/29/2017 • 14 minutes, 18 seconds
Everything Compliance-Episode 13
The top compliance roundtable podcast is back with a wealth of new topics. Stayed tuned to the end where there are some heartfelt and somber rants in this edition.
Matt Kelly opens with a discussion on Uber from the policies and procedures framework. Matt rants on the danger of overly legalistic approaches to compliance.
For Matt Kelly’s posts on Uber and the intersection of policies and procedures, see the following:
What Uber Teaches About Culture & Policy Management
Car Crash Governance at Uber
Mike Volkov considers blockchain and how it will impact compliance going forward.
For Mike Volkov’s post on blockchain and compliance, see the following:
Blockchain and the Future of Compliance
For reading on blockchain and compliance, see the following:
Will Blockchain Transform Compliance? by Tom Fox
How Blockchain Will Change Organizations, by Don Tapscott and Alex Tapscott in MIT Sloan Business Review.
Blockchain Explained, by Zach Church in MIT Sloan Management Review.
Jonathan Armstrong considers the trend of fake news and mis-information around GDPR. Jonathan most somberly rants on the Grenfell towers disaster.
For the Cordery Compliance client alert see the following:
GDPR ‘Fake News’
Jay Rosen brings a detailed discussion FCPA sabermetrics in the context of of the dearth of FCPA cases brought forward under the Trump Administration and Session Justice Department. He considers the numbers, the continuing departures of numerous Justice Department career employees and new political appointees as well. Jay rants on breaking news.
For Jay Rosen’s posts see the following:
The members of the Everything Compliance panel include:
Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]
Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/29/2017 • 1 hour, 3 minutes, 53 seconds
Day 20 of One Month to Better Investigations and Reporting
In an article entitled “How to Launch and Operate a Legally-Compliant International Workplace Report Channel” or in compliance parlance, a hotline, author Donald Dowling of the law firm of White and Case, provided a useful guide to help navigate the challenges of setting up a multi-national whistleblower’s hotline, such as is required under the FCPA and UK Bribery Act. The majority of his article “analyzes the six categories of laws that can restrict whistleblower hotlines abroad, focusing on compliance.” You should obtain a copy of this article and keep it for reference in regards to your company’s hotlines. It is available on the White and Case website, by clicking here.
Laws Mandating Whistleblower Procedures
This group of laws “comprises mandates that require setting up whistleblower hotlines in the first place.” This includes the US Sarbanes-Oxley (SOX) as well as other jurisdiction laws which generally protect whistleblowers from retaliation but do specifically require any hotlines be set up on a company wide basis. Dowling also found a couple of countries, Norway and Liberia, which require general receiving and processing of “public interest disclosures.”
Laws Promoting Denunciations to Government Authorities
This category of laws generally related to legal requirements for the reporting of illegal acts to government authorities in two ways. First, these laws encourage whistleblowing to government which then compete with employer hotlines by enticing internal whistleblowers to divert denunciations from company compliance experts and over to outside law enforcers who indict white collar criminals. This first approach is found in Dodd-Frank, which offers bounties. Second, these “laws that require (as opposed merely to encourage) government denunciations rarely except corporate hotline sponsors. These laws therefore force hotline sponsors to divulge hotline allegations over to law enforcement.” This second approach is found in SOX which “requires an employer to offer internal hotline procedures”.
Laws Restricting Hotlines Specifically
This category is exemplified by European data protection laws which act to restrict companies’ freedom to launch and operate reporting programs. Dowling believes that these laws are based upon the fact that Europeans “see hotlines as threatening privacy rights of denounced targets and witness”. Also this would seem to be in response to the totalitarian past from the World War II era. The author identifies what he termed “the four biggest hurdles” set up to frustrate hotlines in EU jurisdiction. They are “(1) restrictions against hotlines accepting anonymous denunciations; (2) limits on the universe of proportionate infractions on which a hotline accepts denunciations; (3) limits on who can use a hotline and be denounced by hotline; and (4) hotline registration requirements.
Laws Prohibiting Whistleblower Retaliation
This category will be familiar to US compliance practitioners through the applications of US laws such as SOX, Dodd-Frank and numerous state whistleblower statutes. Additionally, the author lists numerous foreign jurisdictions which have such laws. But here he believes that the key is communication because in many countries and foreign jurisdictions, there is no tradition of protection of persons who make reports against superiors so that an “employer needs to overcome worker fear of reprisal for whistleblowing.”
Laws Regulating Internal Investigations
Typically laws on internal investigation do not impact hotlines because a hotline is a “pre-investigation tool.” However, the author believes that No. 4 above, communication by the employer is critical to complying with laws that enact procedural safeguards for persons under investigation. Heavy-handed communications about a hotline could blow back against employers in claims by employees that “an employer rigged the investigation process.” So companies should ensure that communications about hotlines do not convey an “overzealous approach to complaint processing and investigations.”
Laws Silent on, but Possibly Triggered By, Whistleblower Hotlines
Here the author recognizes that the title of this category “is necessarily vague and determining which laws fall into it is difficult.” Nevertheless, he writes that the most “likely candidates are data protection laws silent on hotlines and labor laws imposing negotiation duties and work rules.” Regarding the former, the author argues that hotlines are not databases but conduits for the transmittal of information. He acknowledges that EU data privacy laws reject this distinction and treat hotlines as if they were databases where information is stored. He does not identify other jurisdictions which yet take this aggressive approach but he believes this may become a trend. The labor law issue is also tricky and may turn on the interpretation of whether the institution of a hotline is viewed as substantive change in working conditions under a union-management labor agreement and therefore subject to collective bargaining.
There are several key inquiries you should make for your hotline. What jurisdiction are you in and what is the binding law or laws which will govern you going forward. Must you confine your hotline reporting to specific topics or is it open to all issues? Can anonymous allegations be brought forward in the jurisdiction in question. Do you have a hotline staffed in-house or do you use an external third party vendor? Finally, must you disclose hotline data to government regulators?
Three Key Takeaways
You must understand the jurisdiction you are in and the laws which govern your hotline.
Can you use information which is reported anonymously?
Must you disclose any data to government regulators?
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/28/2017 • 10 minutes, 56 seconds
Compliance into the Weeds-Episode 44
In this episode, Matt Kelly and I take a deep dive, literally into the weeds of the convergence of the compliance profession and the nascent cannabis industry. While several states have made pot for medical use legal and one state, Colorado has made it legal for personal consumption, it is still illegal under federal law. We consider such questions as:
Lawyers and accountants are required to report large cash transactions to the federal government—but large cash transactions are common in the cannabis industry, since commercial operators don’t have easy access to the banking system. So if you report one of these transactions, are you turning over evidence of illegal activities of your client to authorities? Or do you not report, and risk sanctions against yourself?
If the Justice Department does act against a commercial weed business, will prosecutors really seek to impanel a federal grand jury, with jurors drawn from a state where they voted to legalize? Could prosecutors ask a candidate juror whether he or she smokes weed? Could that juror invoke the Fifth Amendment?
Should lawyers be allowed to own equity in a legally operating marijuana business? What about judges? Do the two groups need different standards?
Professional conduct rules for lawyers require competency in rendering legal advice. What does competency even look like in this branch of business conduct, when the laws are so new and in conflict with federal law?
Will the nascence of the cannabis industry allow for innovations such as incorporation of blockchain to create fully auditable trails for all aspects of the business?
Will any state which taxes cannabis sales be required to remit this money under a theory of profit disgorgement from funds generated by illegal activity.
For more from Matt Kelly:
See his blog post Compliance, Careers and Cannabis Industry;
Hear Matt Kelly’s interview with Amy McDougal (yes Matt has his own podcast as well-the Radical Compliance podcast) by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/28/2017 • 24 minutes, 2 seconds
Day 19 of One Month to Better Investigations and Reporting
Is your hotline working for you? In an article entitled, entitled “Promoting Effective Us of the Compliance Hotline” José Tabuena provided an excellent example of the power of a hotline. He provide a case study of a company which had not integrated its IT function into its regular compliance and ethics training programs. As such there were zero calls into the hotline by employees from the IT department. This dynamic was changed and IT was integrated into the company’s regular compliance and ethics training. Thereafter, the hotline received several calls from IT department employees indicating where there were two major areas of complaints. The first general area was that there were conflicts of interests between IT department managers, family members who were hired and perceptions of favoritism. The second generally revolved around allegations that certain company managers were manipulating data to maximize their bonuses.
The Favoritism Problem
The Human Resources (HR) department led an investigation that included questioning all IT managers about their direct reports and employees of their unit. The company determined that there was only one instance of a manger hiring a family member (a brother-in-law), but that person did not report to the manager and was in a different section of the IT organization. This finding made clear that there were misperceptions in the IT department, which affected the department morale. To remedy this all IT managers received training on appropriate employment practices, communications were also delivered to all IT employees explaining policies and practices regarding the hiring of family members. Most satisfyingly, during follow-up with callers to the helpline, the callers stated that the work environment in the IT department had noticeably improved. They also expressed gratitude that their questions were answered and that their issues were addressed. The callers felt their concerns were taken seriously when they saw the communications on hiring practices and upon having discussions with managers during staff meetings. Staff retention started improving in the department.
Manipulation of Data for Bonuses
The company used the hotline to obtain more information from the callers on “isolating the metrics and the managers in question. It was determined that the bonuses of a select few IT managers were indeed influenced by a questionable data source, which was controlled by a non-manager with minimal oversight and controls. Following interviews with key individuals and review of the data file (including forensic analysis), it was determined that one IT manager had misrepresented information provided to the staff person maintaining the data. Notably, this staff person also reported to this manager. As a result, the IT manager's bonus compensation was inflated. He was subsequently terminated.
Basic Tenets of an Effective Hotline
This case study provided three key tenets of an effective internal reporting system.
First, a helpline is of no value if the workforce is not aware of it. Although a helpline was in place, it became apparent that a segment of the company had not been informed. It was hotline data that revealed this gap. By reviewing data segmented by region, department, incident classification, and other criteria, it became obvious in comparison to the rest of the organization that the IT department had not used the helpline.
Second, the ethics and compliance office obtained support from the Chief Information Officer (CIO) for making IT part of the helpline community and for designating a liaison within the IT function. The support of department leadership likely influenced the success of the training and communications delivered by the ethics and compliance staff.
Third, the awareness of the helpline is not sufficient to ensure success. The company made sure that issues and allegations were addressed and investigated. Employees who choose not to report wrongdoing indicate a belief that nothing will be done anyway, so why take the risk? Employees also cite fear of retaliation as a reason for not reporting.
This case study demonstrates the power of a hotline. The company’s Compliance Department “established the credibility of the helpline as a resource to raise issues and report misconduct. The concerns regarding nepotism and conflicts of interest were taken seriously, and although the violations were not as widespread as the calls indicated, the review went a long way to clear the air.” Equally important, the helpline proved to be a successful management tool as well. The company was able to manage potential compliance issues and improve employee morale.
Three Key Takeaways
Hotlines can be powerful tools for the compliance professional.
Simply because you have no hotline complaints does not mean you do not have any compliance or ethics issues which need review and resolution.
Adequate follow up is a key part of overall hotline effectiveness.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/27/2017 • 10 minutes, 57 seconds
FCPA Compliance Report-Episode 338, Steven Durham
In this episode, I visit with Steven Durham, a partner in the law firm of Labaton Sucharow. The firm is one of the leaders in the SEC Whistleblower practice. Durham describes his background and how he got to the firm. He relates the Whistleblower Practice at Labaton, what is your role and how Jordan Thomas worked to create the firm’s whistleblower practice after leaving the SEC. He then relates what the SEC Whistleblower program is and how has it worked to pay out over $150MM in bounties through this spring. Durham then discusses how the SEC Whistleblower office facilitates the SEC’s mission to protect investors, why whistleblowing benefits society and corporate America and how firms like Labaton assist the SEC in its practice. We conclude with a discussion of where Durham sees SEC Whistleblower program going under the Trump Administration.
For more information on Steven Durham, the law firm of Labaton Sucharow and its whistleblower practice, check out the firm’s website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/27/2017 • 28 minutes, 17 seconds
Day 18 of One Month to Better Investigations and Hotlines
Today I would like to review some best practices regarding a compliance hotline.
The hotline should be developed and maintained externally. It seems axiomatic that employees tend to trust hotlines maintained by third parties more than they do internally maintained systems. Through the submitting of reports via an external hotline there is a perceived extra layer of anonymity and impartiality compared to a system developed in-house. A third party provider is also more likely to bring specialist expertise that’s difficult to match within the organization.
The hotline supports the collection of detailed information. As with most everything else, information is power. If a CCO can gather and record information throughout a complaint life cycle, the company will have greater insight into the situation and a company can protect itself more effectively from accusations of negligence or wrongdoing. A hotline reporting system should provide consolidated, real-time access to data across all departments and locations, plus analytic capabilities that allow you to uncover trends and hot spots. All reported materials should be consolidated in one comprehensive, chronologically organized file, so a CCO can monitor ongoing progress and make better, more informed decisions.
The hotline must meet your company’s data retention policies. Retaining data in a manner consistent with your internal data retention policies is important. A hotline should offer a secure, accessible report retention database, or you may be faced with making your own complicated and costly arrangements for transmitting and storing older reports to a permanent storage location.
The hotline should be designed to inspire employee confidence. Retaliation or perceived unfairness to those making hotline complaints will destroy the effectiveness of the internal reporting process and poison the corporate culture. A hotline must be seen to offer the highest levels of protection and anonymity. To encourage employee participation, the hotline should allow them to bring their concerns directly to someone outside their immediate chain of command or workplace environment – especially when the complaint concerns an immediate superior. The hotline should also enable employees to submit a report from the privacy of an off-site computer or telephone. It may seem like a small convenience, but giving employees the freedom to enter a complaint from a location that is safe can make a huge difference to participation rates.
The hotline offers on-demand support from subject matter experts. Opening lines of communication can bring new issues to your compliance group. It is therefore important that once those reports are entered into the system, a person or function has the responsibility to follow up in a timely manner. One of the biggest mistakes you can make is to sit on a hotline complaint and let the employee reporting it fester. Additionally, with the short time frames set out in the Dodd-Frank Whistleblower timelines for resolution before an employee can go the SEC to seek a bounty, the clock is literally clicking.
The hotline provides inbuilt litigation support and avoidance tools. A company must make certain that its hotline is preconfigured to meet the legal requirements for document retention, attorney work product protection procedures, and attorney-client privilege. Developing these tools in-house can add significantly to your costs, and maintaining a hotline without one exposes your organization to unacceptable risk.
The hotline supports direct communication. A hotline should open the lines of communication and give you a direct sight-line into the heart of your company. Look for a system that enables you to connect directly, privately, and anonymously with the person filing a complaint. Direct communication also signals to employees that their complaints are being heard at the highest levels.
Like other risk management issues, hotlines must also be managed effectively after implementation and roll-out. Here are some practical tips which will help you make your hotline an effective and useful tool.
Get the word out. If employees do not know about the hotline, they will not use it. Allocate a portion of your time and budget to promoting the corporate hotline through multiple channels. Put up posters and distribute cards that employees can keep in their wallets or desk drawers. Deliver in-person presentations where possible. And do not think of the promotional initiative as a one-time effort. It is important to remind employees regularly, through in-person communications, via e-mail, or through intranets, newsletters, and so on, that this resource is available to them. Some hotlines offer promotional materials to help make the job easier; make sure you ask what type of promotional support may be available.
Train all your employees. Getting employees to use the system is one half of the challenge; ensuring they use it properly is the other half. This is where training becomes essential. Make sure people understand what types of activities or observations are appropriate for reporting and which are not. HR and compliance staff will need training too, to help them understand how the hotline impacts their day-to-day activities. Company leaders also need to understand the role the hotline plays in the organizational culture, and the importance of their visible support for this compliance initiative.
Take a look at the data. Use the data derived from or through the hotline to identify unexpected trends or issues. Examples might be what percentage of employees use the hotline and what issues are they submitting? A healthy hotline reporting system will yield reports from .5 to 2 percent of your employee base. If your reporting patterns are higher or lower, it may indicate mistrust of the hotline, misuse, or a widespread compliance issue. Isolate the data by location and department to identify micro-trends that could indicate problems within a subset of your corporate culture. Analyzing the data can help you stay a step ahead of emerging issues.
Response is critical to fairness in the system. Seeing a hotline system in action in this way can go a long way toward dispelling employee fears of being ostracized or experiencing retaliation because if they see that their concerns are heard clearly and addressed fairly, they will learn to view the hotline as a valuable conduit. If your compliance group responds promptly and appropriately to hotline complaints, you can ensure robust participation and ongoing success. Even when a complaint proves to be unfounded, it can still provide an opportunity to open a dialogue with employees and clear up any misunderstandings. Responding to reported issues also gives compliance officers a chance to prove that issues can be resolved or addressed while protecting the privacy and anonymity of the whistleblower.
Three Key Takeaways
Get the word out to your employees about your company hotline through a variety of mediums and platforms.
Train your employees on the use of the hotline.
Use data from your hotline to continually update and improve your compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/26/2017 • 12 minutes, 26 seconds
FCPA Compliance Report-Episode 337, James Gellert
In this episode, I visit with James Gellert, CEO of RapidRatings, a company which uses a financial dialogue to determine third party supplier health and viability. Gellert explains what supply chain resilience is and how can examining financial health of your suppliers can lead to a more financially efficient supply chain. We then discuss the company’s third party risk management tools. We consider how a company might evaluate a potential purchaser, partner or someone buying a part of a business. Finally we have a lengthy discussion of how a corporate compliance function use the health of a third party as a tool to determine third party compliance risk?
For more information on RapidRatings, check out their website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/26/2017 • 24 minutes, 20 seconds
This Week in FCPA-Episode 58
After last week’s guest announcers, Jay and I return for a wide-ranging discussion on some of the week’s top compliance related stories, including:
The first Declination of the Session’s Justice Department, Linde gas. For a copy of the Declination click here. For Tom’s discussion of the lessons learned, click here.
The son of Equatorial Guinea's president went on trial this week in France for embezzlement of funds from the country. See article by Dick Cassin in the FCPA Blog. See Day 1 of trial report in the Global Anti-Corruption Blog.
The UK SFO charges four former senior executives at Barclays Bank criminally around funding issues in the 2008 financial crisis. See Tom’s article by clicking here.
Embattled Uber CEO Travis Kalanick resigns under pressure. Will there be a backlash, who will run the company? See articles in the New York Times and Wall Street Journal.
Compliance in the 21stcentury, welcome to ComTech. See Tom’s article in Compliance Week.
Hui Chen departs the Justice Department with a flurry of tweets. Matt Kelly reports on Radical Compliance.
Jay previews his weekend report.
Everything Compliance-Episode 13 is in production and will be released next Thursday. Topics include Matt Kelly on Uber and the need for policies and procedures, Jonathan Armstrong on fake news around GDPR, Mike Volkov on blockchain and how it may change compliance, and Jay Rosen, Linde notwithstanding, on the dearth of recent DOJ FCPA activity. For a sneak peak, listen to Matt Kelly’s rant at the end of this podcast.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/23/2017 • 36 minutes, 53 seconds
Day 17 of One Month to Better Investigations and Reporting
Who to suspend during any Foreign Corrupt Practices Act (FCPA) investigation is always a delicate question to answer. Unfortunately there is never an easy answer. As the Volkswagen (VW) emission-testing scandal continues to reverberate, it continues to bring up some very knotty questions, which have bedeviled the Chief Compliance Officer (CCO) or compliance practitioner in many areas. Today there is an example around internal investigations.
In an article in the Wall Street Journal (WSJ) entitled “Scope of VW Suspensions Grows”, William Boston reported on the ongoing internal investigation by the company’s outside counsel Jones Day. Boston noted that VW had “suspended a larger number of engineers than previously acknowledged, following a recommendation from the law firm conducting” the investigation. The article went on to state, “Jones Day urged suspension of anyone who could have been involved in the scam - from high level decision makers to ordinary engineers – to prevent possible perpetrators from tampering with the evidence”.
This final statement emphasizes a key consideration in a FCPA investigation, which is to tie down the evidence. Former Arnold & White partner Mara Senn has said that “probably from the government's perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” However, if you are worried about evidence tampering you may have a bigger problem on your hands.
Pointing up the difficulties in making such a blanket sweep an un-named source, who provided this information to Boston, was quoted in the WSJ piece as saying “We had to suspend everyone in this area to get them out of the way of this process. This is necessary for the investigation, but it’s really hard for us because we are now missing their professional knowledge and experience.”
This issue brings up another point that Senn has discussed, around when to suspend or discipline an employee during an internal investigation. Senn related, “That is a very case-by-case difficult question to answer, but in general, I think it’s better to keep them around for as long as you may need them. Once they’ve been fired or otherwise disciplined, really, even if you keep them around, they’re going to be less cooperative with you and possibly, if you fire them, not cooperative at all. You can require them to be cooperative in the termination agreement, but obviously in practice, cooperation can mean a lot of different things.”
In view of the Schrems decision by the European Court of Justice (ECJ), I also wonder how the investigation will fair with the German based employees? Obviously there will be data that in the US would be deemed company-owned but in Europe it may well be private to the employee being investigated. This problem became even greater with the recent decision by Privacy Regulators from 28 EU nations that backed the ECJ’s Schrems decision that invalidated the Safe Harbor regime. As reported by Jo Sherman in the FCPA Blog, “that closed the legal pipeline by which data has flowed freely from the EU to the U.S. for the last 15 years. The rationale for the court decision and the subsequent backing of the EU Data Protection Authorities is that the surveillance powers of the U.S. government are considered to be too excessive and disproportionate, and can override the data protections for EU citizens under the Safe Harbor framework.”
Lanny Breuer, the former number two at the Department of Justice (DOJ) and now a partner at Covington and Burling LLP, raised an interesting concern in the context of the Justice Department’s FCPA Pilot Program. It is around what Breuer terms “de-confliction”. This involves the government asking a company to halt its own investigation for the government to be the first to interview witnesses. At the FCPA Blog Conference, Breuer said that if “de-confliction” is required as cooperation to gain the benefits of the pilot program, such a request from the DOJ would be “an extraordinary request, in my view” because it “could lead companies to be unable to disclose to other agencies or to shareholders, and it could keep a board in the dark about the alleged wrongdoing.” Breuer added, “In general, publicly traded companies can’t just stand down from doing an investigation when such an allegation comes in.” He also commented that “he’d been asked to do so a couple of times.”
Breuer raised four questions during his presentation which every investigator must consider in the area of de-confliction. (1) Would complying with the request be consistent with directors’ and corporate officers’ fiduciary duty of oversight?; (2) How can a company make decisions without speaking with its employees?; (3) How will a delay affect the company’s other regulatory obligations?; and (4) How can external counsel advise a company without knowing the facts? Companies hire external counsel to conduct thorough investigations, evaluate their clients’ conduct, and provide informed legal advice. These tasks can be difficult if not impossible to accomplish where external counsel have their hands tied behind their backs.
Clearly the DOJ could have a broader remit or be involved with other ongoing investigations where they might make such requests. However, such ‘de-confliction’ could stop a company from engaging in a root cause analysis or even robust investigation. At the same conference, an earlier panelist, Gerald Kral, the Chief Ethics and & Compliance Officer (CECO) of Brown-Forman, said on his panel that his company did an extensive root cause analysis of every claim or incident so it can not only understand what happened but put sufficient risk management protections in place to try and make sure it does not happen again.
Three Key Takeaways
The decision on whom to discipline and when are critical decisions during any investigation.
You should take a case-by-case approach.
The de-confliction question can be quite troubling during an internal investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/23/2017 • 12 minutes, 26 seconds
Day 16 of One Month to Better Investigations and Reporting
Prior to the Schrems decision by the European Court of Justice, US based law firms could rely on Safe Harbor to use and analyze information from investigations conducted in Europe. However the Schrems decision and subsequent EU privacy rulings and regulations have brought the entire issue around internal investigations into question.
In a podcast interview with UK solicitor and data privacy expert Jonathan Armstrong about the decision, Armstrong noted that the decision puts real roadblocks in the path of a US company that could be investigating potential anti-corruption allegations in the UK or EU member country. The biggest issue would be around personal privacy and information. Unlike the US, work emails are covered by the privacy rights afforded to individuals and are not the property of the company. The same is true of other information. Under the Schrems decision, the ability of a US corporation to access that information and then take it back to the US under the safe harbor provision is no longer available.
I asked Armstrong how a company might be able to move forward and internally investigate potential FCPA violations. Armstrong suggested that that the only way at this point was to obtain the consent of the person being investigated. However the obtaining of such consent raises a host of other problems. He said, “Can I really get consent in an internal investigation? Can I go along, speak to my Austrian agent and say, “Peter, I just need you to sign this form to transfer your data to the US”? Now, for consent to be valid the European legislation it has to be fully explained, it has to be honest, it can't be deceptive. I’ve got to say to him, “I want you to sign this form because I want to investigate you. I want to run a full FCPA investigation; you’re the prime suspect. I want to take a look at your emails and I have to inform you that by the way, you have the right not to consent and if you don’t consent there’s no way I can investigate you. Could you sign the form, please?”” As Armstrong went on to note, “What answer is he likely to give in an internal investigation and how would the US authorities feel if I go and tip off the main suspect that he’s under investigation?”
With these two key components of any best practices compliance program, hotlines and internal investigations, seemingly now unavailable to CCOs or compliance practitioners for EU sourced information; I believe there will be additional pressure put on the compliance function. Obviously any US company with EU based operations will have to take steps immediately to ring fence such data originating in Europe. It may also mean that any inquiries will need to be headed by locally based compliance practitioners.
Moreover, if you couple this ruling in the Schrems decision with the Yates Memo, you immediately see the issue involved for any company which is seeking cooperation credit because such company is required to turn over any and all information to the Department of Justice (DOJ) as soon as possible. But now, even if companies can still develop facts and data through internal investigations, in the manner suggested by Pirrotta in using local law firms, you might not be able to get the information back to the US to use.
Worse yet, is the option laid out by Armstrong to obtain consent from an investigation target? Not only do I find it very improbable that anyone, European or otherwise, would give such a consent but in the unlikely event such consent is given, you have told the target, they are the target and other data sources might well begin to disappear. Armstrong put it starkly when he said, “you’re going to get no sympathy from the bribery prosecutors, bribery regulators if you mess this up. The SFO [Serious Fraud Office] have already lost the case, allegedly, on the way in which the US firm involved conducted the investigation. They will have, rightly I think, no sympathy at all for people whose investigations are themselves conducted unlawfully. It’s going to need a lot of careful thought to structure data transfers, even to structure interviews. How do you move those interview notes about, how do you look at emails, all of this stuff is going to be absolutely critical not only so that you don’t break data privacy data protection laws, but also tipping off witness, you know, interfering with the scene of an investigation, et cetera, et cetera. All of these things are critical.”
How does the Schrems decision contribute to compliance at the tipping point? If you can use two of the key components in a best practices compliance program; based upon the DOJ/Securities and Exchange Commission (SEC) Ten Hallmarks of an Effective Compliance Program or another standard; it will put significant pressure on other parts of the program. A compliance program will have to be structured more rigorously to prevent FCPA violations through the use of internal controls and transaction monitoring tools. CCOs and compliance practitioners will also have to be more involved and have more visibility into the entire lifecycle of transactions so they can determine how to begin to move from even prevention to proscription of any FCPA violations.
Just as the compliance world changed with the announcement of the Yates Memo, the DOJ Compliance Counsel and the VW emissions-testing scandal; the Schrems decision will change the need for a more robust compliance program going forward to help protect a company.
Three Key Takeaways
The Schrems decision significantly impacted US based internal investigations.
Study the privacy laws of the country where you are performing your investigation.
Informed consent is difficult to obtain but it may be critical for your investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/22/2017 • 12 minutes, 32 seconds
Compliance into the Weeds-Episode 43
On June 16, 2017, the Department of Justice (DOJ) issued a Declination to Linde North American Inc. and Linde Gas North America LLC (collectively “Linde”). This is the first Declination issued by the DOJ in the era of the Trump Administration. For that reason alone, it was instructive and should be studied by the compliance profession. However, the case presented several interesting factors which merit consideration so we are discussing in depth to present lessons to be learned for the Chief Compliance Officer (CCO) or compliance practitioner.
The Bribery Scheme
Linde acquired Spectra Gases, Inc. (Spectra Gases) in October 2006. In November 2006, it purchased certain assets from the National High Technology Center (NHTC) of the Republic of Georgia. One of the keys to this purchase was a piece of equipment called the ““boron column,” which were used to produce boron gas.” Sales of boron gas after the acquisition helped fund the purchase price and payout to Spectra executives who stayed on after Linde purchased Spectra Gases.
Unfortunately, the three Spectra executives who stayed on were in cahoots with corrupt offices from the NHTC who made the sales agreement with Linde. Part of the Earn-Out by the former Spectra (now Linde) officials was paid to these corrupt government officials, both directly and through certain third parties. But the funding scheme to pay the bribes was quite creative and demonstrates once again to the compliance practitioner the myriad ways in which funds can be generated to pay bribes.
For reasons not made clear, Linde did not purchase the boron column outright but allowed the former Spectra executives and the corrupt NHTC officials to form two new entities to own and operate the boron column, Spectra Investors LLC (Spectra Investors) and Spectra Gases Georgia, which was wholly owned by Spectra Investors. Spectra Investors was owned 51% by the corrupt NHT officials and 49% by the Spectra Gases executives who now worked for Linde. Spectra Gases Georgia was formed as a separate management company, by the NHTC officials, which was claimed to provide services to Spectra Investors for which it would receive recompense. Of course, there was no evidence of services being delivered under this arrangement as it was simply a mechanism to funnel monies to the corrupt officials.
As a result of the ownership structure of Spectra Investors, with 51% being owned by corrupt NHTC officials and the management services contract, the corrupt NHTC officials received “approximately 75% of the profits generated by the boron column” while Spectra Gases received 25% of the profits. Clearly even with bribery and corruption, it was a bad business deal. In January 2010, Linde dissolved Spectra Gases and became its successor-in-interest and at some point later discovered the illegal conduct. Prior to the time of the dissolution, Spectra Gases had “received approximately $6,390,000”. After Linde became the direct owner, it “received approximately $1,430,000 as a result of the corrupt” actions.
The Declination
While there is a dearth of fact about how the matter came to the attention of Linde and when it disclosed the matter to the DOJ, the decision to decline to prosecute was based on the following factors: (1) Linde’s timely self-disclosure; (2) a “thorough, comprehensive and proactive investigation” [emphasis supplied]; (3) Linde’s full cooperation and meeting the Yates Memo requirement for disclosing all known relevant facts about the “individuals involved in or responsible for the misconduct”; (4) full profit disgorgement; (5) Linde’s enhancement of its compliance program and internal controls; and (6) Linde’s full remediation, including termination or discipline of the three Spectra executives and lower-level employees involved in the misconduct; termination of the fraudulent management contract between the corrupt NHTC officials and Spectra Investors and termination of the Earn-Out payment due to the former Spectra executives who became Linde employees. The company also made the following payments.
Lessons Learned
This was yet another Foreign Corrupt Practices Act (FCPA) action where a company performed insufficient due diligence in the acquisition phase. The timing of the Linde purchase of Spectra Gases and Spectra Gases’ purchase of the income producing assets is too close in time to be a coincidence. It would certainly appear that Linde purchased Spectra Gases to facilitate its acquisition of the boron column and other assets. If your company is going to make such a multi-step acquisition, you must perform due diligence on all the actors and the assets involved.
The Byzantine corporate structure created for the ownership of the boron column, its operation and management contract are clear red flags that any CCO should sniff out immediately. While I am sure the internal corporate excuse for this clear ruse was the ubiquitous ‘tax considerations’; every such transaction should be reviewed by compliance as well. Anytime there is more than one entity to accomplish one task, there is the possibility of fraud present. Further, it is not clear how Linde could not have been aware of the ownership interests of a company which it ultimately controlled. It would seem that the company did not even make any inquiry.
Even in 2006, the Republic of Georgia’s reputation for bribery and corruption was quite high. The 2006 Transparency International-Corrupt Perceptions Index (TI-CPI) listed Georgia at 99 out of 176 countries listed so that alone warranted red flag scrutiny. If you are purchasing an entity in a country with such well known affinity for corruption, extra care is warranted. Perhaps back in 2006, Linde did not view the FCPA as something which it would deal with in such a situation.
Yet even with all the apparent miss-steps and non-steps of compliance, the company was able to secure a declination from the DOJ. While there may be some additional penalties or sanctions by the Securities and Exchange Commission (SEC) for the failures of internal controls, the result obtained by Linde was certainly a superior result. The company would seem to have met the four pillars under the FCPA Pilot Program through (a) self-disclosure, (b) extraordinary cooperation, (3) full remediation, and (d) profit disgorgement. Interestingly, the profit disgorgement in this case would appear to have been beyond the five year of limitations for profit disgorgement under the recent Supreme Court decision in Kokesh. If there is a FCPA enforcement action brought by the SEC perhaps additional facts will be recited in any resolution documents.
Nevertheless, kudos are due to Linde and its counsel for obtaining this declination. Every CCO should study it for both the superior result received and underlying facts to see if you face anything similar in the Republic of Georgia or elsewhere.
For a full copy of the Linde Declination, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/22/2017 • 28 minutes, 49 seconds
Day 15 of One Month to Better Investigations and Reporting
The concept of privilege in an internal investigation is critical. Two important privileges are the attorney/client privilege and the work product privilege. Unfortunately both are often miss-understood, miss-applied and consequently lost.
One such recent example of the miss-application of the attorney/client privilege was in the trial of former PetroTiger co-Chief Executive Officer (co-CEO) Joel Sigelman has brought the issue of the parameters of the attorney/client privilege yet again. As part of its undercover operation the FBI wired up the then PetroTiger General Counsel (GC), Gregory Weisman, and instructed him to go meet with Sigelman to discuss the payments by the company to the wife of an official of the Columbian state owned energy company Ecopetrol.
Sigelman’s counsel sought to have the video and audio recordings of this meeting suppressed based upon the attorney-client privilege that generally protects open communications between lawyer’s and their clients, where legal advice is sought by the client. To determine whether Sigelman has a valid claim, it is encumbent to understand the parameters of the attorney/client privilege. In an article, entitled “The Evolving Attorney-Client Privilege: Business Entities”, David E. Keltner wrote that under US federal law, the attorney/client applies when the following are present:
A client is seeking legal advice or a lawyer’s services;
The person to whom the communication is made is a lawyer or his or her representative;
The communication relates to a fact disclosed from a client (a representative) to a lawyer (a representative);
Strangers are not present;
A client requires confidentiality.
The significance of meeting each of these five prongs is critical. If they are met, “Absent privilege, once the attorney-client privilege is properly invoked – the privilege is absolute.” However the failure to meet Prong 1 is what doomed former co-CEO Sigelman’s efforts; as he was not seeking legal advice. It was former GC Weisman who flew to Sigelman’s home to confront him over the fact that the FBI had come to his house asking questions about the payments made in Columbia. Finally, it is important to note that the attorney/client privilege belongs to the corporation and not to any one individual.
The attorney/client privilege can be waived. While there is a general recognition that “only an authorized agent of a corporation may waive the privilege of the corporation” Keltner advises that the “most frequently encountered instances of losing the privilege through selective disclosure” are in responding to a government investigation; supplying information to a government agency; information disclosed in certain Securities and Exchange Commission (SEC) filings or other required financial disclosures; in certain circumstances disclosures to external corporate auditors or accounting responses; any disclosure made to a third party not affiliated with a lawyer; and insurance disclosures.
How should we apply the above to the situation faced by former co-CEO Sigelman? Was he simply meeting with his lawyer or was he seeking legal advice? As reported by Joel Schectman in the Wall Street Journal (WSJ), in an article entitled “Secret Informant Recordings to be Allowed in PetroTiger Case”, the trial court distinguished between having an attorney/client relationship from the attorney/client privilege. Schectman reported, “a judge in U.S. District Court in Camden said last week that merely having an attorney-client relationship isn’t enough to make all conversations privileged–a client needs to be actively seeking legal advice. “I cannot find a shred of indication that Weisman is there with the intention of giving legal advice to Sigelman,” Judge Joseph Irenas said, “or the converse, that Sigelman was seeking legal advice from Weisman.””
Interestingly the trial court did not opine on the question on who was the client in this situation. My experience is that most CEO-types think of a GC as their personal lawyer. That view is also misplaced as a GC works for a company and the client is the corporation. While he did not have to reach the question of who was the client in the Sigelman/Weisman meeting, the trial court might well have allowed the current corporate owners of PetroTiger to waive any privilege asserted by a former co-CEO. Schectman quoted G. Derek Andreson, a lawyer specializing in the Foreign Corrupt Practices Act, that “Attorney client privilege is often misinterpreted as broader than it is.”
Did the FBI take advantage of some special type of relationship between Sigelman and Weisman? As reported in the article, in his brief attempting to suppress the evidence, Sigelman’s counsel said, ““Messrs. Sigelman and Weisman had a “long standing attorney-client relationship, one that fostered candor and trust between them–as any good attorney-client relationship should. The government took advantage of this trust.”” Such would seem to be the nature of wiring up cooperating witnesses; if they cannot engender trust with those they are speaking to and surreptitiously taping; it would seem they are of little use to authorities.
For the attorney/client privilege to be of use to you, certain hard work must be done to establish the attorney/client privilege in the corporate context. The five prongs listed by Keltner must be fulfilled for the privilege to apply. Simply having a chat with your lawyer or even the company’s lawyer will not invoke the privilege or protect you.
In addition to the attorney/client privilege there is another privilege which can come into play around internal investigations. It is the attorney/work product privilege. Keltner noted, “The attorney-client privilege and the attorney work-product doctrine are often asserted interchangeably. While there is some overlap between the two, the attorney-client privilege is significantly different than the attorney work-product doctrine.” Moreover as “codified in Fed R.Civ. P. 26(b)(3), [the attorney/work product] provides a qualified protection to materials prepared by party’s counsel or other representative in the anticipation of litigation.” The doctrine exists “because it permits lawyers to “work with a certain degree of privacy, free from unnecessary intrusion by opposing parties . . .”
The key is that it be prepared in anticipation of litigation Unlike the attorney-client privilege which belongs to a client, work-product immunity may be asserted either by the lawyer or the client. While the attorney-client privilege is included in the Rules of Evidence, the work-product doctrine is included in the Rules of Civil Procedure in the series relating to discovery. This makes it problematic to assert in the context of a criminal investigation.
For in-house lawyers in the UK or EU countries however, there is no such work product privilege. Two recent examples brought up this key difference in US and UK and EU legal systems. First was the raid by German prosecutors of Volkswagen’s outside counsel, Jones Day’s offices for information surrounding the law firm’s investigation relating to the company’s emissions-testing scandal. The raid was based on a court issued subpoena.
The second is the recent judicial decision out of the UK, involving Eurasian Natural Resources Corp. (ENRC). The UK’s highest court held the company must produce to the UK's Serious Fraud Office (SFO) documents the company claimed were privileged, including attorneys' notes of employee interviews conducted during the company's internal investigation. The SFO sought the documents as part of its criminal investigation into allegations of fraud, bribery, and corruption. The court largely rejected ENRC's claims of the work product privilege, holding that it does not apply when a document is not prepared for the sole or dominant purpose of conducting adversarial litigation. ENRC was required to produce the bulk of the contested documents because the investigation was a fact-finding exercise.
Three Key Takeaways
Note the differences in the attorney/client and work product privileges.
Both privileges can be waived intentionally or through inadvertent conduct.
Take care on attorney work product outside the US, where there may be no privilege at all.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/21/2017 • 14 minutes, 30 seconds
FCPA Compliance Report-Episode 336, James Koukios
In this episode, James Koukios, a partner at Morrison & Foerster returns to discuss the firm's newsletter Top Ten International Anti-Corruption Developments for April 2017. In this episode we highlight the three following matters for discussion and what lessons can be garnered from them.
World Bank Veteran to Change Positions.The World Bank announced that Pascale Helene Dubois would become the new head of the World Bank Group’s Integrity Vice Presidency, known as INT. The INT is an independent unit within the World Bank Group that investigates and pursues sanctions related to allegations of fraud and corruption in World Bank Group‑financed projects. Dubois is well known in the anti-corruption community and has long been a thought leader in this space. In her current post, she has worked to increase transparency and due process at the World Bank generally and in the Office of Suspension and Debarment specifically. Koukios relates how Dubois’s work and that of INT has helped foster greater cooperation between the World Bank and law enforcement agencies around the world.
Engineering Firm and Its Executive Debarred by World Bank for Bribery in Southeast Asia.
In April the World Bank Group announced the debarment of Denmark-based Consia Consultants ApS and its managing director. According to the World Bank, INT’s investigation revealed evidence that the company made payments to officials to influence contract awards in connection with the World Bank-financed Strategic Road Infrastructure Project in Indonesia. The World Bank stated that the company further failed to disclose its agreement and commissions paid to its agent in connection with the project and misrepresented the availability of key staff it has claimed would be assisting with the execution of its technical assistance contract under the project. The World Bank also said it found evidence that the company made corrupt payments in Vietnam in connection with the Hanoi Urban Transport Development Project, in addition to fraudulent misconduct relating to the Second Northern Mountain Poverty Reduction Project. The World Bank debarred the company for 14 years and its managing director for 3.5 years.
Former Diplomat Pleads Guilty to FCPA Charges in United Nations Bribery Case, While Judge Denies Motion to Dismiss FCPA Charges against Another Defendant.
On April 28, 2017, Francis Lorenzo, a former deputy ambassador from the Dominican Republic, pleaded guilty in the Southern District of New York to conspiring to violate the FCPA and to pay and receive bribes and gratuities in a bribery scheme allegedly involving Ng Lap Seng, a Chinese national and real estate developer accused of bribing former U.N. General Assembly President John Ashe. Lorenzo pleaded guilty to related charges in 2016 and is expected to testify against Seng at trial, currently set to begin May 30, 2017. Two days before Lorenzo’s guilty plea, on April 26, 2017, Southern District of New York Judge Vernon S. Broderick denied Seng’s motion to dismiss FCPA and related charges against him, finding that the superseding indictment sufficiently presented the essential facts underlying the charges and that the prosecution had made sufficient disclosures concerning the nature of the charged offenses by other means, including through the various complaints filed in the case, extensive discovery, agent affidavits, and a written response to Seng’s letter request for a bill of particulars.
To read a full copy of the firm's newsletter, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/21/2017 • 27 minutes, 37 seconds
Unfair and Unbalanced-Episode 20
In this episode, I visit with Roy Snell about his recent announcement that he is stepping down as head of the SCCE. We review the current state of the SCCE and how the Roy has seen the compliance evolve from its start after the 1992 US Sentencing Guidelines. We discuss where Roy sees compliance going in the next several years and where the SCCE may go to support the profession.
This announcement comes when the SCCE has grown to 50 staff members and one of the has one of the strongest boards in the professional association world. the SCCE has a strong footprint in the US and is a material player internationally with 17,500 members in 95 countries. It has a great reputation and its success to date has been quite remarkable.
The call for applications will close on August 20th 2017. A detailed job description and position summary are available at http://www.corporatecompliance.org/CEO. SCCE plans to complete the interview and selection process in the Fall of 2017 and onboard a Deputy CEO in early 2018. The Deputy CEO will likely assume the role of the CEO sometime in 2019. Roy will stay on with the organization for roughly one year to work on special projects. To be considered for the CEO of SCCE and HCCA, please fill out the questionnaire with return instructions available at: http://www.corporatecompliance.org/CEO.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/20/2017 • 32 minutes, 41 seconds
Day 14 of One Month to Better Investigations and Reporting
Day 14-Miranda and Internal Investigations: What Rights Does an
Must an investigator warn an employee that concealing information from company lawyers conducting an internal FCPA investigation could be a federal crime? Even if the company attorneys handling the investigation provided the now standard corporate attorney Upjohn warnings, does a company attorney asking questions morph into a de facto federal agent during an internal company investigation regarding alleged FCPA violations and is the attorney thereby required to provide a Miranda warning to employees during a FCPA investigation?
In a recently released paper entitled “Navigating Potential Pitfalls in Conducting Internal Investigations: Upjohn Warnings, “Corporate Miranda,” and Beyond”[1] Craig Margolis and Lindsey Vaala, of the law firm Vinson & Elkins, explored the pitfalls faced by counsel, both in-house and outside investigative, and corporations when an employee admits to wrong doing during an internal investigation, where such conduct is reported to the US Government and the employee is thereafter prosecuted criminally under a law such as the FCPA. Margolis and Vaala also reviewed the case law regarding the Upjohn warnings which should be given to employees during an internal FCPA investigation.
Employees who are subject to being interviewed or otherwise required to cooperate in an internal investigation may find themselves on the sharp horns of a dilemma requiring either (1) cooperating with the internal investigation or (2) losing their jobs for failure to cooperate by providing documents, testimony or other evidence. Many US businesses mandate full employee cooperation with internal investigations or those handled by outside counsel on behalf of a corporation. These requirements can exert a coercive force, “often inducing employees to act contrary to their personal legal interests in favor of candidly disclosing wrongdoing to corporate counsel.” Moreover, such a corporate policy may permit a company to claim to the US government a spirit of cooperation in the hopes of avoiding prosecution in “addition to increasing the chances of earning meaningful credit under the US Sentencing Guidelines or the FCPA Pilot Program.
Where the US Government compels such testimony, through the mechanism of inducing a corporation to coerce its employees into cooperating with an internal investigation, by threatening job loss or other economic penalty, the in-house counsel’s actions may raise Fifth Amendment due process and voluntariness concerns because the underlying compulsion was brought on by a state actor, namely the US Government. Margolis and Vaala note that by utilizing corporate counsel and pressuring corporations to cooperate, the US Government is sometimes able to achieve indirectly what it would not be able to achieve on its own – inducing employees to waive their Fifth Amendment right against self-incrimination and minimizing the effectiveness of defense counsel’s assistance.
So what are the pitfalls if private counsel compels such testimony and it is used against an employee in a criminal proceeding under the FCPA? Margolis and Vaala point out that the investigative counsel, whether corporate or outside counsel, could face state bar disciplinary proceedings. A corporation could face disqualification of its counsel and the disqualified counsel’s investigative results. For all of these reasons, we feel that the FCPA Blog summed it up best when it noted, “the moment a company launches an internal investigation, its key employees -- whether they're scheduled for an interview or not -- should be warned about the "federal" consequences of destroying or hiding evidence. With up to 20 years in jail at stake, that seems like a small thing to do for the people in the company.”
Let’s keep on skipping down the lane and see where we go. What if the company gets its investigation wrong and wrongfully identifies an employee? At least in a few states, a wronged employee can sue for defamation. Yet not in Texas and a recent Texas civil case demonstrates why companies and internal investigators need to be aware of local laws, regulations and requirements.
The Texas Supreme Court in Shell Oil Co. v. Writt, held that an internal investigation report Shell provided to the U.S. Department of Justice about potential FCPA violations is “absolutely privileged” in a defamation proceeding and cannot be used to form the basis of a defamation claim.
Writt had alleged that Shell defamed his character when the company "voluntarily” reported to the DOJ on the findings of an internal investigation the company conducted into its relationship with Panalpina -- an investigation that culminated in the company’s 2010 FCPA settlement with U.S. enforcement authorities. Writt claimed that Shell’s internal investigation report falsely implicated him in the payment of bribes and accused him of providing inconsistent statements during multiple interviews conducted in the course of the investigation.
The trial court initially granted summary judgment in favor of Shell, dismissing Writt’s suit on the basis that Shell enjoyed an "absolute privilege" to make statements to the DOJ regarding its internal investigation. The Texas Court of Appeals overturned this decision, refusing to characterize a “voluntary” pre-prosecution internal FCPA investigation as a judicial proceeding. Instead, the Court of Appeals held that Shell was only entitled to qualified privilege, under which a speaker can still be liable for defamation if the speaker "knows the matter to be false or does not act for the purpose of protecting the interest for which the privilege exists."
The Texas Supreme Court held “at all relevant times” Shell had been the target of a DOJ FCPA investigation and asserted that this investigation, which eventually resulted in a criminal settlement with Shell, satisfied the standard that “the possibility of a proceeding must have been a serious consideration at the time the communication was made.”
The Supreme Court also highlighted “the DOJ’s leverage over Shell vis-à-vis the FCPA and its somewhat draconian penalties…,” which “compelled [Shell] to undertake its internal investigation and report its findings to the DOJ.” The court specifically pointed to the dramatic increase of FCPA enforcement actions before mid-2007 when the DOJ notified Shell of its investigation, noting that “businesses that chose not to cooperate were subject to substantially greater punishments….”
At a time when the DOJ and SEC have become increasingly vocal in calling for companies under investigation to secure and provide evidence of individual culpability, a decision that did not provide Shell with absolute privilege could have had a far-reaching impact on how companies conduct internal investigations and cooperate with enforcement authorities.
As it stands, the Texas Supreme Court’s decision in Shell Oil Co. v. Writt may incentivize cooperation by companies in the early stages of the enforcement process by providing certainty to potential corporate defendants, particularly those located in Texas, that good faith efforts to disclose the results of internal investigations and expose individual culpability will not leave them open to defamation claims.
Three Key Takeaways
Make sure you provide an Upjohn warning.
If an employee demands counsel to represent them during an internal investigation, who bears the cost?
Always check state law requirements around internal investigations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/20/2017 • 12 minutes, 41 seconds
Day 13 of One Month to Better Investigations and Reporting
When then Assistant Attorney General Sally Yates, announced the Memo that bears her name, she said the following, “we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement ties directly into the first point of the Yates Memo, which stated, “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.”
The Yates Memo and Yates’ remarks indicated a transition to a new era of FCPA enforcement. The Yates Memo required that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to investigate individuals immediately at the start of investigations. She stated, “the department instructed its attorneys that, going forward, they are to focus on individuals from the start of an investigation, regardless of whether the investigation begins civilly or criminally. Moreover, once a case is underway, the inquiry into individual misconduct can and should proceed in tandem with the broader corporate investigation. Delays in the corporate case will no longer suffice as a reason to delay pursuit of the individuals involved.” Even though these remarks were directed at government lawyers, corporations are now required to initially change the focus of their investigations from attempting to perform any type of root cause analysis to obtaining evidence against individuals and turning it over to the government as soon as possible.
For the Chief Compliance Officer (CCO) or compliance practitioner, this means the entire focus of your investigative protocol has changed. Previously an investigation was to determine how conduct that might have violated the FCPA had occurred, then focus on how to remedy it. The first step a CCO or compliance practitioner would take when sufficient evidence was developed was to fix the problem so that it did not re-occur going forward. If there were compliance program or internal control weaknesses, they would be immediately fixed so that neither the original perpetrators could continue the conduct but also so others could not take advantage of any such structural weakness.
After the Yates Memo, that is no longer the case. The DOJ now expects you to bring them information about potentially culpable individuals who can be prosecuted going forward. This means employees are going to immediately stop talking to you if they were inclined to do so in the first place. It will require performing an essential root cause analysis more difficult and the attendant remedy that is a part of any best practices compliance program.
But Yates went further than simply saying the DOJ expects you to turn over your own employees. She made clear that both she and the DOJ want companies to give up senior executives involved in illegal conduct. She said “We’re not going to be accepting a company’s cooperation when they just offer up the vice president in charge of going to jail.” Here the difficulty is around the FCPA requirement for a criminal prosecution or intent. How do you determine intent in a manner where senior executives may never have been involved directly in a transaction? Does this mean insufficient tone at the top will somehow morph into intent for a FCPA prosecution? Whatever it may mean going forward, at the very least I think it means that high heads in an organization could very well start to roll.
The Yates Memo, when read in conjunction with the Frederic Bourke conviction, make clear that senior management, as well as other individuals, are now directly in the DOJ’s sights to prosecute for FCPA violations. This means that even if lower level employees are engaging in conduct which senior management did not know about or even told them not to engage in; senior management may be deemed by the DOJ to have engaged in conscious indifference by not engaging in ongoing monitoring as a part of an overall best practices compliance program. Simply expecting that employees will not violate the FCPA is no longer enough. Companies must monitor transaction to detect and prevent violations. With the Yates Memo now the effective policy of the DOJ, senior management who do not actively monitor their organizations may subject themselves to personal FCPA criminal liability.
Given the scrutiny of the Standard Bank Deferred Prosecution Agreement (DPA) in the UK, I think it may well be the time where enforcement authorities begin to look at those responsible for an activity where a violation of anti-bribery/anti-corruption laws take place in addition to those committing the legal violation. Bourke was found guilty for conscious avoidance. How much of a stretch will it be for those senior managers who allow such behavior to be seen as either the norm or indeed expected? John Kay, writing in the Financial Times (FT) in an article entitled “Ignorance is no defence for financial misconduct”, wrote in the context of financial institution misconduct “If it is a criminal offence to be in charge of a den of thieves, the prosecution need only establish that you were in charge of it, not that you were yourself a thief. It is no defence that you thought the organisation was a monastery, which is broadly the argument employed by those made ‘physically ill’ by the discovery of what their subordinates had been doing.” After the Yates Memo, the same may hold true for senior management in companies which violate the FCPA.
The impact of the Yates Memo was magnified by Attorney General Jeff Sessions through his remarks at the Ethics and Compliance Initiative (ECI) in April 2017. He reiterated that the DOJ would focus on individual criminal misconduct in the context of enforcing the FCPA. This continued emphasis will mean that there is even more pressure on corporate compliance programs to get it right and get it right sooner rather than later.
Three Key Takeaways
If companies want any credit, they must investigate potentially culpable individuals first and turn over the results to the DOJ.
This may require companies to more thoroughly investigate conscious indifference.
Never forget conscious avoidance is specifically prohibited under the FCPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/19/2017 • 12 minutes, 25 seconds
FCPA Compliance Report-Episode 335, Mike Volkov
In this episode, Mike Volkov and I discuss how blockchain has the potential to transformation compliance and may facilitate some truly revolutionary modifications in key businesses processes. I see some great value propositions for the compliance function.
For further reading, see:
Blockchain and the Future of Compliance, by Mike Volkov.
Will Blockchain Transform Compliance? by Tom Fox
How Blockchain Will Change Organizations, by Don Tapscott and Alex Tapscott in MIT Sloan Business Review.
Blockchain Explained, by Zach Church in MIT Sloan Management Review.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/19/2017 • 24 minutes, 23 seconds
This Week in FCPA-Episode 57
This week, as their tribute to their Dad, we are guest hosted by Jay’s daughters, Millie and Michela. They lead us through a wide-ranging discussion on some of the week’s top compliance related stories, including:
The Covington and Burling report on corporate culture at Uber. For what it means to the compliance practitioner, see Tom’s piece in the FCPA Compliance & Ethics Blog. For another view on the car crash of corporate governance at Uber, see Matt Kelly’s piece in Radical Compliance. Finally for an article the on investor who took on both Uber and Silicon Valley for similar issues, see this article on NPR.
Swiss banker, Jorge Luis Arzuaga pleads guilty to laundering money for FIFA officials. See article by Dick Cassin in the FCPA Blog.
DOJ files civil forfeiture complaints Thursday against an additional $540 million in assets allegedly bought with money looted from a Malaysian sovereign wealth fund, 1MDB. See article in the WSJ by clicking here.
Adnan Khashoggi, the Saudi arms dealer in the middle of the giant 1970s bribery scandal that led to enactment of the FCPA died this past week. See article by Dick Cassin in the FCPA Blog.
CCOs still struggle with outdated technology, siloed data. See article by Aarti Maharaja in the FCPA Blog. See Ethisphere-Convercent Report, by clicking here.
Brazilian prosecutor-turned-lawyer under ethics investigation following J&F settlement. See article by Michael Griffiths in GIR by clicking here (sub req’d)
Jay previews his weekend report.
Tom continues to talk about the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.
Happy Father’s Day to all you dads out there.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/16/2017 • 38 minutes, 18 seconds
Day 12 of One Month to Better Investigations and Report
What are the characteristics of a good interview in the context of an internal investigation? Is there one technique you can use which will provide you the results you want to achieve? How should you think through your questions and document review prior to the investigation? In this episode, I explore these and other questions, in an interview with noted internal investigation expert Jonathan Marks, a partner at Marcum LLP for this piece.
Marks began by making it clear there is no one right way to prepare for and conduct an interview. What is important is that you have a plan and execute on that plan. He said he begins by obtaining an understanding of what the various stakeholders want answers to. This could include the Board of Directors, C-Suite executives, the General Counsel and legal department, the Chief Compliance Officer and compliance function or up to government regulators such as the SEC or Justice Department.
Marks feels it is important to interview witnesses as soon as you can reasonably do so to prevent multiple witnesses from getting together and coordinating their stories. You should recognize you are never going to have perfect information so you should try and tie down the story. If the witness is not an English speaker, you should have a translator present. Marks suggests having a second person with you to take notes so you can watch the witness’s facial expressions and body language, noting, “There have been a lot of situations where I have found that being an effective listener is much more critical than being an effective note taker. Listening to what the interviewee is saying when you ask them the question is critical because it sets everything up. Having somebody there to take notes gives me the opportunity to really focus in on a couple of different things. It allows me to focus in on their verbal cues. It allows me to focus in on their body language. It allows me to focus in and listen to what they're saying, or a lot of times what they're not saying.” He cautioned that the note taker should be free from bias and subjectivity, simply taking down a detailed recitation of the witness’ testimony.
Interestingly Marks does not view his interviews as putting the witness “in the box”. He attempts to establish a rapport with the witness so they will be more forthcoming in their responses. Marks said, “I don't view this as a contentious exercise. I never have and I never will. I view this, like I said before, as building rapport. If somebody feels like you're cross-examining them, or it's a very structured and not free-flowing conversation, allowing them to answer the questions in a comfortable and a secure environment.” It is all an effort to garner an understanding of what facts the witness has, what the witness may not be aware of and determining others, both inside the organization and outside, who might be potentially involved.
Marks emphasized that an investigation should not be viewed as an interrogation. He avoids what he termed “loaded questions” such as “Why did you bribe the inspector?" Instead, he designs his questions to circle around such a point. He also notes the age old maxim to avoid compound questions. He concluded by noting you should try and develop facts during the interview, get to exactly what occurred, when did it happen, where did it happen, who, if anyone else, was present with you. He also added you can use other lines of inquiry such as “Who else may know well of an information? How did this happen, or do you know how it happened? Why did happen? Are there notes, documents, phone messages, emails or other evidence that you could provide to me that support what you're saying? A lot of times in an interview if somebody is willing to talk they usually have something that they could provide.” He concluded by intoning, “A lot of times if you don't ask you don't get.”
Marks believes it is a best practice is you get everything down immediately so “as soon as the interview is over I spend time with my partner in the interview with me going over all our notes, making sure that we both understood exactly what was said and how it was said. If there's any observations they I had during a question that may have not been in the write-up, we add those things.” He believes this is important because “the longer you wait, the more inaccurate your account of what happened becomes. I've always made it a practice that after the interview we get right to it, we write up our notes. We agree what was said, how it was said and add any other observations that we had during the interview process.”
Marks concluded by recalling another analogy he consistently refers to in any discussion of internal investigations, that it is a “chess match”. An interview is also a chess match as “When you're playing chess you have to think a couple of moves ahead if not three, four or five. We talked about in and out, out and in methods of conducting interviews when there's more than one individual or several people that might have information related to the allegations.”
Marks also discussed some strategies around the interview process. The first is what he termed the “inside-out” strategy which he would advocated using if allegations extend beyond the enterprise. In this technique, you interview people inside the organization first, and then maybe go out to third parties. The converse is an “outside-in” strategy and you can do a combination of both. He also noted one other technique which is conducting concurrent interviews. Marks advocates using this strategy “If you think people are going to talk or you think there's potential collusion. Conducting simultaneous interviews sometimes prevents those individuals from coordinating and collaborating on their story and what they're going to tell you.”
Three Key Takeaways
There is no one right way to prepare and do an interview.
The interview should not be confrontational.
The interview, like the entire investigation process, is a chess match.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/16/2017 • 12 minutes, 26 seconds
Day 11 of One Month to Better Investigations and Reporting
Today, I want to consider some of the challenges you may well face during an investigation. Beyond the basics, a company must consider the intake process as a starting point, however Marks noted one of the biggest challenges is in the intake process. Rather surprisingly, he noted there are still companies without a hotline or anonymous reporting system, stating “we still see organizations whereby there is no formal ethics hotline except for the fact that they might send an email to some member of management or some member of the board.”
The lack of an intake process immediately presents a challenge in beginning to work through an allegation of wrongdoing due to the inability to track when the allegation or information was received, who sent it, who received it, what did the company do when they received it? If a company has a formal ethics reporting system, with recordation of information “there’s some workflow, it’s a lot easier to kind of work through some of those things”, so there is an appropriate level of documentation to follow.
Yet Marks has seen failures in even these basic steps “many times people do not read their emails on a timely basis, and getting to the root of the issue quickly could be the difference between somebody allowing the company to investigate this the right way, or incentivizing an individual to go outside the organization such as to SEC whistleblower program.” This makes the intake process critical because it assures that things are not only received, “but they’re looked at on a regular and timely basis and there is a process.”
One area that still causes challenges is retaliation against whistleblowers. You might think that corporate America got the message that not only is retaliation incredibly idiotic and divisive but also illegal under both Sarbanes-Oxley (SOX) and Dodd-Frank but sadly that is not the case. Marks believes that avoiding retaliation is critical not only for an organization but also to foment a successful investigation. He stated, “Avoiding retaliation is very critical. I think there’s a real opportunity where human resources, if properly trained, can work with the rest of the team members and advise them on things that they should not be doing and things that they should be doing in order to avoid either the appearance of retaliation or the actual retaliation against the individual or individuals who reported or brought forth the potential of the alleged misconduct.”
Equally important is that a company wants to encourage a stand-up culture. When individuals are trying to do the right thing, you certainly want to inspire other to do so as well. Marks related, “When somebody reports an ethical lapse, it generally means to me that they’re doing their job. And so, the indirect impact, or sometimes the direct impact of that is sometimes people are looked at as snitches or not towing the company line or they’re just generally out of bounds can negatively impact the organization.”
An area where Marks has seen companies have difficulties in is what he termed threatened or pending litigation. Any investigation can morph into a much more serious situation and you must be ready to answer such questions as “(1) Does this gravitate itself into a class action lawsuit? Or (2) Does this gravitate to a regulatory review and subject to some punishment there?” The key is that as the investigation begins to uncover things and certain facts come to light, pending or threatened litigation is something that should always be discussed, but discussed very carefully and it should be discussed once those facts come to play. Sometimes you don’t have all those facts but sometimes it does make sense to kind of prognosticate and consider situations such as “This is what could happen. These are the issues that potentially could be uncovered.” Marks concluded, “I really do think that it’s important to think a couple of steps ahead and look at this as a chess match and never underestimate the fact that there could be pending or threatened litigation.”
Not surprisingly, another area of challenge is when the regulators will not accept the investigation or are not satisfied with the results. While I would submit that if you follow the strictures laid out by Marks, that will satisfy regulators, he noted that there must be an appropriate level of skepticism brought by the investigation. He said there can be regulator issues when “there was not proper skepticism, there was not proper independence or simply things were not looked at under the right lens.” But once again the answer is to go through the steps that Marks laid out, or any other well defined protocol and have an independent team handling the investigation.
Interestingly,a similar situation can arise if a company’s own auditors refuse to accept the results of an investigation. Marks said this is usually related to some type of unexpected development arises in an investigation. Marks noted, “when auditors are involved the element of surprise is never good.” He believes it is important to keep internal audit aware of developments as “they might want to do a shadow investigation, they might want to understand the scope of your expanded investigation and most certainly they want to understand the financial impact.” The reason is that if the company auditors do not accept your investigative results, “they may send you back to the drawing board. When that happens, all types of problems could manifest themselves or come out.”
Marks noted that at times the most difficult challenge is when the company itself is reluctant to accept the results of the investigation. This comes when a company is in denial, believing it has a robust compliance program and internal controls or, worse yet, it simply believes that it is an ethical company. One or more of these indicia usually manifest themselves as a company with paper compliance program, a Chief Compliance Officer (CCO) with a title but no authority and a weak compliance culture. Marks said, “When I say the company does not respect the investigation, it’s almost like they’re fighting with you because they believe that nothing could ever go wrong. That really does send a very, very clear message, not only internally, but should it get out externally as well. It’s an indication to us that there’s a problem with the culture, there’s a problem with the compliance program, there’s generally a problem with governance overall. There are probably bigger issues there other than the matter that’s generally on the table.”
Planning your investigation, having the right team members involved and meeting the challenges which inevitably arise during an investigation can be difficult. However, beginning with the Department of Justice’s (DOJ’s) Yates Memo and the Foreign Corrupt Practices Act (FCPA) Pilot Program and the release of the DOJ’s Evaluation of Corporate Compliance Programs (Evaluation), the pressure on every CCO and company to get an investigation done quickly, efficiently and, most importantly, done right is even greater now. Jonathan Marks has laid out a concrete way for you to think through how to plan an investigation, staff it properly and meet the inevitable challenges.
Three Key Takeaway
The intake process may seem the most straight-forward but many companies drop the ball at this initial step.
You must never retaliate against employees who come foreward in good faith.
Always think several steps ahead.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, I visit with Lauren Briggerman, a member at the firm of Miller & Chevalier. She discusses the latest edition of the firm newsletter, Executives at Risk: Navigating Individual Exposure in Government Investigations-Spring 2017. We discuss several recent developments in significant government investigations which highlight the tactics prosecutors are deploying and the risks faced by corporate executives:
German authorities raided an outside law firm retained by Volkswagen's supervisory board in the emissions investigation, as well as the offices of the company's Audi division.
U.S. agents conducted a multi-agency raid of three Caterpillar Inc. offices in Illinois related to the company's effort to shift billions in profit from the U.S. to a Swiss affiliate to secure a favorable tax rate.
The founding partners of the law firm at the center of the Panama Papers scandal were arrested by Panamanian authorities on money laundering charges related to Brazil's ongoing "Operation Carwash" corruption investigation.
The DOJ's Antitrust Division raided the domestic shipping container industry's trade association and issued subpoenas to numerous companies in the industry.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/15/2017 • 28 minutes, 59 seconds
Compliance Report-International Edition
In this episode I visit with Luciana Silveira, a PhD candidate who is studying the FCPA and how it is has affected international trade flows. Some of the questions she is considering include the following: Was US business abroad affected? Did US companies decide to change their foreign business strategy because of the FCPA? After so many years of the law, what is the private sector overall opinion about the FCPA?
Silveira believes the answers to these questions are neither straightforward nor simple. To that end, the PhD research she is developing will hopefully provide us with some new and updated answers, as well shed more light to the impacts of the FCPA to US international trade. Equally importantly, she is using the FCPA as reference to my studies on potential impacts of the Clean Company Act, a similar anticorruption legislation that came into force in Brazil in January 2014. To complement a quantitative analysis regarding merchandise trade flows, she is using a 15-questions survey (available at https://ldosilveira.typeform.com/to/uhtKYZ). It is confidential, and there is no question that requires strategic corporate information. She hopes that you will participate as all input is welcome and encouraged.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/14/2017 • 28 minutes, 4 seconds
Day 10 of One Month to Better Investigations and Reporting
Mara Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. I interviewed Senn on her thoughts about handling a cross-border investigation.
Offer Interview Translations
While many people outside the US have various levels of capabilities in a non-native language, when you get into the very detailed questions in an interview, they may have enough English skills that you assume they understand everything, but in fact, they do not. You may ask a key question, for example, about expense reports, maybe they understand conversational English, but there's no reason for them to know expense reports. This makes it important to have someone present in the interview that speaks the witness’s native language, and just assume that there are going to be times where you’re going to need to call on that person.
Avoid Cultural Pitfalls
Cultural pitfalls are really truly pitfalls and, unfortunately, they can be big deep holes that you do not know anything about, but you can fall into pretty easily. She provided the issue of personal privacy as an example, where most countries have a different concept of privacy, particularly about whether your work area is your own versus what really belongs to the company. You should seek local counsel guidance to understand what needs to be done and also explain to you the best way to do it without offending people.
Observe Data Privacy Restrictions
Most American lawyers are aware of different data privacy restrictions and requirements in countries governed by the European Union (EU) and the US. The point under this best practice is that your analysis and response must go much further to satisfy the US Department of Justice (DOJ) if you want to claim that you cannot get certain information out of a country because of data privacy restrictions.
Comply with Labor Requirements
Similar to the long-standing Weingarten right of unionized employees in the US to have a representative present for interviews, in many countries outside the US there are Works Council and similar analogs in other countries, where, basically, the Works Council is responsible for the interactions between the employers and the employees. Moreover, employees have certain statutory or labor code based rights as employees, regardless of whether they are members of a labor union or not. These rights can drill down into the types of questions that you can ask or even prevent you from meeting with or interviewing certain employees.
Be Aware of Other Local Requirements
Points three and four certainly lead into best practice No. 5. It is incumbent that you work with local counsel in the country you are performing the interviews to garner an understanding of the witnesses rights and your obligations during any investigation. She explained that many ways a US lawyer would think about doing an investigation could be problematic in other jurisdictions. She gave the examples of taking pictures or physically removing documents from a location, which could be issues that you might face. You certainly need advice and counsel on what is legal and what might not be going forward.
Put Forms in Native Translations
There are times that the only way an investigation can collect an employee’s personal information is to obtain affirmative assent. Such information might include work documents, work emails, or similar information. However she cautioned that in this situation it is even more important to put the consent form in the native language. You do not want the employee to later claim they did not understand the consent form or thought they were executing something different. It can be critical that you have informed consent, because if you do not have informed consent, that consent could well turn out to be void.
Preserve the Attorney Client Privilege
The rules outside the US can be quite different and perhaps a little bewildering. In many European countries there is no privilege from an in-house counsel, so if a General Counsel (GC) of a company speaks to the President or Chief Executive Officer (CEO) there is absolutely no privilege under basically any circumstances in Europe. Senn then noted that other jurisdictions have other kinds of laws, each with a slightly different parameter, leading to different attorney-client expectations.
Prepare for Local Enforcement Actions
Many countries are becoming more aggressive in their enforcement actions for bribery and corruption, sometimes based upon local and domestic anti-bribery laws. This means the information which one government knows, whichever government that is, you should expect and assume that multiple governments are cooperating in some way. This then makes it more likely that there could well be some sort of local enforcement action against your client while you are investigating matters around a FCPA claim or potential FCPA claim.
Prepare for Security Risks
This means personal security, physical and health safety. Simply consider the recent situation when Ebola was going around Western Africa or Central Africa. If you are conducting an investigation in such ravaged areas you should not send your employees to Liberia at that time to interview people. The same can be true in worn-turn areas like Syria or similar locales.
The better plan would be to remove the people you are interviewing and bring them to you or to a local hub outside of the impacted areas. That avoids a whole host of issues, as you do not want to have to pay for extra security, for example you do not want your employees to have to walk around with loaded machine guns protecting them; you have to make a judgment call as to where and whether these potential threats need to be addressed in some way.
Protect Whistleblowers
Here Senn had some very practical advice, which while it might seem counter-intuitive on the surface due to certain legal decisions, it might actually provide more protections for companies in the long run. Senn began by noting the 2nd Circuit Court of Appeals ruling in the Liu case, which essentially found that the Dodd-Frank retaliation provisions that protect whistleblowers in the US do not apply abroad, so in other words, a foreign whistleblower brought a case saying, “I was retaliated against and I bring a case under the retaliation provisions of Dodd-Frank,” and they said, “No way, you can't bring it.”
Senn believes that companies that use the Liu decision as a basis to retaliate against whistleblowers outside the US are wrong for several reasons. First, is that the Securities and Exchange Commission (SEC) has announced they will still pay whistleblower outside the US, who come forward and meet the requirements, the Dodd-Frank bounty of up to 30% of the penalty. This means that even if courts determine that the Dodd-Frank provisions do not apply for retaliation for foreign nationals, the SEC can still honor the communication and compensate the foreign whistleblower.
The second reason is the US Sentencing Guidelines make clear that part of an effective compliance and ethics program includes having a publicized system for employees or agents to report potential or actual criminal conduct without fear of retaliation. These Sentencing Guidelines apply to all US companies, both domestic and internationally. If your company retaliates against foreign whistleblowers, the US government can take that into account, which could be viewed in a negative way, meaning that you don’t have an effective compliance and ethics program.
Three Key Takeaways
Use translators and translations of key documents in witness interviews.
Use local counsel to facilitate the investigation and to help navigate any local anti-corruption investigation issues.
Never, never, never retaliate. The SEC will pay whistleblower bounties for non-US citizens.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/14/2017 • 15 minutes, 28 seconds
Compliance into the Weeds-Episode 42
In this episode, Matt Kelly and I take a deep dive into the corporate governance fiasco which is Uber. We consider the revelations in the failures of corporate governance, culture and internal controls at the organization. The company provides a fascinating study of what happens when a tech start up raised in the fraternity culture is successful and how changes are required for it to act like a multi-billion organization. Both Matt and I have written on Uber. Our podcast comes out the same day the Holder Report to the Uber Board was released so we weave in the recommendations from Covington & Burling as well.
For more on Uber see the following:
Matt Kelly’s piece Car Crash Governance at Uber
Tom Fox’s pieces on Uber
Will Culture Change at Uber Before its Too Late
CEOs and Win at All Costs-Where Does it Lead
Uber and Corporate Culture
For a copy of the Holder Report on corporate governance, cultural and internal controls failures at Uber and recommendations, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/14/2017 • 21 minutes, 33 seconds
Day 9 of One Month to Better Reporting and Investigations
Beginning with the Department of Justice’s (DOJ’s) Yates Memo, its Foreign Corrupt Practices Act (FCPA) Pilot Program and then the release of the Evaluation of Corporate Compliance Programs (Evaluation), I believe the DOJ has put even more pressure on every Chief Compliance Officer (CCO), and indeed every company, to get an investigation done quickly, efficiently and most importantly done right is even greater.
Jonathan Marks, a partner at Marcum LLP and a well-known internal investigation expert, provides some of his thoughts around what goes into a well-run investigation. His perspective is from someone who performs investigations outside your organization, either because the matter was so serious an outside expert was required; specific subject matter expertise (SME) was not available in your organization or due to the objectivity of the investigation. Today I want to consider who should be on your investigation team.
As discussed previously data collection, retention and preservation are critical elements of any significant internal investigation so you will need to have the involvement of your IT function. IT can help put a litigation hold on email that can help with the preservation of data in other areas of the organization. Further, they can assist with certain other aspects as more facts and circumstances are known.
HR is often an underutilized function for an internal investigator. HR can be very useful to provide context about employees’ work history. There may be notes in HR areas as diverse as training and exit interviews. HR can also be useful to give the investigator “some insight regarding the credibility of the individual that might be making the allegation. For example, are they a good and trusted employee? How long have they been there? What’s their general demeanor? What’s been the feedback on that particular individual?”
Both the Board and senior management can provide different types of support for an investigation. Marks noted the Board has oversight responsibility and senior management is responsible for the day-to-day, tactical operations of the organization, including the internal controls. This means from the Board’s perspective, “we would want to make sure that our governance processes were in place and operating effectively when it comes to an investigation. So, my concern, or concern from a board member’s perspective, from an investigation, early on, is what’s the financial impact; what’s the legal impact, for a publicly traded organization? Are there potential issues here which we as a Board need to be concerned with going forward?”
From the senior management’s perspective, Marks believes “the key thing there is if there is an issue and there was the ability to either override controls or controls weren’t in place or there was something that basically caused this, what do we need to do to assess that? What do we need to do to fix that? What was the root cause for this potential bad behavior? Like I said, how do we fix that or how do we put a plan together in order to fix that or shore that up?” He emphasized this is not the Board’s responsibility but that of senior management. Marks also pointed out that while an investigator would probably assume that the Board of Directors had been notified at this point about the issues being investigated, the investigators may want to make certain the Board has been made aware of the incident and investigation.
Marks suggested outside consultants in the form of forensic accountants should be a part of your investigation team. Such a skilled set team member can bring an investigative mind that drives them to answer questions about what occurred, when and how it happened, and who was involved. However, most lawyers do not understand how forensic accounting is performed and how they can assist your compliance investigation going forward.
Forensic auditing works to collect and analyze accounting and internal-controls evidence. They use this information to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of internal audit’s work can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur. Inquiries into accounting and internal controls raise a host of technical issues requiring specialized knowledge that forensic accountants are uniquely positioned to provide. This is a qualitative difference from internal audit, which more often looks at process to determine if it has been adhered to in a procedure.
The objective of a forensic audit investigation team member is to collect, analyze and report on the evidence or facts surrounding an act that often has litigious, fraudulent or criminal implications. Auditors also collect and analyze evidence, but an independent auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. However, a key role of the forensic accountant is to identify a concern and to notify company management about the issue or issues discovered.
As with a decision on bringing in outside counsel to perform a compliance investigation, you will need to consider whether a forensic accountant should be retained as an outside consultant or hired as an employee. One critical reason to bring in an outside professional is so they will be not be governed by management or influenced by potential biases within a company. Lastly is the issue of privilege. If a forensic accountant is not assigned through your legal department or through outside counsel, you can kiss away even the chance of claiming privilege.
Obviously, the GC would be involved to help protect the attorney client privilege if for no other reason. Further, an investigation needs to have the corporate compliance function involved, to understand what compliance program was in place at the time of the incident in question, what procedures the compliance function had and understand if this truly was a gap in the compliance function or “maybe there was an area within the compliance function that wasn’t operating as prescribed, or maybe it was a little bit weak.”
Three Key Takeaways
HR plays a key but often underused role in internal investigations.
The Board of Directors and senior management have different roles.
Use your legal department to protect the privilege.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/13/2017 • 12 minutes, 20 seconds
Day 8 of One Month to Better Investigations and Reporting
In the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (Evaluation), under Prong 7 Confidential Reporting and Investigation asks the following: Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented? These questions were clearly presaged by the DOJ’s Yates Memo and the Foreign Corrupt Practices Act (FCPA) Pilot Program. The pressure on every Chief Compliance Officer (CCO), and indeed company, to get an investigation done quickly, efficiently and most importantly done right is even greater now.
Jonathan Marks, a partner at Marcum LLP and a well-known internal investigation expert, gave some of his thoughts around what goes into a well-run investigation. Marks began by cautioning that any CCO must be cognizant of the strictures laid out in the Evaluation. It all begins with who in-house is looking at the complaint and does the CCO, compliance practitioner or legal team have the skills and capabilities to handle the matter which has arisen? Obviously if there are esoteric accounting issues or significant internal control work-arounds and overrides, a CCO may not have those skills to really understand all the issues. Similarly, if the matter is a global FCPA or equivalent bribery and corruption matter, Marks related, these “come in different flavors, and because they come in different flavors you may not have the skills or capabilities to do an investigation that would take place in say Brazil or Russia or China or India.”
All of this ties into how the government will view an investigation, particularly if the company does not have the skills and capabilities necessary to analyze the allegation, or if the allegation of fraud is serious enough where they believe that an independent investigation rather than an internal investigation really needs to be done.” Moreover, if allegations or the investigation are going to be subject to regulatory scrutiny, one of the benefits of having somebody come in from the outside is that there is independence, skepticism, the ability to work through things unlike you would with an internal investigation where an internal audit might be involved. Marks concluded by noted, “from an outsider’s perspective looking in, there is more credibility of having somebody come to conduct your investigation.”
Marks believes the first thing that any investigator must do is understand the business environment and the extended business enterprise. He further stated, “what I mean is really understand the business you’re dealing with, the industry that it’s in, the potential risks, the pressures and motivations that might be at play here. Understanding that generally with most frauds there is some pressure to do something because of something else and there are some motivations.” Such an initial understanding can help you formulate a comprehension of the internal controls that might be in place or that were lacking that could either have not been designed properly or overridden.
The next step is to quickly and thoroughly analyze the initial underlying facts and circumstances when it comes to the issue or the issues at hand. For Marks, the number one issue is the credibility of the complaint, which is more than simply the credibility of the complainant. Marks said it was important to understand how the allegations of wrongdoing came to light and the seriousness of the issues involved. He went on to note that his initial inquiry would include such questions as, “What are people saying happened or what is an individual saying that happened? You know the background of the complaint, if known. How long have they been with the organization? Are they credible? Have they complained before? If in fact this was either a whistle blower or a tip.”
At this early assessment, Marks believes you should also consider the possible legal and financial impact of the allegations. If you determine it is serious at this early juncture, you should always consider your internal crisis management team and if your organization does not have one, you should consider retaining such an expert. Marks explained, “Crisis management doesn’t necessarily mean that a crisis happened, it means that if in fact we are in crisis mode, how does that impact the company? So, thinking about those issues and then knowing what to do, if in fact you are in a crisis mode, I think is ultra-critical.” He went on to add, “I think crisis management is totally underplayed. I think that many organizations don’t have an appropriate crisis management plan. If something bad does happen, a lot of times I see organizations that are struggling to kind of put the pieces together.”
Marks also noted that both communication and collaboration are critical even at this early stage. He advocated that the company ask a series of questions such as what issues are “on the table” and who is impacted by these issues within the company; is it the company auditors or some other corporate function? He also advocated considering third parties and contracted entities in this calculus by inquiring if there were key suppliers impacted by the investigation. On the one hand, “a key supplier that might get wind of this and might not want to do business with us anymore?” Yet, conversely, such a key supplier could be a sole source supplier so you may need think about alternative arrangements. You should begin to consider these issues early on and continue to think about them as you are going through and doing and investigation.
Document preservation is always a critical issue and Marks believes this is one which government regulators will pay particular attention to both at this initial phase and throughout the investigation. You need to take steps to ensure all data is locked down. This means getting into the weeds on such issues as where are all your company’s servers located; what is your back-up situation; do you have hand-held devices secured and are the organization’s instant and text messaging tied down. If you do not take such steps you could well find yourself in a situation where either information is lost or there's a possibility or suspicion that information is lost. Unfortunately, that is the situation that leads to a prosecutor’s imagination going wild. Basically, you need to have the information locked down so that if the government wants to come in and perform an independent review or test your hypothesis, you can provide them with the required information.
Three Key Takeaways
Always remember your ultimate audience may be the government.
You must understand both the business environment and extended business enterprise.
Communication and collaboration in any investigation are critical so you should begin early and continue to do so throughout the investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/12/2017 • 12 minutes, 28 seconds
FCPA Compliance Report-Episode 333
Today I am joined again by Professor Samuel Buell, from Duke University School of Law to discuss a recent paper he co-authored with Rachel Brewster entitled, "The Market for Global AntiCorruption Enforcement". In the paper and in this podcast Professor Buell discusses the internal structural changes which took place in the 1980s and 1990s which set the stage for the explosive growth in FCPA enforcement. He then relates the changes on the domestic scene which facilitated its explosive growth. He ends by exposing the myth of the revolving door.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/12/2017 • 27 minutes, 28 seconds
This Week in FCPA-Episode 56
Show Notes for Episode 56, for the week ending June 9, the Who’s On First Edition
This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
The Kokesh case at the US Supreme Court is significant for SEC enforcement of the FCPA around profit disgorgement. For what it means to the compliance practitioner, see Tom’s piece in the FCPA Compliance & Ethics Blog. For a legal review of the decision, see Miller & Chevalier client alert authored by Saskia Zandieh. Marc Bohn considered the cased in the FCPA Blog. Marc and I discuss the case on the FCPA Compliance Report, Episode 332.
Trevor McFadden to leave the DOJ for federal bench. See article by Matt Kelly in Radical Compliance. Hui Chen’s contract not to be renewed, her position is posted for job applicants. Apply for the position here. Andrew Weissman leaves as head of the Fraud Section to go Special Prosecutor’s staff.
Former PetroTiger General Counsel Gregory Weismann is banned from SEC practice. See article in the FCPA Blog.
Matthew Stephenson considers what a Wal-Mart settlement might look like. See his article in the Global Anti-Corruption Blog.
The federal judge who sentenced Samuel Mebiame, the bag man for Och-Ziff; criticized the DOJ for its lack of prosecution of any individuals from the company. See article by Sam Rubenfeld in WSJ Risk and Compliance Report.
Jay previews his weekend report.
Tom continues to talk about the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.
Jay Rosen can be reached:
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Tom Fox can be reached:
Phone: 832-744-0264
Email: [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/10/2017 • 36 minutes, 46 seconds
Day 7 of One Month to Better Investigations and Reporting
There is nothing like an internal whistleblower report about a FCPA violation, the finding of such an issue or (even worse) a subpoena from the DOJ to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However it may well be the time for a very serious reality check. The DOJ Evaluation of Corporate Compliance Programs focuses this question in Prong 7 with the following: Response to Investigations –What has been the process for responding to investigative findings? You may find yourself in the position that you will have to have some very frank discussions about what to expect in terms of costs and time outlays. While much of these discussions will focus on the investigative process and those costs, these discussions will allow you to begin to talk about remediation going forward and begin to explain why money must be budgeted for the remediation process. One of the things rarely considered is how the investigation triggers the remediation process and what the relationship is between the two. When issues arise warranting an investigation that would rise to the Board of Directors level and potentially require disclosure to the government, there is usually a flurry of attention and activity. Everyone wants to know what is going on. Russ Berland, the Chief Compliance Officer at Dematic Inc. has noted, “for that short moment in time, you have everyone’s full attention.” Yet it can still be “a tricky place, because you get your fifteen minutes to really get everyone’s full attention, and then from then on, you’re fighting with everybody else for their attention, just like the normal things in business life. It’s, they’re coming in and saying, “Okay, here’s the situation as we know it now, there is an investigation path, and corresponding to that, here’s what we think is the remediation path and some outlines of what it’s going to take,” often with some dollar signs attached to it.” You need to explain the costs to the Board and senior management. As Berland said, you need to be upfront and candid in firmly stating, “For us to get to this place, this is what it’s going to cost.” Moreover, you need to be able to show how some companies paid very large amounts, not just in the eventual fine and penalty but also in other costs. Berland went on to say, “We want to show you how people have lost money by having to write big checks, because they didn’t take this seriously, and saved money, because they didn’t have to write as big a check, because they took this very seriously, and your return on investment here is going to be very high if you do this well.” This is easier with the information that was provided in the 2016 DOJ Pilot Program around FCPA enforcement as it demonstrated how much discount a company can receive below the minimum range of the Sentencing Guidelines for remediation. One of the most difficult parts is that the investigation is often done in a way in which the investigators want to maintain as tight a control over the information and privilege as they possibly can. The remediation really requires output from the investigation to understand where the risk points are and where the gaps are, both in the compliance program and the internal controls. There’s a tension there, and it needs to be structured in a way that information can be shared with those who are designing the remediation without fear of compromising the investigation. Dan Chapman, CCO at Vimpelcom and formerly CCO at Parker Drilling, also believes that costs must be adequately discussed to set proper expectations. These include both direct costs and, even more importantly, a discussion of indirect costs to the company. He noted that “the biggest cost to a company during an investigation is the diversion of management resources” and, as he further explained, “kind of everything stops to focus on the investigation.” This indirect cost comes through largely the time commitment of senior management. He further explained, “if senior management has to commit 20% of their time, that’s 20% that’s not going towards revenue generating, shareholder value protecting activities.” Yet, how can you communicate that to somebody who has not gone through a full blown internal investigation then coupled with a federal investigation with the DOJ and Federal Bureau of Investigation (FBI) involved? Understanding that the all-encompassing nature of such an event is difficult to articulate, Chapman goes through some of his past experiences as touch points. He said, “I talk about past experiences. One example would be at a past company, my first week on the job, they had a worldwide conference for all the senior managers from around the world. At that meeting, I asked all the senior executives, you know, C-level executives. I said, “Over the last few years, have you spent 5% of your time on the matter? They’d raise their hands. Then I kept escalating it: 10%, 15%. Hands didn’t go down until about 20%. Then I explained to them, to the audience, I said, “So if you got 5%, 10%, 15% more than your senior management, where would this company be?” I think that’s helpful, but there’s not great way to quantify it. It’s kind of like quantifying compliance generally. How do you quantify the absence of non-compliance? How do you quantify what could have been? How do you quantify the opportunity costs of managements time?” You can explain the upside of compliance and do that in a manner that juxtaposes the cost. Chapman said you could mention things such as, “If you have clear policies and people know what to do, think how much easier your life would be. Instead of having to make calls and figure it out on your own every single time, you had clear policy.” The same types of arguments come into play in areas generally considered the purview of HR, i.e. recruiting and retention. About recruiting Chapman posed the following for consideration, “Think about recruiting. Where do your new hires out of college come from? Where do they get their information about your company? If they Google your company, what’s one of the first things they see if you’ve been in trouble? They Google it, and they’ll get a penalty, or they’ll get some news article about the wrongdoings.” He also points out retention of current employees by asking, “How you would feel if everybody at this company felt good about working here, and no one felt embarrassed by what happened. Would that help retention?” Yet even more than these types of points about employees in the organization, Chapman believes it is important to make it personal to the highest level of the organization and try to make it as real and personal to your audience as possible. He says he asks the Board and senior management “What about you? How do you feel about being involved in it? Rather than being something that’s out there, the company, what about you? How do you feel about being here?” Obviously, the investigation will be critical for you to help understand what remediation your compliance program will need going forward. As Berland said, “Somebody found a way to get around your system. Maybe they colluded to overcome the internal controls. Maybe there was a group that simply wasn’t well trained, didn’t understand, or there was a group that was extremely well trained, and decided to do it anyway. But somehow, there are issues in your system, and by system, the overall system of the executive tone, the governance, the compliance program, the internal controls, all at a meta level.” It is axiomatic that you cannot finds gaps in your compliance system until you stress test it. Viewed in this light, your compliance failures can be viewed as such a stress test. Berland said, “Well, guess what, you just got handed a stress test, and this is where the system broke down. Now you know there’s a gap. Well, absent the investigation, as painful and difficult as that is, that gap would have just been sitting there.” The investigation will raise information to you about the failures of your compliance program that you may not have known existed previously. While there will be a desire by some folks to not give out any information about the investigation until it is completed and there is a final report, you must resist this at all costs. If the results of the investigation are not made available to you as the CCO or the compliance professional charged with remediating the compliance program, any such remediation will be extremely difficult, because, as Berland noted, “you’re just going off suppositions and guesses.” He advocates there be a solid line of communication between the people who are doing the investigation and the people who are leading the remediation. Otherwise, you can only begin your remediation in the most general terms and you will not be able to deal with specific gaps in your compliance program or risks that need to be managed. Such an approach can also be a recipe for disaster. First, and foremost, the DOJ will not give you credit and you may lose the types of benefits articulated in the FCPA Pilot Program. Moreover, the executive attention will have dissipated, or, as Berland said, “When you’ve got the energy, use it.” What about the always-dreaded ‘Where Else’ question in any FCPA investigation? Berland believes the key is “anticipating the question is going to come up, and having an answer ready, which is, “We are going to do a comprehensive risk assessment of the remainder of the company. We are not going to go out and look under every leaf and every, you know, check every tree, but we are going to do a very extensive risk assessment, and we’ll be able to come back and tell you that we don’t think there is a likelihood of other issues in other places.”” However, the answer could be equally something along the lines that ““we have found a high likelihood and we’re going to continue to take deeper and deeper considers that section until we know if something happened or not.” That was an acceptable answer. It was, you know, “here's the slice of the pie where we know something is happening, and here’s the process to look at the rest, given it really is kind of a risk assessment plus going forward.”” Three Key Takeaways A serious FCPA allegation gets the attention of the Board and senior management. Use this time to move the compliance program forward. Be aware of how your investigation can impact and even inform your remediation efforts. How do you deal with the dreaded ‘where else’ question?
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/9/2017 • 13 minutes, 11 seconds
Day 6 of One Month to Better Investigations and Reporting
In an article in the Corporate Board magazine, entitled “Successful Board Investigations” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP posited seven considerations to facilitate a successful board investigation.
Consider whether you need independent outside counsel
The appearance of partiality undermines the objectivity and credibility of an investigation. That means you should not use your regular counsel. The authors cite to the Securities and Exchange Commission (SEC) analysis of how independent board members truly are to explain the need for independent counsel. They state, “the SEC considers the following criteria when determining whether (and how much) to credit self-policing, self-reporting, remediation and cooperation” which will consist of the following factors:
Did management, the board or committees consisting solely of outside directors oversee the review?
Did company employees or outside persons perform the review?
If outside persons, have they done other work for the company?
If the review was conducted by outside counsel, had management previously engaged such counsel?
How long ago was the firm’s last representation of the company?
How often has the law firm represented the company?
How much in legal fees has the company paid the firm?
Consider hiring an experienced “investigator” to lead the internal investigation
Jim McGrath has written and spoken about the need to utilize specialized counsel in any serious investigation. If a board is leading an investigation, I would submit by definition it is serious. Your investigation needs to lead by a lawyer with significant experience in conducting internal investigations; a strong background in criminal or SEC enforcement; and has substantive experience in the particular area of law at issue.
Consider the need to retain outside experts
In any FCPA or other anti-corruption investigation, there will be the need for a wider variety of subject matter experts (SME’s) than a compliance professional. If there are accounting issues, forensic accountants might be needed. In this day and age, an electronic discovery consultant is often required, and can be a cost effective option for gathering and processing electronic data for review.
Analyze potential conflicts of interest at the outset and during the investigation
There are two types of conflicts of interest that may come to light during an investigation. First is the one which comes up when the law firm or lawyers conducting the investigation are those whose prior legal advice has some bearing on the matters being investigated because a company’s regular outside lawyers represent the company. During an internal investigation, however, the lawyers may be hired by, and represent, the board or its committee. The second occurs when a lawyer or law firm jointly represents the board and employees at the company as regulators have become increasingly concerned with joint representations. The trickier question is what to do when there simply is a risk that representing one client could limit the lawyers’ duties to the other. So in these situations, joint representation may not be appropriate.
Carefully evaluate Whistleblower allegations
Whistleblowers have become more important and taking their allegations seriously is paramount. This does not mean trying to find out who the whistleblowers might be to punish or stifle them, even if they are located outside the United States and therefore do not have protections under these laws. They can still get hefty bounties. Regulators are very wary of boards that do not satisfactorily evaluate a whistleblower’s complaint based on a perception of the whistleblower himself, as opposed to the substance of the complaint.
Request regular updates from outside counsel, without limiting the investigation
These types of investigations are long and very costly. They can easily spin out of cost control. But, by trying to manage these costs, a board might be perceived as placing improper limits on the investigation. The “goal is to strike the right balance between the cost of the investigation and its thoroughness and credibility.” To do so, flexibility is an important ingredient. The scope of what to investigate is not a static, one-time decision. It can, and usually does, evolve.
Consider whether an oral report at the conclusion of the investigation is sufficient
While there may be instances in which, due to complexity and the nature of allegations involved, a written report is necessary, there may be times when an oral report delivered to a board is better than a written report for “a written report may be easier to follow and appear to be the logical conclusion to an investigation, it is an expensive and time-consuming endeavor, and it comes with great risk.” The authors indicate three reasons for this position.
The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.”
Three Key Takeaways
Retain the right counsel. Consider conflicts and appearance.
Carefully evaluate all whistleblower allegations and reject retaliation.
Consider receiving oral reports on an ongoing basis and one lengthy oral report at the end of the investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/8/2017 • 10 minutes, 39 seconds
Everything Compliance-Episode 12
The dog days of summer are on the horizon and the Houston Astros lead the major leagues in winning percentage. Coincidence that the US pulls out of the Paris Climate Accords the same week the Astros are playing .700 baseball? The top four commentators in compliance return to talk about what is one their summer radar for consideration. This episode concludes with the panelists’ rants.
Matt Kelly opens with a discussion of the revisions to the COSO ERM Framework, which were based on comments by practitioners. Matt considers the integration of the COSO ERM Framework into functional business units moving to operationalize ERM in organizations and we consider how the ERM Framework differs yet is complimentary to the COSO Internal Controls Framework.
For Matt Kelly’s posts on the COSO ERM Framework, see the following:
More Details on COSO ERM Framework
Update to COSO ERM Framework Update
ERM Framework: Govt. Calls for Unity
More Clues on Draft ERM Framework
Draft ERM Framework is Here: How to Get Started
Mike Volkov examines the FinCen enforcement action involving Thomas Haider, the former CCO at MoneyGram. Mike considers the implications for CCOs and whether the case even matters for CCOs.
For Mike Volkov’s post see on the Haidar enforcement action, see the following:
MoneyGram CCO Pays Civil Penalty
Jonathan Armstrong reviews the recently released information that both Wood Group/AMEC are under the SFO concerning its Unaoil investigation. He explores some of the following questions: What should companies be doing around Unaoil? What happens if you discover a merger candidate is under investigation or in the case of AMEC, self-disclose they are under investigation. What does it mean if the acquiring entity rather than the target is under investigation? Finally, Armstrong handicaps the upcoming UK election and what it might mean for compliance.
For Cordery Compliance's Client Alert see the following:
Bribery Due Diligence
Jay Rosen brings his Mr. Monitorship hat and former Mr. Translations eye to the question of operationalizing your compliance program. He considers how the compliance function can work with other corporate functions to embed compliance into the fabric of an organization, concluding with by doing so a compliance function could become a competitive advantage for a business.
For Jay Rosen’s posts see the following:
Compliance as a Competitive Advantage
For Tom Fox’s posts on operationalization of compliance see the following:
Operationalizing Compliance, starting with Pizza
Operationalizing Compliance by Overcoming Obstacles
Operationalizing Compliance through Human Resources
Operationalizing Compliance through the Controller’s Office
Operationalizing Compliance through Internal Audit
The members of the Everything Compliance panel include:
Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]
Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/8/2017 • 1 hour, 7 minutes, 14 seconds
Day 5 of One Month to Better Investigations and Reporting
Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises? However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board of Directors does not get an investigation which it handles right, the consequences to the company, its reputation and value can all be quite severe. The SEC considers a variety of factors around corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company?
There is also role of the Sarbanes-Oxley Act (SOX) in internal investigations, most particularly for audit committees. Section 301 establishes certain requirements for Audit Committees, including: (1) Procedures for receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; (2) Procedures regarding the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters; (3) Authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties; and (4) Funding to engage advisors as it deems appropriate.
In an article in the Corporate Board magazine, entitled “Successful Board Investigations” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP write about five key goals that any investigation led by a Board of Directors must meet. They are:
Thoroughness - The authors believe that one of the key, and most critical, questions that any regulator might pose is just how thorough is an investigation; to test whether they can rely on the facts discovered without having to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators, in terms of what is investigated, or how the investigation is conducted. This question can be an initial deal-killer particularly if the regulator involved views an investigation insufficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded ‘Where else’ question.
Objectivity - Here the authors write that any “investigation must follow the facts wherever they lead, regardless of the consequences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that in addition to the objectivity requirement in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed with some askance, particularly if the client is a high volume client of the law firm involved, either in dollar amounts or in number of matters handled by the firm.
Accuracy - As in any part of a best practices anti-corruption compliance program, the three most important things are Document, Document and Document. This means that the factual findings of an investigation must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its own investigation of the same issues.” This is never good and your company may well lose what little credibility and good will that it may have engendered by self-reporting or self-investigating.
Timeliness - Certainly in the world of FCPA enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act Whistleblower provisions. But there are other considerations for a public company such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent as a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
Credibility - One of the realities of any FCPA investigation is that a Board of Directors led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-Morning Quarterbacking but quite a bit of post event analysis. So the authors believe that any Board of Directors led investigation “must be (and must be perceived as) credible as to what was done, how it was done, and who did it. Otherwise, the board’s work will have been for naught.”
Dan Chapman, Chief Compliance Officer at Vimpelcom, has said this is the time for a very frank conversation with your Board about what such an investigation will entail. Costs must be adequately discussed to set proper expectations. These include both direct costs and, what Chapman believes may be even more important, a discussion of indirect costs to the company. He noted that “the biggest cost to a company during an investigation is the diversion of management resources” and, as he further explained, “kind of everything stops to focus on the investigation.” This indirect cost comes through largely the time commitment of senior management. He further explained, “if senior management has to commit 20% of their time, that’s 20% that’s not going towards revenue generating, shareholder value protecting activities.”
Finally Jonathan Marks, a partner at Marcum LLC has noted after notification of serious allegations, Boards should take the following steps:
Consider creating a Special Committee to conduct the investigation;
Establish a committee charter;
Preserve the electronic and hardcopy documentation environment;
Communicate with external auditors; and
Plan potential communication with the SEC, DOJ, and the relevant stock exchange.
Marks also notes that while a special committee might be necessary in certain rare circumstances, the board should try to avoid forming a special investigative committee to oversee the investigation if its audit committee is composed of independent and disinterested directors that are suited for the task. A special committee must be disbanded at some point (usually once the investigation is completed and before the restatement process begins), and the disbanding could become a complicated news item. Conversely, if the audit committee oversees the investigation, then, once the investigation is complete, the audit committee can pivot back to its normal role, which would include overseeing the actual restatement process. Investigations overseen by the audit committee also benefit from the positive relationship that the audit committee chair usually has with the audit partner of the company’s external auditor.
Three Key Takeaways
The Board should have a written protocol for investigations prepared in advance.
Any Board led investigation must be both credible and objective.
The investigation must be thorough but the Board can be cost effective.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/7/2017 • 11 minutes, 58 seconds
FCPA Compliance Report-Episode 332
In the case of Kokesh v. SEC, the US Supreme Court held the profit disgorgements operate as a penalty under the Securities and Exchange Act of 1934, as amended. As such “any claim for disgorgement in an SEC enforcement action must be commenced within five years of the date the claim accrued.” The position of the Securities and Exchange Commission (SEC) at the Supreme Court and in all other matters involving this issue was that profit disgorgement were not punitive, hence not a penalty but rather remedial in nature so the SEC could clawback all monies generated as a result of the illegal action.
The decision, authored by Justice Sotomayor, was a 9-0 opinion which in the rarified world of Supreme Court decisions is about as clear a message as one can get. The Court first determined that profit disgorgement met the definition of a “penalty” under two basis, “First, whether a sanction represents a penalty turns in part on “whether the wrong sought to be redressed is a wrong to the public, or a wrong to the individual.” Second, a pecuniary sanction operates as a penalty if it is sought “for the purpose of punishment, and to deter others from offending in like manner” rather than to compensate victims.” [citations omitted] Thus, if a statute provided a compensatory remedy for a private wrong, it should not be characterized as penalty.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/7/2017 • 18 minutes, 28 seconds
Day 4 of One Month to Better Investigations and Reporting
One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. This is considered in different language in the Justice Department’s (DOJ) Evaluation of Corporate Compliance Programs (Evaluation), which under Prong 7 reads, in part, Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented? Tying all of together is short but succinct statement found in the 2012 FCPA Guidance, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.”
Given the number of ways that information about violations or potential violations can be communicated to the government regulators, having a robust triage system is an important way that a company can separate the wheat from the chaff and bring the right number of resources to bear on a compliance problem. One of the things that this is important in making an initial determination of whether to bring in outside counsel to head up an investigation. It is also important in a determination of the resources that you may want or need to commit to a problem. You literally need to “kick the tires” of any allegations or information so that you know the circumstances in front of you before you make the decision going forward. You can do this through a robust triage process.
Jonathan Marks, a partner at Marcum LLP has suggested a five-stage triage process which allows for not only an early assessment of any allegations but also a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, what will be the types of evidence you will need to consider going forward. Finally, before selecting a triage solution you should understand what tools are available, including both forensic and human, to complete the investigation. Marks’ five-stage process includes the following:
Stage 1. These consist of allegations have a low threat level and do not suggest a breakdown of internal controls. Tips that get grouped into this stage do not have a financial or reputational impact.
Stage 2. These allegations are more serious in nature, and often indicate some deficiency in the design of internal controls. Examples include business rule violations such as recurring employee theft or patterns of falsifying expense reports.
Stage 3. These allegations are serious in nature, generally involve an override of internal controls, and thus are at a minimum a serious deficiency. But they have only a minimal impact on the financial statements or the company’s reputation. More serious allegations in this category include fraud, embezzlement, and bribery involving employees or mid-level management.
Stage 4. These are serious allegations that could have an impact on the completeness and accuracy of the audited financial statements, and that could indicate a material weakness in internal controls. They do not, however, appear to involve any member of the senior management team.
Stage 5. These are serious allegations that involve one or more members of the senior management team, or are serious enough to damage the company’s reputation. The receipt of allegations in this stage usually place the company into crisis management mode, and could result in the restatement of audited financial statements or added regulatory scrutiny.
By using such an approach, you will be able to respond more quickly and efficiently to any allegations which arise. Of course, as more information is developed during the course of an investigation, the matter can be moved up or down this scale. Such an approach is also important for a company’s outside investigative counsel to partner more with the entity as a way to help hold down costs. Outside counsel can work to build confidence that the company’s investigators could handle a large or wide-ranging investigation. This confidence would help outside counsel in any discussions they might have with the DOJ during the pendency of a FCPA investigation.
Such an approach also has the effective of keeping your investigative costs below the ridiculous level. This is because beyond the tactical need to initially scope any FCPA allegation which may arise through a company’s internal reporting mechanism, it allows you to move to the next step of developing a reasonable investigation plan. This can be particularly important if you self-disclose to the DOJ. You will need to go into the DOJ and present your investigation plan so an early discussion with the government on the scope of the investigation is critical.
You should engage the DOJ to show not only the scope of your investigation but that it can be limited so that you do not face the dreaded ‘where else’ question. You should develop a logical plan with the nexus to the facts. But it is critical that you and your investigation plan must have credibility with the government that not only will your investigation will be robust but that facts you have determined in your initial triage are a reasonable interpretation.
Appropriate triage of allegations has several different impacts for any matter which comes to the attention of the compliance function. Obviously, it will help you to initially determine the seriousness of the matter. From there you can allocate an appropriate level of resources. It will also aid in your discussion with the DOJ if you have to go that route. Finally, in the situation where facts come in, it gives you evidence a documented process was followed with which you can show the government that a claim was properly scope as required under the Evaluation. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before an allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.
Three Key Takeaways
Compliance can learn from M*A*S*H about the need for triage.
Initial triage allows you to separate the wheat of serious allegations from the chaff of more inconsequential allegations.
A robust triage process allows for greater credibility with government regulators.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/6/2017 • 11 minutes, 48 seconds
FCPA Compliance Report-Episode 331, Chris Morton
In this episode, I visit with Chris Morton, the SVP, Marketing and Corporate Development for Navex, about the firm's new resource for the Compliance Community, ComplianceNext.com. It is a free, compliance community driven learning platform designed to offer real-world education and skill enhancement for the compliance professional. Morton discusses its launch, the partners involved, highlights some of the content and discusses the user experience. Best of all, this resource is FREE. For more information, check out the site ComplianceNext.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/6/2017 • 22 minutes, 45 seconds
Day 3 of One Month to Better Investigations and Reporting
Your company should have a detailed written procedure for handling any complaint or allegation of bribery or corruption, regardless of the means through which it is communicated. The mechanism could include the internal company hot-line, anonymous tips, or a report directly from the business unit involved. You can make the decision on whether or not to investigate with consultation with other groups such as the Audit Committee of the Board of Directors or the Legal Department. The head of the business unit in which the claim arose may also be notified that an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis. Through the use of such a detailed written procedure, you can work to ensure there is complete transparency on the rights and obligations of all parties once an allegation is made. This allows the Compliance Department to have not only the flexibility but also the responsibility to deal with such matters, from which it can best assess and then decide on how to manage the matter.
Indeed the SEC considers a variety of factors around giving credit to corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company? If the review was conducted by outside counsel, had management previously engaged such counsel? How long ago was the firm’s last representation of the company? How often has the law firm represented the company? How much in legal fees has the company paid the firm?
In a presentation by Jay Martin, Vice President, Chief Compliance Officer (CCO) and the Senior Deputy Counsel for Baker Hughes Incorporated and Jacki Trevino, Senior Consultant, Advisory Services at SAI Global entitled, “FCPA Compliance Best Practices: Success Stories of Robust and Effective Anti-Corruption Compliance Programs in High Risk Markets” they presented the specifics of an investigation protocol.
The five steps were: (1) Opening and Categorizing the Case; (2) Planning the Investigation; (3) Executing the Investigation Plan; (4) Determining Appropriate Follow-Up; and (5) Closing the Case. If you follow this basic protocol, you should be able to work through most investigations, in a clear, concise and cost effective manner. Furthermore you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to document, document, and document, not only the steps you took but why and the outcome obtained.
Step 1: Opening and Categorizing the Case. This is the triage step and this first step, to categorize a compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. After notification, you should assemble your investigation team for preliminary meetings and assessments. This Step 1 should be accomplished in one to three days after the allegation comes into compliance, either through your reporting structure or other means.
Given the number of ways that information about violations or potential violations of the Foreign Corrupt Practices Act (FCPA) can be communicated to the Department of Justice (DOJ) having a robust triage system is an important way that a company can separate the wheat from the chaff and bring the right number of resources to bear on a FCPA problem. A key consideration is making an initial determination of whether to bring in outside counsel to head up an investigation and a determination of the of the resources that you may want or need to commit to a problem.
Step 2: Planning the Investigation. After assembling your investigation team, determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, or relationships need to be analyzed through relationship software programs or key word search programs, this should also be planned out at this time. These tasks should be integrated into a written investigation or work plan so that the entire process going forward is documented. Also, if there is a variation from the written investigation plan, such variation should be documented and an explanation provided as to why there was such a variation. Lastly, if international travel is involved this should also be considered and planned for at this step. Step 2 should be accomplished with another one to three days.
Step 3: Executing the Investigation Plan. Under this step, the investigation should be completed. I would urge that the interviews not be effected until all documents are reviewed and ready for use in any interviews. Care should be taken to ensure that an appropriate Upjohn warning is issued and that the interviewee clearly understands that whoever is performing the interview represents the company and not the person being interviewed, whether they are the target of the investigation or not. The appropriate steps should also be taken to preserve the attorney-client privilege and attorney work product assertions. This Step 3 should be accomplished in one to two weeks.
Step 4: Determining Appropriate Follow-Up. At this step, the preliminary investigation should be completed and you are ready to move into the final phases. In some investigations, it is relatively easy to determine when the work is essentially complete. For example, if the allegation is both specific and narrow, and the investigation reveals a compelling and benign explanation for the conduct alleged, then the investigation typically is complete and you are ready to convene the investigation team and the relevant business unit representatives. This group would decide on the appropriate disciplinary steps or other actions to take. This Step 4 should be completed in one day to one week.
It must be cautioned that at this step, if there are findings of specific or discrete allegations of corruption and bribery, a decision must be made as how to handle such findings going forward.
Step 5: Closing the Case. Under this final step, communicate the investigation results to the stakeholders and complete the case report. Everything done in the above steps should be documented and stored, either electronically or in hard copy form together. The case report should be completed. This Step 5 should be completed in one day to one week.
Three Key Takeaways
A written protocol, created before an investigation is a key starting point.
Create specific steps to follow so there will be full transparency and documentation going forward.
Consistency in approach is critical.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/5/2017 • 11 minutes, 31 seconds
FCPA Compliance Report-Episode 330 Robyn Bew and Henry Stoever
In this episode, I visit with Robyn Bew, the Director of Strategic Content Development for the National Association of Corporate Directors (NACD) and Henry Stoever, the Chief Marketing Officer for the NACD. They discuss what is the NACD, who are its members and why directors or those desiring to be directors should join. We review some of the highlights from the 2017 NACD Directors Compensation Reports, the types of trainings offered by the NACD and the NACD’s advocacy for the director profession. You can find out more about the NACD by checking out their website, NACDonline.org.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/5/2017 • 32 minutes, 27 seconds
This Week in FCPA-Episode 55
This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
Brazilian meatpacker JBS agrees to the largest fine ever for fine for bribery and corruption, $3.2bn in Brazil. See article in the Wall Street Journal.
Samuel Mebiame, sentenced to two years behind bars for paying bribes to help Och-Ziff with lucrative mining deals in Africa. See article by Sam Rubenfeld in WSJ Risk and Compliance Journal. Judge asks why no one else was criminally prosecuted. See article in Bloomberg.
Both acquirer and target are under SFO investigation in Wood Group/AMEC merger for their use of Unaoil. See articles in This is Moneyand The Telegraph.
Compliance is making its way into Boards of Directors. See article by Ben DiPietro in the WSJ Risk and Compliance Journal.
Did Jared Kushner violate the FCPA? Matthew Stephenson explores this question on the Global Anti-Corruption Blog.
Jay previews his weekend report.
Tom continues to talk about the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/2/2017 • 33 minutes, 18 seconds
Day 2 of One Month to Better Investigations and Reporting
In an article in the Compliance and Ethics Professional Magazine, entitled “Foxes and henhouses: The importance of independent counsel”, Dan Dunne discussed what he termed a “critical element” in any investigation, which he denominated as “fair and objective evaluation.” Dunne wrote that a key component of this fair and objective evaluation is the WHO question; that is, who should supervise the investigation and who should handle the investigation? Dunne’s clear conclusion is that independent counsel should handle any serious investigation.
There are three reasons for a company to retain independent counsel for internal investigations of serious whistleblower complaints. First, André Agassi was right, perception is reality. This means that for any corporate ethics and compliance program to be effective, it must be perceived to be fair. If your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Further, those involved must have confidence that any internal investigation is treated seriously and objectively.
Secondly, if regular outside counsel investigates their own prior legal work or legal advice, a very large and potentially messy numbe of loyalty and privilege issues can arise in the internal investigation. It is a rare legal investigation, where the lawyer or law firm which provided the legal advice and then investigates anything having to do with said legal advice, finds anything wrong with its legal advice. Dunne also notes that if the law firm which performs the internal investigation has to waive attorney client privilege, it may also have to do the same for all its legal work for the company.
The third reasons is the relationship of the regular outside counsel or law firm with regulatory authorities. If a company’s regular outside counsel performs the internal investigation and the results turn out favorably for the company, the regulators may ask if the investigation was a whitewash or at the very least, less than robust. If the Securities and Exchange Commission (SEC) or Department of Justice (DOJ) cannot rely on a company’s own internal investigation, it may perform the investigation all over again with its own personnel. Further, these regulators may believe that the company, and its law firm, has engaged in a cover-up. This is certainly not the way to buy credibility.
Mara Senn has explained that it is the lawyer or law firm representing the company that can go a long way towards establishing credibility, noting, “For those of us who regularly appear before the government, we already have credibility, and they understand that the client may or may not agree with recommendations we make, and they know that we’ll be a straight shooter once we’re in front of them, however we get in front of them.” But is more than the lawyer or law firm that brings credibility; it is actions of the company as well. Of course this means the steps the company has taken and its cooperation with the government during the pendency of any FCPA investigation.
Despite the fact that using specialized investigation counsel is a best practice that is worth the money, one of the more difficult things is convincing decision-makers of this advantage. This is particularly so when speaking with mid- or small-sized companies that are part of larger supply chains. While general counsels and compliance officers may be up to speed on outsourcing critical inquiries, managers in business segments often are not and frequently reply that they “got someone” in the company who “takes care of that stuff.” However, it is clear that such an approach will be more costly to a company in the long run.
Moreover, if there are serious allegations made concerning your company’s employees engaging in criminal conduct, a serious response is required. Your company needs to hire some seriously good lawyers to handle any internal investigation. These lawyers need to have independence from the company so do not call your regular corporate counsel. Hire some seriously good investigative lawyers. This may well mean you need specialized outside counsel.
James McGrath and David Hildebrandt wrote about the use of specialized outside counsel to lead an independent internal investigation as compliance and ethics best practices in an article entitled, “Risks and Rewards of an Independent Investigation”. This is based upon the US Sentencing Guidelines, under which a scoring system is utilized to determine what a final sentence should be for a criminal act. Factors taken into account include the type of offense involved and the severity of the offense, as well as the harm produced. Additional points are either added or subtracted for mitigating factors. One of the mitigating factors can be whether an organization had an effective compliance and ethics program. McGrath and Hildebrandt argue that a company must have a robust internal investigation.
The authors suggest that in such a situation, a company should engage specialized counsel to perform the investigation. There were three reasons for this suggestion of the utilization of specialized counsel. The first is that the Department of Justice would look towards the independence and impartiality of such investigations as one of its factors in favor of declining or deferring enforcement. If in-house counsel were headed up the investigation, the DOJ might well deem the investigative results “less than trustworthy”.
A second reason came from the company perspective. Many companies have sought protection of investigations behind the shield of the attorney-client privilege and attorney work-product doctrine. If an in-house attorney is utilized, many courts are skeptical of a company asserting the privileges because of the mixed responsibilities of counsel in a corporation; that of legal and business work. Additionally, obstructionist attempts by corporations to improperly assert the privilege have led courts to refuse to allow the privilege to be asserted. However a company will usually not face these arguments if outside counsel is utilized.
Even if the company is willing to waive its attorney-client privilege, McGrath and Hildebrandt offer a third reason for the use of specialized outside counsel to handle an investigation. If a company’s regular outside counsel were retained to conduct the investigation, the DOJ might feel the results had less than full credibility due to the fact that the law firm knew “who buttered its bread” and that the law firm would not want to bring bad news to client and endanger the ongoing business relationship between the law firm and the client. The authors end by concluding that by employing specialized counsel comports with the expectations under the US Sentencing Guidelines, gives a company the protections of the attorney-client privilege and the work-product doctrine and finally “assures the government of the integrity of the internal investigation.”
Three Key Takeaways
Serious allegations demand a serious response, with seriously good lawyers leading the investigation.
The biggest thing that any person or company brings to the table when sitting across from the DOJ or SEC is credibility.
Use of regular corporate counsel can negatively impact your investigation because of the issues of loyalty and privilege.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/2/2017 • 12 minutes, 35 seconds
Day 1 of One Month to Better Investigations and Reporting
The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a Foreign Corrupt Practices Act (FCPA) issue for your company. As the Chief Compliance Officer (CCO), it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward. This month’s podcast series will provide to you all the steps you will need to consider going forward.
This scenario was driven home in a FCPA enforcement action brought by the Securities and Exchange Commission (SEC) in July 2015 involving Mead Johnson Nutrition Company (Mead Johnson). In that case, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately the first investigation, performed in 2011 did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.
Similarly, consider Zimmer Biomet, which (when it was only Biomet) resolved an FCPA violation in 2012 for nearly $23MM and entered into a Deferred Prosecution Agreement (DPA). Within the year, Biomet notified its Monitor that it has found evidence of additional FCPA violations, which in turn violated the terms and conditions of the DPA. However these additional violations by the company (now Zimmer Biomet) turned out to have been actions which occurred in 2010, well before the initial DPA but were not uncovered in the company’s worldwide investigation which led to the first settlement. Zimmer Biomet paid an additional $13MM for this oversight and extended out both the DPA and the Monitorship, all because the company had failed to fully investigate itself thoroughly.
The 2012 FCPA Guidance states the following on investigations, “Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” That is simply it. This simple introduction was expanded upon in the Justice Department’s Evaluation of Corporate Compliance Programs (Evaluation) released in February. Prong 7 in the makes the following inquiries:
Effectiveness of the Reporting Mechanism – How has the company collected, analyzed, and used information from its reporting mechanisms? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information?
Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?
Response to Investigations – Has the company’s investigation been used to identify root causes, system vulnerabilities, and accountability lapses, including among supervisory manager and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go?
The Mead Johnson and Zimmer Biomet matters are but two examples which make clear the need to have robust, integrated investigations. Marc Bohn, writing in the FCPA Blog, said about the Mead Johnson matter, “Investigations that lack sufficient depth, resources, or forethought can pose significant risk because they increase the likelihood that something critical will be overlooked, potentially permitting misconduct to continue unabated.” Both Mead Johnson and Zimmer Biomet point to the critical nature of FCPA investigations and why the government takes this requirement so rigorously. But more than protecting a company from liability under the FCPA, in the internationalized world of global compliance investigations are becoming more important. Bio-Rad recently announced that its FCPA settlement was a “risk-factor” which required public disclosure under US securities law.
In the domestic arena, internal investigations can go a long way towards helping a company move past a public relations debacle or perhaps abate negative publicity. One need only consider the recently released internal investigation report commissioned by the Wells Fargo Board of Directors around the bank’s fraudulent accounts scandal. The report was merciless in its criticism of certain structural and cultural failures at the bank. It named names of culpable former senior executives at the company. However one thing it did not address were allegations from multiple whistleblowers who claimed to have reported the fraudulent conduct and were ignored or actively retaliated against. If the internal investigation turns out to have white washed these whistleblowers, the financial penalty and negative public reaction could be both swift and severe.
Corrupt investigations are never a good thing for a company as they can disrupt business relationships and future opportunities. Yet today they are even more important. In the month of June I will be exploring how you can create, design and implement a robust investigation protocol for an internal investigation and when you should bring in outside counsel for an independent investigation. I will consider the Board of Director’s role in investigations and other corporate functions such as internal audit, IT and legal in any investigation. I will review special issues such as privilege, Upjohn and Miranda warnings and data privacy.
As Hallmark Seven of the Ten Elements of an Effective Compliance program states, in part, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation” and Prong 7 of the Evaluation also deals with reporting; I will consider hotlines. Both their implementation and use in a best practices compliance program. I will feature several compliance practitioners, both lawyers and non-lawyers, who will relate how they developed their investigative strategies and navigated various stakeholders to obtain positive results for their clients.
Three Key Takeaways
Failure to thoroughly and properly investigations allegations of corruption can be costly.
The internationalization of global anti-corruption enforcement makes performing robust investigations even more important.
Use the month of June to learn about key aspects of investigations and internal reporting mechanisms.
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/1/2017 • 13 minutes, 30 seconds
Unfair and Unbalanced-Episode 19
In this episode, Roy and I consider Sgt. Pepper's at 50; Artificial Intelligence in Compliance and how ComTech will change the face of compliance going forward.
For additional reading on these topics see:
Compliance Lessons from Sgt. Pepper's
AI and Compliance Going Forward: Welcome to ComTech
AI for Risk Management in Compliance
Learn more about your ad choices. Visit megaphone.fm/adchoices
6/1/2017 • 29 minutes, 14 seconds
One Month to Better Compliance through HR
Day 22-10 Questions to Better Operationalized Compliance
I conclude this month’s series inspired by an article in the Harvard Business Review, entitled “Does Management Really Work?” by Nicholas Brown, Raffaella Sadun and John Van Reenen. I found the article very useful because it gave succinct advice about what a business can do to improve its management practices and determined that this advice can be applicable to a compliance program. Based upon this article I have developed 10 questions which you might want to put use as a starting point for operationalizing your compliance initiatives going forward. I would challenge you to think about some of the answers to these questions in the context of your compliance program.
Interconnectedness of Targets - How are compliance goals cascaded down to individual workers? Everyone recognizes the importance of ‘tone-at-the-top’ as it is enshrined in every description of a best practices compliance program. However, operationalizing compliance means moving towards an appropriate tone in the middle and at the bottom. As stated in the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs (Evaluation), under Prong 1, “How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?”
Clarity and Comparability of Goals - Does anyone complain that your compliance targets are too complex? Certainly the initial role out of a compliance program can be quite a large undertaking. Perhaps another approach might be to focus on high risk areas and remediate them by rolling out initiatives to manage those risks first and then move to other areas. Many companies have reviewed and remedied the third party sales side of their business but are only now looking at the Supply Chain or Procurement side of the equation. If you work on one such problem at a time, it can help move the overall process forward in a more orderly fashion.
Consequence Management - How do you deal with repeated compliance failures in a specific business segment or compliance program area? This is certainly one question that you would want to consider carefully. Do you have problems with one business unit or one geographic area from the compliance perspective? Are gifts in China, for example, an ongoing issue for your company? What about travel and entertainment? Consider this carefully as the DOJ asks the following about accountability in the Evaluation, “What disciplinary actions did the company take in response to the misconduct and when did they occur? Were managers held accountable for misconduct that occurred under their supervision? Did the company’s response consider disciplinary actions for supervisors’ failure in oversight? What is the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the type(s) of conduct at issue?”
Instilling a Mind-Set - How does your company show that attracting and developing talent who will engage in ethical business conduct is a top priority? This is a key part of operationalizing your compliance program and one where your Human Resources (HR) Department should take the lead. If top management will make a commitment to this, you should work to create the appropriate mind-set of doing business the right way throughout your organization.
Removing Poor Performers - How long is compliance underperforming tolerated? The DOJ asks in the Evaluation, “Has the company ever terminated or otherwise disciplined anyone (reduced or eliminated bonuses, issued a warning letter, etc.) for the type of misconduct at issue?” I think that many companies would clearly say that they will discipline, up to and including discharge, any employee who engages in practices that violate the Foreign Corrupt Practices Act (FCPA). But this question drills deeper and forces a more rigorous analysis on not just FCPA failures by employees but poor ethical choices which may be less than full FCPA violations.
Unique Employee Value Proposition - What makes it distinctive to work at your company? What is the culture of your organization? Is it to do business ethically or simply make your numbers no matter how unrealistic they are aka Wells Fargo? More pointedly, how can your compliance challenges be turned into business leadership opportunities? Ethisphere annually shows that its top list of the Most Ethical Companies out performs the Standard & Poor (S&P) 500. If you more fully operationalize your compliance program into your company, it could well make your business not only more efficient but at the end of the day, more profitable.
Continuous Improvement - How do compliance programs that are not working typically get exposed and remediated? There is a difference between auditing and monitoring. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. A robust program should include separate functions for auditing and monitoring. While unique in protocol, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For example, if you notice a trend of suspicious payments in recent monitoring reports from a country in the Far East, it may be time to conduct an audit of those operations to further investigate the issue.
Performance Tracking - What key compliance indicators do you use for compliance tracking? What metrics have you developed around the operationalization of compliance. A good starting point can be with your hotline or helpline. What can you determine from the calls or reports submitted through these systems? What if you have not had any reports for several years, what should that be telling you about your communication to your employee base? Or does it mean that people have not been properly and effectively trained that a hotline or helpline exists and is available for their use or, more ominously, are afraid to make any reports for fear of retaliation or even losing their jobs? This is certainly something you should consider, whichever way the metrics are going for your company.
Root Cause - For a given compliance problem, how do you identify the root cause? The DOJ asked in Root Cause Analysis – “What is the company’s root cause analysis of the misconduct at issue? What systemic issues were identified? Who in the company was involved in making the analysis?”Clearly the reason is that if you do not know what the cause of a problem is, you cannot successfully work towards remedying that problem. This does not simply mean firing any persons involved in a potential FCPA violation. You need to dig down and found out what allowed this issue to arise. I once heard that the difference between Japanese and American post-incident investigations is that in the US there is an attempt to assess blame, conversely in Japan there is an attempt to find a solution to the problem. This is the approach that I believe compliance practitioners should take, to try and find a solution by determining the root cause of a compliance failure.
Retaining - What are you doing to retain your top employees from the compliance perspective? This is not a question that is typically asked in the compliance department, however it fully encapsulates the entire concept of operationalization. Have you considered what your company is doing to retain, promote and take to senior management those employees who do business in an ethical manner and in compliance with your company Code of Conduct?
I found the article to be very useful when applied to the compliance practitioner by not only using the triumvirate of targets, incentives and monitoring as a management practices but also the questions that the authors posed in the context of your company’s own compliance program. Compliance practitioners continually face the challenge of keeping up with the ever-evolving compliance best practices with little or no budget increase. By asking yourself and of your compliance program these questions you may create a road map to more fully operationalize your compliance regime.
Three Key Takeaways
What are the unique compliance targets you have set and how interconnected are they to your business unit goals?
Use a root cause analysis to determine why compliance initiatives are not successful.
Retraining employees in compliance is an under-utilized tool.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/31/2017 • 13 minutes, 26 seconds
Compliance into the Weeds-Episode 40
In this episode Matt Kelly and I take a deep dive into the revisions to the COSO ERM Framework, which were based on comments by practitioners. We consider the role of culture and risk, the integration of the COSO ERM Framework into functional business units moving to operationalize ERM in organizations and we consider how the ERM Framework differs yet is complimentary to the COSO Internal Controls Framework.
For additional information, see Matt's Blogs posts on the COSO ERM Framework:
More Details on COSO ERM Framework
Update to COSO ERM Framework Update
ERM Framework: Govt. Calls for Unity
More Clues on Draft ERM Framework
Draft ERM Framework is Here: How to Get Started
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/31/2017 • 24 minutes, 52 seconds
FCPA Compliance Report-Episode 329, James Koukios
Today I have back with me James Koukios, partner and Morrison Foerster on the firm's March 2017 report on the Top Ten International Anti-Corruption Developments for the month. We highlight the 2nd Circuit Court of Appeals oral argument in the Hoskins case and the OCED Phase 4 reports on Finland and the UK. For a copy of the firm's report, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/30/2017 • 26 minutes, 39 seconds
Day 21 of One Month to Better Compliance Through HR
How can you determine if Human Resources (HR) can meet the needs of a best practices compliance program? One place to start is with a gap analysis to determine what HR has in place that can facilitate your company’s compliance program. According to Bright Hub Project Management, a gap analysis “compares actual performance (or status) with the desired performance (or status). A gap analysis takes into account where the company is and where it wants to be. Any review of a company and its goals should include a thorough gap analysis - especially when wanting to improve productivity, processes and products.”
From the HR and compliance perspective the four steps to undertaking a gap analysis are: (1) understanding the compliance and HR environment in your organization; (2) taking a holistic approach to understanding the compliance and HR environment; (3) determining a framework for analysis, and (4) compiling supportive data to test the program. Yet before beginning this exercise it is incumbent to understand that the first element of an effective compliance program under the U.S. Sentencing Guidelines is to have Established Policies and Procedures to protect and detect non-compliance with regulations. While the US Sentencing Guidelines specifically target “criminal conduct”, companies would be wise not to limit their “risk assessment” or “gap analysis” to only criminal conduct.
Most, if not all, companies possess several corporate policies that govern employee behaviors. The person in charge of corporate compliance function should first identify the policies in place by utilizing a gap analysis to catalog the existence of corporate policies across the company, noting policy gaps and inconsistent application of policies across various locations. The business units and functional disciplines should be tasked with filling the gaps and standardizing conflicting polices.
This exercise allows you to move forward to what is required to operationalize compliance as you have to know what you must be compliant with going forward. So how does one work with the business units and the functional disciplines to structure the identification of legal and compliance risks in a way that can be managed and utilized with some degree of ease? Here are a few questions that a compliance practitioner may pose to the HR department to perform a gap analysis regarding policies and procedures:
Does the HR department have an inventory of policies, procedures, laws and regulations covering employees and employment related matters applicable to the company’s business?
If yes, do you have a specified person who is in charge of updating the inventory?
If no, what system does the HR department utilize to ensure that it is aware of the various compliance laws and regulations and has a process to comply with them?
What evidence would the HR department be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
What types of compliance training are mandatory for all employees, which are optional and how does HR track and document completion? How is the training performed? Is it provided in the native language of the employee or only in English?
What types of enforcement actions predominate in the compliance arena for your industry or where your organization does business? How is such data tracked in your company?
Are employees within the HR department specifically trained to understand compliance requirements applicable to your organization?
Does the HR department provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within HR?
Has the HR department established some type of escalation criteria to ensure that high-risk compliance issues are reviewed at the corporate level?
Does the HR department have compliance monitoring standards in place?
Does the HR department perform periodic audits to ensure that the policies and procedures are being complied with?
These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company.
My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and document, document, and document.
Three Key Takeaways
A gap analysis is a key component in the risk assessment process.
The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
The role of the compliance department is to oversee, provide subject matter expertise and coordinate.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/30/2017 • 11 minutes, 18 seconds
Day 20 of One Month to Better Compliance Through HR
The key concept from the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Program (Evaluation) is operationalization. For instance, under the query Shared Commitment is the following question - “How is information shared among different components of the company?” Under the Prong relating to Policies and Procedures the Designing Compliance Policies and Procedures asks, “What has been the company’s process for designing and implementing new policies and procedures? Who has been involved in the design of policies and procedures? Have business units/divisions been consulted prior to rolling them out?” Lastly, under the same Prong is Responsibility for Integration, with the following question “Who has been responsible for integrating policies and procedures?”
These questions point to a Chief Compliance Officer (CCO) or compliance practitioner demonstrating how compliance is being burned into the fabric of an organization. While leadership at and from the top has long been considered by both the DOJ and compliance professionals as a key element to move compliance forward, the Evaluation has also crystalized thinking around compliance leadership from the middle and the bottom. I thought about these concepts when reading a recent Financial Times (FT) article by Andrew Hill, entitled “Leadership from the bottom up”. I was particularly struck by a quote from Shlomo Ben-Hur, a professor at IMD business school, who said, “We teach the top 5 per cent — but the majority of this work is carried out by the other 95 per cent.”
In Ben-Hur’s work he found that many executives came from the middle management ranks. They tended to be persons “with a determination to “take what I have responsibility for and make it truly great.”” Anecdotally, he related “They typically said, ‘I’ve responsibility for the minibus,’ and people then asked them to drive bigger and bigger buses until one day they drove the whole business.”” Think of the military and the responsibility given to front line commanders and how that “is increasingly reflected at large companies.”
The key for companies is that senior management must “find ways to transmit leadership skills to people who do not have ‘leader’ in their job description and will probably never attend a top-level leadership program.” Hill noted, “Ben-Hur’s work has focused on ensuring that managers understand how to assign the right jobs to their team members and motivate them to perform well, using theories of behavioural change that senior executives have typically never learnt on their way to the top. Dedicated managers well below the executive board need to know how to use these tools.”
For the CCO or compliance practitioner, this provides a clear path to help in the operationalizing of compliance by providing the tools to persons far down the organization to put compliance into the operations of a business. One thing Hill writes about is a company should nuture such learning because by doing so, it will both teach practical skills around compliance but also foster a strong internal network of compliance advocates who can move initiatives up and down and organization. Moreover, as these individuals progress through the company ranks, they can take their compliance message with them at each new level.
Building on the writings of Hill and the work of Professor Ben-Hur, my suggestion is to build a Compliance Excellence Center in your company. Bring in middle-managers to focus on understanding not only their roles in compliance but also how to assign the right team members to a compliance initiative and motivate employees going forward. Hill wrote that Airbus has recently established a corporate ‘university’ to spread leadership ideas through the company. Airbus’ theory behind this push is “being a leader isn’t just about being a vice-president; it’s about being able to push the company towards new ways of doing things and executing the things we have to execute. That could [apply to] a blue-collar worker on the shop floor or a VP.”
A key is not simply to train such middle and front line managers on compliance but getting them to consider rollout, effectiveness, testing and improvement. In other words, as Jay Martin would say, it is all about execution. One way to help facilitate this is through exercises using incentives to “make leadership insights stick and change workplace behavior.” Hill also writes that concepts from entrepreneurship can assist in such learning by encouraging managers to “think and act independently” to operationalize compliance. Finally, never forget mentoring as a manner to spread good compliance practices throughout a company if a more formal approach is not possible.
Too often, strategies to move a compliance program or even an initiative come from the top of an organization and are pushed down. To fully operationalize compliance, you must have leadership in compliance further down the organization which (hopefully) has been a part of the design process and can lead the implementation throughout an organization.
Three Key Takeaways
While tone at the top is critical, the tone at the bottom can actually work to more fully operationalize compliance.
95% of the work is done at this bottom level.
Use HR to come up with a strategy to move compliance into the bottom for more complete operationalization.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/26/2017 • 11 minutes, 43 seconds
This Week in FCPA-Episode 54
This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
Tom reports on Compliance Week 2017. See his articles in Compliance Week, here and here.
If the DOJ releases new information in the form of the Evaluation of Corporate Compliance Programs, does anyone read it. See article in GIR (sub req’d).
Jay discusses the SCCE event he attended last week in San Francisco. See Jay’s recap in his article I Left My #SCCE Heart in San Francisco or I Love It When A Plan Comes Together!
Was the individual enforcement against the MoneyGram CCO significant or much ado about nothing? See article by Dick Cassin in the FCPA Blog and by Sara Kropt in her Grand Jury Blog.
DOJ will embed prosecutors overseas. See article by Sam Rubenfeld in WSJ Risk and Compliance Journal. See full text of speech by Deputy AG Trevor McFadden by clicking here.
Warriors and Cavs meet in the first time, three consecutive title match run. Tom and Jay consider from the compliance perspective.
Tom announces the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.
Jay Rosen can be reached:
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Tom Fox can be reached:
Phone: 832-744-0264
Email: [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/26/2017 • 40 minutes, 46 seconds
Day 19 of One Month to Better Compliance Through HR
One of the ways that Human Resources (HR) can help to operationalize compliance is to assist each level of an organization to have a proper tone. While the top of an organization rightly gets much of attention, the tone about doing business ethically and in in compliance is equally important in the middle of an organization.
A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.
Adam Bryant, in a NYT article, entitled “If Supervisors Respect The Values, So Will Everyone Else”, explored this topic when he interviewed Victoria Ransom, the Chief Executive of Wildfire, a company which provides social media marketing software. Ransom spoke about the role of senior management in communicating ethical values when she was quoted as saying “Another lesson I’ve learned as the company grows is that you’re only as good as the leaders you have underneath you. And that was sometimes a painful lesson. You might think that because you’re projecting our values, then the rest of the company is experiencing the values.” These senior managers communicate what the company’s ethics and values are to middle management. So while tone at the top is certainly important in setting a standard, she came to appreciate that it must move downward through the entire organization. Bryant wrote that Ransom came to realize “that the direct supervisors become the most important influence on people in the company. Therefore, a big part of leading becomes your ability to pick and guide the right people.”
Ransom said that when the company was young and small they tried to codify their company values but they did not get far in the process “because it felt forced.” As the company grew she realized that their values needed to be formalized and stated for a couple of reasons. The first was because they wanted to make it clear what was expected of everyone and “particularly because you want the new people who are also hiring to really know the values.” Another important reason was that they had to terminate “a few people because they didn’t live up to the values. If we’re going to be doing that, it’s really important to be clear about what the values are. I think that some of the biggest ways we showed that we lived up to our values were when we made tough decisions about people, especially when it was a high performer who somehow really violated our values, and we took action.” These actions to terminate had a very large effect on the workforce. Ransom said, “it made employees feel like, “Yeah, this company actually puts its money where its mouth is.””
Ransom sought to ensure that everyone knew what senior management considered when determining whether employees were “living up to the company culture.” The process started when she and her co-founder spent a weekend writing down what they believed the company’s values were. Then they sat down with the employees in small groups to elicit feedback. Her approach was to look for what they wanted in their employees. They came up with six.
Passion: Do you really have a thirst and appetite for your work?
Humility and Integrity: Treat your co-workers with respect and dignity.
Courage: Speak up - if you have a great idea, tell us, and if you disagree with people in the room, speak up.
Curiosity: They wanted folks who would constantly question and learn, not only about the company but about the industry.
Impact: Are you having an impact at the company?
Be outward-looking: Do good and do right by each other.
Ransom had an equally valuable insight when she talked about senior management and ethical values. She believes that “the best way to undermine a company’s values is to put people in leadership positions who are not adhering to the values. Then it completely starts to fall flat until you take action and move those people out, and then everyone gets faith in the values again. It can be restored so quickly. You just see that people are happier.”
What should the tone in the middle be? Put another way, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and, consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore your organization should train middle managers to enhance listening skills in the overall context of providing training for what she termed their ‘Manager’s Toolkit’. This can be particularly true if there is a compliance violation or other incident that requires some form of employee discipline. Ransom believes that most employees think it important that there be “organizational justice” so that people believe they will be treated fairly. Ransom further explained that without organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness that an employee is more likely accept a decision that they may not like or disagree with.
So think about your lines of communication and your communication skills when conveying your message of compliance down from the top into the middle of your organization.
Three Key Takeaways
While tone at the top is critical, the tone in the middle can actually work to more fully operationalize compliance.
How do you train middle managers?
What compliance tool kit do you provide to middle managers?
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/25/2017 • 12 minutes, 37 seconds
Unfair and Unbalanced-Episode 18
Episode 18 Show Notes
I. Compensation, Incentive and Compliance
In this episode, Roy Snell and myself discuss how incentives are integral to the compensation plans of a wide range of workers. Many experts point to their value in rewarding behavior that is in the interest of the organization and for keeping workers focused on activities that help the bottom line. At the same time, however, the incentives can pose great risks.
Many corporate scandals have shown that workers and corporate leaders may give in to the temptation to cheat to make their numbers, doing whatever they can to achieve their goals and reap the rewards. As a consequence, incentive plans may turn out to be a roadmap for compliance risk.
This danger argues for the compliance department having a role in reviewing incentive plans, if nothing else than to develop controls that ensure the numbers are hit properly, without violating policies, procedures, the law, and ethical norms.
To better assess the role of the compliance team in reviewing incentive plans, in April 2017 the Society of Corporate Compliance and Ethics and the Health Care Compliance Association fielded a survey among compliance professionals. The results indicate that, despite the risks, compliance rarely plays a role in evaluating incentive programs. For the recent SCCE/HCCA survey on this issue, click here.
For additional writings by Tom see the following blog posts:
Incentivizing Compliance
Executives and Compliance Compensation Incentives
Sales Incentives and Compliance
II. Compliance and the Board of Directors
On a second topic, Roy and I discuss the need that a true compliance expert sit on a company’s Board of Directors. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.
Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such compliance subject matter expertise at the Board level?
Roy sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.
For Roy’s further thoughts on this issues, see his blog post, “Compliance Expertise Needed on Your Board”.
For Tom’s writing on the subject see his blog post, “Compliance Expertise Needed on the Board”.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/25/2017 • 42 minutes, 19 seconds
Day 18 of One Month to Better Compliance Through HR
The role of Human Resources (HR) in anti-corruption compliance programs, is often underestimated. If your company has a culture where compliance is perceived to be in competition or worse yet antithetical to HR, the company certainly is not hitting on all cylinders and maybe moving towards dysfunction. Another way you can operationalize compliance is in HR’s involvement of employee promotion. In Prong 8 of the Evaluation of Corporate Compliance Programs it asks the following question, Have there been any examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations?
The 2012 FCPA Guidance expounded further, “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an acceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record. In other words make compliance significant for professional growth in your organization and it will help to drive the message of doing business in compliance.
I thought about these concepts when I read an article in the Corner Office column of the Sunday New York Times (NYT), where columnist Adam Bryant interviewed Sally Smith, the Chief Executive of Buffalo Wild Wings, the restaurant chain. She had some interesting concepts not only around leadership but thoughts on the hiring and promotion functions, which are useful for any Chief Compliance Officer (CCO) or compliance practitioner striving to drive compliance into the DNA of a company.
Here Smith had some thoughts put in a manner on promotions not often articulated. One of her cornerstones is to search out the best person for any open position, whether through an external hire or internal promotion. Bryant stated that Smith said “We use the phrase “wait for great” in hiring. When you have an open position, don’t settle for someone who doesn’t quite have the cultural match or skill set you want. It’s better to wait for the right person.”
Smith articulated some different skills that she uses to help make such a determination. Once a potential hire or promotion gets to her level for an interview, she will assume that person is technically competent but “I assume that you’re competent, but I’ll probe a bit to make sure you know what you’re talking about. And then I’ll say, “If I asked the person in the office next to you about you, what would they say?””
Passion and curiosity are other areas that Smith believes is important to probe during the hiring or promotion process. In the area of passion, Smith will “Often ask, “What do you do in your free time?” If they’re passionate about something, I know they’re going to bring that passion to the workplace.” Smith believes curiosity is important because it helps to determine whether a prospective hire will fit into the Buffalo Wild Wings culture. Bryant wrote, “I look for curiosity too, because if you’re curious and thinking about how things work, you’ll fit well in our culture. So I’ll ask about the last book they read, or the book that had the greatest impact on them.” Smith also inquires about jobs or assignments that went well and “ones that went off the tracks. You ask enough questions around those and you can determine whether they’re going to need a huge support team.”
I found these insights by Smith very useful for a compliance practitioner and the hiring and promotion functions in a compliance program. By asking questions about compliance you can not only find out the candidates thoughts on compliance but you will also begin to communicate the importance of such precepts to them in this process. Now further imagine how powerful such a technique could be if a Chief Executive asked such questions around compliance when they were involved in the hiring or promotion process. Talk about setting a tone at the top from the start of someone’s career at that company. But the most important single item I gleaned from Bryant’s interview of Smith was the “Wait for great” phrase. If this were a part of the compliance discussion during promotion or hiring that could lead to having a workforce committed to doing business in the right way.
Three Key Takeaways
Denying a promotion or award due to an employee’s ethical lapses.
Use promotions to reinforce your company’s commitment to compliance and ethics.
Should you wait for great?
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/24/2017 • 12 minutes, 55 seconds
Compliance into the Weeds-Episode 39
In this episode Matt Kelly and I take a deep dive into the question of whether a company has a duty to disclose ransomware attacks. We consider it from the regulatory, legal, ethical, law enforcement, business, PR and some other angles. What may seem to be a straight-forward answer to a regulatory obligations turns out to be anything but.
For additional research, see Matt Kelly's blogpost, "Ransomware: To Disclose or Not".
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/24/2017 • 21 minutes, 27 seconds
Day 17 of One Month to Better Compliance Through HR
The Evaluation of Corporate Compliance Programs document makes clear that operationalization of compliance into an organization should be done at multiple levels in a company. Creating an ethical culture is an important step for any company to burn compliance into the DNA of a business. It must be done at every level of an organization on a continuous basis.
In an article in the Harvard Business Journal (HBJ) online publication by Christopher McLaverty and Annie McKee, entitled “What You Can Do to Improve Ethics at Your Company”, the authors surveyed C-suite executives and noted, “More often the dilemmas were the result of competing interests, misaligned incentives, clashing cultures.” Based on this study and their prior work, the authors noted three major obstacles to ethical behavior.
Initially was the issue of corporate change. The authors stated, “Companies can warp their own ethical climate by pushing too much change from the top, too quickly and too frequently. Leaders in the study reported having to implement staff reduction targets, dispose of big businesses in major markets, and lead mergers and acquisitions. Some of these activities included inherent conflicts of interest; others simply caused leaders to have to act counter to their values. Many leaders felt poorly prepared for the dilemmas they faced and felt compelled to take decisions they later regretted.”
The second was the age old dilemma of compensation where incentives tended to drive certain behaviors or, as the authors stated, “People do what they are rewarded to do, and most leaders are rewarded for hitting targets.” Of course the most recent example is Wells Fargo where employee compensation was based solely on the number of accounts they opened. Yet such incentive based behavior was not limited to front line employees as the authors stated, “The lure of incentives are a problem in boardrooms too: Bonus payments and executive share schemes are often based on short-term business metrics, which can be counter to long-term success.”
Finally, was an area which may require a Chief Compliance Officer (CCO) or compliance practitioner to think through several different calculi; cross cultural differences. Obviously some countries have gift giving cultures but this is more than simply the value of a gift to give at Christmas, it involves cultures where gift giving may be a part of the overall business relationship. The authors cited examples such as “closing a sales office in Japan, breaking a verbal promise made during after-work drinks in China, or ignoring “sleeping” business partners in a Saudi Arabian deal, all of which have cultural and ethical components.”
An interesting insight was teaching employees how to understand what matters in an organization. This is not simply the written Codes but how things really work. The authors posited three questions: (1) How are employees paid? Obviously a compensation plan is a critical benchmark. If it is solely based on ‘eat what you kill’, focusing on the short term, it may presage problems down the road. (2) Who gets promoted and why? This is not simply whether the high producer gets promoted but how about those who speak up and raise ethical issues. Are they subtly (or not so subtly) discriminated against or held back from promotion? (3) How do employees feel about their organization? Although it seems straight-forward, if your employees are disengaged or worse yet, ashamed about your company, you might be an ethical time bomb waiting to happen.
The authors then turned to initiatives that the interviewees had successfully used in their own organizations to improve the ethical climate. While noting that there is some importance in the corporate governance documents, such as a Code of Conduct and policies and procedures, the authors averred “Companies become ethical one person at a time, one decision at a time.” This means employees need to understand their organizations underlying culture. They stated, “Self-awareness enables you to build and strengthen that inner compass. Organizational awareness enables you to identify the forces in your company’s culture and processes that could drive you and others to do the wrong thing. You also need emotional self-control: it takes courage to step away from the crowd and do the right thing.”
To have such courage, the authors noted many employees who did speak up had a personal network which operates as “an informal sounding board and can highlight options and choices that the leader may not have considered. When making ethical decisions, it’s important to recognize that your way isn’t the only way, and that even mandated choices will have consequences that you must deal with.” This is yet another reason for the breaking down of silos in a corporate organization because “The challenge is that most leaders have networks full of people who think and act like them and many fail to seek out diverse opinions, especially in highly charged situations. Instead, they hunker down with people who have similar beliefs and values. This can lead to particularly dire consequences in cross-cultural environments.”
Finally, and perhaps most intuitively, is speaking up. Here business leaders must encourage not only a speak up culture but also one of no retaliation. But it is more than this as Vanessa Rossi, FCPA Due Diligence Counsel at Baker Hughes Inc. noted in a panel discussion to the Greater Houston Business and Ethics Roundtable, it is more tones at the tops as for many employee’s senior leadership resides in the form of their direct manager. The authors phrase it as “If you find you need to speak up, there will be a number of choices to be made. Do you talk to the boss? Consult with peers? Work with advisory functions such as legal, compliance or human resources? You can draw on your personal network for support and guidance on the right way forward within the context of your unique situation.”
Ethics and compliance blend together in the corporate world. It is not just the responsibility of CCOs and compliance practitioners but of senior managers to support those employees who want to do the right thing. While written protocols are significant in both detection and prevention, one should never lose sight of a corporate culture as a way to positively impact your workforce and company going forward.
Three Key Takeaways
Beware of the three obstacles to creating an ethical culture.
What really matters in your company?
A speak up culture will improve the operational performance of your business.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/23/2017 • 13 minutes, 43 seconds
FCPA Compliance Report-Episode 328
In this episode I visit with Chris McNett, SSGA Head of Environmental, Social and Governance on SSGA's ESG Institutional Investor Survey. Topics include:
What was the reason for the State Street ESG Institutional Investor Survey?;
What were the key findings?;
ESG Adoption;
Challenges to Adoption;
How ESG pathways are evolving;
Why is accelerating ESG so important?;
What steps can a company take, from Ambition to Action; and
How can interested parties learn more about SSGA and the State Street ESG Institutional Investor Survey.
You can download a summary of the report by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/23/2017 • 23 minutes, 1 second
Day 16 of One Month to Better Compliance Through HR
The exit interview can be a further mechanism to operationalize compliance. This type of interview is used when someone voluntarily departs from a company, as opposed to a lay-off or reduction in force exercise. Typically departing employees are more willing to share about their experiences, concerns and issues which led to their employment departure.
In an article in the Harvard Business Review, entitled “Making Exit Interviews Count”, authors Everett Spain and Boris Groysberg demonstrate that exit interviews, when conducted with care, can be a very useful tool in two important areas: to increase employee engagement, to reveal what may not be working in the organization. These points speak directly to operationalizing compliance through Human Resources (HR). Exit interviews can provide insight into what employees are thinking, reveal problems in the organization, and shed light on the competitive landscape. They believe that companies should focus on six goals in their exit interviews, that there must be an emphasis in both “tactics and techniques” and, finally, that the process is a continuing conversation.
Uncover issues. Organizations “that conduct exit interviews almost always pursue this goal but often focus too narrowly on salary and benefits.” The problem with this approach is that salary concerns are not usually what drives employees to seek employment elsewhere. It is almost always something else. The article stated, “One leader from a food and beverage company told us that exit interviews inform his company’s succession planning and talent management process.”
Understand employees’ perceptions of the work itself. The person conducting the exit interview understand the departing employee’s job design, working conditions, culture, and peers. By understanding and questioning the employee on this information, the exit interview “can help managers improve employee motivation, efficiency, coordination, and effectiveness.”
Gain insight into managers’ leadership styles and effectiveness. Leadership style is an important reason many employees depart for greener pastures. By inquiring into and understanding this dynamic, an organization can begin to “reinforce positive managers and identify toxic ones. One executive at a major restaurant chain told us that several exit interviews she’d recently conducted revealed that micromanagement was a big problem. The conversations, she said, “led to some very tangible outcomes,”” such as establishing training and development initiatives to create better managers.”
Learn about HR benchmarks (salary, benefits) at competing organizations. While salaries and compensation packages are usually not the driver of departures, they certainly do play a role. You should use the exit interview to do some benchmarking. The authors cited to a HR executive at a global food and beverage who noted, “We use exit interviews to see how competitive we are against other employers: time off, ability to advance, different benefits, and pay packages. And we want to see who is poaching our people.”
Foster innovation by soliciting ideas for improving the organization. The authors believe that exit interviews should go beyond the departing employee’s “immediate experience to cover broader areas, such as company strategy, marketing, operations, systems, competition, and the structure of his or her division.” They cite as one “emerging best practice is to ask every departing employee something along the lines of “Please complete the sentence ‘I don’t know why the company doesn’t just ____.’” This approach may reveal trends which can be incorporated into future innovations.”
Create lifelong advocates for the organization. This is perhaps the most innovative, yet in many ways the most basic, which is of course to treat departing employees with dignity, respect and gratitude. Such treatment at departure may well encourage departing employees to recommend their former companies to potential employees, to use and recommend the companies’ products and services, and to create business alliances between their former and new employers. The authors cite to one North American financial services executive for the following, “You want [a departing employee] to leave as an ambassador and customer.”
Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.
The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However, it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before the employee layoff, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.
Three Key Takeaways
The exit interview is an excellent opportunity to obtain information to inform your compliance program.
Use the exit interview to create advocates from departing employees.
Use the exit interview for probing and insight questions around compliance.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/22/2017 • 10 minutes, 38 seconds
Day 15 of One Month to Better Compliance Through HR
Employment separation and layoffs can present some unique challenges for the compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several ways that operationalization will help to protect your company as much as possible.
Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the Securities and Exchange Commission (SEC) requirement regarding Confidentiality Agreement and Separation Agreement language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. Such documents must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the appropriate language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.
When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possible. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the SEC, identifying bribery and corruption.
Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC or Department of Justice comes calling after that ex-employee has blown the whistle on your organization.
I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously, a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.
Finally, are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.
The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.
Three Key Takeaways
Treat departing employees with dignity.
Make sure your separation documents meet SEC requirements regarding disclosures re: whistleblowing.
You must check your hotline and anonymous reporting systems to make sure you do not lay off a whistleblower.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/19/2017 • 12 minutes, 35 seconds
This Week in FCPA-Episode 53
This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
Brazilian President Temer comes under corruption fire? See article in the New York Times.
The turmoil at FIFA continues as FIFA’s ethics watchdogs quit in protest after their chairman was fired. See article in Bloomberg.
Should compliance and ethics be wedded? New report by Institute of Business Ethics and the Ethics Institute considers the issues. See article in WSJ Risk and Compliance Journal.
The Fat Leonard scandal lands U.S. Navy Rear Admiral Robert Gilbeau with a prison sentence of 18 months. See article in the FCPA Blog.
Almost one-third of all open FCPA investigations involve Brazil. Only 17% involve China. See article in the FCPA Blog.
Astros lead the MLB with the best record in baseball. Will they regress to the mean?
ComTech is here. Are you ready? See Tom’s article in the FCPA Compliance and Ethics Blog.
Jay previews his Weekend Report.
It is not too late to join me at Compliance Week 2017. Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/19/2017 • 35 minutes, 5 seconds
Day 14 of One Month to Better Compliance Through HR
What should a company do when it desires to hire a Chief Compliance Officer (CCO). I sat down and visited with Maurice Gilbert, the Managing Partner at Conselium Partners LP. Gilbert believes that it behooves any company to find the right CCO or compliance practitioner for the right position. But to do so, a company needs to fully understand and appreciate what it needs from such a position going forward. Unfortunately, many companies do not have this insight at the beginning of the recruitment process.
The process often begins with the company supplied job description, which Gilbert noted is “typically a legacy of various things that are not even updated. It's a hodgepodge of things that maybe began a few years ago, but it needs to be updated to reflect what’s going on in the company at that particular moment. You have certain business risks. You have certain regulatory risks.... You need to be attentive to those risks so that you could build your profile about what those risks need to be addressed presently.” Moreover, “what you’re going to get in a company job description is just a litany of things that actually could be quite disjointed and may not necessarily make sense for what you’re going to be asking the person to do.”
Gilbert will bring the key company stakeholders into an initial meeting to help them understand the process. Obviously, this will include Human Resources (HR) and others involved in the internal hiring process for the company. Gilbert gets them to rethink their approach to focus on what they will ask the new hire to accomplish because typically there is a disconnect between what the company thinks it needs and what it really needs.
The next step is developing an appropriate job profile. Gilbert will ask the key stakeholders to give him a list of four things they would like the new hire to accomplish in the first year of employment. By limiting to this to four, Gilbert not only ends unrealistic expectations but helps winnow down the inevitable “laundry list of, “We'd like the professional to accomplish 30 things within the first year.” Many of which, are inconceivable. They have to be done in the course of several years. When we’re listening to the response, we, again, are counseling our client as to whether that makes sense or if that’s an unreasonable, let’s say, expectation.”
Gilbert gave an example of a recent search he headed for a client. One of the things he was able to develop at this initial meeting was that the company wanted the CCO “to spend the first two, three months evaluating her staff, to see if she has the appropriate team in place for the rest of the journey. By the way, she’s traveling all over the world doing just that. Evaluating her staff.” However that task alone could take several months. The company also wanted the CCO to perform a comprehensive risk assessment immediately upon starting the position. It is simply not realistic to expect such disparate and time consuming tasks to be performed so quickly, all the while the new CCO would be expected to travel to company locations across the globe.
Another important issue in this initial meeting is the professional growth opportunities that the company will present to any candidate. Gilbert explained that this is something companies do not always appreciate in the hiring process. Yet, as he explained, a company is trying to get a seasoned executive to leave a position so they need to have an attractive package ready to present. It is more than simply salary and benefits. Gilbert said, “we have to capture data such as, “What are career growth options once a person steps in and does a good job for three, whatever, years?” We have to capture data. “What is the culture of the company? What is the culture of the compliance department? What are the hot buttons and the management strategy, if you will, of the hiring authority? How does that person like to interface with the individuals?”
A final query to the company is around the sourcing of candidates. Gilbert needs to know if there are any particular competitors, or companies, which the client feels are hands off for sourcing candidates from and before he leaves this meeting he needs to know the companies that his client does not want Conselium to recruit from.
I found these points quite illuminating for several reasons. First, the company was not clear on what it wanted the new CCO to accomplish and had not thought through what it would need to commit to in terms of resources to have these goals accomplished. The second demonstrated the communications flow facilitated learning on the part of both parties, i.e. for the client this was to have a realistic expectation of the new role and for Gilbert it was to help develop an appropriate Job Profile. It also demonstrated the collaborative nature of the relationship. By engaging in this process Gilbert is able to move from simply a third party executive search firm to a trusted advisor to the client. By having such a relationship Gilbert and his company, Conselium, are able to deliver a much more focused and valuable service beyond the typical generalist experience available inside a corporation in the hiring process.
From these discussions, Gilbert will develop a Job Profile and present to the company to have them sign off on not only the package of what they are looking for in a candidate, but also the package they will be willing to present. Gilbert related that through the capture of and agreement with these points, he is ready to begin the next step, which is to tell the compelling story about the job position on behalf of his client.
Three Key Takeaways
Bring in your key stakeholders to flesh out the job description.
Consider the top four things you would like a new CCO to accomplish in the first year.
For a new CCO to succeed, the company must have a realistic expectation developed before the process begins.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/18/2017 • 12 minutes, 3 seconds
Everything Compliance-Episode 11
In this second of a two-part series, we conclude the panel’s discussion of the first 100 days of the Trump administration as it relates to compliance. This episode concludes with the panelists’ rants.
Matt Kelly opens with a discussion of regulatory enforcement under the Trump administration, how the ‘Trump Effect’ is negatively impacting corporations, industry responses to deregulation issues and lays down some markers around compliance issues under the new administration.
For Matt Kelly’s posts see the following:
Compliance in the Trump Era: More Markers Placed
Trump Administration Whacks Telco Firm for $892 Million
Drone Industry Pan Trump’s Regulatory
Trump Risk Disclosures Start Rolling In
First SEC Whistleblower Award of Trump Era
Sessions Dodges, Weaves, Promises on FCPA
Mike Volkov rounds out the discussion with a review of where the DOJ is currently under AG Sessions, remarks by DOJ officials on FCPA enforcement, the future of the Pilot Program and DOJ Compliance Counsel, Hui Chen.
For Mike Volkov’s posts see the following:
Yates, AG Sessions and Individual Criminal Prosecutions
New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance
FCPA Remediation Focus on Supervisory Personnel
FPCA Pilot Program Motors On
For the Cordery Compliance client alerts see the following:
EU conflicts minerals compliance legislation
DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?
For Jay Rosen’s posts see the following:
Still in the Enforcement Business and Evaluation of Corporate Compliance Programs
“It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”
For Tom Fox’s posts see the following:
The Trump Administration-Kaos is Bad for Business
The Trump Administration-Failures in Leadership and Management
The Trump Administration-Preparing for a Catastrophe
The Trump Administration-the Business Response
DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration
The members of the Everything Compliance panel include:
Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]
Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/18/2017 • 48 minutes, 18 seconds
Day 13 of One Month to Better Compliance Through HR
One of the ways to operationalize compliance and to drive it into the DNA of an organization is through a performance review. Indeed, the 2012 FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”
Most HR experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year's worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.
In an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive”; provided six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal.
Prioritize reviews in your schedule - You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
Review the entire year's performance - You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
Do not hesitate to critique - Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee's compliance shortcomings is a disservice to both the company and the employee.
Do not dominate the conversation - Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
Understand the employee's role - You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
Anticipate reprisal - Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.
The article ends by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. The potential upside can be significant from your overall compliance program perspective.
Three Key Takeaways
To incentivize compliance, you must be able to accurately appraise senior managers and employees around compliance.
Clearly communicate your compliance expectations, then fairly evaluate employees on them.
Consider an ongoing review as well.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/17/2017 • 12 minutes, 16 seconds
Compliance into the Weeds-Episode 38
In this episode Matt Kelly and I take a deep dive into the cutting edge topic of artificial intelligence in many areas, including compliance. We discuss the uses of Artificial Intelligence in compliance. We consider how AI has progressed and what it means now for the compliance practitioner and what it will mean in the future.
For Matt's blog post on the topic go to Don't Outsmart Yourself: AI and Compliance
For Tom's blog post on the topic go to AI for Risk Management: A New Business Advantage
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/17/2017 • 23 minutes, 11 seconds
Day 12 of One Month to Better Compliance Through HR
Another area where compliance can play a key role is in succession planning. A.G. Lafley and Noel M. Tichy, writing in the Harvard Business Review, in an article entitled “The Art and Science of Finding the Right CEO”, discussed the issue of succession planning during his tenure as the Chief Executive Officer of Procter & Gamble (P&G). Many of the concepts and issues that Lafley discusses within the context of succession planning in general are applicable to the concern of compliance within this area.
Lafley makes clear that succession planning is just as important as governance, enterprise risk and strategic oversight. In other words, it is just as important. Sadly, many companies fail to give it the attention it requires. Indeed, in a PricewaterhouseCoopers survey, cited in the foreword, nearly one-half of the more than 1,000 directors gauged reported dissatisfaction with their companies’ succession plans. Imagine what that number would be if they took into account the compliance aspect of succession planning.
Borrowing from Lafley, I have adapted his box for an analysis of some of the characteristics that should be considered in succession planning from the compliance perspective.
Personal Judgment
Team Judgment
Organizational Judgment
Stakeholder Judgment
People
Personal judgments about overall compliance goals
Judgments regarding your team members regarding compliance
Judgments on organizational systems for assessing compliance with the organization
Judgments about how to engage stakeholders regarding compliance
Strategy
Personal judgments regarding compliance in your career
Judgments about how your team evolves in its compliance approaches as new compliance challenges arise
Judgments about how to engage and align all organization levels in compliance
Judgments in leading stakeholders to execute compliance strategies
Crisis
Personal judgments regarding compliance in times of crisis
Judgments in how your team operates regarding compliance in times of crisis
Judgments about how to work with your overall organization in compliance in times of crisis
Judgments about dealing with key stakeholders regarding compliance in times of crisis
Lafley makes clear that succession planning does not begin at the time a CEO decides to retire. It should being at the time that a CEO is hired. This is to prevent a decision at the last minute or, worse yet, “to be left with effectively no decision.” As well as the process being started at the time of the hiring of a new CEO it must also fully engage the Board of Directors. Lafley provides several key points, all of which are applicable to the compliance component of succession.
Lafley defines the criteria that the evaluation process is an ongoing, not episodic process. In addition to a “broad and deep pipeline of qualified leaders” the candidates should be put through a variety of roles. In the compliance context, this would provide an opportunity to review the initiatives and responses in several different areas. In addition to running large and small business units, such candidates should oversee several different functions, as broadly as the Chief Financial Officer to HR.
In many ways, evaluating a compliance criterion is as much an art as it is science. However, Lafley states that a specific list of “must-haves” is appropriate. It is not as simple as whether there was a violation or not. It is broader than that calculus. Paul McNulty’s three Maxims for evaluating a corporate compliance program are: (1) what did you do to prevent it; (2) what did you do to detect it; and (3) what did you do when you found out about it? Compliance for the CEO candidate is more than the third prong. How did you inculcate compliance into the business unit that you are managing? What controls did you put in place? And then what did you do when you found out about it? Indeed Department of Justice Compliance Counsel Hui Chen, recently remarked about the importance of ‘facetime’ by a Chief Compliance Officer with a President or Chief Executive.
Moreover the 2015, BNY Mellon’s FCPA enforcement action points towards the need to follow establish protocols, even in HR. If you have a process in HR for evaluation around succession planning, that process should be followed. If any exception is made, it is encumbent the exception be documented, justified, then reviewed and approved by an appropriate level of management.
Lafley defines this as “how the future might look”. You might explore a new geographic market with a candidate or a new product line, either of which might bring new compliance challenges. Being a part of a team to perform a risk assessment might indicate that new or different compliance safeguards need to be considered. Should monitoring, through continuous controls monitoring or other more sophisticated tools, be utilized as the compliance program evolves be considered?
Lafley points out that the choice of “a successor isn’t a done deal until the votes are cast and the announcement is made.” He advocates continuing to provide challenging projects, which would include those in the compliance arena, which can continue to provide feedback and guidance from the compliance perspective. As one division President told me “You are always being evaluated.” And so it should be. The selection of a new CEO is a substantial investment by a large company. Having the right person in the position from the compliance perspective is an important element in an overall evaluation. Remember - it all starts with the “Tone from the Top”.
Every time I perform a risk assessment and speak the company’s HR lead, they immediately understand the role than can play in moving forward a company’s compliance program. Even if the HR role is limited in the hiring process, they can ask potential candidates their views to determine underlying business ethics. HR can also begin the compliance inculcation process, even pre-hiring, by talking about the company’s values in the interview process. This sets an expectation that can be built upon if a candidate is selected and in every HR touch point going forward, including looking at employees in the succession planning process.
Three Key Takeaways
Succession planning is just as important as governance, enterprise risk and strategic oversight
Do not begin your succession planning when a senior manager announces their retirement.
You are always being evaluated (or you should be).
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/16/2017 • 13 minutes, 11 seconds
FCPA Compliance Report-Episode 327,Pat Harned
In this episode, I visit with Pat Harned, Chief Executive Officer of the Ethics and Compliance Initiative on the recently concluded annual conference. She discusses the speech of Attorney General Jeff Sessions and the panel of former Deputy Attorney Generals, as well as some of the other Key Note speaking session highlights. She also details some of the upcoming ECI events for 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/16/2017 • 20 minutes, 35 seconds
Day 11 of One Month to Better Compliance Through HR
In the Department of Justice’s Evaluation of Corporate Compliance Programs, Prong 8 Incentive and Disciplinary Measures it states: Incentive System – Consistent Application – Have the disciplinary actions and incentives been fairly and consistently applied across the organization?
In the Department of Justice’s (DOJ) 13 point minimum best practices compliance program, Item 10 states:
Discipline. A Company should have appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and the Company's anti-corruption compliance code, policies, and procedures by the Company's directors, officers, and employees. A Company should implement procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that appropriate steps are taken to prevent further similar misconduct, including assessing the internal controls, ethics, and compliance program and making modifications necessary to ensure the program is effective.
However, I believe that the DOJ best practices are more active than the ‘stick’ of employee discipline to make a compliance program effective and I believe that it also requires a ‘carrot’. This requirement is codified in the US Sentencing Guidelines with the following language, “The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”
One of the areas which Human Resources (HR) can operationalize your compliance program is to ensure that discipline is handed out fairly across an organization and to those employees who integrate such ethical and compliant behavior into their individual work practices going forward.
Procedural fairness is one of the things that will bring credibility to your Compliance Program. Today it is called the Fair Process Doctrine and this Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in processes involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce. Finally, it is yet another way to more fully operationalize your compliance program.
Internal Investigations
The first area is that of internal company investigations. If your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Further, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.
This fairness has several components. One would be the use of outside counsel, rather than in-house counsel to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.
Administration of Discipline and Employee Promotions
However, as important as the Fair Process Doctrine is with internal investigations, I have come to believe it is more important in another area. That area is in the administration of discipline after any compliance related incident. Discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.
In addition to the area of discipline which may be administered after the completion of any compliance investigation, you must also place compliance firmly as a part of ongoing employee evaluations and promotions. If your company is seen to advance and only reward employees who achieve their numbers by whatever means necessary, other employees will certainly take note and it will be understood what management evaluates, and rewards, employees upon. I have often heard the (anecdotal) tale about some Far East Region Manager which goes along the following lines “If I violated the Code of Conduct I may or may not get caught. If I get caught I may or may not be disciplined. If I miss my numbers for two quarters, I will be fired”. If this is what other employees believe about how they are evaluated and the basis for promotion, you have lost the compliance battle.
Three Key Takeaways
The DOJ and SEC have long called for consistent application in both incentives and discipline.
The Fair Process Doctrine ensures employees will accept results they may not like.
Inconsistent application of discipline will destroy your compliance program credibility.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/15/2017 • 12 minutes, 55 seconds
This Week in FCPA-Episode 52
This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
What is the real risk in a FCPA enforcement action? See Mike Volkov’s post in Corruption, Crime and Compliance.
FIFA fires its lead internal investigators for doing their job investigating. See Tom’s article in Compliance Week.
ECI Report Finds Use of Corporate Monitors is on the Rise. For a copy of report, click here. For a webinar replay with Affiliated Monitors’ Eric Feldman and Nasdaq’s Michael Kallens click here.
Why the judgment of CEOs and their actions really do matter. See James Stewart considers Barclays’ Jes Staley in his Common Sense column in the New York Times.
What role do incentives play in a compliance program? See Tom’s two podcasts on the issue, incentives for executives and incentives in sales programs.
Astros lead the MLB with the best record in baseball. The Rockets gag on the big one.
Jay previews his Weekend Report, compliance lessons from a trip to the zoo.
Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.
Jay Rosen can be reached:
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Tom Fox can be reached:
Phone: 832-744-0264
Email: [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/12/2017 • 34 minutes, 53 seconds
Day 10 of One Month to Better Compliance Through HR
In the Department of Justice’s Evaluation of Corporate Compliance Programs, Prong 8 Incentive and Disciplinary Measures it states: Incentive System –How has the company considered the potential negative compliance implications of its incentives and rewards?
This week I have been considering how a company could use incentives to further a compliance program and the role of HR in this process. I want to consider how incentives might lead to the converse but looking at the intersection of sales incentives and compliance which led to the problems at Wells Fargo. When you misalignment these two concepts with a faulty sales strategy it can lead to a catastrophic failure, literally costing a company millions of dollars in fines, loss of business and depreciation of shareholder value.
The sales incentives under which Wells Fargo came to such grief is simple and even benign, cross-selling of products. As noted by Rachel Louise Ensign, writing in a Wall Street Journal (WSJ) article entitled “Banks Simple Strategy Gets Tangled”, “the concept sounds simple enough. If a customer has a checking account, why not sell him a mortgage, wealth management services and credit card as well?” She went on to write, “with banks becoming larger over the past two decades, cross-selling has become a mantra.” You can also think of the cross-selling McDonalds engages in every time you buy a Big Mac when the representative asks you “Would you like french fries with that?”
Yet there are other reasons for engaging in this type of business practice. Each and every time a company has a touchpoint, particularly a commercial touchpoint with a business, it strengthens the relationship. According to Gary Silverman, writing in the Financial Times (FT) in an article entitled “John Stumpf, the Labrador of Main Street”, Wells Fargo’s Chief Executive Officer (CEO) “Mr Stumpf’s take on traditional Wells teaching was to promote deeper, more frequent contact with the people it serves. “If there’s one word to describe this company, it’s ‘relationship,’” he told the Financial Times in May. “What we’re trying to do is make sure that every team member, in every interaction with a customer, gets it right. If we don’t get it right, we try to make it right, really quickly.””
So what starts off as a legitimate, legal and beneficial business strategy becomes not only high risk but illegal because of the manner in which Wells Fargo administered its approach to cross-selling. As with any sales initiative, if a company wants to push it, it will set up incentives for the sales team to engage in such behavior. This can be done by increasing commissions around the service or product being emphasized, such as the banks products. Ensign noted, “Banks have tried to create incentives for cross-selling.” At some banks, “Branch employees can get bonuses—sometimes 10% or more of their salaries—when they sell additional products.” Companies can also increase sales by making clear that you will be evaluated on how much you sell a product or service. In other words, whether you receive a bonus, pay raise or even keep your job will be evaluated, in some part, on how much you cross-sell.
You can even have a hybrid of the above, which may be the worst of all worlds. At Wells Fargo, employees were evaluated for continuing employment by supervisors on cross-selling. Yet they did not receive the same financial incentives to make such cross-selling. Branch managers and supervisors could receive bonuses of up to $10,000 per month for meeting cross-selling quotas when employees who hit their monthly quotas, received, in addition to continued employment, $25 gift cards.
A panel at Compliance Week 2016, entitled “The Unsolvable Problem: Performance, Pay, Pressure and Misconduct”, contained an academic type, Marc Hodak, adjunct Professor of Business at New York University, Alexander Proels, Compliance Head Americas at Siemens, and Michael Weisman, Chief Ethics and Compliance Officer at The Kraft Heinz Company. They had some interesting thoughts around compensation, which I think you should consider in your role as a Chief Compliance Officer (CCO) going forward. One key area is the amount of your variable compensation relative to risk? What does your discretionary bonus program consist of? Is it corporate performance based? Group performance based? Only personal, i.e. eat what you kill? Or is it some combination of all of the above?
What are some of the indicia that your compensation structure might be off the rails from the compliance perspectives? Weisman gave three examples: (1) Lofty goals but no direction for employees on how to get there; (2) that is a paucity of communication between management and line employees, meaning there was raw fear from employees to inform their immediate supervisor of bad news. Conversely, it could be the supervisors who do not want to hear such bad news; and (3) if your company has singular focus on numbers, meaning that is the single judge of your worth as an employee.
Tied directly into this concept is that for every incentive there is an offsetting risk. Managing that risk must be done on an ongoing basis. As a CCO or compliance practitioner, you need to know your business and be a trusted business partner. You will need to understand the design of incentive plans and finally to be able to monitor incentive plans to identify underlying links that may arise through compliance violations.
Hill ended his piece by citing to Oxford Saïd Business School Professor, Jonathan Trevor, for the following “whether the strategy, purpose and structure of companies are aligned often makes the difference between a good organisation and a bad one. Expunging phantasms is essential, but not enough. Leaders also need to make new truces, lest the dead hand of past behaviour strangles new ways of working.” This is particularly true in the convergence of compensation and compliance. Whatever the structure, there will be employees who try to game the system. Some will do it with the tacit or explicit approval of management. You, as the CCO, may be required to act.
Three Key Takeaways
Even a benign sales incentive program came become skewed.
A sales incentive program can become high risk or illegal if not properly monitored.
If there is alignment between the strategy, purpose and structure of an incentive system, it often makes the difference between a good and a bad one.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/12/2017 • 13 minutes, 30 seconds
Day 9 of One Month to Better Compliance Through HR
Today I want to focus on incentives, looking at senior management and compensation. I thought about this inter-connectedness of compensation in a compliance program, focusing up the corporate ladder when I read a recent article in the New York Times (NYT) by Gretchen Morgenson, in her Fair Game column, entitled “Ways to Put the Boss’s Skin In the Game”. Her piece dealt with a long-standing question about how to make senior executives more responsible for corporate malfeasance? Her article had some direct application to anti-corruption compliance programs such as those based on the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Morgenson said the issue was “Whenever a big corporation settles an enforcement matter with prosecutors, penalties levied in the case – and they can be enormous – are usually paid by the company’s shareholders. Yet the people who actually did the deeds or oversaw the operations rarely so much as open their wallets.”
She went on to explain that it is an economic phenomenon called “perverse incentive” which is one where “corporate executives are encouraged to take outsized risks because they can earn princely amounts from their actions. At the same time, they know that they rarely have to pay any fines or face other costly consequences from their actions.” To help remedy this situation, the idea has come to the fore about senior managers putting some ‘skin in the game’. Her article discussed three different sources for this initiative.
The first was a proxy proposal in front of Citigroup shareholders which “would require that top executives at the company contribute a substantial portion of their compensation each year to a pool of money that would be available to pay penalties if legal violations were uncovered at the bank.” Further, “To ensure that the money would be available for a long enough period – investigations into wrongdoing take years to develop - the proposal would require that the executives keep their pay in the pool for 10 years.”
The second came from William Dudley, the President of the Federal Reserve Bank of New York, who made a similar suggestion. His proscription involved a performance bond for the actions of bank executives. Morgenson quoted Dudley from his speech, “In the case of a large fine, the senior management and material risk takes would forfeit their performance bond. Not only would this deferred debt compensation discipline individual behavior and decision-making, but it would provide strong incentives for individuals to flag issues when problems develop.”
Morgenson reported on a third approach which was delineated in an article in the Michigan State Journal of Business and Securities Law by Greg Zipes, “a trial lawyer for the Office of the United States Trustee, the nation’s watchdog over the bankruptcy system, who also teaches at the New York University School for Professional Studies.” The article is entitled, “Ties that Bind: Codes of Conduct That Require Automatic Reductions to the Pay of Directors, Officers and Their Advisors for Failures of Corporate Governance”. Zipes proposal is to create a “contract to be signed by a company’s top executives that could be enforced after a significant corporate governance failure. Executives would agree to pay back 25 percent of their gross compensation for the three years before the beginning of improprieties. The agreement would be in effect whether or not the executives knew about the misdeeds inside their company.”
As you might guess, corporate leaders are somewhat less than thrilled at the prospect of being held accountable. Zipes was cited for the following, “Corporate executives are unlikely to sign such codes of conduct of their own volition.” Indeed Citibank went so far as to petition the Securities and Exchange Commission (SEC) “for permission to exclude the policy from its 2015 shareholder proxy.” But the SEC declined to do and at least Citibank shareholders will have the chance to vote on the proposal.
In the compliance context, these types of proposals are exactly the type of response that a company or its Board of Directors should want to put in place. Moreover, they all have the benefit of a business solution to a legal problem. In an interview for her piece, Morgenson quoted Zipes as noting, “This idea doesn’t require regulation and its doesn’t require new laws. Executives can sign the binding code of conduct or not, but the idea is that the marketplace would reward those who do.” For those who might argue that senior executives can not or should not be responsible for the nefarious actions of other; they readily take credit for “positive corporate activities in which they had little role or knew nothing about.” Moreover, under Sarbanes-Oxley (SOX), corporate executives must make certain certifications about financial statement and reporting so there is currently some obligations along these lines.
Finally, perhaps shareholders will simply become tired of senior executives claiming they could not know what was happening in their businesses; have their fill of hearing about some rogue employee(s) who went off the rails by engaging in bribery and corruption to obtain or retain business; and not accept that leaders should not be held responsible.
Three Key Takeaways
Perverse incentives are named that for a reason, they really are bad.
How can you create positive incentives in your organization?
There is a business response to the legal issue. Employ it.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/11/2017 • 13 minutes, 45 seconds
Everything Compliance-Episode 10
This episode is the first of a two-part series of podcasts dedicated to the chaotic (at best) first 100 days of the Trump administration as it related to compliance. Today we have Jonathan Armstrong and Jay Rosen. Next week Matt Kelly and Mike Volkov.
Jonathan Armstrong leads a discussion of the Trump administrations devolution of Privacy Shield, GDPR and what they mean for American companies doing business in the UK and EU. He discusses the key differences in the DOJ’s Evaluation of Corporate Compliance Programs in an FCPA analysis and under the Bribery Act, differences in the EU approach to conflict minerals and under the Trump Administration and concludes by giving us his thoughts on what Brexit means for compliance.
For the Cordery Compliance client alerts see the following:
EU conflicts minerals compliance legislation
DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?
BREXIT Glossary
Jay Rosen considers what companies the intersection of business and politics under the Trump administration, the business response he has observed to Trump administrations steps and miss-steps, the comments made by DOJ representatives at Q1 conferences and the vibe of compliance conference attendees.
For Jay’s post see,
Still in the Enforcement Business and Evaluation of Corporate Compliance Programs
“It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”
For Matt Kelly’s posts see:
Compliance in the Trump Era: More Markers Placed
Trump Administration Whacks Telco Firm for $892 Million
Drone Industry Pan Trump’s Regulatory
Trump Risk Disclosures Start Rolling In
First SEC Whistleblower Award of Trump Era
Sessions Dodges, Weaves, Promises on FCPA
For Mike Volkov’s posts see the following:
Yates, AG Sessions and Individual Criminal Prosecutions
New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance
FCPA Remediation Focus on Supervisory Personnel
FPCA Pilot Program Motors On
For Tom Fox’s posts on the Trump administration’s first 100 days see the following:
The Trump Administration-Kaos is Bad for Business
The Trump Administration-Failures in Leadership and Management
The Trump Administration-Preparing for a Catastrophe
The Trump Administration-the Business Response
DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration
The members of the Everything Compliance panel include:
Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at [email protected]
Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/11/2017 • 40 minutes, 32 seconds
Day 8 of One Month to Better Compliance Through HR
One of the areas that many companies have not paid as much attention to in their Foreign Corrupt Practices Act (FCPA) anti-corruption compliance programs is compensation. However the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have long made clear that they view monetary structure for compensation, rewarding those employees who do business in compliance with their employer’s compliance program, as one of the ways to reinforce the compliance program and the message of compliance. As far back as 2004, the then SEC Director of Enforcement, Stephen M. Cutler, said “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.” The FCPA Guidance states the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
A Harvard Business Review (HBR) article, entitled “The Right Way to Use Compensation”, discussed a company’s design and redesign of its employee’s compensation system to help drive certain behaviors. The piece’s subtitle indicated how the company fared in this technique as it read, “To shift strategy, change how you pay your team.” The article lays out a framework for the Chief Compliance Officer (CCO) or compliance practitioner to operationalize compensation as a mechanism in a best practices compliance program.
As your compliance program matures and your strategy shifts, “it’s critical that the employees who bring in the revenue-the sales force-understand and behave in ways that support the new strategy. The sales compensation system can help ventures achieve that compliance.” The prescription for you as the compliance practitioner is to revise the incentive system to focus your employees on the goals of your compliance program. This may mean that you need to change the incentives as the compliance programs matures; from installing the building blocks of compliance to burning anti-corruption compliance into the DNA of your company.
There are three key questions you should ask yourself in modifying your compensation structure. First, is the change simple? Second, is the changed aligned with your company values? Third, is the effective on behavior immediate due to the change?
Simplicity
Your employees should not need “a spreadsheet to calculate their earnings.” This is because if “too many variables are included, they may become confused about which behaviors” you are rewarding. Keep the plan simple and even employee KISS, Keep it simple sir, when designing your program. If you do not do so, your employees might fall back on old behaviors that worked in the past. Roberge notes, “It should be extraordinarily clear which outcomes you are rewarding.”
The simplest way to incentive employees is to create metrics that they readily understand and are achievable in the context of the compliance program. This can start with attending Code of Conduct and compliance program training. Next might be a test to determine how much of that training was retained. It could be follow up, online training. It could mean instances of being a compliance champion in certain areas, whether with your employee base or third party sales force.
Alignment
As the CCO or compliance practitioner, you need to posit the most important compliance goal your entity needs to achieve. From there you should determine how your compensation program can be aligned with that goal. Roberge cautions what the DOJ and SEC both seem to understand, that you should not “underestimate the power of your compensation plan.” You can tweak your compliance communication, be it training, compliance videos, compliance reminders or other forms of compliance messaging but it is incumbent to remember that “if the majority of your company’s revenue is generated by salespeople, properly aligning their compensation plan will have greater impact than anything else.”
The beauty of this alignment prong is that it works with your sales force throughout the entire sales channel. If your sales channel is employee based then their direct compensation can be used for alignment. However, such alignment also works with a third party sales force such as agents, representatives, channel ops partners and even distributors. Here Roberge had another suggestion regarding compensation that I thought had interesting concepts for third parties, the holdback or even clawback. This would come into place at some point in the future for these third parties who might meet certain compliance metrics that you design into your third party management program.
Immediacy
Finally, under immediacy, it is important that such structures be put in place “immediately” but in a way that incentives employees. Roberge believes that “any delay in the good (or bad) behavior and the related financial outcome will decrease the impact of the plan.” As a part of immediacy, I would add there must be sufficient communication with your employee or other third party sales base. Roberge suggested a town hall meeting or other similar event where you can communicate to a large number of people.
Even in the world of employee compensation incentives, there should be transparency. He cautioned that transparency does not mean the design of the incentive system is a “democratic process. It was critical that the salespeople did not confuse transparency and involvement with an invitation to selfishly design the plan around their own needs.” However, he did believe that the employee base “appreciated the openness, even when the changes were not favorable to their individual situations.” Finally, he concluded, “Because of this involvement, when a new plan was rolled out, the sales team would understand why the final structure was chosen.”
So just as Roberge, working with HubSpot as a start-up, learned through this experience “the power of a compensation plan to motivate salespeople not only to sell more but to act in ways that support a start-up’s evolving business model and overall strategy”; you can also use your compensation program as such an incentive. For the compliance practitioner one of the biggest reasons is to first change a company’s culture to make compliance more important but to then burn it into the fabric of your organization. But you must be able to evolve in your thinking and professionalism as a compliance practitioner to recognize the opportunities to change and then adapt your incentive program to make the doing of compliance part of your company’s everyday business process.
Three Key Takeaways
The DOJ and SEC have long advocated compensation as a way to motivate employees into ethical and compliant behaviors.
Keep the compliance aspects of your compensation structure simply and easy for your employees to understand.
Have full transparency in the frame of you compensation structure.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/10/2017 • 13 minutes, 28 seconds
Unfair and Unbalanced-Episode 17
In this episode, Roy Snell and I discuss the following:
Measuring the effectiveness of your compliance program three ways;
Why Roy thinks the CO shouldn’t chair the compliance committee – but maybe the general counsel should;
Who I think should chair the compliance committee;
Why you should prove your point 5 different ways instead of just 1;
Brexit: Keep Calm and Do Compliance; and
How Compliance transcends politics.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/10/2017 • 33 minutes, 59 seconds
Day 7 of One Month to Better Compliance Through HR
In metrics laid out by former Assistant Attorney General Leslie R. Caldwell, she spoke about the need for compliance program incentives. She posed it with the following question, “Are there mechanisms to enforce compliance policies? Those include both incentivizing good compliance and disciplining violations.”
I think most compliance professionals understand the need to discipline employees who may have violated the Foreign Corrupt Practices Act (FCPA) or otherwise engaged in bribery and corruption. However, many CCOs and compliance practitioners do not focus as much attention to compliance incentives. I have developed six core principles for incentives, adapted from an article in the Spring 2014 issue of the MIT Sloan Management Review entitled “Combining Purpose with Profits” and reformulated them for the compliance function in an anti-corruption compliance program.
Compliance incentives don’t have to be elaborate or novel. The first point is that there are only a limited number of compliance incentives that a company can meaningfully target. Evidence suggests the successful companies are the ones that were able to translate pedestrian-sounding compliance incentive goals into consistent and committed action.
Compliance incentives need supporting systems if they are to stick. People take cues from those around them, but people are fickle and easily confused, and other goals can quickly drive out compliance incentives. This means that you will need to construct a compliance support system to operationalize their pro-compliance incentives at different levels, and thereby make them stick. The specific systems which support incentives can be created specifically to your company but the key point is that they are delivered consistently because it signals that management is sincere.
Support systems are needed to reinforce compliance incentives. One important form of a supporting system for compliance incentives is to make the incentives visible. As stated in the 2012 FCPAGuidance, “Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.”
Compliance incentives need a “counterweight” to endure. Goal-framing theory shows how easy it is for compliance incentives to be driven out by other goals, so even with the types of supporting systems it is quite common to see executives bowing to short-term financial pressures. Thus, a key factor in creating enduring compliance incentives is a “counterweight”, that is any institutional mechanism that exists to enforce a continued focus on a nonfinancial goal. This means that in any financial downturn compliance incentives are not the first thing that gets thrown out the window and if a Regional Manager misses his numbers for two quarters, he does not get fired. The key is that the counterweight has real influence; it must hold the leader to account.
Compliance incentive alignment works in an oblique, not linear, way. If you want your employees to align around compliance incentives, your company will have to “eschew narrow, linear thinking, and instead provide more scope for them to choose their own pathway.” This means emphasizing compliance as part of your company’s DNA on a consistent basis — “the intention being that by encouraging individuals to do “good,” their collective effort leads, seemingly as a side-effect, to better financial results. The logic of “[compliance first], profitability second” needs to find its way deeply into the collective psyche of the company.”
Compliance incentive initiatives can be implemented at all levels. Who at your company is responsible for pursuing compliance incentives? If you head up a division or business unit, it is clearly your job to define what your pro-social goals are and to put in place the supporting structures and systems. But what if you are lower in the corporate hierarchy? It is tempting to think this is “someone else’s problem,” but there is no reason why you cannot follow your own version of the same process.
Obviously, this list is not exhaustive. Yet it is now more important than ever that you demonstrate tangible incentives for your employees to gain benefits, both financial and hierarchical, thorough doing business ethically, in compliance with your own Code of Conduct and most certainly in compliance with the FCPA. It is also a requirement that such actions must be documented so they can be demonstrated to the DOJ if they come knocking and look to employ the metrics which Caldwell has laid out for us all.
Three Key Takeaways
Compliance incentives do not have to be elaborate or novel.
You must create support systems for your compliance incentives.
Compliance incentives should be implemented at all levels.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/9/2017 • 12 minutes, 40 seconds
FCPA Compliance Report-Episode 326-Paula Long
In this episode I caught up with Paula Long, founder and CEO of DataGravity, Inc. at the recently concluded Collision 2017 Conference. Paula has worked in the data and information space for over 30 years and now helps companies with data security and data privacy. We discuss the intersection of these issues with compliance and how they all converge for a CCO or compliance practitioner. The site has some great resources for the compliance practitioner and data professional including white papers on continuous monitoring of sensitive data and detecting and tracking anomalous use and behaviors around data. Check out more about Paula and DataGravity by going to the site DataGravity.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/9/2017 • 19 minutes, 5 seconds
Day 6 of One Month to Better Compliance Thru HR
In the Department of Justice’s Evaluation of Corporate Compliance Programs, Prong 8 Incentive and Disciplinary Measures it states:
Incentive System – How has the company incentivized compliance and ethical behavior? How has the company considered the potential negative compliance implications of its incentives and rewards? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations?
Further, one of the key points that representatives of the DOJ and Securities and Exchange Commission (SEC) have continually raised when discussing any best practices compliance program; whether based on the Ten Hallmarks of an Effective Compliance Program, as articulated in their 2012 FCPA Guidance, or some other articulation such as in a Deferred Prosecution Agreement’s (DPA) Attachment C embedded in a compliance program. They continually remind Chief Compliance Officers (CCOs) and compliance practitioners that any best practices compliance program should have incentives as a part of the program.
The 2012 Guidance is clear that there should be incentives for not only following your own company’s internal Code of Conduct but also doing business the right way, i.e. not engaging in bribery and corruption. On incentives, the Guidance says, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But the Guidance also recognizes that incentives need not only be limited to financial rewards as sometime simply acknowledging employees for doing the right thing can be a powerful tool as well.
All of this was neatly summed up in the Guidance with a quote from a speech given in 2004 by Stephen M. Cutler, the then Director, Division of Enforcement, SEC, entitled, “Tone at the Top: Getting It Right”, to the Second Annual General Counsel Roundtable, where Director Cutler said the following:
[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an acceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.
All of this demonstrates that incentives can take a wide range of avenues. The oilfield services company Weatherford, annually awards cash bonuses of $10,000 for employees who go above and beyond in the area of ethics and compliance for the company. While some might intone that is to be expected from a company that only recently concluded a multi-year and multi-million dollar enforcement action; if you want emphasize a change on culture, not much says so more loudly than awarding that kind of money to an employee.
While I am sure that being handed a check for $10,000 is quite a nice prize, you can also consider much more mundane methods to incentivize compliance. You can make a compliance evaluation a part of any employee’s overall evaluation for some type of year end discretionary bonus payment. It can be 5%, 10% or even up to 20%. But once you put it in writing, you need to actually follow it.
But incentives can be burned into the DNA of a company through the hiring and promotion processes. There should be a compliance component to all senior management hires and promotions up to those august ranks within a company. Your Human Resources (HR) function can be a great aid to your cause in driving the right type of behavior through the design and implementation of such structures. Employees know who gets promoted and why. If someone who is only known for hitting their numbers continually is promoted, however they accomplished this feat will certainly be observed by his or her co-workers.
Three Key Takeaways
The DOJ evaluation specifically calls out incentives for doing business ethically and in compliance.
HR can lead the efforts around incentives.
Incentives go beyond financial rewards.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/8/2017 • 12 minutes, 4 seconds
This Week in FCPA-Episode 51
Over some breakfast tacos and Mexican coffee, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
Uganda considers a demand side response to corruption. See Tom’s article in Compliance Week. What are the rationales for anti-corruption legislation? See Tom’s post on the rationales underlying the FCPA on the FCPA Compliance Report.
Why due diligence investigations still need the human element. See Scott Shaffer’s article in FCPA Blog.
Kara Brockmeyer joins Debevoise & Plimpton LLP. See Tom’s article in the FCPA Blog.
What has been the fate of whistleblowers at Wells Fargo. See James Stewart considers in his Common Sense column in the New York Times.
Federal jury convicts former Guinea mining minister of laundering bribes. See article in the FCPA Blog.
Astros lead the AL with the second best record in baseball. What does Tony Parker’s injury mean for the Spurs/Rockets playoff series?
The Financial Reporting Council (FRC) investigates KPMG on its audits of Rolls Royce for the firm’s failure to detect bribes paid by the company. See article in the FCPA Blog.
Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/5/2017 • 40 minutes, 25 seconds
Day 5 of One Month to Better Compliance Through HR
Why is hiring so important under for compliance? It is because hiring is important to any company’s health and reputation. At this point, until the US Supreme Court tells us that a corporation is the same as a human being, with both obligations and rights; a company is only as strong as its employees. Like most areas of compliance good hiring practices for those employees who will do business in compliance with anti-corruption laws such as the FCPA are simply good business practice. I have seen one industry estimate, it costs an average of roughly $4,000 to replace a single employee, and one survey of 2,500 companies found that a single bad hire can cost more than $25,000 in lost productivity, lower morale and the like. For one of the energy services company where I worked this estimate went as high as $400,000 to hire and fully train a new employee. I would add that those costs could go up significantly if a bad hire violates the FCPA.
As far back as 2004, in Opinion Release 04-02, the Department of Justice (DOJ) realized this was an important part of an overall compliance program when it approved a proposed compliance program that had the following requirement:
Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.
One tool which that is often overlooked in the hiring process is the reference check. Many practitioners feel that a reference is not of value because prospective candidates will only list references that they believe will provide glowing recommendations of character. This leads to a pro forma reference check. However, in an article in Harvard Business Review (HBR), entitled “Gilt Groupe’s CEO on Building a Team of A Players”, author Kevin Ryan explodes this misconception by detailing how he views the entire hiring process and specifically checking references. I would add that it could be a valuable and useful tool for you and your compliance program.
In the hiring of personnel, Ryan details the three steps his company takes: (1) Resume review; (2) In-Person interview; and (3) Reference checks. Ryan believes that resumes are good for establishing “basic qualifications for the job, but not for much else.” He believes that the primary problem with in-person interviews is that they are skewed in favor of “persons who are well spoken [or] present well.” For Ryan, the key check is through references and he says, “References are really the only way to learn these things?”
Ryan recognizes that many people believe that reference checks are not of great value because companies cannot or will not give out much more information than confirming dates of employment. However, he also believes that “the way around it is to dig up people who will speak candidly.” He also recognizes that if you only speak to the references listed on a resume or other application, you may not receive the most robust appraisal. Ryan responds that the answer is to put in the work to check out references properly. Ryan believes this is one of the key strengths of search firms and that companies should emulate this practice when it comes to reference checks.
He notes that anyone who has worked in an industry for any significant length of time will have made many connections. Invariably some of these connections will be acquainted with you or those in your current, and former, company. Ryan gave the following example: A longtime friend who was employed at another company called and said that he had been asked by his hiring partner to find out “the real story” on a hiring candidate by asking Ryan his candid opinion of the candidate. Ryan’s response was “Don’t hire him.” Lest you think that such refreshing honesty no longer exists when informal employment references are provided, you are mistaken. In my past corporate position, I was charged with performing compliance due diligence on senior executives and I spent time doing what Ryan suggested, calling acquaintances that I knew and asking such direct questions. More than 75% of the time, I got direct responses.
Ryan believes that you must invest your company in the hiring process to get the right people for your company. The same is true in compliance. You do not want people with a propensity for engaging in corrupt acts working for, or leading, your company. Moreover, failure to prevent such hires can be evidence of an not effective compliance program and lack of appropriate commitment to compliance at your company.
The hiring of someone who will perform business activities in compliance with anti-corruption laws such as the FCPA will continue to be as much art as science because the hiring of quality employees for senior management positions is similarly situated. But that does not mean a company cannot work to not hire those persons who might have a propensity to engage in bribery and corruption if the situation presented itself. The hiring process is just one more tool that can be utilized to build an effective and operationalized compliance program.
Three Key Takeaways
The hiring process can be seen as the first step in operationalizing your compliance program.
The DOJ spoke to hiring as part of a best practices compliance program as far back as 2004.
Reference checks are an underutilized part of the hiring process and a key internal HR control.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/5/2017 • 11 minutes, 40 seconds
Day 4 of One Month to Better Compliance Through HR
One of the theories of conventional wisdom about anti-corruption compliance is that you will never be able to reach 5% of your workforce with compliance training because they are predisposed to lie, cheat and steal anyway. Whether they are simply sociopaths, scumbags or just bad people; it really does not matter. No amount of training is going to convince them to follow the rules, as they do not think such laws apply to them. They will lie, cheat and steal no matter what industry they are in and what training you provide to them. But knowing such people exist and they may be able to lie, con or otherwise dissimilate their way into your organization does not protect your company from FCPA liability when they inevitably violate the law by engaging in bribery and corruption. It is still the responsibility of your company to prevent and detect such conduct and then remediate if it occurs.
This is where your HR function has a dual role. They can work to help weed out such miscreants and to communication your corporate values of doing business ethically, in compliance and aligned with your corporate values of integrity. Today, I want to consider several techniques which might be used to both help in the hiring process and begin the ongoing communications with prospective employees about your values at the pre-employment process in the employment relationship lifecycle.
Through a structured series of questions, a properly trained HR professional can begin to assess whether an employee might have a propensity to engage in bribery and corruption. By adding information about your company’s values towards doing business ethically and in compliance, you can introduce this topic at either the interview evaluating process or in the promotion process. While true sociopaths will most certainly lie to you, perhaps even convincingly, by introducing the topic at such a pre-employment stage, they may be encouraged to take their skills elsewhere.
In a Corner Office column of the New York Times (NYT), entitled “Three Keys to Hiring: Skill, Will and Fit”, Adam Bryant interviewed Marla Malcolm Beck, the Chief Executive Officer (CEO) of Bluemercury. She had several lessons that are helpful when trying to have your company avoid bringing in the five per-center mentioned above.
Avoiding the hiring or promotion of the sociopaths, is a key tool that HR brings to the table. Beck’s approach is to take a short interview technique in which she attempts to assess, Skill, Will and Fit. She said, “I’ll ask, “What’s the biggest impact you had at your past organization?” It’s important that someone takes ownership of a project that they did, and you can tell based on how they talk about it whether they did it or whether it was just something that was going on at the organization. Will is about hunger, so I’ll ask, “What do you want to do in five or 10 years?” That tells you a lot about their aspirations and creativity. If you’re hungry to get somewhere, that means you want to learn. And if you want to learn, you can do any job. In terms of fit, I’m looking for people who have some sort of experience with a smaller company. At big companies, your job is really one little piece of the pie. I need someone who can make things happen and is comfortable with ambiguity.”
Another approach was suggested by Russell Goldsmith, the Chairman and Chief Executive Officer (CEO) of City National Bank in Los Angeles, CA. He was interviewed by Adam Bryant for the Corner Office column entitled, “What’s Your Story” Tell It, and You May Win a Prize”. Goldsmith focuses on character by directly asking the prospective hires what their expectations are in coming to work at City National because if the person is not a good match for the company, both parties will be better off if he or she does not go to work there in the first place. Goldsmith also asks if a prospective hire has any questions for him. Goldsmith believes it is important for a candidate to not only have questions but to ask them as well. He stated, “Not because I want them to kind of butter me up or something. It tells me several things. Sometimes people don’t have a single question. And if you have any curiosity, here is your window. I mean, you are thinking of changing your entire career and you have 40 to 60 minutes with the C.E.O., and you don’t have a single question about the company?”
An interesting example came from an interview of Brian Ching, the General Manager of the Houston Dash, the city’s professional women’s soccer team. The Dash are quite active in the local community, not only sent its players out into the community to meet fans but also encouraged its players to adopt local charities and become involved to create greater community involvement. The Dash left it up to the individual player as to which charity they might want to be involved with.
I asked him how the team could work to draft or sign players or prospects who are willing to engage in that type of community development. He said that in addition to the metrics and traditional scouting it involved having a frank discussion with any prospective signing about what would be expected of her as a Dash member. If getting out, meeting and interacting with the fans was not something that the prospective player was interested in doing that was considered in the evaluation process. This last point is assessed during face-to-face interviews with any prospect.
Something that may not seem important for professional athletes is the ability to get out and engage with the community, however this was viewed as not only an important part of the job description with the team but a key job skill which was required. For prospective Dash players, this meant that there had to be some direct conversations about not only the team’s expectations but also the prospects ability to engage in those activities.
Ching’s discussion about how they communicate their expectations was also an important point that the compliance practitioner should also consider in the interview process and compliance. Just as the Dash use the interview process to convey expectations, they also use the interview to directly inquire from candidates whether they would be willing to go out into the public and represent the franchise. This is important when interviewing for compliance positions and for senior management positions in companies as well.
Another approach was suggested by Mike Tuchen, Chief Executive Officer (CEO) of the software vendor Talend, in an interview by Adam Bryant for the NYT Corner Office Column entitled “Watch the Road, Not the Wipers”. I thought Tuchen’s thoughts on hiring from the compliance perspective were pertinent. When he interviews, “The first questions are always going to be about management and leadership style. And I’ll ask a number of open-ended questions about what’s important to get right as a leader. Some people will talk about the people on the team and the best way to motivate them. The answers that kind of scare me are from candidates who talk about people as if they’re something on a spreadsheet. Leadership and management are all about people.” Clearly for Tuchen, leadership is about people and this should be so for any CCO who is interviewing as well.
Three Key Takeaways
Use the interview process to determine who will be an ethical and compliance fit for your organization.
Consider the skill, will and fit
Ask open-ended questions.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/4/2017 • 13 minutes, 18 seconds
Day 3 of One Month to Better Compliance Through HR
Today, I conclude my review of FCPA enforcement actions that involved the corporate hiring function. From these three cases I have considered, it is clear that HR must be involved in compliance and if HR hiring controls are over-ridden there must be an appropriate consideration of the risk management issues.
In November 2016, JP Morgan Chase (JPM) and its subsidiary, JPMorgan Securities (Asia Pacific) Limited (JPM-APAC) resolved its FCPA matter, obtaining a NPA from the DOJ with a penalty of $72MM, agreeing to a Cease and Desist Order (“Order”) from the SEC, with a penalty consisting of profit disgorgement and interest of $135MM, and reaching an agreement with the Federal Reserve Bank (Fed) for a Consent Cease and Desist Order (Fed Order) to put in place a best practices compliance program and pay a penalty of $61MM. The total fines and penalties paid by JPM for its violation of the FCPA was $268 MM.
The conduct involved JPM-APAC’s Client Referral Program, named the “Sons & Daughters Program” (Sons and Daughters), which targeted children of high Chinese government officials and employees of state-owned enterprises, other close family members and even close friends and associates of foreign officials and employees of state-owned enterprises for hiring in a blatant attempt to win business. It was designed, created and implemented by the top management of JPM-APAC, which went so far as to keep a tally of those persons hired by JPM-APAC and JPM tied to specific business development. As noted in the NPA, “certain senior executives and employees of (JPM-APAC) conspired to engage in quid pro quo agreements with Chinese officials”. The language quid pro quo is replete throughout the settlement documents because that is the specific language used by JPM-APAC personnel when discussing Sons and Daughters.
These actions led to over $100MM in profit to JPM. While JPM was certainly aware that many of these hires did not meet the companies stringent hiring requirements, there never seemed to be oversight of this illegal program or even investigation into the clear red flags presented by the company’s actions. What is more JPM knew the high-risk in hiring family members of foreign officials as far back as 2001 and indeed, had a written policy prohibiting such conduct. However, in 2006, this program morphed into a targeted program “directly attributable linkage to business opportunity”, and lasted until 2013. Over seven years, over 100 family members went through the program, with parents in more than 10 different Chinese government agencies. The program extended from new hires to summer internships to lateral hires.
JPM-APAC tracked the metrics of Sons and Daughters, the with “a spreadsheet that tracked hires to specific clients, while also tracking revenue attributable to those hires.” This spreadsheet was so detailed that it delineated “columns for each hire, the referring client, the relationship of the candidate, and the amount of revenue generated attributable to the hire in U.S. dollars.” Finally as noted in the NPA, a of the purpose of this level of documentation “was to track deals that resulted from the hires and measure revenue associated with Client Referral Program hires.” So the corruption scheme and the benefits obtained therefrom were fully documented.
The Son and Daughters program began as a FCPA risk management tool and listed five requirements to be considered for hire at JPM-APAC: “(1) whether the applicant was qualified for the position; (2) whether the applicant had gone through the normal interviewing process; (3) whether the referring client/potential client was government-related; (4) whether the firm was actively pitching for any business from the client/potential client; and (5) whether there was an “expected benefit to JPMorgan” for hiring the referred candidate.” These criteria were designed to act as internal control to prevent illegal hiring under the FCPA but it morphed into a program to disguise the true reason for these hires.
Worse, it appears that both the HR and compliance functions were complicit in the scheme to violate the FCPA because on at least one instance where the JPM-APAC business unit sponsor noted on the form “[t]he hiring of this candidate will place JPMorgan in a more favorable position for securing future business from the client.” This business justification morphed into the next iteration, “The candidate will be trained by JPMorgan for couple of years and then go to local bank. Thus, will bring more business”; all because the company’s compliance and HR functions “instructed the JPMorgan-APAC employee to remove the offending language, writing, “[h]iring of the candidate should not be for the purposes of securing future business of the firm. Please remove.” Further damning to the JPM-APAC compliance and HR functions was that of the more than 200 candidates hired through the Sons and Daughters program, none were rejected by either HR or compliance.
In addition to the tying of business to the hiring’s under the Sons and Daughters program, there was the additional problem that these hires did not meet JPM’s basic hiring and retention standards. According to the Order, one JPM-APAC representative described those hired under the program “as a protected species requiring [senior management] input. His reporting line to you is accountable but like national service.” Both the Order and NPA were replete with document evidence that the hires under Sons and Daughters did not meet minimum hiring standards and they often failed to meet minimum standards for retention at the company. The Box Score is a summary from the NPA of some of the candidates which clearly did not meet JPM hiring standards, yet who were hired and where such hires under the Sons and Daughters program brought benefits to JPM.
Foreign Official or SOE employee
Reasons for hire
Candidate deficiencies
Deficiencies as JPM employee
Benefit tied to hire
Client 1
Maintain good relationship with client
$4.82MM profit
Client 2
Quid pro quo for business
JPM-APAC lead underwriter on IPO
Client 3
Not very impressive, poor GPA
Attitude issue. He doesn’t seem to care about work. Don’t need to have an intern doing nothing
JPM-APAC lead underwriter on IPO
Client 4
Promised IPO work
Not qualified for job at JPM. Tech and quantitative skills ‘light’
Communication skills and interest in work lagged his peers
JPM-APAC lead underwriter on IPO. $23.4MM profit
Government Official 1
Father would go the extra mile to help JPM
Worst business analyst candidate ever seen
Immature, irresponsible and unreliable. Sent out sexually inappropriate emails
JPM-APAC lead underwriter on IPO
Government Official 2
Hire would ‘significantly’ influence role of JPM-APAC
Unlikely to meet hiring standard
New York not comfortable with his work. Recommends he follow a different career path
JPM-APAC lead underwriter on IPO
One thing that the resolution decidedly does not stand for is the proposition that a company can never hire a family member of a foreign official or employee of a state-owned enterprise. Indeed, it was one JPM-APAC compliance officer (albeit a new one) in 2013 who stopped the entire Sons and Daughters program with the following reason for denying a family member a position at the company, writing, “I’m afraid from an anti bribery [sic] and corruption standpoint, we cannot create positions to accommodate client requests….”. This statement clearly shows that when an official refers a family member for hire, a red flag should go up. It also demonstrates why compliance should be involved in any high-risk endeavor. If there is no position which the candidate can fill based upon their own qualifications at your company, that should be the end of the discussion, full stop.
What are the criteria compliance can advise to HR to operationalize the compliance issues in hiring? There are three questions I suggest be used to analyze the hiring of a family member of foreign official or state-owned enterprise. They can also be installed as internal controls.
Does the candidate meet your firm’s hiring criteria?
Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate?
Has the foreign official made or will make a decision that will benefit your company?
If the answer to the first question is “No” and the second two “Yes”, you may well be in a high-risk area of violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, Document, Document, and Document your investigation, both the findings and the conclusions.
These questions can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Further, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA or other anti-bribery/anti-corruption regime such as the UK Bribery Act.
Three Key Takeaways
Never institutionalize your illegal conduct.
Develop a set of HR internal controls around hiring and compliance.
Always put a second set of eyes on any exceptions granted.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2017 • 13 minutes, 20 seconds
Compliance into the Weeds-Episode 37
In this episode, Matt Kelly and I take a deep dive into the weeds of the soon-to-be-released the House Financial Services Committee, the Financial Choice 2.0 Act. We consider some of the ideas in the legislation which Matt thinks are bad including:
1. Repeal of the Chevron deference repealed.
2. Attempts to clip the SEC rule making authority.
3. Exempting more companies which desire to go public from SOX 404(b) requirements and reporting.
4. (Matt's most particular bad idea) The exemption of more filers exempted from XBRL reporting.
We also discuss some of the potential benefits from the legislation and where it may all go in the Senate.
For more see Matt's blog post House GOP Regulatory Reform Axe, on his site Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/3/2017 • 24 minutes, 3 seconds
Day 2 of One Month to Better Compliance Through HR
BNY Mellon
Up until the summer of 2015, hiring practices under the FCPA were not been given much thought or widely discussed. However that began to change in the summer of 2015 when the SEC announced a resolution with Bank of New York Mellon Corporation (BNY Mellon) for violations of the FCPA. This was the first enforcement action around the now infamous Princess-lings and Princelings investigation where US companies hired the sons and daughters of foreign officials to curry favor and obtain or retain business.
In this matter the BNY agreed to pay $14.8 million to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) by providing valuable student internships to family members of foreign officials affiliated with a Middle Eastern sovereign wealth fund.
The Order also specified how the hiring of the relatives led directly to BNY Mellon obtaining and retaining business. One foreign official, made a personal request that BNY Mellon provide internships to two of his relatives: his son and nephew. As a Middle Eastern Sovereign Wealth Fund department head, he had authority over allocations of new assets to existing managers and was viewed within the bank as a “key decision maker” at the Middle Eastern Sovereign Wealth Fund. The second foreign official, who had authority to make decisions directly impacting BNY Mellon’s business asked that BNY Mellon provide an internship to the official’s son.
Added to all of this was that none of the three individuals met the BNY Mellon requirements for its internship program; they met neither the academic or professional requirement to obtain an internship. BNY Mellon not only waived its own hiring requirements, it did not even go through the pretense of meeting with them or interviewing them. Finally, these three individuals were provided with personalized, rotational internships so they had the opportunity to work in a number of different BNY Mellon business units, enhancing the value of the work experience beyond that normally provided to interns.
Red Flags
Each of the candidates were recommended by foreign officials who controlled of business for the bank.
The internship requests were specifically quid pro quo for receiving of business.
The candidates did not meet the basic entrance standard for a bank internships.
The candidates were hired sight unseen before even meeting or interviewing them.
The internships themselves were all bespoke, separate and apart from the standard internship program.
Qualcomm
In February 2016, came the Qualcomm enforcement action. In addition to the types of facts presented in BNY, there were additional reasons not to hire the family member of a foreign official. The candidate was rated as a “No Hire” because not only was he not a “skill match” for the company but he did not even “meet the minimum requirements for moving forward with an offer”. Finally, among the Qualcomm team involved in the interview process, “there was an agreement that he would be a drain (not even neutral) on teams he would join.” Yet he was offered a job as a “special favor”. [Emphasis supplied]. If someone is so unqualified that employing them will negatively impact the company, there must be another very good reason to hire them, such as providing a benefit to their father, who is an official under the FCPA.
Lessons Learned Going Forward
The obvious starting point for any hiring of a close family member of a foreign governmental official is whether the candidate is qualified for the position. If they are not qualified it is ‘Full Stop’ at that point. In the case of BNY Mellon there was no evidence any of the candidates had the academic background, the academic credentials, leadership traits or intangible skills to meet the bank’s normal internship hiring criteria. As with any other anomaly granted in a company’s normal process, there must be a documented reason for the exception, review by appropriate authority of the exception and documentation as to why the exception was granted. None of these steps were present in the BNY Mellon matter. Put another way, if you are hiring a family member or close relative of a foreign official for any reason other than merit, it had better be a darn good one and well-documented as to your decision-making calculus with appropriate senior management oversight.
But your risk management does not stop simply with the hiring process. If the foreign governmental official is the person who made the request for the hiring of the family member, this is a Red Flag not to be overlooked. Your analysis needs to be on the role of that foreign governmental official in awarding new business to your company or in retaining old business. If the foreign governmental official has direct or even strong indirect control over such business relation, this may present such a direct conflict of interest, this may be a risk that you cannot manage. A good rule of thumb here is whether there is full transparency in the hiring with the foreign government involved with your company. In the case of BNY Mellon, they did not want anyone in the Sovereign Wealth Fund to know BNY Mellon had hired the son or nephew. That is a clear sign transparency is lacking and someone, somewhere is engaging in unethical conduct, if not breaking the law.
Finally, if you do decide to move forward and hire the close family member, you need to assign that new hire to work not associated with the business relationship between your company and the foreign government involved. Just as in the lifecycle of third party management, managing the relationship after a contract is inked is in many ways the most critical element; the same is true in the employment relationship involving close family members of foreign officials.
Ultimately, you need to have internal controls to ensure effective compliance going forward. You cannot have customer relationship managers making the calls on hiring which over-ride the Human Resources (HR) procedures. There must be not only HR review but also mechanisms to flag for compliance review such hires. Lastly, there needs to be sufficient senior management oversight because this is such a high-risk proposition.
Three Key Takeaways
When considering the son or daughter of a foreign official, if a candidate does not meet your internal hiring criteria, it should be the end of the conversation full stop.
If the candidate is hired but cannot meet the workload requirements, there should be no special circumstances for retention.
The actions of the foreign official must be scrutinized as a part of the hiring process and forward indicia of awarding business going forward.
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/2/2017 • 12 minutes, 42 seconds
FCPA Compliance Report-Episode 325
In this podcast, Marc Bohn and James Tillen from the firm of Miller & Chevalier, discuss their recent publication entitled, "Evaluating FCPA Pilot Program: Declinations on the Rise" where they review the state of Department of Justice's Foreign Corrupt Practices Act declinations after one year of the agency's enforcement Pilot Program, which sought to promote greater accountability for companies and individuals who violate the FCPA, while rewarding those who voluntarily self-disclose violations and cooperate with investigations and remediation efforts. They discuss the following issues:
Do the numbers show any increase in declinations in 2016 over the past few years?
What are the conditions to obtain a declination? Is any one as more important or are they of equal importance?
Is there any reason not to publicize all declinations?
They discuss how SEC enforcement is a factor in DOJ calculus in determining whether or not to grant a declination.
In 2016 there were two declinations which involved privately held companies and hence no SEC prosecution. They explain how the DOJ got to profit disgorgement.
They prognosticate the tea leaves, on what might be the fate of the the Pilot Program going forward.
For additional reading on FCPA enforcement in 2017, see Miller & Chevalier's FCPA Spring Review 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/2/2017 • 29 minutes, 7 seconds
Day 1 of One Month to Better Compliance Through HR
Day 1- The Role of Human Resources in Operationalizing Compliance
This month, I will consider the role of Human Resources (HR) in operationalizing a best practices compliance program. I have long advocated for a greater role of Human Resources (HR) in a compliance program. Indeed, one sign of a mature Foreign Corrupt Practices Act (FCPA) compliance and ethics program is the extent to which a company’s HR Department is involved in implementing a solution. While many practitioners do not immediately consider HR as a key component of a FCPA compliance solution, it can be one of the lynch-pins in spreading a company’s commitment to compliance throughout the employee base. HR can also be used to ‘connect the dots’ in many divergent elements of a FCPA compliance and ethics program.
Even more importantly is the operationalization of compliance into the fabric of the business. One of the key indicia of compliance program effectiveness is how thoroughly each separate corporate discipline incorporates compliance into its everyday job functions. An active and functioning compliance program will literally be alive in each department in an organization.
HR has as many touchpoints as any other corporation function with employees. From interviews to onboarding, through evaluations and performance appraisals, even to the separation process; HR leads many of the corporate touchpoints. Each one of these touchpoints can be used teach, educate and reinforce the message of doing business ethically and in compliance with laws such as the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any similar legislation.
The Department of Justice Evaluation of Corporate Compliance Programs (Evaluation) listed four specific areas of HR touchpoints in a best practices compliance program, found under Prong 8, Incentives and Disciplinary Measures
Accountability – What disciplinary actions did the company take in response to the misconduct and when did they occur? Were managers held accountable for misconduct that occurred under their supervision? Did the company’s response consider disciplinary actions for supervisors’ failure in oversight? What is the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the type(s) of conduct at issue? Has the company ever terminated or otherwise disciplined anyone (reduced or eliminated bonuses, issued a warning letter, etc.) for the type of misconduct at issue?
Human Resources Process – Who participated in making disciplinary decisions for the type of misconduct at issue?
Consistent Application – Have the disciplinary actions and incentives been fairly and consistently applied across the organization?
Incentive System – How has the company incentivized compliance and ethical behavior? How has the company considered the potential negative compliance implications of its incentives and rewards? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations?
When you consider the number of touchpoints, HR has in the employment life cycle, its role in facilitating the operationalization of compliance becomes clear. At each of these touchpoints, HR can take the lead in operationalizing compliance. Additionally, each touchpoint provides an opportunity for ongoing communications with a prospective employee, newly hired employee, seasoned employee or one moving up into the ranks of management about the need for ethical dealings and compliance with company values as set out in the Code of Conduct and operationalized in the compliance policies and procedures.
By using these touch points HR can demonstrated the shared commitment requirement found in Prong 2 of the Evaluation as well as provide ongoing communications as laid out in Prong 6. There are few other corporate departments which have so many employee touchpoints as HR. Every compliance practitioner should use HR to operationalize compliance through the variety of touchpoints and expertise available to a compliance professional through a corporate HR department. As a key first step, I would suggest that every compliance professional head down to your corporate HR department and have a cup of coffee with your functional equivalent. Find out not only what they do but how they do it and then explore how you can further operationalize your compliance program through these HR-employee touchpoints.
Over this next month, I will be considering the role of HR in all of these steps and more. Further, over the past 20 months there have been 3 Foreign Corrupt Practices Act (FCPA) enforcement actions which spoke directly to the role of HR and hiring in a compliance program. I will begin with these three cases and move through the employment lifecycle.
Three Key Takeaways
What are the HR-employee touchpoints at your company?
HR professionals can bring new, dynamic and innovative techniques to compliance communications.
Go down and have a cup of coffee with the head of your corporate HR department. Find out what they do and how they do it.
Learn more about your ad choices. Visit megaphone.fm/adchoices
5/1/2017 • 12 minutes, 50 seconds
This Week in FCPA-Episode 50
In this episode, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
Trump’s First 100 days end with a decided wimper. What does it mean for compliance?
Novartis gets into corruption trouble in South Korea. See article in FCPA Blog.
Shell and ENI are in a big corruption mess in Nigeria. See Tom’s article in the FCPA Blog.
United Airlines tries to clean up its act. See articles in the New York Times and Wall Street Journal.
Jay reports on the ECI conference and tells us what’s in his coloring book.
Tom details his speaking engagements in May. For details and registration information click here.
KBR under investigation by UK SFO for allegations around the company’s use of Unaoil. See article in the Wall Street Journal.
Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.
Jay previews his weekend post, which is now up, "It Was the Best of Times, It Was the Worst of Times" or "Ignorance is Strength"
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/28/2017 • 32 minutes, 58 seconds
Day 20 of One Month to Better 3rd Party Management
I end this one month series by taking things a different direction. Today I do not focus on third party risk management but on third parties as a compliance innovation source for your organization. It is universally recognized that third parties are your highest Foreign Corrupt Practices Act (FCPA) risk. What if you could turn your third party from a liability under the FCPA to an innovation partner to your compliance program? This is an area that not many compliance professionals have mined but once again in compliance, you are only limited by your imagination.
In an article in Third Party Management Review by Jennifer Blackhurst, Pam Manhart and Emily Kohnke, entitled “The Five Key Components for Third party Innovation”, the authors asked “what does it take to create meaningful innovation across third party partners?” One reason compliance innovation with third parties can be so power is that it cannot only affect costs but can move to gain a competitive advantage. To do so companies need to see their third parties as partners and not simply as entities to be squeezed for costs savings.
Their findings identified five components common to the most successful innovation partnerships. They are: “(1) Don’t Settle for the Status Quo; (2) Hit the Road in Order to Hit Your Metrics; (3) Send Prospectors Not Auditors; (4) Show Me Yours and I’ll Show You Mine; and (5) Who’s Running the Show?”
Don’t Settle for the Status Quo
This means that you should not settle for simply the status quo in compliance. Innovation does not always come from a customer or even an in-house compliance practitioner. Here the key characteristics were noted to be “cooperative, proactive and incremental”. You need to be leading the compliance innovation discussion rather than falling from behind. If a third party can suggest a better method to make compliance more efficient or cost effective, particularly through a technological solution, it may well be something you should consider.
Hit the Road in Order to Hit Your Metrics
To truly understand your compliance risk from all third parties, you must get out of the ivory tower and hit the road. This is even truer when exploring compliance innovation. You do not have hit the road with the “primary goal to be the inception point for innovation” but through such interactions, innovation can come about organically, as a part of your ongoing third party relationship. There is little downside for a compliance practitioner to go and visit a third party and have a “face-to-face meeting simply to get to know the partner better and more precisely identify that partner’s needs.”
Send Prospectors Not Auditors
While an audit clause is critical in any third party contract, both from a commercial and FCPA perspective, this exercise should be considered as such. You can establish a point of contact as an innovation manager for your third parties” Every third party should have a relationship manager, whether that third party is on the sales side or the Supply Chain side of the business. Moreover, the innovation partners are “able to see synergies where [business] partners can work together for the benefit of everyone involved.”
Show Me Yours and I’ll Show You Mine
As with all relationships, trust plays an important role in third party compliance innovation, as “Firms in successful innovations discussed a willingness to share resources and rewards and to develop their partners’ capabilities.” The authors believe that “Through the process of developing trust, firms understand their partner’s strategic goals.” I cannot think of a more applicable statement about FCPA compliance. Another way to consider this issue is that if a third party partner has trust in you and your compliance program, they could be more willing to work with you on the prevent and detect prongs of compliance regimes. Top down command structures may well be counter-productive.
Who’s Running the Show?
This means “who is doing what, but also what each firm is bringing to the relationship in terms of resources and capabilities.” In the compliance regime, it could well lead to your third party taking a greater role in managing compliance in a specific arena or down a certain set of vendors. Your local third party might be stronger in the local culture, which could allow it to lead to collaborations by other vendors in localized anti-corruption networks or roundtables to help move the ball forward for doing business in compliance with the FCPA or other anti-corruption laws such as the UK Bribery Act.
The authors ended by remarking, “we noticed that leveraging lean and process improvement was mentioned by virtually every firm.” This is true in the area of compliance process improvement, which is the essential nature of FCPA compliance. Another interesting insight from the authors was that utilization can increase through such innovation in the third party. Now imagine if you could increase your compliance process performance by considering innovations from your third parties?
The authors conclude by stating that such innovation could lead to three “interesting outcomes (1) The trust and culture alignment is strengthened through the partnership innovation process leading to future innovations and improvement; (2) firms see what is needed in terms of characteristics in a partner firm so that they can propagate the success of prior innovations to additional partners; (3) by engaging third party partners as innovation partners, both sides reap rewards in a low cost, low risk, highly achievable manner.” With some innovation, you may well be able to tap into a resource immediately available at your fingertips, your third party.
Three Key Takeaways
Use your third parties as innovators to assist your compliance program.
Change your thinking about third parties and make them your partners.
Do not settle for the status quo.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/28/2017 • 12 minutes, 56 seconds
Unfair and Unbalanced-Episode 16
In this Part I of a two part series recorded at this month's European Compliance and Ethics Institute in Prague, Roy Snell discuss the DOJ's Evaluation of Corporate Compliance Programs in the context of cavemen and Plato's Analogy of the Cave. We review some of the new information and Roy discusses how it is a compilation of many differing strands of compliance thought over the past 20 year. We then discuss the HCCA-OIG Resource Guide on Measuring Compliance Program Effectiveness. As always we go off on tangents and dive deeply into issues relating to the the compliance profession.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2017 • 34 minutes, 44 seconds
Day 19 of One Month to Better 3rd Party Management
One of the areas many companies do not focus on enough is possible corruption in their Supply Chain (SC) for goods and services provided on a company’s behalf. The FCPA risks can be just as great through those entry points as it can be through the sales side of an organization. You need to know who your company is doing business with through the SC as much as you need to know your agents seeking business opportunities on your behalf.
As most companies have exponentially more vendors than sales agents, this task may seem daunting. However a well thought plan to risk rank your company’s third parties on the SC side can go a long way towards ameliorating this issue. The key is to set reasonable parameters and then management those third parties which present true corruption risk to your organization.
This determination of the level of due diligence and categorization of a supplier should depend on a variety of factors, including, such factors as whether the supplier is (1) located, or will operate, in a high risk country; (2) associated, or recommended or required by, a government official; (3) currently under corruption investigation, or has been recently convicted of any form of corruption; (4) a multinational publicly traded corporation with a recognized exemplary system of compliance and internal controls; or (5) a provider of widely available services and products that are not industry specific. You should note that any supplier, which has foreign government touch points, should move up into a higher level of scrutiny.
My suggestion is that you create a three-tiered matrix for SC risks, with the three levels consisting of (1) High-Risk Suppliers, (2) Low-Risk Suppliers, and (3) Minimal Risk Suppliers. Below this final category is another category for providers of goods which are commonly available and pose almost no corruption risk.
A High-Risk Supplier presents a higher level of compliance risk because of the presence one or more of the following factors: (a) It is based or operates in a country that poses a high risk for corruption, money laundering, or commercial bribery; (b) It supplies goods or services to a company from a high-risk country; (c) It has a reputation in the business community for questionable business practices or ethics; or (d) It has been convicted of, or is alleged to have been involved in, illegal conduct. Other factors you may wish to consider include some or all of the following: (1) the Supplier is located in a country that has inadequate regulatory oversight of its activities; (2) the Supplier is in an unregulated business; (3) the Supplier’s ultimate or beneficial ownership is difficult to determine; (4) your company has an annual spend of more than $100,000 with the supplier; (5) the Supplier was established or registered in a jurisdiction where ownership is not transparent or that permits ownership in the form of bearer shares; (6) the Supplier is registered or conducts business in a jurisdiction that does not have anti-corruption, anti-money laundering (AML) and anti-terrorism laws comparable to those of the US and UK; or (7) the Supplier lacks a discernable and substantial business history.
A Low-Risk Supplier is an individual or a non-publicly held entity that conducts business in a Low-Risk Country. Some indicia include that it (1) supplies goods, equipment or services directly to a company in a Low-Risk Country; (2) a company has an annual spend of less than $1,000,000 with the supplier; and (3) the supplier is not involvement with any foreign government, government entity, or Government Official. However, if the supplier has other indicia of lower risk such that it is a publicly-held company, it may be considered a Low-Risk Supplier because it is subject to the highest disclosure and auditing and reporting standards such as those under FCPA or similar law.
Below the high and low risk categories I would add two other categories of suppliers that present very low compliance risks. The first is ‘Minimal-Risk Suppliers’ which generally provide to a company goods and services that are non-specific to a particular project and the value of the transaction is USD $25,000 or less. Some examples might be for the routine purchase of fungible items and services, including, among others: Office supplies, such as paper, furniture, computers, copiers, and printers; Industrial or factory supplies, including cleaning materials, solvents, safety clothing and off-the-shelf equipment and parts; Crating and other standard materials for packing products for shipping; Leasing and rental of company cars and other equipment; and Airline or other travel tickets or services. It may also include legal services from professional firms that are approved and overseen by a company’s Legal Department; Investigative services from professional firms that are approved and overseen by a Legal Department and that do not interact with government agencies on behalf of a company; and Accounting and financial services from professional firms that are approved and overseen by a company Finance Department or Audit Committees and that do not interact with government agencies on behalf of a company.
Finally, are the category of third parties that provide widely available services and products, ‘Common Product and Services’, that are not industry specific, are offered to the public at large and do not fall under the definition of Minimal-Risk Supplier. These include, among others, wide circulation newspapers, magazines, florists, daily limousine and taxi, airline and food delivery (including coffee shops, pizza parlors and take out) services. These third parties raise even less than Minimal Risk to a company, especially when their services and products are provided in a non-high risk country. Suppliers in this category require no FCPA due diligence.
You need to risk rank your third parties which your company might engage through your SC for FCPA exposure. It should be based on your company’s experience and risk going forward. As with all other third party risk management issues, you must document, document, document.
Three Key Takeaways
Risk rank you supply chain based well-conceived strata.
Consider not only the compliance risk but also your business risk.
Only manage those suppliers which present a corruption risk.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/27/2017 • 13 minutes, 16 seconds
Day 18 of One Month to Better 3rd Party Management
The Foreign Corrupt Practices Act (FCPA) world is littered with cases involving freight forwarders, brokers and agents in the shipping and express delivery arena. Both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have aggressively pursued third party business relationships where bribery and corruption have been found. This is particularly true where companies are required to deliver goods into a foreign country through the assistance of a freight forwarder or express delivery service. There are several major risk points. These include:
Location, location, location;
Customs and other governmental agencies;
Aviation and postal regulators;
Business promotion expenditures for governmental officials;
Agents and sub-agents; and
Government accounts are a major part of express shipper customers so must analyze this as well.
How can a company respond to protect itself or at least reduce its potential FCPA risk with regarding to a logistics company, freight forwarder or express delivery company? Obviously having a thorough risk assessment program and due diligence program are critical. After determining risk, move to perform due diligence based upon this risk. However, there are some general questions that you should ask, both internally and to your prospective vendor.
Relationship. What is your relationship with the third party? Is it purely arms-length? Is it sales agent making a solicitation? Is it a consortium, which may be a lower risk? Is it partnership of JV, if so what is your control? Is it subcontractor or supplier? All of these have different risk levels.
Business Formation. What is the character of the third party? Is it a US based company, is it subject to a robust national compliance law? Is it private/public? Who else do they represent? Length of time in business? Who are the principals and are they governmental officials?
Compensation. How do you compensate the third party? Is it bonus-based paid at the conclusion of a transaction? Will the representative have an expense account? If so how is it given to them, for instance will you pay on a lump sum v. verified expenditures? How will they be paid, local currency into a bank account, cash or check? What is the level of compensation? Are you over-compensating based upon the market; you are taking a chance that the third party could share it with others.
Location. What is the geographic location and is it one of the usual suspects on the Transparency International Corruptions Perceptions Index (TI-CPI)?
Industry. What is the industry or sector that you are engaged? This can be significant because certain industries/sectors such as infrastructure, medical industry, defense contractors are facing increased DOJ/SEC scrutiny.
Process. What is the process by which the business opportunity arose? What is the bidding process? Who invited you? Is it an open bid? Did you respond to an RFP? Did you compromise you own standards to bid? Is there a mandated partner assigned by the foreign government?
After you ask some of these questions, investigate your risks and evaluate them; you should incorporate these findings into a contract with appropriate FPCA compliance terms and conditions. This contract should announce to your to third party freight forwarder/express supplier of your expectations regarding their compliance program. Your contract should also allow for management of the compliance relationship. Your contract should require training and certification by verified provider or by your company. Your company’s Relationship Manager should ensure the third party’s compliance with your company’s anti-bribery compliance program.
James Min, Vice President, Int'l Trade Law & Global Head of Trade Law Practice Group at DP-DHL Legal Department, developed a risk matrix for the freight forwarders/express delivery industry. In this Min analyzes risks by multiplying factors noted herein and thus scoring. This model shows that location should not be the sole criteria for risk. The factors in the Min Model are the performance of your company’s customers clearance brokers and how far that performance varies from the norm your company normally receives. In the below chart, +1.00 equals average clearance time. >1.0 equals faster than average and
The Min Model
Country
TI CPI
Customs
Clearance
Performance
Variance from
Average Performance
Risk Score
Risk Rank
A
55
.93
1.21
61.9
1
B
20
.76
0.89
13.5
3
C
54
.29
1.00
15.6
2
D
88
.12
0.7.
7.39
4
The key in this approach is how often the Customs Broker/Express Delivery Service varies above the average for customs clearance times. If the percentage of customs clearance performance is so great that your vendors variance is above 100% most of the time, this could be a Red Flag that bribery or corruption is involved. This should lead to further investigation, due diligence, or asking of questions of your vendor.
Almost every business transaction engaged in by a freight forwarder, express delivery service or customs broker, outside the US involves a foreign governmental official. Every time your company sends raw materials into, or brings them out of, a country there is an interaction with a foreign governmental official in the form of a Customs Official. Every customs transaction involves a payment to a foreign government and every transaction involves some form of a foreign governmental regulatory process. While the individual payment per transaction can be small, the amount of total transactions can be quite high, if a large volume of goods are being imported into a foreign country.
Conversely interacting with international tax authorities can present problems similar to those with customs officials, but the stakes can often be much higher since tax transactions may be less in frequency but higher in financial risk. These types of risks include the valuation of raw materials for VAT purposes before such materials are incorporated into a final product, or the lack of segregation between goods to be sold on the foreign country’s domestic market as opposed to those which may be shipped through a free trade zone for sale outside that country’s domestic market.
If you utilize the services of a third party for any of the transactions listed above, that company’s actions will go a long way in determining your company’s FCPA liability. You must have a thoughtful process and document that process.
Three Key Takeaways
Express delivery services and freight forwarders present unique compliance risks.
There must be a business justification to bring on new express delivery services or freight forwarders in high risk jurisdictions.
Consider the Min Model (or something similar) as your risk matrix in this area.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/26/2017 • 12 minutes, 26 seconds
FCPA Compliance Report-Episode 324
In this episode I visit with white collar defense and Qui Tam specialist Joel Androphy about prosecution of whistleblower claims at the federal and state level. Androphy explains what type of evidence is required to file such a claim, have the government take over the action and what a whistleblower may expect. It is a fascinating view from a whistleblower expert counsel at the state and federal level. Joel Androphy can be reached at [email protected]. For more information about his practice areas, including whistleblower claims, False Claims Act lawsuits and Qui Tam claims; check out the firm website at bafirm.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/26/2017 • 31 minutes, 1 second
Day 17 of One Month to Better 3rd Party Management
One of the issues in any compliance program is the compensation paid to a third party as FCPA exposure arises when companies pay money - either directly or indirectly - to fund bribe payments. In the traditional intermediary scenario, the company funnels money to the agent or consultant, who then passes on some or all of it to the bribe recipient. Often, the payment is disguised as compensation to the intermediary, and some portion is redirected for corrupt purposes.
When companies grant distributors uncommonly steep discounts, bribes can result either: 1) because the distributor is instructed by the company to use the excess amounts to fund corrupt payments; or 2) because the distributor pays bribes on its own, without the express direction or implicit suggestion from the company to do so, in an effort to gain some business advantage. The 2012 FCPA Guidance, it noted that common red flags associated with third parties include “unreasonably large discounts to third-party distributors”. The distributor enforcement cases offer lessons to combat the scenario, which is where legitimate companies require assistance.
How can risk that distributors present be managed? One mechanism is to install a distributor discount policy and monitoring system tailored to the company’s operational structure. In virtually every business, there exists a range of standard discounts granted to distributors. Under the approach recommended here, discounts within that range may be granted without the need for further investigation, explanation or authorization (absent, of course, some glaring evidence that the distributor intends use even the standard cost/price delta to fund corrupt payments).
Where the distributor requests a discount above the standard range, however, the policy should require a legitimate justification. Evaluating and endorsing that justification requires three steps: (1) relevant information about the contemplated elevated discount must be captured and memorialized; (2) requests for elevated discounts should be evaluated in a streamlined fashion, with tiered levels of approval (higher discounts require higher ranking official approval); and (3) elevated discounts are then tracked, along with their requests and authorizations, in order to facilitate auditing, testing and benchmarking. This process also works to more fully operationalize your compliance regime as it requires multiple and increasingly upper levels of management involvement, approval and oversight.
Capturing and Memorializing Discount Authorization Requests
Through whatever means are most efficient, a discount authorization request (“DAR”) template should be prepared. While remaining mindful of the need to strike a balance between the creation of unnecessary red tape and the need to mitigate risk, the DAR template should be designed to capture a given request and allow for an informed decision about whether it should be granted. Because the specifics of a DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated (e.g., whether as a request from the distributor or a contemplated offer by the company) as well as explain the legitimate justification for the elevated discount (e.g, volume-based incentive). In addition, the DAR template should be designed to identify gaps in compliance that may otherwise go undetected (e.g., confirmation that the distributor has executed a certification of FCPA compliance).
Evaluation and Authorization of DARs
Channels should be created to evaluate DARs submitted. The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval. Usually, three levels of approval are sufficient, but this can expanded or contracted as necessary. Ultimately, the greater the discount contemplated, the more scrutiny the DAR should receive. Factors to be considered in constructing the approval framework include the expected volume of DARs and the current organizational structure. The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently. It also mandates the operationalization of this compliance issue into multiple disciplines within your organization.
Tracking of DARs
Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied. This captured data can provide invaluable insight into FCPA compliance and beyond. By tracking the total number of DARs, companies will find themselves better able to determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company (e.g., confirming the existence of a completed and approved DAR is an excellent objective measure for internal audit to perform as part of its evaluation of the company’s FCPA compliance measures). This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.
Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2012 FCPA Guidance and Justice Department’s Evaluation of Corporate Compliance Programs document have provided insight into how the government interprets and enforces the FCPA. This information, in turn, allows companies to get smarter about FCPA compliance. With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations. Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.
Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus.
Three Key Takeaways
The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
Require multiple levels of approval for an out of range distributor discount.
Tracking distributor discounts globally make your company more efficient.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/25/2017 • 13 minutes, 8 seconds
Compliance into the Weeds-Episode 36
In this episode, Matt Kelly and I take a very deep dive into two recent speeches by Department of Justice (DOJ) Acting Principal Assistant Attorney General Trevor McFadden in which he addressed multiple topics and issues around the Foreign Corrupt Practices Act (FCPA). The first set of remarks were made in Washington DC at the Anti-Corruption, Export Controls & Sanctions (ACES) 10th Compliance Summit (the “DC speech”). The second set of remarks were made at the American Conference Institute (ACI) 19th Conference on the FCPA in New York City (the “NYC speech”). We consider the evolving rationale for FCPA enforcement which has changed in the 40 years since it was enacted, the mandatory corporate response to FCPA compliance requirements, and how McFadden sees Justice Department enforcement of the FCPA going forward in the Trump administration.
For Matt Kelly blog post on McFadden's remarks, click here. For Tom Fox's segments of a three part series, click here for Part I, Part II and Part III.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/25/2017 • 23 minutes, 16 seconds
Day 16 of One Month to Better Third Party Management
At some point, you will be required to terminate a third-party and there will be multiple legal, compliance and business issues to navigate going forward. If you are stuck doing it in the middle of a Foreign Corrupt Practices Act (FCPA) or Bribery Act investigation, such as Airbus is currently under with the UK Serious Fraud Office (SFO), there may well be some tension to do so and do so quickly. If you have not thought through this issue and created a process to follow before it all hits the fan, you may well be in for a very tough road.
The key theme in termination is planning. The Office of Comptroller of the Currency, OCC Bulletin 2013-29, said that regarding third-party termination, a bank should develop a “contingency plan to ensure that the bank can transition the activities to another third party, bring the activities in-house, or discontinue the activities when a contract expires, the terms of the contract have been satisfied, in response to contract default, or in response to changes to the bank’s or third party’s business strategy.”
In an article entitled “Breaking Up Is Hard To Do”, Carol Switzer related how to avoid pain by planning for the end of a third-party relationship. She said it all should begin with “an exit strategy, a transition plan or a pre-nup—whatever the title, it’s best to begin by planning for the end which, in the case of business at least, will always eventually come. Whether due to contract completion or material breach, turning over responsibility to another party, or abandonment of the contracted activity altogether, contract termination is an inevitable phase in the third-party relationship lifecycle.” Planning for the end is important because, “The more long term and layered the relationship, the more difficult it will be to disentangle. The deeper the third-party is embedded in and uses the confidential information of the company and its customers, the greater the risks presented by failing to design a smooth transition process.”
It should originate with clearly specified contract termination rights but that is only the starting point, “To work out a smooth transition, the plan must also include internal change management processes and policies, designated transition team members, contingencies, and adequate resources and time allowances.” Your corporate values must be protected by “clearly designating the disposition of shared intellectual property and infrastructure assets.” Next you need to think through your transition plan by “ensuring rights to hire or continue use of key contractor employees who have been servicing your account, arranging to bringing new contractors or internal managers up to speed, and filing any regulatory or other required notifications.” Finally, bear in mind that your reputation must be protected during this transition process “by controlling and planning for issuance of public statements and social media postings by terminated contractors or their employees, or the best laid transition plans may be for naught.”
You will also need to consider the business risks around the termination of a third-party, particularly on the sales side of your business. This may mean sitting down with a customer or group of customers to explain the reasons behind the termination. Obviously if your business team has not developed a relationship with the end-using customer, this can be a difficult and very problematic conversation.
Unless you are exiting a business sector or territory, you will need to replace the third-party. This means going through the entire five-step process with any potential sales agent or representative. Such planning needs to be built into your termination strategy. If the reason for termination is a contract violation or worse a FCPA violation, there may well be other notifications which are required, both internally and externally to government regulators. You have also been under some type of contractual nondisclosure language and so consultation with your legal counsel, once again both in-house and outside, may be required. Finally, never forgot the reputation damage by releasing such information, or conversely not disclosing it. Both sets of reasons may hurt your business reputation as well.
In addition to the above steps, there are some specific considerations you should take. In the area of data, data privacy and data accessibility, if a third-party has access to your network and systems, such access must be revoked. If your terminated third-party has physical data, you must plan for the return of your data to you in a format that is acceptable to you and is secure. If your data is confidential, you may want to require that it be returned in an encrypted format and via an encrypted channel. You should lay out the time frame for the return of any data.
Alternatively, you can specify that data be destroyed. If this is the route you take with your third-parties, it should be performed in a way which is secure so the data cannot be reconstructed at a later date, through the use of surreptitiously created backup or duplicate data. You should mandate the third-party provide to you a certificate of destruction that confirms the destruction of your data and the methods used for destruction. Information that must be retained should maintain the data protection requirements currently in place, or stronger if the applicable laws change during the time of retention.
Although rarely considered, the termination of a third-party relationship can be as important a step as any other in the management of the third-party lifecycle. While having the contractual right to terminate is a good starting point, it is only the starting point. You not only need to have a compliance and legal plan in place but a business plan as well. If you do not, the cost in both monetary and potential business reputation can be quite high.
Three Key Takeaways
Termination of third parties is an oft-neglected part of the third party risk management process.
Make certain you have the contractual right to terminate third parties written into your standard terms and conditions.
Have a strategy in place for termination before everything hits the fan.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/24/2017 • 12 minutes, 38 seconds
This Week in FCPA-Episode 49
In this episode, Jay Rosen returns from a week’s trip to Walt Disney World. Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:
DOJ Criminal Division's Acting Principal Deputy Assistant Attorney General remarks on the FCPA and its enforcement. - See text of speech by clicking here. See Matt Kelly’s blog post by clicking here.
Whistleblowers in the news. See Tom’s article on the Barclay’s CEO and Amtrust in FCPA Blog and on KPMG in Compliance Week. Mike Volkov weighs on whistleblowing as indicia of corporate culture here.
One year reports note that declinations are on the rise under the on the now one-year old FCPA Pilot Program. For Miller & Chevalier report click here (sub. req’d). For the Stanford University FCPA Clearinghouse Report in the Wall Street Journal, click here.
Tribute to Kara Brockmeyer, retiring as head of the SEC’s FCPA Unit. See Tom’s article in Compliance Week.
Jay details his upcoming conference schedule and weekend report on ethics and compliance observations from the Florida version of the Magic Kingdom.
Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/21/2017 • 35 minutes, 30 seconds
Day 15 of One Month to Better Third Party Management
One area that has bedeviled Chief Compliance Officers (CCOs) and compliance practitioners is how to determine the return on investment (ROI) for your compliance program regarding third parties. While it is still clear that third parties are the greatest risk in Foreign Corrupt Practices Act (FCPA) enforcement actions, senior management often wants to know what is the monetary benefit to the company for this type of risk management.
When you couple the request for ROI with the recent Department of Justice (DOJ) mandate for the operationalization of your compliance program, as articulated in the Evaluation of Corporate Compliance Programs, it may seem like a doubly daunting task. However the requirement for operationalization of your compliance program actually lends itself to formulating ROI around the risk management of third parties. This is because if you move the third-party compliance into the organization as a business process, with a technological solution, the ROI becomes not only clearer but easier to calculate going forward.
I recently read a study by Forrester Research Inc., suggested an approach for the anti-corruption compliance practitioner. In this study, Forrester compared the user experience, leading to a finding of a positive ROI for the technology user around third-party risk management. I found the approach and methodology used persuasive and valuable for the compliance professional to consider in evaluating such a process in your organization.
Some of the key findings readily translate across for the anti-corruption compliance practitioner. The first area was in risk assessments of third parties. If you are able to provide a technological platform, you can enhance both the speed and efficiency of your risk assessments on an ongoing basis. The decrease in time it would take for each risk assessment, both in terms of length and compliance department man-hours will yield an immediate cost saving for your compliance function.
Consider just two of the steps required in the lifecycle management of third parties, the questionnaire and due diligence. Both steps can be not only labor intensive to complete and analyze but the cycles of time spend sending out a questionnaire, receiving a completed form and then inputting the information into a spreadsheet for manual analysis can be quite time consuming. It usually involves the basic tools of spreadsheets, interviews, Internet searches and additional questionnaires. By tailoring your questionnaire to the specific risk areas and using logical question design you can reduce confusion and therefore decrease the cycle of response time. Additionally, in the final step of managing the relationship there is often not only a dearth of data but usually the data is in such a siloed format that (1) it cannot be utilized between corporate functions and (2) there can be no meaningful comparison across the third parties. Through standardized questions and responses, this data can be compared across the spectrum of third parties.
In addition to the increased efficiency in the compliance portion of this analysis, by operationalizing your third-party risk management in this manner, you increase business efficiency by bringing in more dollars more quickly for third parties on the sales side. For third parties on the Supply Chain side, the efficiencies turn on your use of their products or services more quickly in business critical elements of your company. Simply put, approving third parties and incorporating them into your business cycle will not only save your money more quickly and efficiently but also make you money more quickly and efficiently.
Using a tool that incorporates Software-as-a-Service (SaaS) platform would also allow a more comprehensive review of data and information for several reasons. Firstly the various types of data is not siloed but stored in a centralized platform. Second, having this type of data allows for not only an ongoing review of each third-party but also allows you to review historical trends. This enables you to move from detection to prevention and possibly even delivery of a prescriptive solution before an issue arises to a full-blown FCPA violation. You would also be able to garner a better understanding of relationships across industry sectors and countries with a bigger picture look.
Obviously you will need to set the parameters for the risks to be assessed but more clearly in the FCPA they deal with third parties who are or who have, as owners, Politically Exposed Persons (PEPs), the inability to account for discretionary funds such as marketing or other expenses was seen in a recent FCPA enforcement action, payments to offshore locations or unusual commission or other payments tied 100% to sales. Not only would your company have more and greater visibility into such issues but the range of third parties you could monitor would increase, perhaps at an exponential rate. As with the cost savings of the initial risk assessment, there would be similar savings for ongoing monitoring in the area of greater efficiency and need for smaller headcount from the compliance function to perform such ongoing monitoring.
The speed and robustness of this database is a key element in operationalizing your compliance program in the area of third parties. The prevent component of any compliance regime is improved as you would have better visibility into potential non-compliant third parties which you may have to discharge. You would also have the ability to work with non-compliant third parties to remedy any issues before they become legal violations and then recommend extra monitoring as appropriate.
Using the above as a guide the ROI calculation would be something along the lines of the number total number of hours spent on each risk assessment x the total risk assessments performed x the hourly rate of the compliance professional performing the services. So if you spend 20 hours on 50 risk assessments and the hourly rate for your in-house compliance professional is $100, the ROI is $100,000. Now just think of what that number would be around third parties if the SC third parties runs into the thousands. Even with a round number of 1,000 for such third parties, your ROI increases to $2MM. Of course you have to subtract out the cost for any technological solution but with these types of efficiencies, your ROI will still be quite impressive.
There are a wide variety of other factors that could increase your ROI, as detailed in the Forrester report, which include renewal assessments, ongoing monitoring, increase in business efficiencies for both your organization and the third parties, which would all work to uplift your ROI. Most critically you would demonstrate the operationalization of your compliance program into the very fabric of your organization.
Three Key Takeaways
Why is it important to demonstrate ROI on your third party risk management program?
Determining your ROI helps to demonstrate operationalizing your compliance program.
Determining third party management program ROI can help to tear down compliance siloes.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/21/2017 • 12 minutes, 49 seconds
Day 14 of One Month to Better Third Party Management
When was the last time you considered the health of your company’s third party management program? A good way to test that well-being is to perform a check-up on your third party program. An article entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, provided a manner for the compliance practitioner to test an “organizations health status concerning your relationship to your third parties.” The article provided seven points that you can consider in a self-assessment:
Do you have a list or database of all your third parties and their information? Does your company have a full list of all third parties including such basic information as name, location, type of services provided, contract files and dates, principals of the third party and primary contact, due diligence files and any other information you might need to manage the third party relationship going forward? When was the last time this list was checked or updated?
Have you done a risk assessment of your third parties and prioritized them by level of risk? You need to check and double-check which third party services present the greatest risk to your company by asking some of the following questions: (a) Is the third party’s service critical to your business?; (b) Is the third party’s service performed with little company supervision or oversight?; (c) Does the third party have access to any company funds, resources or assets?; (d) Can the third party fund the company contractually?; and (e) Does the third party obtain any foreign governmental licenses, certifications or other approvals for your company? When was the last time you asked these questions of the Business Sponsor or Relationship Manager.
Do you have a due diligence process for the selection of third parties, based on the risk assessment? You should use the information determined through the risk assessment to “tailor the level of diligence to the level of risk.” Assign a risk profile to categories, such as high, medium and low. The higher the risk, the more due diligence will be required to vet the third party. Do you receive updated due diligence reports on a quarterly, semi-annual or annual basis?
Once the risk categories have been determined, create a written due diligence process. Obviously you need to have a written policy and defined procedures to implement your due diligence policy. However, when was the last time it was reviewed or updated? What happens if you the compliance professional is hit by a bus coming to work? Would a substitute know what to do or would there be a written reference for your replacement? You should consider the following: (a) who is responsible for implementation; (b) list of red flags and how such red flags are to be dealt with and cleared; (c) a procedure to pay for any due diligence performed; (d) reference checks on third parties; (e) procedures for in-person interviews for third parties in a high risk category; (f) conflicts of interest checks, and (g) process for documentation and storage of all of the above information.
Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations? When was the last time you considered your compliance terms and conditions or reviewed all of your third party contracts to ascertain if they include compliance terms and conditions: (a) anti-corruption and anti-bribery certification; (b)requirement that the third party maintain accurate books and records and that your company has audit rights; (c) indemnity rights; (d) anti-corruption and anti-bribery training for the third party’s employees; (e) an anonymous reporting mechanism for ethics complaints; (f) require the third party to obtain pre-approval to subcontract out any of its work for your company; (g) require the third party to report any ownership change back to your company, and lastly (h) clear termination rights.
Relationship Managers. Just as your company would never have an employee who is not supervised, your company should not have a third party which does not have company oversight. Do you rotate Relationship Managers? What training has the compliance function provided to them as the company’s point of contact for third parties?
Red flags review. When was the last time you checked on your third parties for any new red flags which may have arisen after the initial due diligence was performed or completed? At what interval do you update or renew your due diligence? How about a change from the company side regarding sales, sales practices, products or services which might become high-risk?
Many companies understand the maxim “Know Your Customer (KYC)”, nevertheless, in today’s global economy this maxim may well need to be expanded to “Know Your Third Party”. The bottom is that that there is no out, no; when it comes to third party risk management and third party compliance efforts. A good place to start is with a third program party checkup.
Three Key Takeaways
What is the health of your third party risk management program?
When was the last time you reviewed and updated your third party database list?
Expand your KYC thinking to Know Your Third Party.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/20/2017 • 13 minutes, 14 seconds
Day 13 of One Month to Better Third Party Management
Internal controls are a key tool to operationalize your third party risk management program. Initially, a compliance practitioner should perform an analysis of any third party representative to provide insight into the pattern of dealings with such third parties and, therefore, the areas where additional controls should be considered. The basic internal controls, that should be a part of any financial controls system, include some or all of the following:
A control to correlate the approval of payments made to contracts with third party representatives and your company’s internal system for processing invoices.
A control to monitor all situations in which funds can be sent outside the US, in whatever form your company might use, which could include accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances or other forms.
A control for the approval of sales discounts to distributors.
A control for the approval of accounts receivable write-offs.
A control for the granting of credit terms to third parties or customers outside the US.
A control for agreements for re-purchase of inventory sold to third parties or customers.
A control for opening of bank accounts specifically including accounts opened at request of an agent or a customer.
A control for the movement / disposal of inventory.
A control for the movement / disposal of movable fixed assets.
A control for execution and modification of contracts and agreements outside the US.
There should also be internal control needs based on activities with third party representatives. These could include some or all of the following internal controls:
A control for the structure and enforcement of the Delegation of Authority.
A control for the maintenance of the vendor master file.
A control around expense reports received from third parties.
A control for gifts, entertainment and business courtesy expenditures by third party representatives.
A control for charitable donations.
A control for all cash / currency, inventory, fixed asset transactions, and contract execution in countries outside the US where the country manager has final authority.
A control for any other activity for which there is a defined corporate policy relating to FCPA.
While that may appear to be an overly exhaustive list, there were four significant controls the compliance practitioner implement initially. They include: (1) Delegation of Authority (DOA); (2) Maintenance of the vendor master file; (3) Contracts with third parties; and (4) Movement of cash / currency.
A DOA should reflect the impact of corruption risk including both transactions and geographic location so that a higher level of approval for matters involving third parties and for fund transfers and invoice payments to countries outside the US would be required inside an organization. Often, a DOA is prepared without much thought given to FCPA risks. Unfortunately once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or did not define authority in a way even the approvers could understand it. Therefore it is incumbent that the DOA be integrated into a company’s accounts payable (AP) processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval BEFORE they are paid.
Furthermore if a DOA is properly prepared and enforced, it can be a powerful preventive tool for FCPA compliance. For example, consider a wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. In this situation, the DOA should specify who must give the final approval for engaging third parties. Moreover, the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US (including those who travel from the US to work outside the US).
Some believe the vendor master file, can be one of the most powerful PREVENTIVE control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.
Near and dear to my heart as a lawyer, contracts with third parties can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. I would caution that for contracts to provide effective internal controls, relevant terms of those contracts (commission rate, whether business expenses can be reimbursed, use of subagents, etc.,) should be extracted and available to those who process and approve vendor invoices. If there are nonconforming service descriptions, commission rates, etc., present in a contract such terms must be approved not only by the original approver but also by the person so delegated in the DOA Unfortunately contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.
One FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a government official to obtain or retain business. All situations where funds can be sent outside the US (AP computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a compliance risk standpoint. Further, within a company structure you need to identify the ways in which a country manager (or a sales manager, etc.,) could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.
All wire transfers outside the US should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.
Never forget that internal controls are in reality, simply good financial controls. The internal controls that he detailed for third party representatives in the compliance context will help to detect fraud, which could well lead to the prevention of bribery and corruption.
Three Key Takeaways
Internal controls are a key component of any operationalized compliance program.
Internal controls are good financial controls.
The top four internal controls for compliance are: (a) Delegation of Authority (DOA); (b) Maintenance of the vendor master file; (c) Contracts with third parties; and (d) Movement of cash / currency.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2017 • 13 minutes, 28 seconds
FCPA Compliance Report-International Edition
In this episode I am joined by Ruth Steinholtz of AretéWork, Jonathan Armstrong of Cordery Compliance and Kristy Grant-Hart of Spark Compliance Consulting and author of How To Be a Wildly Effective Compliance Officer for a roundtable discussion of the recently concluded SCCE European Compliance and Ethics Institute. We discuss some of the highlights, the changes this group of compliance practitioners has seen and where compliance may be headed in 2017 and beyond.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/19/2017 • 51 minutes, 23 seconds
Day 12 of One Month to Better 3rd Party Management
Next I consider at how data analytics can be used to help detect or prevent bribery and corruption where the primary sales force used by a company is third parties. A clear majority of Foreign Corrupt Practices Act (FCPA) violations and related enforcement actions have come from the use of third parties. While sham contracting (i.e. using a third party to conduit the payment of a bribe) has lessened in recent years, there are related data analysis that can be performed to ascertain whether a third party is likely performing legitimate services for your company and is not a sham. There are several more complex analytics that can be run in combination to identify suspicious third parties, and some of the simplest can be to look for duplicate or erroneous payments.
A key to moving from detection to prevention is the frequency of review. It is common for organizations to periodically review a year or more of accounts payable invoices at one time for errors or overpayment. Changing this from a one-time annual or biannual event to something that is done daily or weekly dramatically improves the value of such internal controls. This more frequent, preventative analysis is integral to a foundation of third party audits. While many company perform periodic look-back audits, ongoing monitoring also works to accomplish the same queries on a daily or weekly basis. This allows organizations to find duplicate payments or overpayments after the invoice has been approved but prior to its disbursement. So instead of detecting a payment error three or six months after it is made, you prevent the money from leaving the company altogether.
Duplicate invoices are a favorite mechanism of fraudsters. Consider the following scenario, Invoice No. 955-TX, was paid for $10,597.95. Thirty days later the same vendor re-submitted the same invoice due to non-payment, but it was recorded by the payor organization without the hyphen between 955 and TX, consequently it was not detected by the system of payable controls. The problem is the second invoice had slightly different writing on the face of it, but it was for the same services and hence was a duplicate invoice. On the company side, both invoices were scanned into the company’s imaging system and queued for payment. Data analysis can locate such overpayments and identify a second payment should not be made because it is a match of one that had been previously approved.
Another analysis, which a compliance practitioner could compare using vendor name and other identifying information, for example address, country, data from a watch list such as Politically Exposed Persons (PEP) or Specially Designated National (SDN), to names and other identifying information on your vendor file. An inquiry could also be used to test in other ways such as if a vendor has the same surname as a vendor on the specially designated national terrorist list, or a politically exposed person.
Now suppose they share the same name as an elected official down in Brazil. How do we make sure that our vendor or broker is a different John Doe than the John Doe that is a politically exposed person in that country? It is only upon closer inspection where you can determine that the middle names are different and the ages are different, one of has an address is Brasilia and the other is in Sao Paulo. Without further inspection including other demographic information about your vendors, consultants or third parties and the comparing them to watch list individuals, such red flags are present but not cleared. That is what data analytics is designed to do, is to help you go from tens of thousands of “maybes” to a very small number of potential issues which need to be researched individually.
One of the important functions of any best practices compliance program is to not only follow the money but try to spot where pots of money could be created to pay bribes. Through comparison of invoices for similar items among similar vendors, data analytics uncover overcharges and fraudulent billings. Continual transaction monitoring and data analysis can prove its value through more frequent review, as individuals tend to perform better when they know they are being monitored.
The techniques used in transaction monitoring for suspicious invoices can be easily translated into data analysis for anti-corruption. Software allows a very large aggregation of suspicious payments not only by day or by month, but also by vendor or even by employee who may have keyed the invoices into your system. As these suspicious invoices begin to cluster by market, business unit or person a pattern forms which can be the basis of additional inquiry. That is the value of analytics. Analytics allows a compliance practitioner to sort and resort, combine and aggregate, so that patterns can be investigated more fully.
This final concept, of finding patterns that can be discerned through the aggregation of huge amounts of transactions, is the next step for compliance functions. Yet data analysis does far more than simply allow you to follow the money. It can be a part of your third party ongoing monitoring as well by allowing you to partner the information on third parties who might come into your company where there was no proper compliance vetting. Such capabilities are clearly where you need to be heading.
Three Key Takeaways
Always remember to follow the money to see where a pot of money could be created to fund a bribe.
Transaction monitoring techniques around fraud monitoring translate to data analysis for compliance.
Do not forget to check names against known PEP and SDN lists.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/18/2017 • 13 minutes, 8 seconds
FCPA Compliance Report-Episode 323
In this episode Compliance Week Editor in Chief Bill Coffin discusses the upcoming Compliance Week 2017 Conference May 22-24, 2017 in Washington DC. Coffin highlights the key note speakers and some of the other key topics for the event. He discusses how Compliance Week is an entire experience for attendees, exhibitors, speakers and guests. Best of all, listeners to this podcast can receive a discount to this year's event. Go to registration and enter discount code CW17TOMFOX.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/18/2017 • 23 minutes, 8 seconds
Day 11 of One Month to Better 3rd Party Management
Auditing of third parties is critical to any best practices compliance program and an important tool in operationalizing your compliance program. This is a key manner in which a company can manage the third party relationship after the contract is signed and one which the government will expect you to engage in going forward.
You should plan out four to six weeks in advance, you should perform the audit with your legal counsel’s lead to preserve privilege, work with the business sponsor to establish key business contacts, discuss audit rights and processes with the third party, you should prepare initial document request lists for financial information queries, take the time to review findings from previous audits and resolutions and also review details of opened and closed internal investigations, if there are any Code of Conduct questionnaires available take care to review and finally be cognizant of any related Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement actions.
The next step is to determine the entry points of foreign government involvement; (1) direct and (2) indirect. The direct category includes: customs and duties, corporate taxes and penalties, social security or national insurance issues for employees, obtaining in-country visas and work permits, public official gifts and entertainment, training of and attendant travel for employees of government owned entities, procurement of business licenses and permits to perform work and, finally, areas around police escort and security. In the indirect category, some of the key areas to review are: customs agents and freight forwarders, visa processors, commercial sales agents, including distributors and, finally, those who might be consultants or other channel partners.
Document review and selection is important for this process, you should ask for as much electronic information as possible well in advance of your audit. It is much easier to get database records for internal audits than audits of third parties. Try and obtain records in database or excel format and not simply in .pdf. Request the following categories of documents; trial balance, chart of accounts, journal entry line items, financial and compliance policies, prior audited financial statements, bank records and statements, a complete list of agents or intermediaries and revenue by country and customer.
Your lead interviewer needs to be culturally sensitive, patient and must negotiate a good working relationship with the forensic auditors on your audit team, who will be reviewing the documents from their professional perspective. Regarding potential interviewees, focus on those who interact with government entities, foreign government officials or third parties, including those personnel involved with:
Business Leadership
Sales/Marketing/Business Development
Operations
Logistics
Corporate Functions: Human Resources, Finance, Health, Safety and Environmental, Real Estate and Legal.
For the interview topics, there are several lines of inquiry. Remember this is an audit interview, not an investigative interview. You should not play ‘got-cha’ in this format. You should avail yourself of the opportunity to engage in training while you are interviewing people. The topics to interview on included:
General policies and procedures;
Books and records pertaining to FCPA risks;
Test knowledge of FCPA and UK Bribery Act including facilitating payments and their understanding of your company’s prohibitions;
Regulatory challenges they may face;
Any payments of taxes, fees or fines;
Government interactions they have on your behalf; and
Other compliance areas you may be concerned about or that would impact your company, including: trade, anti-boycott, anti-money laundering, anti-trust.
In the review of the General Ledger (GL) accounts, you should consider commission payments to agents and representatives, any facilitating payments made, all payments around travel, meals and entertainment, payments made around training, gifts, charitable contributions, political donations and sales and promotion expenses. If there were payments made for customs or freight forwarders and other processing agents, permits, licenses, taxes and other regulatory expenses should be reviewed. Additionally any entries pertaining to community contributions and social responsibility payments should be assessed and, finally, a review of any security payments, extortion payments, payments to legal consultants or tax advisors or fines and penalties should be considered.
Regarding bank accounts and cash disbursement controls, you should review the following:
Review controls around bank accounts and cash disbursements;
Identify and review authorized signers, approval levels, and bank reconciliations;
Ensure all bank accounts are included in the General Ledger;
Identify and review certain bank and cash disbursement transactions;
Identify offshore bank accounts.
In the area of cash funds review the following:
Review controls around petty cash funds;
Ascertain processes in place regarding disbursement and reconciliation of cash funds;
Identify and review payments to government officials, agents, or any unusual or suspicious activities; and
Identify and review certain bank transactions and test for any improper payments.
For gifts, travel and entertainment, you should explore payments made through employee-reimbursed expenses, scrutinize for any suspicious expenses submitted, expenses lacking adequate documentation, incorrect posting; and identify and review accounts associated with gifts, meals, entertainment, travel, or promotion. In the area of payroll, consider the risks around the use of ghost employees, hiring of relatives of government employees, and the use of bonus payments and be sure to request a payroll listing and review for any such persons.
You should review GL accounts and expenses for related items. In taking a look at payments under local law, you should obtain list of payments to the government required by local laws and identify and review payments to government authorities or employees, customs authorities or agents, income taxes authorities or license requirements. For payments made to third parties, you should review commission and expense payments for compliance with company policy and also trace payments to the third party’s bank account.
Three Key Takeaways
Be prepared.
It is not an investigative interview but an audit interview.
Listen, listen, listen.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/17/2017 • 12 minutes, 17 seconds
This Week in FCPA-Episode 48
In this episode, Matt Kelly pinch hits for a Walt Disney World-vacationing Jay Rosen. Matt and I have a wide-ranging discussion on some of the week’s top FCPA and compliance related stories. We discuss:
Shearman & Sterling issues its Report to the Wells Fargo Board on the fraudulent account scandal. For Tom’s three-part series see Part I, Part II and Part III.
United Airlines is at it again. Click here for Matt’s article on Radical Compliance. Click here for Tom’s article in Compliance Week.
Interesting judicial decision on restitution from Judge Posner. See article in the Grand Jury Target blog.
Barclay’s CEO penalized for trying to unmask internal and anonymous whistleblower by using corporate security and US law enforcement. See Tom’s article in Compliance Week.
Matt reports on Oracle’s Modern Finance Experience conference. Click here for Matt’s blog post on Radical Compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/14/2017 • 31 minutes, 20 seconds
Day 10 of One Month to Better Third Party Management
The building blocks of any Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program lay the foundations for a best practices compliance program. For instance in the lifecycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third party management becomes more important. It is also the one where the rubber meets the road of operationalizing compliance.
In an issue of Supply Chain Management Review in an article by Mark Trowbridge, entitled “Put it in Writing: Sharpening Contracts Management to Reduce Risk and Boost Supply Chain Performance”, provided useful insights into the management of the third party relationship. While the focus of the article was having a strategic approach to contracts management, the author’s “five ways to start professionalizing your approach to outsourcing contracts” were an excellent manner to consider steps in the management of third party relationships.
The key is to have a strategic approach to how you structure and manage your third party relationships. This may mean more closely partnering with your third parties to help manage the anti-corruption compliance risk. It would certainly lead towards enabling your company to “control risk while optimizing the performance” of your third parties. To achieve these goals, I have revised Trowbridge’s prescriptions from suppliers to third parties.
Consolidate Third Parties but Retain Redundancy
It is incumbent that consolidation in your third party relationships to a smaller number to “yield better cost leverage.” From the compliance perspective, it also should make the entire third party lifecycle easier to manage, particularly steps 1-4. However, a company must not “over-consolidate” by going down to a single source supplier. You should build a diversified supplier base, with a through “dual-sourcing”. From the compliance perspective, you may want to have a primary and secondary third party that you work with in a service line or geographic area to retain this redundancy.
Keep Tabs on Subcontracted Work
This is one area that requires an appropriate level of management. If your direct contracting party has the right or will need to subcontract some work out, you need to have visibility into this from the compliance perspective. You will need to require and monitor that your direct third party relationship has your approved compliance terms and conditions in their contracts with their subcontractors. You will also need to test that proposition. In other words, you must require, trust and then verify.
When Disaster Strikes, Make Sure Your Company is Legally Protected
This is where your compliance terms and conditions will come into play. One of the things that I advocate is a full indemnity if your third party violates the FCPA and your company is dragged into an investigation because of the third party’s actions. Such an indemnity may not be worth too much but if you do not have one, there will be no chance to recoup any of your legal or investigative costs. Another important clause is that any FCPA violation is a material breach of contract. This means that you can legally, under the terms of the contract, terminate it immediately, with no requirement for notice and cure. Once again you may be somewhat constrained by local laws but if you do not have the clause, you will have to give written notice and an opportunity to cure. This notice and cure process may be too long to satisfy the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) during the pendency of a FCPA investigation. Finally, you need a clause that requires your third party to cooperate in any FCPA investigation. This means cooperation with you and your designated investigation team but it may also mean cooperation with US governmental authorities as well.
You also need the ability to move between third parties if the need arises. This is the redundancy issue raised above. You do not want to be stuck with no approved freight forwarders or other transporters in a certain geographic area. If a compliance related matter occurs, you may well need certain contractual rights to move your work and to require your prime third party to cooperate with the transition to your secondary third party.
Keep Track of Your Third Parties’ Financial Stability
This is one area that is not usually discussed in the compliance arena around third parties but it seems almost self-evident. You can certainly imagine the disruption that could occur if your prime third party supplier in a country or region went bankrupt; but in the compliance realm there is another untoward Red Flag that is raised in such circumstances. Those third parties under financial pressure may be more easily persuaded to engage in bribery and corruption than third parties that stand on a more solid financial footing. You can do this by a simple requirement that your third party provide annual audited financial statements. For a worldwide logistics company, this should be something easily accomplished.
You should take advantage of automated financial tracking tools to keep track of material changes in a third parties’ financial stability. You should also use your in-house relationship manager to regularly visit key third party relationships so an on-the-ground assessment can be a part of an ongoing conversation between your company and your third parties.
Formalize Incentives for Third Party Performance
One of the key elements for any third party contract under the FCPA or UK Bribery Act is the compensation issue. If the commission rate is too high, it could create a very large pool of money that could be used to pay bribes. It is mandatory that your company link any commission or payment to the performance of the third party. If you have a long-term stable relationship with a third party, you can tie compensation into long-term performance, specifically including long-term compliance performance. This requires the third party to put skin into the compliance game so that they have a vested, financial interest in getting things done in compliance with the FCPA or other anti-corruption compliance regimes.
By linking contractual compensation to performance, there should be an increase in third party performance. This is especially valuable when agreed upon key performance indicator (KPI) metrics can be accurately tracked. This would seem to be low hanging fruit for the compliance practitioner. If you cannot come up with some type of metric from the compliance perspective, you can work with your business relationship team to develop such compliance KPIs.
You should rank third parties based upon a variety of factors including performance, length of relationship, benchmarking metrics and KPIs. This is a way for the compliance practitioner to have an ongoing risk ranking for third parties that can work as a preventative and even proscription prong of a compliance program and allow the delivery of compliance resources to those third parties that might need or even warrant them.
Three Key Takeaways
Have a strategic approach to third party risk management.
Rank third parties based upon a variety of factors including compliance and business performance, length of relationship, benchmarking metrics and KPIs.
Keep track of the financial stability of your third parties.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/14/2017 • 11 minutes, 53 seconds
Day 9 of One Month to Better 3rd Party Management
In a speech before the SIFMA Compliance and Legal Society New York Regional Seminar in November 2015, then Assistant Attorney General Leslie Caldwell laid out metrics the Department of Justice would consider in evaluating a corporate compliance program around third parties. Caldwell began with the following question, “Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?” This inquiry was brought forward into the Justice Department’s Evaluation of Corporate Compliance Programs.
Management of a Third Party Relationship
Recognizing that most Chief Compliance Officers (CCOs) and compliance practitioners understand the need for a business justification, questionnaire, due diligence and compliance terms and conditions in a contract, I was gratified to see the DOJ focusing on the final step in the lifecycle of a third party relationship as a key metric for its new Compliance Counsel to evaluate. This is because it is the management of third party relationships that continues to be a source of trouble and heartburn for many companies. As Caldwell noted in her remarks, the management of a third party relationship, “means more than including boilerplate language in a contract. It means taking action – including termination of a business relationship – if a partner demonstrates a lack of respect for laws and policies. And that attitude toward partner compliance must exist regardless of geographic location.”
While the 2012 FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. This means that you must have an experienced compliance and audit team, actively engaged in the corporate office and in the business units, to ensure that financial controls and compliance policies are followed and that remedial measures for violations or gaps are tracked, implemented and rechecked, as additional detection and prevention. Caldwell noted it is a more encompassing “sensitization” to anti-corruption compliance that is needed. There are several ways for you to do so.
Relationship Manager for Third Parties
The starting point for the management of a third party, is your Relationship Manager for every third party with which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party. Some of the duties of the Relationship Manager may include:
Point of contact with the Third Party for all compliance issues;
Maintaining periodic contact with the Third Party;
Meeting annually with the Third Party to review its satisfaction of all company compliance obligations;
Submitting annual reports to the company’s Oversight Committee summarizing services provided by the Third Party;
Assisting the company’s Oversight Committee with any issues with respect to the Third Party.
Compliance Professional
Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. I do not believe that this will create a conflict of interest or that there are other legal impediments to providing such services. They can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance professional should work closely with the Relationship Manager to provide advice, training and communications to the third party.
Oversight Committee
I advocate that a company should have an Oversight Committee review all documents relating to the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.
After the commercial relationship has begun the Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplemental risk associated with any negative information discovered from a review of financial audit reports on the third party. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Oversight Committee should review all payments requested by the third party to assure such payment are within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.
Audit
A key tool in managing the affiliation with a third party post-contract execution is auditing. Audit rights are a key clause in any compliance terms and conditions and must be secured. Your compliance audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. As a baseline I would suggest that any audit of a third party include, at a minimum, a review of the following:
the effectiveness of existing compliance programs and codes of conduct;
the origin and legitimacy of any funds paid to Company;
books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
all disbursements made for or on behalf of Company; and
all funds received from Company in connection with work performed for, or services or equipment provided to, Company.
If you want to engage in a deeper dive you might consider evaluation of some of the following areas:
Review of contracts with third parties to confirm that the appropriate FCPA compliance terms and conditions are in place.
Determine that actual due diligence took place on the third party.
Review FCPA compliance training program; both the substance of the program and attendance records.
Does the third party have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
Does the third party have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
Review employee expense reports for employees in high-risk positions or high-risk countries.
Testing for gifts, travel and entertainment that were provided to, or for, foreign governmental officials.
Review the overall structure of the third party’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report?
How is the third party’s compliance program designed to identify risks and what has been the result of any so identified?
Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party.
With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.
Tying it all Together
In addition to monitoring and oversight of your third parties, you should periodically review the health of your third party management program. The robustness of your third party management program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out herein, you need to fully document all steps you have taken so that any regulator, and most specifically the DOJ Compliance Counsel, can test your metrics. Caldwell’s remarks around the metrics portended the Evaluation and what the DOJ will be reviewing and evaluating going forward so that it is clear will be expected from your company’s compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program.
Three Key Takeaways
It all starts with a Relationship Manager.
Have company oversight of all third parties.
Audit, monitor and remediate on an ongoing basis.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/13/2017 • 13 minutes, 10 seconds
Compliance into the Weeds-Episode 35
In this episode Matt Kelly and I take a deep dive into the recently released, Public Company Accounting Oversight Board (PCAOB) semi-annual white paper. The white paper providing general information about certain characteristics of emerging growth companies (EGCs). Matt and I discuss some of the PCAOB's key findings:
There were 1,951 companies that identified themselves as EGCs in at least one SEC filing since 2012 and have filed audited financial statements with the SEC in the 18 months preceding the measurement date (“EGC filers”). The PCAOB staff observe that the number of EGC filers has grown since the enactment of the Jumpstart Our Business Startups (JOBS) Act, but has stabilized recently.
There were 742 EGC filers (or 38 percent) that have common equity securities listed on a U.S. national securities exchange (“exchange-listed”).
The five most common industries for EGC filers as of November 16, 2016, are pharmaceutical preparations, blank check companies, real estate investment trusts, prepackaged software, and surgical/medical instruments and apparatus.
Many EGC filers that were not exchange-listed had limited operations. Approximately 50 percent of the non-listed EGC filers reported zero revenue in their most recent filing with audited financial statements and 23 percent of non-listed EGCs that filed periodic reports disclosed that they were shell companies.
Approximately 51 percent of EGC filers, including 74 percent of those that were not exchange-listed, received an explanatory paragraph in their most recent auditor’s report expressing substantial doubt about the company’s ability to continue as a going concern.
Among the 1,951 EGC filers, 1,262 provided a management report on internal control over financial reporting in their most recent annual filing. Of those 1,262 companies, approximately 47 percent reported material weaknesses.
Approximately 96 percent of EGC filers were audited by accounting firms that also audited issuers that are not EGC filers, including 39 percent of EGC filers that were audited by firms that provided audit reports for more than 100 issuers and were required to be inspected on an annual basis by the PCAOB.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/12/2017 • 25 minutes, 49 seconds
Day 8 of One Month to Better 3Rd Party Management
What is satisfactory due diligence under the Foreign Corrupt Practices Act (FCPA)? That question seems to be more important after story on Unaoil and the subsequent release of the Panama Papers. However, both of these events largely focused on the “who” part of due diligence and the need to know whom you are doing business with going forward. However there is another important question which does not come up as often in due diligence, which is how?
How does a particular third party perform its services with or for your company? If it is on the sales side of things, how can a third party help you make sales? If a third party comes through the Supply Chain, how do their products or services meet the needs of your company? If the third party has a closer business relationship, such as a joint venture (JV), teaming agreement or other similar arrangement, you may well need a much deeper understand of how this third party does business because the relationship may well become so close you will be intertwined with the party. It may mean more than simply does their how product work but how does this third party conduct themselves and their business?
The questions beyond simply who were made clear in a Wall Street Journal (WSJ) article by Christopher Weaver and John Carreyrou, entitled “Deal With Theranos Haunts Walgreens”. It turns out that Walgreens left a gap by “never fully validating the startup’s technology or thoroughly evaluating its capabilities”. The clear message is if you are going to partner with a technology company which is going to change your business model, you best make sure the technology works. Moreover, if a potential JV partner refuses to show you its technology, how it keeps records, its financials relating to the products and services you are contracting for and generally tries to hide from you the very thing you are buying into; you should not walk but run away from the deal.
This article detailed the lack of steps and miss-steps by Walgreens when entering its partnership with Theranos and how these actions caused Walgreens to consider its $50MM investment in Theranos as something it will never recoup, caused Walgreens reputational damage and potentially subjected it to civil liability. As the reporters noted, “The relationship is now in tatters, making Walgreens an extreme case study of what can go wrong when an established company that craves growth decides to gamble on an exciting and unproven startup.”
One might think that if you are investing in a technology company that provides medical testing, the investor would want to see the laboratory where the testing is performed. It turns out that Walgreens representatives were never allowed to tour, let alone review the labs where the results of Theranos pinprick blood tests were run. A Walgreens consultant, Paul Rust, who was sent to Theranos to do a quality control data review said, “It was a very strange situation. The results were actually really good, but I was never allowed to go into the lab. I have no idea that the results I saw were run on the Edison devices or not.” He went on to say that he was “led to believe that they were being run on the Edison.” Yet even Rust was surprised no Walgreens representatives had been allowed to view Theranos labs.
Interestingly, when Theranos did provide the test results to Walgreens representatives, the results came back with ““low” and “high” values rather than numeric values. As a result, Walgreens couldn’t compare results from the Theranos machine to any commercially available tests.” Once again, this was something which Walgreens should be sought additional information on.
Yet even when Walgreens’ consultants, assisting the company in evaluating Theranos and the proposed transaction, voiced and wrote up their concerns, they were not passed along to Walgreens management. The article reported, “In a report later in 2011, the consultants concluded Walgreens needed more information to assess the partnership. Those findings and reports by other consultants were kept from many Walgreens officials, including some directly involved in the negotiations with Theranos.”
Walgreens made another classic mistake in the due diligence process; they took comfort when a competitor was allegedly considering a similar venture with Theranos. The article said, “Some executives were comforted when Theranos said Safeway Inc. had agreed to host blood-drawing sites at some of its supermarkets. If Safeway trusted Theranos, then Walgreens could, too, the Walgreens officials believed.” How often have your heard that some other company is considering or has approved them through due diligence and a decision was based on the alleged actions of an alleged party.
Walgreens hamstrung itself from managing the relationship after the contract was signed by agreeing to contract terms that prevented Walgreens from auditing or even viewing “Theranos clinical data or financial records”. Finally, and perhaps most damagingly, there was a complete lack of communications between the two companies about the issues that have bedeviled Theranos. The article concluded, “Walgreens shelved the expansion plans after the Journal reported in October that Theranos did the vast majority of tests it offered to consumers on traditional lab machines. The Journal also reported that some former employees doubted the accuracy of a small number of tests run on Edison devices. One of the most recent setbacks came in mid-April when the Journal reported that regulators had 3½ weeks earlier proposed banning Ms. Holmes from the lab-testing industry. The drugstore chain’s senior executives found out from the news report.”
Under the FCPA, most companies understand the need to know with whom they contract for sales or vendor services. They also understand the need to know why they should do business with a proposed third party (IE., a business justification). However the need to perform an investigation into how the third party can actually deliver the contracted services is equally important.
The Walgreens imbroglio around Theranos points out why such clauses are mandatory. If you do not have them, you do not have the ability verify what you may or may not have been told in due diligence. Finally, managing the relationship after the contract is signed is where the rubber hits the road. If you only obtain a due diligence report and insert compliance terms and conditions, you will have done nothing to test whether the third party is performing as it has agreed to under the terms of the contract.
Three Key Takeaways
The how question can be as critical as the who question.
The more integrated a third party is into your operations the more important this question becomes.
Incorporate a how question into not only your due diligence but also your ongoing monitoring and auditing, after the contract is signed.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/12/2017 • 12 minutes, 46 seconds
Day 7 of One Month to Better 3rd Party Management
The Justice Department Evaluation of Corporate Compliance Programs states in Prong 10, Appropriate Controls – What was the business rationale for the use of the third parties in question? What mechanisms have existed to ensure that the contract terms specifically described the services to be performed, that the payment terms are appropriate, that the described contractual work is performed, and that compensation is commensurate with the services rendered?
You should incorporate compliance terms and conditions into your contracts with third parties. You must have appropriate compliance terms and conditions in every contract with third parties. I would suggest that you prepare a template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.
What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.”
Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:
payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract;
the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual;
the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law;
the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and
remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.
I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.
In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.
Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company's prior written consent (to be based on adequate due diligence).
Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.
Many do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum compliance terms and conditions. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator.
Three Key Takeaways
There is no set formula for clearing of red flags or the evaluation of due diligence.
Know when to say enough has been done.
You must Document Document Document your evaluation of any red flags.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/11/2017 • 13 minutes, 3 seconds
FCPA Compliance Report-Episode 322, Eric Feldman SVP of Affiliated Monitors
In this episode, I am joined by Eric Feldman, SVP at Affiliated Monitors. Eric is a long time US government employee who now helps to provide companies with monitorship services, in a wide range of areas. These include external monitors after a FCPA enforcement action, monitorships with companies who contract with the federal government, state and local authorities. Eric discusses the strategic use of a monitor in a wide variety of areas, from prevention and detection of legal violations to M&A work. For more on Affiliated Monitors, check out their website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/11/2017 • 26 minutes, 30 seconds
Day 6 of One Month to Better 3rd Party Management
An important part of the job duties of any compliance practitioner is clearing red flags which might appear for a proposed third-party relationship during the due diligence process. It is mandatory that not only must all red flags be cleared but there also be evidence of the decision-making process to show to a regulator if one comes knocking.
The Justice Department Evaluation of Corporate Compliance Program states under Prong 10 the following, “Real Actions and Consequences – Were red flags identified from the due diligence of the third parties involved in the misconduct and how were they resolved?” There is no set formula or guideline for clearing red flags or evaluating due diligence. One approach came from two compliance practitioners at GE Oil & Gas, Flora Francis and Andrew Baird made at the 2014 SCCE Utility and Energy Conference on GE’s third party risk management, where they described the process by which GE reviews the risks around each third party with which it does business.
Some of the factors which GE considers, when evaluating a third party, include the following:
Business Model: Do we need third parties to reach our customers or can we build the organization ourselves?
In-house Capabilities: Do we already have the organization in place to handle these capabilities?
Overlap: Do we already have a third party in the region/country that can handle our needs?
Volume of Business: How much business will this third party bring to the company?
Compliance Risk: Where is the third party located? Will they interact with government officials? Do they have same commitment to compliance?
Regulatory Environment: Is it simple or strict? What are the chances of regulatory violations?
Reputation: What is the third party’s reputation in the market?
GE takes this information and then break downs the risks down into low risk and high risk. A low risk received a limited review and analysis, while a high risk receives an escalated review and analysis consisting of the following reviews: compliance, legal, business leadership and finance.
But more than simply the level of review, I was interested in the ‘Risk Score Drivers’ that GE has developed. Once again, the speakers emphasized that these are GE’s risk score drivers and have been developed over time through the company’s internal analysis and processes. Nevertheless I found them to be a very useful way to think about third party risk. The risk score drivers listed were:
Country channel where the third party is located in or where it sells into;
Experience by the third party with the sales channel;
Type of third party involved; agent, reseller, distributor;
Commission rate, is it standard v. non-standard;
Will any sub-third party relationships be involved;
Will the third party sell to government entity or instrumentality;
Do any of the third party’s principals, Officers or Agents work for a foreign government, state owned enterprise or political party;
Was the third party mandated by customer or the end user;
What is the third party’s contract duration;
Is the third party involved in more than one project;
Does the third party have any historical compliance issues;
What is the percent of sales with products or services; and
What is GE’s annual revenue with the third party?
GE compliance then takes these scoring factors and puts them into an evaluation matrix when determining the amount of risk involved and a Go/NoGo decision whether the company should move forward with a proposed third party.
One approach came from Randy Corley, Executive Vice President (EVP), Global Compliance Officer at Edelmen Inc. I found his questions to be very relevant when considering how far down the chain a company must go.
Step 1: How Much is Enough? Here your goal is to have a realistic process so that it can be effectively managed and still be of sufficient value for the business unit decision makers, who have the ultimate responsibility over the company’s third parties.
Step 2: How Deep Do We Dig? Here I think the question you should consider is how many tiers down you must go in managing your third parties? Clearly you should manage all direct counter-parties in the sales chain and those considered high-risk in the supply chain. Further, in the sales chain, I think you need to know directly if your business representatives are sub-contracting down your business representation, at least through one tier. On the supply chain, if a high-risk truly is a high-risk for bribery and corruption under your internal evaluation system, you should also consider digging down one tier.
Step 3: What Do You Need To Know? While with your first-tier relationships you may scope your review depending on your internal risk assessment and attendant risk ranking, your data collection down the chain may not need to be as robust. For counter-parties further down the chain than tier 2, a list of actual and beneficial owners, coupled with commitments to follow relevant anti-corruption legislation is needed. Such commitments should be secured through each tier’s contract with its counter-parties.
Step 4: What Did We Learn? If there is any information from which Red Flags appear, they must be cleared. If additional information is needed or points clarified, now is the time to do it and not wait until later in the process. Here I would rely on Jan Farley’s proscription not to stretch your compliance program too thin. Focus your training, communication and management on your direct counter-parties and communicate to them that your company expects them to manage their relationships with their direct counter-parties, which would include the clearing of any Red Flags that may have appeared.
Step 5: Then What? After you have made your decision you still need to manage the relationship. This will entail continuing compliance communications with your direct counter-parties on an ongoing basis. Preferably your business unit sponsor will do this but as the compliance practitioner, you should also be mindful of checking in from time-to-time with your third parties. As your compliance program matures, you also reach the point where you will need to consider auditing of your third parties from the compliance perspective. Finally, do not forget the three most important things about your FCPA compliance program: “Document, Document and Document” the entire process.
In the area of third parties, consider what risks you face in both your sales and supply chain. If there is a key player several tiers down the line who creates or builds a key component or delivers a critical service, you may want to put more management around that relationship from the compliance perspective. For anything below a tier 2; you may be able to manage your risks through having your direct tier 1 counter-party take the lead in managing such compliance risks. But make sure that the expectation is communicated to your direct counter-party so that if the government comes knocking you can show that not only did you contractually obligate your direct counter-party to do so but that you provided them the tools and training to do so. Finally, you will need to be able to show that your direct counter-party did so.
Three Key Takeaways
There is no set formula for clearing of red flags or the evaluation of due diligence.
Know when to say enough has been done.
You must Document Document Document your evaluation of any red flags.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/10/2017 • 13 minutes, 47 seconds
This Week in FCPA-Episode 47
Show Notes for Episode 47, for the week ending April 7, the Season Opener Edition
In this episode, Jay and I have a wide-ranging discussion on some of the week’s top FCPA and compliance related stories. We discuss:
Wrap up from the SCCE European Compliance and Ethics Institute.
SEC Unit Chief Kara Brockmeyer announces her retirement. Click here for Matt Kelly’s article on Radical Compliance.
Wal-Mart announces its 2016 spend on its FCPA investigation and remediation of $99MM. Click here for Matt Kelly’s article on Radical Compliance.
Upjohn warnings after the Yates Memo. See article the Grand Jury Target blog.
Report on OECD Integrity Forum. Allison Taylor writes in the FCPA Blog.
Astros, Red Sox and Dodgers all lead their divisions.
Jay previews his weekend report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/7/2017 • 39 minutes, 40 seconds
Day 5 of One Month to Better 3Rd Party Management
Yesterday I considered the need for due diligence in the management of third parties. Today, I want to take a deeper dive and explore the levels of due diligence. Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.
Level I
First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering, anti-bribery, sanctions lists, coupled with other financial corruption & criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.
Level II
Level II due diligence encompasses supplementing these Global Watch lists with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company; the third party’s key executives and associated parties. I believe that Level II should also include an in-country data base search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments of the third party; a check for international derogatory electronic and physical media searches, you should perform both English and foreign-language repositories searches on the third party, in its country of domicile, if you are in a specific industry, using technical specialists you should also obtain information from sector specific sources.
Level III
This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation. According to Candice Tal, founder of Infortal, Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in country investigation.” Further the “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English. Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”
But more than simply an investigation of the company, critically including a site visit and coupled with onsite interviews, Tal says that some other things you investigate include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publically.”
Further you may need to engage a foreign law firm, to investigate the third party in its home country to determine the third party’s compliance with its home country’s laws, licensing requirements and regulations. Lastly and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the FCPA; you can use a Level III to determine if the third party willing to stand up with under the FCPA and are you willing to partner with the third party.
The Risk Advisory Group, has put together a handy chart of its Level I, II and III approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence.
There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II & III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to Document Document Document all your due diligence.
Three Key Takeaways
A Level I due diligence should be only used where there is a low risk of corruption.
A Level II due diligence is sufficient in a high risk jurisdiction if there are no red flags to clear.
Level III due diligence is deep dive, boots on the ground investigation.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/7/2017 • 12 minutes, 25 seconds
Day 4 of One Month to a Better 3rd Party Management
Most companies fully understand the need to comply with the FCPA requirements around third parties as they represent the greatest risks for an FCPA violation. However, most companies are not created out of new cloth but are ongoing enterprises with a fully up and running business in place. This means they may need to bring resources to bear to comply with the FCPA while continuing operating an ongoing business. This can be particularly true in the area of performing due diligence on third parties. Many companies understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of third party risk and thereby perform the requisite due diligence required under the FCPA.
Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. The information that you should have developed in Steps 1 & 2 of the third party management process should provide you with the initial information to consider the level of due diligence that you should perform on third parties. This leads Step 3 in the five steps of the third-party management-Due Diligence.
Jay Martin, CCO at BakerHughes often emphasizes that a company needs to evaluate and address its risks regarding third parties. This means that an appropriate level of due diligence may vary depending on the risks arising from the relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.
Our British compliance cousins of course are subject to the UK Bribery Act. In its Principle IV of an Adequate Procedures compliance program, the UK Ministry of Justice (MOJ) stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of Principle IV is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The MOJ said that due diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”
Carol Switzer, writing in Compliance Week related that you should initially set up categories for your third parties of high, moderate and low risk. Based upon which risk category the third party falls into, you can design specific due diligence. She defined low risk screening as “trusted data source search and risk screening such as the aforementioned World Compliance”; moderate risk screening as “enhanced evaluation to include in-country public records…and research into corporate relationships”; high risk screening is basically a “deep dive assessment” where there is an audit/review of third party controls and financial records, in-country interviews and investigations “leveraging local data sources.”
A three-step approach was also discussed favorably in Opinion Release 10-02. In this Opinion Release, the DOJ discussed the due diligence that the requesting entity performed. “First, it [the requestor] conducted an initial screening of six potential grant recipients by obtaining publicly available information and information from third-party sources…Second, the Eurasian Subsidiary undertook further due diligence on the remaining three potential grant recipients. This due diligence was designed to learn about each organization’s ownership, management structure and operations; it involved requesting and reviewing key operating and assessment documents for each organization, as well as conducting interviews with representatives of each MFI to ask questions about each organization’s relationships with the government and to elicit information about potential corruption risk. As a third round of due diligence, the Eurasian Subsidiary undertook targeted due diligence on the remaining potential grant recipient, the Local MFI. This diligence was designed to identify any ties to specific government officials, determine whether the organization had faced any criminal prosecutions or investigations, and assess the organization’s reputation for integrity.”
Three Key Takeaways
You must have enough information to fully identify the owners, ultimate beneficial owners and related parties to determine if there is foreign official involvement.
All commentary on best practices compliance programs require an appropriate level of due diligence.
The best practice is to use a professional due diligence provider to perform due diligence level 2 and 3.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/6/2017 • 11 minutes, 38 seconds
FCPA Compliance Report-Episode 321
In this episode, I visit with Adelle Berger, who recently became the Chief Integrity Officer at Louis Berger. Some of the topics we discuss are:
Why is her title “Chief Integrity Officer” as opposed to Chief Compliance Officer or Chief Ethics and Compliance Officer?;
What is the role of a CCO around integrity or how does she see her role at Louis Berger different that a traditional CCO?;
Does she have any specific initiatives around ‘integrity’?;
How can a Chief Integrity Officer help drives the values and culture in an organization;
Her academic background is not the usual one for a compliance professional, what took her in the field; and
How a Chief Integrity Officer is the most recent iteration of the compliance function, to Compliance 3.0.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/6/2017 • 25 minutes, 24 seconds
Day 3 of One Month to a Better 3rd Party Management
The next step in the five-step process is the Questionnaire. The term ‘questionnaire’ is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. The questionnaire should be mandatory step for any third party that desires to work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk, but run away from doing business with such a party.
In the 2011 UK Ministry of Justice’s (MOJ), discussion of Six Principals of an Adequate Procedures compliance program, they said the following, a Questionnaire, “means that both the business person who desires the relationship and the foreign business representative commit certain designated information in writing prior to beginning the due diligence process.”
One of the key requirements of any successful anti-corruption compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter as small businesses can face quite significant risks and will need more extensive procedures than other businesses facing limited risks. The level of risk that companies face will also vary with the type and nature of the third parties with which it may have business relationships. For example, a company that properly assesses that there is no risk of bribery on the part of one of group of its third parties will require nothing in the way of procedures to prevent bribery in the context of those relationships. By the same token the bribery risks associated with reliance on a third party agent representing a company in negotiations with foreign public officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks.
What should you ask for in your questionnaire? Randy Corey, Executive Vice President (EVP), Global Compliance Officer at Edelmen Inc. said in a presentation at Compliance Week 2012, entitled “3rd Party Due Diligence Best Practices in Establishing an Effective Anti-Corruption Program”, that his company has developed a five-step approach in evaluating and managing their third parties. In Step 3 they ask What Do You Need To Know? Initially, Corley said that the scope of review depends on risk assessment, High Risk, Medium Risk or Low Risk. This risk ranking will determine the level of information collected and due diligence performed. The key element of this step is data collection. The initial step is to have the third party complete an application which should include requests for information on background and experience, scope of services to be provided, relevant experience, list of actual and beneficial owners, references and compliance expertise.
Below are some of the areas which I think you should inquire into from a proposed third party include the following:
Ownership Structure: Describe whether the proposed third party is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials?
Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed third party. You should obtain financial records, audited for 3 to 5 years, if available. Obtain the name and contact information for their banking relationship.
Personnel: Determine whether the proposed agent will be providing personnel, particularly whether any of the employees are government officials. Make sure that you obtain the names and titles of those who will provide services to your company.
Physical Facilities: Describe what physical facilities that will be used by the third party for your work. Be sure and obtain their physical address.
•References: Obtain names and contact information for at least three business references that can provide information on the business ethics and commercial reliability of the proposed third party.
PEPs: Are any of the owners, beneficial owners, officers or directors politically exposed persons (PEPs).
UBOs: It is imperative that you obtain the identity of the Ultimate Beneficial Owner (UBO).
Compliance Regime: Does the proposed third party have an anti-corruption/anti-bribery program in place? Do they have a Code of Conduct? Obtain copies of all relevant documents and training materials.
FCPA Training and Awareness: Has the proposed third party received FCPA training or certified by a recognizable entity?
One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.
The questionnaire fills several key roles in your overall management of third parties. Obviously, it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.
Three Key Takeaways
You must have enough information to fully identify the owners, ultimate beneficial owners and related parties to determine if there is foreign official involvement.
All commentary on best practices compliance programs still require questionnaires.
If a third party refuses to fully respond to your questionnaire, walk away from the proposed relationship.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/5/2017 • 12 minutes, 1 second
Compliance into the Weeds-Episode 34
In this episode Matt Kelly and I take a deep dive into the recent kerfuffle involving United Airlines and its policy which prevented to teenaged girls from boarding a flight wearing leggings. Was United within its rights to exclude the passengers for inappropriate dress? Is the policy valid? Did the gate agent receive appropriate training to make their decision? In the world of today, social media accelerates the ability to judge, without improving the ability to judge. For ethics & compliance officers, that means every compliance risk is now magnified into a reputation risk. Finally, we consider Matt's closing sentence, "Training, values, culture, judgment. Funny how those four things keep cropping up, isn’t it?" and what it means for compliance.
For more insight, read Matt's blog post, "United's Policy Management Lessons"
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/5/2017 • 20 minutes, 44 seconds
Day 2 of One Month to Better 3rd Party Management
The Evaluation, in Prong 10, Third Part Management asks, “What was the business rationale for the use of the third party in question?” This question is one of the most basic tools to operationalize your compliance program and should form the basis of your third-party risk management process.
It is common sense that you should have a business rationale to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have that specific third party representing your company. This concept is enshrined in the 2012 FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.”
The Internal Revenue Service (IRS) also considers a business rationale to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, speaking at a presentation, said that the lack of business rationale to be a Red Flag, indeed the IRS views such lack of business rationale as possible indicia of corruption. With the Department of Justice; Securities and Exchange Commission and IRS all noting the importance of a business rationale, it is clear this is something you should use to operationalize your compliance program.
But the business rationale also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business rationale to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues.
Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:
Business Sponsor - Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but business unit accountability for the business relationship and puts the onus on each stakeholder to more fully operationalize this portion of your compliance program.
Business Rationale - The Business Sponsor should then articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?
What should go into your Business Rationale? At the most basic level, you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts which include the following. You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is Red Flag is a customer or government representative points you towards a specific third party. You should inquire into what services the third party will perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this specific third party should be used as opposed to an existing or other third party, is such were considered. All this information should be written down and then signed by the Business Sponsor.
Another way to think about this issue is by considering the competence of foreign business partner to provide services to your organization. Such considerations include a review of the qualifications of the third-party candidate for subject matter expertise, the resources to perform the services for which they are being considered and the third party’s expected activities for your company. More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
Remember, the purpose of the Business Rationale is to document the satisfactoriness of the business case to retain a third party. The Business Rationale should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third-party relationship is renewed. As explained by the Tom Fox Mantra for compliance, this means Document Document Document.
Three Key Takeaways
You should always have a business reason for using a third party which is articulated by the business folks, not compliance.
A Business Sponsor is the key relationship going forward in operationalizing your compliance program through the life of the third-party relationship with your company.
Always remember to Document Document Document.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC Accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/4/2017 • 11 minutes, 13 seconds
FCPA Compliance Report-Episode 320, John Hanson
In this episode I visit with John Hanson (AKA 'the Fraud Guy') who is also the founder of the International Association of Independent Corporate Monitors (IAICM). He discusses why he founded the group, the needs it hopes to address, the resources available to members and others and how someone can apply for membership. the Association's website is icicm.org. For additional information you can contract Hanson at [email protected]. Finally, ror more information see my blog post IAICM Shines a Light on Corporate Monitor.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/4/2017 • 28 minutes, 35 seconds
Day 1 of One Month to Better Third Party Management
Day 1- The Third-Party Risk Management Process
This month, I will consider the risk management of third parties in an operationalized compliance program. As every compliance practitioner is well aware, third parties still present the highest risk under the Foreign Corrupt Practices Act (FCPA). The Department of Justice Evaluation of Corporate Compliance Programs devotes an entire prong to third party management. It begins with the following:
Risk-Based and Integrated Processes – How has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes?
This first set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance must have a process for the full life cycle of third party risk management. There are five steps in the life cycle of third party management.
Business Justification and Business Sponsor;
Questionnaire to Third Party;
Due Diligence on Third Party;
Compliance Terms and Conditions, including payment terms; and
Management and Oversight of Third Parties After Contract Signing.
Over this month, I will be exploring each of these steps in detail so by the end of this month, you will be able to fully operationalize your third party risk management program.
Step 1 - Business Justification
The first step breaks down into two parts:
Business Sponsor
Business Justification
The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.
Step 2 - Questionnaire
The term ‘questionnaire’ is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party.
One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.
Step 3 - Due Diligence
Most compliance practitioners understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner.
Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK MOJ stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique.
After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 - the contract. In the area of compliance terms and conditions, the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.
Step 4 - The Contract
You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.
Step 5 - Management of the Relationship
I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.
Final Thoughts
I continually give my Mantra of FCPA compliance, which is Document, Document, and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.
Three Key Takeaways
Use the full 5-step process for 3rd party management.
Make sure you have BD involvement and buy-in.
Operationalize all steps going forward by including business unit representatives.
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC Accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
4/3/2017 • 14 minutes, 10 seconds
Day 23 of One Month to Operationalizing Your Compliance Program
I conclude my One Month to Operationalizing your Compliance Program series by discussing how you can put your compliance program at the center of corporate strategy. An article in the Harvard Business Review (HBR) by Frank Cespedes, entitled “Putting Sales at the Center of Strategy”, discussed how to connect up management’s new sales plans with the “field realities.” Referencing the well-known Sam Waltonism that “There ain’t many customers at headquarters”; Cespedes believes that “If you and your team can’t make the crucial connections between strategy and sales, then no matter how much you invest in social media or worry about disruptive innovations, you may end up pressing for better execution when you actually need a better strategy or changing strategic direction when you should be focusing on the basics in the field.”
This can be a critical problem when operationalizing compliance because operationalizing compliance is usually perceived as a top-down exercise. The reality that the employee base that must execute the compliance strategy is not considered. Even when there are comments from employees on compliance initiatives they are often derisively characterized as ‘push-back’ and not taken into account in moving the compliance effort forward.
Communicate the Strategy
It can be difficult for an employee base to implement a strategy that they do not understand. Even with a company wide training rollout, followed by “a string of e-mails from headquarters and periodic reports back on results. There are too few communications, and most are one-way; the root causes of underperformance are often hidden from both groups.” Here Cespedes’ insight is that clarification is a leadership responsibility and in the compliance function that means the Chief Compliance Officer (CCO) or other senior compliance practitioner. Moreover, if the problem is that employees do not understand how to function within the parameters of the compliance program, then there is a training problem and that is the fault of the compliance department. I once was subjected to a PowerPoint of 268 slides, which lasted 7.5 hours, about my company’s compliance regime. To say this was worse than useless was accurate. The business guys were all generally asleep one hour into the presentation as we went through the intricacies of the books and records citations to the FCPA. The training was a failure but it was not the fault of the attendees. If your own employees do not understand your compliance program that is your fault.
Continually improve your compliance productivity
Why not do the incentivize productivity around compliance? Work with your Human Resources (HR) department to come up with appropriate financial incentives. Many companies have ad hoc financial awards, which they present to employees to celebrate and honor outstanding efforts. Why not give out something like that around doing business in compliance? Does your company have, as a component of its bonus compensation plan, a part dedicated to compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. HR can, and should, facilitate this process by setting expectations early in the year and then following through when annual bonuses are released. With the assistance of HR, such a bonus can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice.
Improve the human element in your compliance program
This is another area where HR can help the compliance program. More than ongoing assessment of employees for promotion into leadership positions, here HR can assist on the ground floor. HR can take the lead in asking questions around compliance and ethics in the interview process. Studies have suggested that certainly Gen Y & Xers appreciate such inquiries and want to work for companies that make such business ethics a part of the discussion. By having the discussion during the interview process, you can not only set expectations but you can also begin the training process on compliance.
However, this approach should not end when an employee is hired. HR can also assist your compliance efforts by tracking employees through their company career to identify those who perform high in any compliance metric. This can also facilitate the delivery on more focused compliance training to those who may need it because of changes on compliance risks during their careers.
Make your compliance strategy relevant
Cespedes notes, “Most C-suite executives know these value-creation levers, but too few understand and operationalize the sales factors that affect them.” In the sales world this can translate into a reduction in assets to underperforming activities. This is all well and good but such actions must be coupled with an understanding of why sales might be underperforming in certain areas. In the compliance realm, I think this translates into two concepts, ongoing monitoring and risk assessment. Ongoing monitoring can allow you to move from a simple prevent mode to a more prescriptive mode; where you can uncover violations of your company’s compliance program before they become full blown FCPA violations. By using a risk assessment, you can take the temperature of where and how your company is doing business and determine if new products or service offerings increase your compliance risks.
Above all, you need to get out and tell the compliance story. Louis D’Amrosio was quoted for the following, “You have to repeat something at least 10 times for an organization to fully internalize it.” If there is a disconnect between your compliance strategy and how your employee base is implementing or even interpreting that strategy, get out of the office and go out to the field. But you need to do more that simply talk you also need to listen. By doing so, can help to align your company’s compliance strategy with both the delivery and in the field.
Three Key Takeaways
Use information from your employees to make your compliance program more productive.
Use social media and other innovative techniques to communicate your compliance strategy.
Operationalize Operationalize Operationalize, then Document Document Document.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/31/2017 • 13 minutes, 49 seconds
This Week in FCPA-Episode 46
Show Notes for Episode 46, for the week ending March 31, the On the Road to Prague Edition
In this episode, Jay and I have a wide-ranging discussion on operationalizing compliance through business processes. We discuss:
Why powerful people fail to stop bad behavior by their underlings. Click here for the article.
Some policy management lesson, courtesy United Airlines. Click here for Matt Kelly’s article on Radical Compliance.
Why you shouldn’t linger too long in the wrong compliance position. See Julie DiMauro’s blog post on the FCPA Blog.
Bribe recipient in the Gerald and Patricia Green FCPA case gets 50 years in prison. See article in the FCPA Blog.
Using data to operationalize your compliance program. Read Tom’s blog post, by clicking here.
What the New York state Department of Financial Services new regulation on cybersecurity for financial services companies means for compliance officers. See Tom’s blog post by clicking here.
Jay previews his weekend report.
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/31/2017 • 28 minutes, 43 seconds
Day 22 of One Month to Operationalizing Your Compliance Program
The Evaluation of Corporate Compliance Programs, Prong 6, Incentives and Disciplinary Measures states:
Incentive System – How has the company incentivized compliance and ethical behavior? How has the company considered the potential negative compliance implications of its incentives and rewards? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations?
How can you measure compliance in senior management or evaluate it for the purposes of a bonus calculation? This issue has often been difficult to sustain in a company because the compliance evaluation of whether a senior manager or company leader is often viewed as too subjective. An article entitled, “Integrating Your Compliance Programme Into the Variable Compensation of Executives, addressed these issues and concerns.
The article was built around a case study of the Sorin Group, a healthcare multinational, and the company’s incentive program for its compliance regime. The company created such an incentive program to “influence actual behaviors, and not merely the consequences of any wrong doing that may occur.” Compliance has been made an integral part of each manager’s performance objectives. Members on the company’s Executive Leadership Team (ELT) and the other leaders of all its corporate functions and “business units are directly responsible for the culture, understanding, observance and adoption of the Sorin Code of Conduct, the Sorin United States and international compliance policies and procedures” and their respective health industry codes of practice.
Each of the different functions within the Sorin Group has adopted individual performance objectives specifically regarding compliance. The individualized “compliance objectives are agreed and documented every year for each function and senior manager, and form part of the process of continuous performance review (written reviews twice yearly) managed by Sorin’s human resources team. The responsible executive of each function or group is required to cascade each of the compliance obligations to those employees under them. This ensures that the whole company has compliance integrated into their variable remuneration.”
The company’s evaluation process includes the staff that report to each senior executive who are interviewed by the General Counsel (GC) or other member of the compliance function “to determine their adherence to the compliance objectives.” Additionally, “An assessment is performed alongside line managers and a member of the human resources team to determine whether the obligations have been met, and to what extent.” Lastly, this same system applies to the company’s Board of Directors and Chief Executive Officer (CEO).
The variable compensation awarded at the end of each year can be affected in two ways by this compliance evaluation. The first is for an entire group and “If a group fails to meet expectations for the specific objectives the executive and their whole team will miss out on the entire variable pay for that year.” But “If a group meets some expectations for the compliance objectives they will receive payment of the variable, with the amount dependent on the amount of objectives that have been met.” The same holds true for the individual within the group so that “if an employee fails to meet his or her compliance objectives, the whole bonus for that employee will remain unpaid.”
Some examples of compliance obligations that are measured and evaluated include the following:
For the ELT
Lead from the top – in your own conduct (lead by example) and in the decisions you take, to the resources and time you commit to compliance;
Facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally; and
Support specific initiatives from the CCO, compliance function.
For Department Heads
Demonstrate, facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally;
Support specific initiatives from the compliance function;
Ensure that all employees, agents and contractors directly or indirectly reporting to you fully complete all required training and communications in a timely manner;
Provide full cooperation with investigations conducted by the compliance or legal functions of any alleged violation of compliance policies;
Include the Chief Compliance Officer or another legal or compliance function representative in your management meetings at least twice per year, per geography;
Identify instances of non-compliance and support compliance monitoring and reporting systems; and
Partner with compliance in resolving compliance issues.
For Country Heads of Sales
Certify that all employees, agents and contractors directly or indirectly reporting to you have fully reported all sales and marketing interactions with all government officials or employees of state-owned enterprises in a timely manner and
Certify that all employees, agents and contractors directly or indirectly reporting to you have fully, promptly and accurately reported all expenses with government officials or employees of state-owned enterprises on ERP.
The article also speaks of five things to consider when developing such a compliance incentive program. (1) The program needs to be cascaded down the organization so that it applies to all levels in the company. (2) Include both a 360 degree review and mid-year review. (3) To truly incentive senior management, the compliance objectives should be at least 25% of the overall discretionary bonus program. (4) Do not have simply ‘tick-the-box’ incentives but include subject incentives.
As the final item to consider, is you need to have SMART compliance objectives, which are defined as:
Specific: A specific objective has a much greater chance of being accomplished than a general objective (e.g don’t just say “ensure training has been completed by your team”, say; Who: who needs to be trained?
What: what training objectives do you want to accomplish?
Where: identify a location for the training
When: establish a time frame for the training to be completed
Which: identify requirements and constraints for any training
Why: provide specific reasons, purpose or benefits of accomplishing the training objective.
Measurable: Establish concrete criteria for measuring progress toward the attainment of each objective you set.
Aggressive but attainable: When you identify objectives that are most important to the compliance function and the relevant business, employees are more likely to see the value in making them come true.
Realistic: To be realistic, an objective must represent something which you are both willing and able to work toward.
Timely: An objective should be grounded within a timeframe.
The article ends with some insights into lessons learned, including the following:
Top down: If your ELT is truly on board you can make big leaps and not limit your compliance ambitions to incremental steps.
Personalize: The objectives should be more personal to each function and more granular.
Balance: Have qualitative judgments but couple them with concrete and - most importantly - objective and measurable key performance indicators.
Publicize: Talking about the real company examples of its people make the difference.
Be positive: Focus your company’s efforts on positive incentive behaviors. In other words, use both the stick and carrot.
Just do it: Stop talking the talk and start walking the walk.
The Evaluation makes clear that the Department of Justice expects incentives to be operationalized into your compensation structure. While there may always be subjectivity built into any compensation incentive system, that does not mean financial incentives cannot be written into the evaluation of any senior management to help guide ethical business practices.
Three Key Takeaways
The Evaluation requires not only carrots around compliance but metrics to justify compensation.
Provide metrics for each level of employee to hit as a part of a discretionary bonus evaluation.
Up to 25% of a discretionary bonus should be based on compliance or an ethical component.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/30/2017 • 13 minutes, 40 seconds
FCPA Compliance Report-Episode 319, Brandon Essig
In this episode I visit with Brandon Essig, a former DOJ prosecutor when the Yates Memo was released. He discusses the impact of the Yates Memo inside the DOJ and the triage that prosecutors use on cases in response. For Brandon's blog post on the topic on Linkedin, click here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/30/2017 • 26 minutes, 41 seconds
Day 21 of One Month to Operationalizing Your Compliance Program
Even with a great Tone-At-the-Top and in the middle, you cannot stop. One of the greatest challenges of a compliance practitioner is how to affect the ‘tone at the bottom’. In an article in the Spring 2012 Issue of the MIT Sloan Management Review, entitled “Uncommon Sense: How to Turn Distinctive Beliefs Into Action”, authors explored the “often overlooked, critical source of differentiation is [a] company’s beliefs” and provided techniques on how to tap into these beliefs. The authors listed seven approaches that they have used which I believe that the compliance practitioner can use to not only determine ‘Tone at the Bottom” but to impact that tone. They are as follows:
Assemble a group. You need to assemble a group of employees who are familiar with the challenges of doing business in a compliant manner in certain geographic regions. Include both long-time employees and those who are relatively new to the organization. The authors also suggest that if you have any employees who have worked for competitors or for other organizations in your industry you include them as well.
Ask questions. You should ask the members of this group to articulate their basic assumptions about your compliance model, about the management model, about your company’s business model and the future of the industry in general. Ask them to do this individually and not as a group.
Categorize the responses. Now comes the work by the compliance practitioner or compliance team. These assumptions will usually fall into two groups. The first is assumptions that everyone agrees upon-the common beliefs. The second is those assumptions that only a few of the participants will identify – this is what the authors call the “uncommon beliefs”.
Develop tests for common beliefs. For those beliefs that are labeled common - you should consider how you know these to be true? The authors caution that simply because the group may believe that the company operates a common industry or that we “do it because it has always been done this way” is necessarily a “hard fact.” Consider what test you could perform to verify the common belief that you desire to test. The authors note that the purpose here is to “identify the ‘common nonsense’ beliefs that everyone holds that are not actually hard laws of nature.”
Develop tests for uncommon beliefs. Here the authors suggest that you need to consider why some people think that these beliefs are true. What is the information or experience that they have drawn upon? Is there any way for you to test these uncommon beliefs?
Reassemble the original group. You should reassemble the original group and have them consider the beliefs that were articulated by them individually in the context of your compliance model and how both your company and your industry do business. Lead a discussion that attempts to identify any assumptions or beliefs that ‘are quite possibly wrong, but worth experimenting with anyway.”
List of Experiments to perform. The authors believe that the outcome of the first six steps will be “a list of possible experiments [tests] to conduct” to determine the validity of the common and uncommon beliefs. These tests can be accomplished in the regular course of business, through a special project with a special team and separate budget. You should agree on the testing process and review your testing assumptions throughout the process. This process can and should take some time so do not set yourself such a tight time frame that it cannot be fully matured.
By engaging employees at this level, you can find out not only what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. Employees want to do business in an ethical manner. Given the chance to engage in business the right way, as opposed to cheating; will win the hearts and minds of your employees almost all the time. By using the protocol suggested by the authors you can not only find out the effect of your company’s compliance program on the employees at the bottom but you can affect it as well.
Mike Volkov said in an article entitled, “Mood in the Middle Versus Tone at the Top” that “Even when a company does all the right things at the senior management level, the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that exist throughout the company.” To fully operationalize your compliance program, you must find a way to articulate and then drive the message of ethical values and doing business in compliance with such anti-corruption laws such as the FCPA from the top down, throughout your organization.
Three Key Takeaways
How is your compliance embedded at the bottom of your organization?
Use of social media can help set the tone at the bottom.
A company’s culture is reflected in the values and beliefs that exist throughout the company-make certain you assess it and use that information going forward.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2017 • 13 minutes, 33 seconds
FCPA Compliance Report-International Edition
In this episode I visit with Jonathan Armstrong on his views on the new DOJ Evaluation of Corporate Compliance Programs. Armstrong provides a detailed analysis of some of the key differences between how compliance is operationalized in the US as opposed to the UK and EU countries. He explains how the enhanced requirements for root cause analysis, risk assessments and investigations and the supplemented requirements to tie back into the ongoing compliance monitoring and updating, could run afoul of UK and EU data protection and data privacy requirements. He also considers what a non-US company, subject to the FCPA what should look to as a best practices compliance program to best protect the organization. Finally explores just how far does all of this go? He provides on statistic that puts a huge bow on the difficulties going forward.
For the Cordery Compliance article see the following, US Department of Justice on Evaluation of Corporate Compliance : how does it compare to UK Bribery Act 2010?
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/29/2017 • 28 minutes, 32 seconds
Day 20 of One Month to Operationalizing Your Compliance Program
The Evaluation of Corporate Compliance Programs makes clear, a company must have more than simply at good ‘Tone-at-the-Top’; it must move it down through the organization from senior management down to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization. Adam Bryant, writing in the NYT in an article entitled, “If the Supervisors Respect Values, So Will Everyone Else”; explored this topic when he interviewed Victoria Ransom, the Chief Executive Officer (CEO) of Wildfire, a company which provides social media marketing software.
Ransom spoke about the role of senior management in communicating ethical values when she was quoted as saying “Another lesson I’ve learned as the company grows is that you’re only as good as the leaders you have underneath you. And that was sometimes a painful lesson. You might think that because you’re projecting our values, then the rest of the company is experiencing the values.” These senior managers communicate what the company’s ethics and values are to middle management. So, while tone at the top is certainly important in setting a standard, she came to appreciate that it must move downward through the entire organization. Bryant wrote that Ransom came to realize “that the direct supervisors become the most important influence on people in the company. Therefore, a big part of leading becomes your ability to pick and guide the right people.”
Ransom said that when the company was young and small they tried to codify their company values but they did not get far in the process “because it felt forced.” As the company grew she realized that their values needed to be formalized and stated for a couple of reasons. The first was because they wanted to make it clear what was expected of everyone and “particularly because you want the new people who are also hiring to really know the values.” Another important reason was that they had to terminate “a few people because they didn’t live up to the values. If we’re going to be doing that, it’s really important to be clear about what the values are. I think that some of the biggest ways we showed that we lived up to our values were when we made tough decisions about people, especially when it was a high performer who somehow really violated our values, and we took action.” These actions to terminate had a very large effect on the workforce. Ransom said that “it made employees feel like, “Yeah, this company actually puts its money where its mouth is.””
Ransom wanted to make clear to everyone what senior management considered when determining whether employees “are living up to the company culture.” The process started when she and her co-founder spent a weekend writing down what they believed the company’s values were. Then they sat down with the employees in small groups to elicit feedback. Her approach was to look for what they wanted in their employees.
Passion: Do you really have a thirst and appetite for your work?
Humility and Integrity: Treat your co-workers with respect and dignity.
Courage: Speak up - if you have a great idea, tell us, and if you disagree with people in the room, speak up.
Curiosity: They wanted folks who would constantly question and learn, not only about the company but about the industry.
Impact: Are you having an impact at the company?
Be outward-looking: Do good and do right by each other.
Ransom had an equally valuable insight when she talked about senior management and ethical values. She believes that “the best way to undermine a company’s values is to put people in leadership positions who are not adhering to the values. Then it completely starts to fall flat until you take action and move those people out, and then everyone gets faith in the values again. It can be restored so quickly. You just see that people are happier.”
What should the tone in the middle be? That is, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore your organization should training middle managers to enhance listening skills in the overall context of providing training for their ‘Manager’s Toolkit’. This can be particularly true if there is a compliance violation or other incident which requires some form of employee discipline. Most employees think it important that there be “organizational justice” so that people believe they will be treated fairly. He further explained that without organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness that an employee is more likely accept a decision that they may not like or disagree with.
Employees often look to their direct supervisor to determine what the tone of an organization is and will be going forward. Many employees of a large, multi-national organization may never have direct contact with the CEO or even senior management. By moving the values of compliance through an organization into the middle, you will be in a much better position to inculcate these values and operationalizing compliance with them.
Three Key Takeaways
Tone at the tops- direct supervisors become the most important influence on people in the company.
Give your middle managers a Tool Kit around compliance so they can fully operationalize compliance.
Organizational justice is a further way to help operationalize compliance.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/28/2017 • 13 minutes, 5 seconds
Compliance into the Weeds-Episode 33
In this episode, we take a look at a recent speech given by NY Fed Chairman William Dudley in London where he addressed improving corporate culture. Dudley provided three recommended steps. First, a bank must decide on its purpose and core values—or, as Dudley put it, “What are you for?” Second, after this identification of purposes and values, you can measure how well the workforce is striving to achieve that purpose. Third a bank can set its incentives so employees work harder to achieve those goals. As usual, Matt and I take a deep dive into the issue of enhancing corporate culture. For more on the speech, see Matt's blog post on Radical Compliance entitled, "Great Speech About Improving Corporate Culture".
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/28/2017 • 23 minutes, 32 seconds
Day 19 of One Month to Operationalizing Your Compliance Program
Under the Evaluation of Corporate Compliance Programs, Prong 2, it states:
Senior and Middle Management
Conduct at the Top – How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?
This requirement is more than simply the ubiquitous ‘tone-at-the-top’ as here the Justice Department wants to see a company’s senior leadership actually doing compliance. How can senior management operationalize compliance going forward? One of the best places to start is the article from the Harvard Business Review by Professor Lynn Paine entitled, “Managing for Organizational Integrity”. Larry Thompson, former PepsiCo Senior Vice President of Governmental Affairs, General Counsel and Secretary, discussed the work of Professor Paine in citing five factors, which he believed were critical in establishing an effective integrity program and to set the right “Tone at the Top”.
The guiding values of a company must make sense and be clearly communicated.
The company’s leader must be personally committed and willing to take action on the values.
A company’s systems and structures must support its guiding principles.
A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions.
Managers must be empowered to make ethically sound decisions on a day-to-day basis.
David Lawler, in his book, Frequently Asked Questions in Anti-Bribery and Corruption boiled it down as follows “Whatever the size, structure or market of a commercial organization, top-level management’s commitment to bribery prevention is likely to include communication of the organization’s anti-bribery stance and appropriate degree of involvement in developing bribery prevention procedures.” Lawler went on to provide a short list of points that he suggests senior management engage in to communicate the type of tone to follow an anti-corruption regime.” I had a CEO of a client, who after I described his role in operationalizing his company’s compliance program observed the following, “You want me to be the ambassador for compliance.” I immediately averred in the affirmative. The following is a list of things that a CEO can do as an ‘Ambassador of Compliance’
Reject a ‘do as I say, not as I do’ mentality;
Not just ‘talk-the-talk’ but ‘walk-the-walk’ of compliance;
Oversee creation of a written statement of a zero tolerance towards bribery and corruption;
Appoint and fully resource, with money and headcount, a Chief Compliance Officer;
Oversee the development of a Code of Conduct and written compliance program implementing it;
Ensure there are compliance metrics on all key business reports;
Provide leadership to middle managers to facilitate filtering of the zero tolerance message down throughout the organization;
Not only have a whistleblowing, reporting or speak up channel but celebrate it;
Keep talking about doing the right thing;
Make sure that you are seen providing your Chief Compliance Officer with access to yourself and the Board of Directors.
Coming at it from a different perspective, author Martin Biegelman provides some concrete examples in his book entitled, “Building a World Class Compliance Program – Best Practices and Strategies for Success”. Biegelman begins the chapter discussed in this posting with the statement “The road to compliance starts at the top.” There is probably no dispute that a company takes on the tone of its top management. In this chapter Biegelman cites to a list used by Joe Murphy of actions that a CEO can demonstrate to set the requisite tone from the Captain’s Chair of any business. The list is as follows:
Keep a copy of the Constitution on your Desk. Have a dog-eared copy of your company’s Code of Conduct on your desktop and be seen using it.
Clout. Make sure your compliance department has authority, influence and budget within the company. Have your Chief Compliance Officer (CCO) report directly to the Board of Directors.
Make them Accountable. At Senior Executive meetings, have each participant report on what they have done to further the compliance function in their business unit.
Sticks and Carrots. Have both sanctions for violation of company compliance and ethics policies and incentives for doing business in a compliant manner.
Don’t do as I say, Do as I do. Turn down an expensive dinner or trip offered by a vendor. Pass on a gift that you may have received. Turn down a transaction based upon ethical considerations.
Be a Student. Be seen at intra-company compliance training. Take a one or two day course or attend a compliance conference outside your organization.
Award Compliance. You should recognize outstanding compliance efforts with companywide announcements and awards.
The Board. Recruit a nationally known compliance expert to sit on your company’s Board and chair the audit or compliance committee.
Independent Review. Obtain an independent, outside review of your company’s compliance program and report the results to the Board’s Audit Committee.
Mandate that all vendors in your Supply Chain embrace compliance and ethics as a business model. If not, pass on doing business with them.
Talk to others in your industry and your peers on how to improve your company’s compliance efforts.
Many companies struggle with some type of metric which can be used for upper management regarding compliance and communication of a company’s compliance values. One technique might be to require the CEO to post companywide emails or other communications once a quarter on some compliance related topic. The CEO’s direct reports would then also be required to email their senior management staff a minimum of once per quarter on a compliance topic. One can cascade this down the company as far as is practicable. Reminders can be set for each communication so that all personnel know when it is time to send out the message. If these communications are timely made, this metric has been met.
Three Key Takeaways
Senior management must actually do compliance; walk-the-walk, not simply talk-the-talk.
Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.
CEO as Compliance Ambassador.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, I visit with Erica Salmon Bryne, EVP at Ethisphere on the 2017 World's Most Ethical Companies honorees. Erica goes into how the corporate compliance programs are evaluated, what the companies disclose to Ethisphere and how the winners consistently demonstrate compliance is good for business. Check out more information on Ethisphere's site by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/27/2017 • 25 minutes, 31 seconds
This Week in FCPA-Episode 45
In this episode, Jay and I have a wide-ranging discussion on why good compliance and is good for business. We discuss:
LRN Ethics and Compliance Program Effectiveness Report. Click here for Report.
Ethisphere’s 2017 World’s Most Ethical Companies. Click here for Report.
Why good compliance is good for business. See Tom’s blog post.
Women in compliance: A key to organizational diversity. See article in the FCPA Blog.
ECI Podcast: Engaging With Your Monitor: Best Practices from ECI’s Independent Monitor Benchmarking Group. To listen to the podcast, click here.
Jay previews his weekend report.
Tom previews a presentation he will give with Jenny O’Brien and Roy Snell at the SCCE European Ethics and Compliance Institute in April. Jay previews a presentation at the same event by Eric Feldman of Affiliated Monitors. For more information on the event, check it out by clicking here.
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/24/2017 • 31 minutes, 54 seconds
Day 18 of One Month to Operationalizing Your Compliance Program
The Department of Justice Evaluation of Corporate Compliance Programs states, in Prong 10, Third Party Relationships:
Management of Relationships – How has the company considered and analyzed the third party’s incentive model against compliance risks? How has the company monitored the third parties in question? How has the company trained the relationship managers about what the compliance risks are and how to manage them? How has the company incentivized compliance and ethical behavior by third parties?
If you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA violation. Now the DOJ has explicitly adopted this approach as a key determination of whether you have operationalized your compliance program. There are several different ways that you should manage your post-contract relationship.
Relationship Manager
There should be a Relationship Manager for every third party which the company does business with through the sales chain. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party. Some of the duties of the Relationship Manager may include:
Point of contact with the Third Party for all compliance issues;
Maintaining periodic contact with the Third Party;
Meeting annually with the Third Party to review its satisfaction of all company compliance obligations;
Submitting annual reports summarizing services provided by the Third Party;
Assisting the company’s compliance function with any issues with respect to the Third Party.
The Relationship Manager can be the Business Sponsor who prepared the Business Rationale discussed on Day 17. By using the Business Sponsor as the Relationship Manager, your company will further operationalize compliance by continuing to have the business unit lead the front-line relationship, communications and contact with the third party. As noted compliance commentator Scott Moritz has said, “This puts the onus on each stakeholder.”
Compliance Professional
Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such a resource. A third party may not be large enough to have its own compliance staff so any company using third party representatives should provide a dedicated resource to third parties. This will not create a conflict of interest nor are other legal impediments to providing such services. They can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party.
Third Party Oversight Committee
A Third Party Oversight Committee further operationalizes compliance. It review all documents relating the full panoply of a third party’s relationship with a company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third party who might represent a company on the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in anti-corruption compliance, this is a manner to deliver additional management of that risk.
After the commercial relationship has begun the Third Party Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Third Party Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Third Party Oversight Committee should review all payments requested by the third party to assure such payment are within the company guidelines and are warranted by the contractual relationship with the third party. Lastly, the Third Party Oversight Committee should review any request to provide the third party any type of non-monetary compensation.
Audit
A key tool in operationalizing the relationship with a third party post-contract is auditing the relationship. You should secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as one to (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. As a base line, any audit of a third party include, at a minimum, a review of the following:
the effectiveness of existing compliance programs and codes of conduct;
the origin and legitimacy of any funds paid to Company;
books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
all disbursements made for or on behalf of Company; and
all funds received from Company in connection with work performed for, or services or equipment provided to, Company.
Three Key Takeaways
Management of the third party relationship is the key step in determining the effectiveness of your compliance program in this risk area.
By using non-compliance functions, such as the Business Sponsor or Relationship Manager you more fully operationalize your compliance program.
Never forget to put a second set of eyes on all third party relationships.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/24/2017 • 13 minutes, 33 seconds
Day 17 of One Month to Operationalizing Your Compliance Program
The Evaluation, in Prong 10, Third Part Management asks, “What was the business rationale for the use of the third party in question?” This question is one of the most basic tools to operationalize your compliance program and should form the basis of your third party risk management process.
It is common sense that you should have a business rationale to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have a particular third party representing your company. This concept is enshrined in the FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.”
The Internal Revenue Service (IRS) also considers a business rationale to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, speaking at a presentation, said that the lack of business rationale to be a Red Flag, indeed the IRS views such lack of business rationale as possible indicia of corruption. With the Department of Justice; Securities and Exchange Commission and IRS all noting the importance of a business rationale, it is clear this is something you should use to operationalize your compliance program.
But the business rationale also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business rationale to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues.
Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:
Business Sponsor - Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but business unit accountability for the business relationship and puts the onus on each stakeholder to more fully operationalize this portion of your compliance program.
Business Rationale - The Business Sponsor should then articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?
So what should go into your Business Rationale? At the most basic level, you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts which include the following. You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is Red Flag is a customer or government representative points you towards a specific third party. You should inquire into what services the third party will perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this specific third party should be used as opposed to an existing or other third party, is such were considered. All this information should be written down and then signed by the Business Sponsor.
Another way to think about this issue is by considering the competence of foreign business partner to provide services to your organization. Such considerations would include a review of the qualifications of the third party candidate for subject matter expertise, the resources to perform the services for which they are being considered and identifying the third party’s expected activities for your company. More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
Remember, the purpose of the Business Rationale is to document the satisfactoriness of the business case to retain a third party. The Business Rationale should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third-party relationship is renewed. As explained by the Tom Fox Mantra for compliance, this means Document Document Document.
Three Key Takeaways
You should always have a business reason for using a third party which is articulated by the business folks, not compliance.
A Business Sponsor is the key relationship going forward in operationalizing your compliance program through the life of the third-party relationship with your company.
Always remember to Document Document Document.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/23/2017 • 11 minutes, 32 seconds
Everything Compliance-Episode 9
This episode is dedicated to the Justice Department’s Evaluation of Corporate Compliance Programs, which was released in February. In this episode, Jay Rosen and Jonathan Armstrong provide next insight. Listen to last week’s Episode 8 for commentary from Matt Kelly and Mike Volkov.
Jay Rosen, reporting from the ABA White Collar Conference in Miami, considers the view from the vendor perspective and whether the Evaluation changes a conversation about doing compliance. He reviews the requirements for ongoing monitoring, risk assessments and root cause analysis and the need for companies to explain how something might have fallen through the cracks, leading to a FCPA incident. He points out how CCOs can test a company’s compliance systems.
For Jay Rosen’s post see, Still in the Enforcement Business and Evaluation of Corporate Compliance Programs
Jonathan Armstrong provides a detailed analysis of some of the key differences between how compliance is operationalized in the US as opposed to the UK and EU countries. He explains how the enhanced requirements for root cause analysis, risk assessments and investigations and the supplemented requirements to tie back into the ongoing compliance monitoring and updating, could run afoul of UK and EU data protection and data privacy requirements. He also considers what a non-US company, subject to the FCPA what should look to as a best practices compliance program to best protect the organization. Finally explores just how far does all of this go? He provides on statistic that puts a huge bow on the difficulties going forward.
For the Cordery Compliance article see the following, US Department of Justice on Evaluation of Corporate Compliance : how does it compare to UK Bribery Act 2010?
For Mike Volkov’s posts on the Evaluation see the following:
Under the Dark of Night, DOJ Moves the Compliance Ball;
DOJ’s Compliance Program Evaluation: the Role of the CCO;
DOJ’s Compliance Program Evaluation: Risk Assessment, Policies and Procedures and Third-Party Risk Management; and
DOJ Compliance Expectations Concerning Training, Internal Investigations and Audits
For Tom Fox’s posts on these topics see the following:
New DOJ Evaluation-Valuable Document for the Compliance Practitioner, Part I; and
New DOJ Evaluation-Valuable Document for the Compliance Practitioner,
Part II
For Matt Kelly’s posts see the following:
Fresh FCPA Guidance from the Justice Department; and
Deeper Dive into new DoJ Compliance Guidance
The members of the Everything Compliance panel include:
Jay Rosen – Vice President of Business Development and Monitoring Specialist at Affiliated Monitors. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around, Volkov is the Founder and Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance and former Editor of Compliance Week. Kelly can be reached at [email protected].
Jonathan Armstrong – Rounding out this distinguished panel is our UK colleague, a lawyer with Cordery Compliance in London. Armstrong can be reached at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/23/2017 • 39 minutes, 26 seconds
Day 16 of One Month to Operationalizing Your Compliance Program
From the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs:
Autonomy and Resources
Stature – How has the compliance function compared with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers? What has been the turnover rate for compliance and relevant control function personnel? What role has compliance played in the company’s strategic and operational decisions?
Experience and Qualifications – Have the compliance and control personnel had the appropriate experience and qualifications for their roles and responsibilities?
While the DOJ’s stated position that it does not concern itself with whether the CCO reports to the General Counsel (GC) or reports independently, but it is more concerned about whether the CCO has the voice to go to the Chief Executive Officer (CEO) or Board of Directors directly, without going through the GC first. Even if the answer were yes, the DOJ would want to know if the CCO has ever exercised that right. Yet the Evaluation comes as close to any time previously in articulating a DOJ policy that the CCO be independent of the GC’s office. Therefore, if your CCO still reports up through the GC, you must have demonstrable evidence of both CCO independence and actual line of sight authority to the Board.
With the operationalization of compliance, the DOJ wants to know if the if business unit of a company is responsible for at least a part of compliance. Put in the manner of the Evaluation, is compliance operationalized within your organization? An interesting angle is the real problem for a CCO if compliance is not embedded into the business; that problem is that the CCO simply becomes a policeman, telling the business unit what it cannot do. Or as I would say, being Dr. No from the Land of No.
Here are some questions you should consider in evaluating this prong. First and foremost, is the CCO a part of the senior management or the C-Suite? Is the CCO part of regular meetings of this group? Who can terminate the CCO; is it was the CEO, the Audit Committee of the Board or does CCO termination require approval of the entire Board? Most importantly, could a person under investigation or even scrutiny by the CCO fire the CCO? If the answer is yes, the CCO clearly does not have requisite independence.
Additional questions to consider are (a) Who can over-rule a decision by a CCO within an organization? and (b) Who is making the decisions around salary and compensation for the CCO? Is it the CEO, the GC, the Audit Committee of the Board or some other person or group?
An evolution in thinking by the DOJ is looking at turnover rates, as this is not something the DOJ has previously focused upon. For any company which simply lays off its entire compliance function and rolls it into the legal department; how do you think that would appear to the DOJ if it came knocking to investigate a potential FCPA violation?
Also to be considered is the compensation, both in salary and benefits paid to the CCO and compliance practitioners within an organization. In the FCPA Pilot Program, under Prong 3, Remediation, the DOJ said it would consider “How a company's compliance personnel are compensated and promoted compared to other employees”. This was carried forward in the Evaluation so you will need to consider benchmarked studies or other evidence of an appropriate level of pay for a corporate compliance function.
Finally, what resources have been made available to the compliance function. This would include both monetary budget for operationalization but also head count resources. One might hope the days have long since pasted when companies would come into the DOJ and plead the compliance function ‘only’ had $100,000; $200,000 or you name the figure in resources; to be met with the prosecutor’s question “What was your annual spend on yellow-sticky note pads?” When the inevitable response was considerably more than the entire compliance budget, the prosecutor’s response was something along the lines of “Which is more mission critical for complying with the law?”
Another evolution in the DOJ’s thinking was in experience and qualifications for the compliance function. In the Pilot Program, Prong 3 was the following, “The quality and experience of the compliance personnel such that they can understand and identify the transactions identified as posing a potential risk”. This has been broadened to “Have the compliance and control personnel had the appropriate experience and qualifications for their roles and responsibilities?”
The Evaluation demonstrates the continued evolution in the thinking of the DOJ around the CCO position and the compliance function. Their articulated inquiries can only strengthen the CCO position specifically and the compliance profession more generally. The more the DOJ talks about the independence of, coupled with resources being made available and authority concomitant with the CCO position, the more corporations will see it is directly in their interest to provide the resources, authority and gravitas to compliance position in their organizations.
Three Key Takeaways
How can you show compliance really has a seat at the senior executive table?
What are the professional qualifications of your CCO and compliance team?
What are the resources made available to your compliance function?
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/22/2017 • 14 minutes, 28 seconds
FCPA Compliance Report-Episode 317, Susan Diver
In this episode I visit with Susan Divers from LRN on the firm's 2016 Ethics and Compliance Program Effectiveness Report. Highlights include:Why did LRN do the report? What did it hope to determine? A summarization of its key findings. Why a focus on structural elements of a compliance program is no longer sufficient. Why a check the box analysis not adequate for judging program effectiveness. Finally the new focus on on ethical culture and behavior and why answering questions around “level of trust” is so critical. For a full copy of the report, you can download it here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/22/2017 • 26 minutes, 5 seconds
Day 15 of One Month to Operationalizing Your Compliance Program
Prong 6, Training and Communication, of the Justice Department’s Evaluation of Corporate Compliance Programs reads, in part:
Form/Content/Effectiveness of Training – Has the training been offered in the form and language appropriate for the intended audience? How has the company measured the effectiveness of the training?
Most companies have not considered this issue, the effectiveness of their compliance program. I would suggest that you start at the beginning of an evaluation and move outward. This means starting with attendance, which many companies tend to overlook. You should determine that all senior management and company Board members have attended compliance training. You should review the documentation of attendance and confirm this attendance. Make your department, or group leaders, accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.
One of the key goals of any compliance program is to train company employees in awareness and understanding of the law; your specific company compliance program; and to create and foster a culture of compliance. In their book, entitled “Foreign Corrupt Practices Act Compliance Guidebook: Protecting Your Organization from Bribery and Corruption”, Martin T. Biegelman and Daniel R. Biegelman provide some techniques which can be used to begin evaluate ethics and compliance training.
The authors encourage post-training measurement of employees who participated. A general assessment of those trained on the FCPA and your company’s compliance program is a starting point. They list five possible questions as a starting point for the assessment of the effectiveness of your FCPA compliance training:
What does the FCPA stand for?
What is a facilitation payment and does the company allow such payments?
How do you report compliance violations?
What types of improper compliance conduct would require reporting?
What is the name of your company’s Chief Compliance Officer?
The authors set out other metrics, which can be used in the post-training evaluation phase. They point to any increase in hotline use; are there more calls into the compliance department requesting assistance or even asking questions about compliance. Is there any decrease in compliance violations or other acts of non-compliance?
What if you want to take you post-training analysis to a higher level and begin a more robust consideration of the effectiveness of compliance training through an analysis of return on investment (ROI)? Joel Smith, the founder of Inhouse Owl, a training services provider, advocates performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (IE., effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. Smith admits that calculating compliance ROI is very difficult as ethical and compliance behavior is an end-goal and of itself - not necessarily one that everyone feels should be subject to a ROI calculation.
Smith noted, “it is extremely difficult to isolate the training effect to calculate what costs you avoided due solely to your ethics and compliance training. Although each organization will have a unique ROI measurement due to unique training objectives, it is possible to use a general formula to calculate ethics and compliance training ROI.”
Smith’s model uses four factors to help determine the ROI for your ethics and compliance training, which are: (1) Engagement, (2) Learning, (3) Application and Implementation, and (4) Business Impact. These four factors are answered through posing the following questions.
Figure out what you want to measure. Before you ever train an employee, you should have a goal in mind. What actions do you want employees to take? What risks do you want them to avoid? In the FCPA, you want them to avoid non-ethical and non-compliant actions that would lead to FCPA violations. So your goal is to train employees to follow your Code of Conduct and your compliance program policies and procedures so you avoid liability related to actions. Therefore the benefit to calculate for ROI purposes is the total amount saved by the company because employees now understand not to engage in unethical and non-compliant conduct around bribery and corruption.
Were employees satisfied with the training? What is their engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job. If it’s not targeted, employees will likely not be committed to changing risky behavior. Smith believes you can get data on employee engagement through a quick post-training survey. Although this factor does not produce a quantitative number to use in the ROI calculation, it will help you isolate and qualify the training benefit.
Did employees actually learn anything? Smith believes that a critical part of any employee training is the assessment. If you want to understand the “benefit” of training employees, you must know whether they actually learned anything during training. You can collect this data in a number of ways, but for compliance training, the best way is to measure pre and post training understanding over time. Basically, each time you train an employee, measure comprehension both before and after training.
Are employees applying your training? Smith says that for this point you will need to conduct a survey to determine employee application and their implementation of the training topics. To do so, you must conduct employee surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations. These surveys can provide a good sense of whether the training has been effective.
What’s the quantitative business impact of your training? At this point you are ready to determine the numerical business impact of your ethics and compliance training. Smith has an approach he calls the “Best Guess” approach. Smith believes there are two parts to the business impact calculation: (1) the benefit calculation and (2) the isolation calculation. Smith provided five questions he would pose.
How often could a noncompliance event occur?
How much revenue would be involved?
What is the profit margin on the revenue?
What are the other costs?
What are the noncompliance hard costs?
The next step is to isolate the benefits of training so that you properly attribute the ROI to the ethics and compliance training. To make this determination, you need to know at a minimum (1) whether employees understood the training and (2) whether employees are applying the training. This information must be compared with other factors, namely: (1) the effects of any other company initiatives involving anti-corruption, (2) employee attitudes regarding the topic and training, and (3) any business factors such as decreasing/increasing international revenue, macro-economic trends, etc. that may contribute to avoidance of a noncompliance event. From these calculations, you should then apply a percentage of the benefit to the training. Here Smith suggests 25%.
ROI: bringing it all together. Now it is time to calculate the ROI. Here I turn to the formula as laid out on Smith’s company website: “Total FCPA Noncompliance Costs Avoided - Total FCPA Training Program Costs ÷Total FCPA Training Program Costs ($20,000) x 100=ROI”. Smith concludes by noting, “Even though calculating training benefits is often difficult and imprecise, it’s incredibly important to make an attempt to quantify training ROI” to demonstrate not only effectiveness but also “so you can show business people the incredible effect that engaging training can have on the bottom line.”
The importance of determining effectiveness and the evaluation of your ethics and compliance program is now enshrined by the Department of Justice (DOJ) in its Evaluation. The Evaluation is the first formal step taken by the DOJ to demonstrate it wants to see the effectiveness of your compliance program. This is something that many Chief Compliance Officers (CCOs) and compliance professionals struggle to determine. Both the simple guidelines suggested and the more robust assessment and calculation laid out by Smith provide you with a start to fulfill the Evaluation but you will eventually need to demonstrate the effectiveness of your compliance training going forward.
Three Key Takeaways
You must demonstrate you have measured the effectiveness of your compliance training?
The DOJ is clearly moving into requiring a demonstration of effectiveness of compliance training.
You should be moving towards a model of demonstrating compliance training ROI to validate full operationalization of your compliance training.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2017 • 14 minutes, 36 seconds
FCPA Compliance Report-International Edition with Carlos Ayres
In this inaugural episode of the FCPA Compliance Report-International Edition, I have Carlos Ayres, a partner in Madea, Ayres and Sarubbi in Sao Paulo. We discuss an interesting development from the Odebrecht corruption scandal, federal prosecutors in Brazil and ten other countries recently announced they had agreed to cooperate in ongoing investigations surrounding the company. The Odebrecht case involved bribery and corruption allegations reaching multiple countries throughout the Americas. Now reports indicate that officials from Brazil, Argentina, Chile, Colombia, the Dominican Republic, Panama, Mexico, Peru and even the notoriously corrupt Venezuela, along with the European nation of Portugal, have agreed to “start a combined task force with bilateral and multilateral investigative teams to coordinate a probe” of the company. We also discuss recent reports which indicate show companies in Brazil are taking this approach in response to the country’s more aggressive enforcement against endemic corruption in commercial businesses. This is partly in response to the allegations and investigations brought forward by Operation Car Wash and the attendant Odebrecht anti-corruption enforcement action. Jorge Abrahão, president of Brazil’s Ethos Institute, a corporate social responsibility organization said “We are witnessing a big change in Brazil—there is an understanding in society now that whoever doesn’t take the issues of corruption and transparency seriously will not have a place in the market in the future.
For More Information on these topics see my blog posts:
A South American Response to Corruption
Companies now doing compliance in Brazil
Carlos Ayres can be reached via email at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/21/2017 • 24 minutes, 5 seconds
Day 14 of One Month to Operationalizing Your Compliance Program
The Justice Department Evaluation of Corporate Compliance Programs states the following around training:
Training and Communications
Risk-Based Training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?
I thought about the requirement for tailored training and how this leads to operationalizing your compliance program. Consider the current best practices to tailor your compliance training. It is through a risk ranking system of employee job duties or positions which is usually done by someone from the corporate compliance function reviewing lists of employees and then matching up their job duties, focusing on those involved in international operations which have foreign government or state owned enterprise touchpoints. Most usually it targets employees involved in sales.
However, this type of analysis does not fully tie the calculus of FCPA touchpoints to the full panoply of the prevent, detect and remediate mandates of an operationalized compliance program. There are innumerable employees in every corporation who could be employed in the detect prong and who are generally not being engaged as a part of compliance backstop.
Typically, high-risk employees have FCPA training annually. However numerous studies have shown that more focused, indeed tailored, training can be more effective. Imagine the scenario where a high-risk employee is traveling to west Africa, which they book through the corporate travel portal. Unless the employee notifies compliance of this travel it is highly unlikely the compliance department would know about such travel.
Now imagine a corporate algorithm which could connect the dots of a high-risk employee, traveling to a high-risk country on a high-risk assignment. The current practice, in tech speak, is single-tenant software hosting, i.e. one piece of software available at a time with no continuity between corporate functions. Now envision a more multi-tenanted, Software as a Service (SaaS), approach where a company’s information is available through a single application, rather than having the information diluted through multiple applications. If a company is not using multi-tenancy, it may be hosting or supporting thousands of single-tenant information systems and cannot aggregate information across the corporate base and extract knowledge from large data sets as every corporate discipline may be housed on a different server and possibly a different version of software. This allows large and, more importantly, disparate data to be constantly fed into a single system where compliance can move more quickly and efficiently.
Now consider our high-risk employee, traveling to a high-risk country on a high-risk assignment. When they book the travel, compliance could read the information and then deliver a tailored compliance training reminder. There need not a be referral to the compliance department who might call and ask the employee where they are going and what the business purpose, who they are meeting, etc. Communications and training would be delivered to the employee’s computer via email or other delivery mechanism. It could be as simple as a reminder about the FCPA, the company’s Code of Conduct and anti-corruption compliance program around facilitation payments. Yet it could be as sophisticated as the RESIST training which provides specific procedures to resist solicitations requests or even extortion demands, by referencing a company anti-corruption polices; its policies on facilitation payments and even corporate policies for employees. You could even add a list of potential responses such as an immediate response to the bribe-solicitor and reference to internal company reporting for assistance.
Of course, there would be an audit trail for all of this, which helps to satisfy the Document, Document, and Document component of your compliance program. Never forget the Justice Department specifically mentioned compliance reminders as one of the seven reasons Morgan Stanley received a declination back in 2012. This means when the government comes knocking you will have evidence of tailored training delivered to employees. Finally, such training also operates as internal control which helps to meet the Accounting Provisions requirement of the FCPA.
Again, consider another manner of how tailored training might be used for the traveling high-risk employees, where predictive analytics which could be used in conjunction with prior expense reports of both the employee and the region. On the personnel level, tailored training could help to determine if there were any issues around large expense reimbursements or those which might show a pattern of running up to the level where preapproval is required. Tailored training could give a wide range of statistics which would allow the compliance practitioner to operationalize compliance by considering sales expenses to determine if any issues might arise. Finally, in a continuous feedback loop, a prescription solution could then be delivered to prevent an issue arising to the level of an internal Code of Conduct violation or even a FCPA violation further operationalizing compliance.
Three Key Takeaways
Training should all begin with risk ranking of employees.
Tailored training focuses on the risk for each employee and their compliance needs.
Using tailored training to operationalize compliance can provide continuous feedback.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode Kristy Grant-Hart, author of How to be a Wildly Successful Compliance Officer joins me to debate the merits of the ISO 37001 certification. I think the process is worse than useless while Kristy believes they are a step forward.
For our additional written commentary on this issues, see Kristy's post The top five myths about ISO 37001 exposed.
For my views in opposition, see ENI Receives an ISO 37001 Certification and ENI CEO Charged with Corruption
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/20/2017 • 29 minutes, 5 seconds
This Week in FCPA-Episode 44
In this episode, Jay and I have a wide-ranging discussion on the intersection of culture and ethics. We discuss:
German authorities raid at VW investigation counsel, Jones Day, offices in Germany and what it may portend for FCPA investigation. See Tom’s article on the FCPA Blog.
British cycling team scandal. See Tom’s article on the FCPA Blog.
Uber, culture and corporate governance. See FT article, “Crisis inside the cult of Travis”.
Venezuela begins to investigate PDVSA for corruption. See article in the Wall Street Journal.
Federal reserve seeks lifetime ban for JPMorgan bankers who ran the illegal ‘Sons and Daughters’ hiring program. See article in the FCPA Blog.
Tom reveals an exciting new podcast, the Compliance Report-International Edition, which will premier next week. The initial episode will feature Carlos Ayers on recent anti-corruption developments in Brazil and South America.
Jay previews his weekend report.
Tom reports on a talk about 3rd party ROI at the upcoming Third-Party Risk Management & Oversight Summit, on March 20 & 21 at the Princeton Club in New York City. Listeners to this podcast will receive a 15% discount off of the regular price of the event. To take advantage of this offer enter the Code CMP 161. For more information on the event, check out the website by clicking here.
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/17/2017 • 42 minutes, 56 seconds
Day 13 of One Month to Operationalizing Your Compliance Program
Another way to operationalize compliance is to have oversight moved out into regions. Such an approach can more effectively ensure employee and third party compliance with your Code of Conduct throughout a organization by integrating compliance into every aspect of a Company’s functions and generating the necessary information to continuously improve your compliance program. Such a regional compliance committee can operate on multiple planes to fully operationalize compliance in a company, augment existing internal controls and make the company a more efficient and profitable entity.
The formation of a regional compliance committee works to operationalize compliance through the creation of more direct ownership, accountability, and valuable transparency of your compliance regime. This moves compliance down into all levels of the company’s operations. This approach also significantly improves consistency of compliance execution and helps to ensure that all a company’s business objectives are achieved in a legally compliant fashion. Such a regional compliance committee can advise and provide information and insights to the CCO, receive compliance information from the corporate compliance function for the relevant region regarding applicable compliance requirements, industry standards, your Code of Conduct, as well a corporate compliance program as it relates to a region. A regional compliance committee should not have primary responsibility for internal investigations can report up any known compliance issues to the corporate compliance department.
A regional compliance committee is designed to promote clear and frequent compliance-related communication on related matters throughout the region and strengthen the company’s compliance culture. It is valuable to the overall performance of the corporate compliance program within the region. It allows compliance topics to be more thoroughly discussed at regularly occurring operational meeting they have communication structures designed to facilitate communication up the chain and down the chain; allowing the CCO to have a more direct set of ‘eyes and ears’ closer to the ground. Finally, a regional compliance committee give the compliance function greater visibility within the organization because compliance has been moved further into the middle and lower levels of the organization daily.
Authority and Responsibility
There are multiple delineated responsibilities for a regional compliance committee. Some of these responsibilities can include:
Assisting in identifying not only potential legal and compliance risks in the region but also reputational risks your company.
Establishment of goals and metrics to measure against these legal and compliance goals in the region.
Exercising oversight of the implementation and effectiveness of the company’s compliance program in the region. Additionally, to make recommendations to the CCO and suggest improvements to the compliance practices in the region.
Reviewing and monitoring implementation of your Code of Conduct in the region and assisting in the identification of best practices, alternative strategies and local initiatives to enhance the compliance program.
Assuring to the CCO and the senior leaders of operations that compliance goals and requirements are both established and communicated across the region.
Advise management of its assessment of the corporate compliance program, ethics and compliance risks in the region and steps taken to both manage and lessen such risks.
Reviewing the hotline complaints and other information to assure that appropriate steps are taken to modify the corporate compliance program to reduce identified ethics and compliance risks in the region.
The formation of a regional compliance committee operationalizes compliance into the region where the business operates. This sort of approach follows the Department of Justice mandate, articulated in the Evaluation for companies to move the doing of compliance down into the business of the organization. The make-up a regional compliance committee, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization. This allows a fuller, richer and more holistic approach to not only compliance advice but reviews consistent with the Evaluation’s mandate of shared commitment by other functional disciplines within an organization.
It also adds a dimension not discussed nearly as often in the compliance profession as it should be going forward. The accountability and oversight down to the regional level and the compliance monitoring, reviewing, assessing and recommending will provide additional endorsements up through the organization that it is doing compliance. In compliance, it is execution where the rubber meets the road. This is the functional definition of operationalizing compliance.
Three Key Takeaways
A regional compliance committee works to more fully operationalize compliance.
A regional compliance committee, properly staffed, evidences the shared commitment to compliance as required under the Evaluation.
A regional compliance committee is a two-way communications avenue, both inbound and outbound.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/17/2017 • 12 minutes, 5 seconds
Day 12 of One Month to Operationalization of Your Compliance Program
The operationalization of your compliance programs means how deeply is compliance integrated into the function of your company. Today, I want to consider another way to operationalize compliance through the Compliance Oversight Committee.
The Compliance Oversight Committee sits between the CCO and the Board’s compliance committee. The role of this Compliance Oversight Committee is to provide oversight and review of high risk issues such as third party approvals and renewals, requests for payments from third parties and significant gift, travel and entertainment requests from employees. This committee’s oversight demonstrates not only a shared committee to compliance as required under the Justice Department’s Evaluation of Corporate Compliance Programs but also fulfills the requirement for engaged senior management oversight as a part of a company’s management of risk.
As far back as January 2005, in the Deferred Prosecution Agreement (DPA) entered into between the Department of Justice (DOJ) and the Monsanto Company, it provided for “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or a Compliance Oversight Committee. The scope of this Compliance Oversight Committee was not fleshed out in the DPA. While many have focused on the Compliance Oversight Committee to monitor agents and other third party business representatives, the role of the Compliance Oversight Committee should be broader than simply the issues of third party agents and representatives. A major purpose of a Compliance Oversight Committee is to act as redundant backup to the books and records internal controls systems, designed to prevent and detect violations of a company’s compliance program.
It should be clear the role of the Compliance Oversight Committee is not to substitute its judgment for that of the CCO but rather to provide another level of review to make sure nothing slips through the cracks which might expose the company to unwanted risk. This can begin with a clear, written charter that sets out the functionality, goals, and parameters of the group. Moreover, the Compliance Oversight Committee should be reviewed on a periodic basis to determine usefulness and effectiveness.
To this end, the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual (2016 ed.) suggests the following language in its proposed form of Compliance Committee Charter:
The compliance officer shall have ultimate responsibility for operating the compliance program, with the support and assistance of the compliance committee. The committee shall consist of ### members, representative of each major department or area. The committee may appoint ad hoc members, each to serve at the pleasure of the committee, to assist and advise the committee in carrying out this charter. While the ad hoc members of the committee are not entitled to vote on matters formally considered by the committee, the ad hoc members shall be entitled to call a meeting of the committee and, further, to have any matter included on the agenda of any meeting of the committee. The committee shall designate the proper manner for calling meetings and the setting of agendas thereto.
Who should be on an Oversight Committee?
The Monsanto DPA provides guidance on this point by stating, “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction.” This indicates that senior management should be involved in the Compliance Oversight Committee. It also indicates that more than one department should be represented on the Compliance Oversight Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments, IT, Finance and Business Unit Operations. The bottom line is that the CCO should chair a committee of peers/senior level officers who are in a position to make decisions and marshal resources.
What Should the Oversight Committee Review?
There are a variety of approaches that a Compliance Oversight Committee can assume. It can dive down deeply ‘into the weeds’ for transactions which the company has identified as high risk. This can be the review of agents or other representatives in high risk areas or transactions in high risk countries. The Compliance Oversight Committee can use techniques such as continuous controls monitoring to identify any outliers of payments or other indicia of financial information which would warrant additional investigations. In addition to this remedial review, the Compliance Oversight Committee should review all payments requested by agents and representatives to assure such payment is within the company guidelines and is warranted by the contractual relationship with the company. Lastly, the Compliance Oversight Committee should review company sales or business development requests to provide compensation and, as appropriate, reimbursement for gifts, travel and entertainment of foreign governmental officials.
The oversight of Foreign Business Partners is one of the key mechanisms that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the Foreign Corrupt Practices Act (FCPA). The proper structure of the Compliance Oversight Committee and its full engagement with all aspects of a company’s relationship with a Foreign Business Partner is one of the areas that the DOJ will look for in a successful FCPA compliance program.
However, it is incumbent that each Compliance Oversight Committee should be designed to review the highest risks to your organization. If your company’s highest compliance risk is third party relationships, you should focus your compliance committee resources on that issue. My recommendation is that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with any third party. While this would most necessarily focus on FCPA compliance, there should also be a commercial component to this function. The Compliance Oversight Committee should therefore review all documents relevant to the five-step lifecycle management of third parties.
Conclusion
The Compliance Oversight Committee is a key tool which can be utilized by a company to manage its risks. The books and records component of internal controls is one level of prevention and detection. The review by a Compliance Department for requests for travel for and gifts and entertainment to foreign governmental officials and the lifecycle management of third parties is also an important step in the prevention process. However, the Compliance Oversight Committee is another step which operationalizes compliance and should be employed by companies as an additional protection against any type of compliance and ethics violation slipping through the cracks to become a much larger problem down the road. Companies should implement a Compliance Oversight Committee and review the systems they have in place to detect risky conduct.
Three Key Takeaways
The Justice Department has long suggested an approach of operationalizing compliance through greater senior management oversight.
A Compliance Oversight Committee allows for an increased set of eyeballs on your highest risk compliance risks.
A Compliance Oversight Committee acts as another control mechanism for a best practices compliance program.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/16/2017 • 13 minutes, 1 second
Everything Compliance-Episode 8
This episode is dedicated to the Justice Department’s Evaluation of Corporate Compliance Programs, which was released in February. In this episode, Matt Kelly and Mike Volkov provide next insight. Next week will be views from Jay Rosen and Jonathan Armstrong.
Matt Kelly opens by considering the Evaluation as a continuation in a series of pronouncements around ‘operationalizing’ your compliance program. He discusses whether this approach consistent or different with the regulatory requirements of SEC FCPA enforcement and how would this document intersect with SEC ‘regulatory enforcement’ of the FCPA? Finally, he considers whether the Evaluation ties in at all to a control environment under either the COSO 2013 Framework or COSO ERM framework.
For Matt Kelly’s posts see the following:
Fresh FCPA Guidance from the Justice Department; and
Deeper Dive into new DoJ Compliance Guidance
Mike Volkov discusses why the Evaluation was issued literally in the dead of night and why would the DOJ issue such a significant document with no publicity. He discusses how this might play out during an ongoing FCPA investigation with outside counsel’s interactions with the DOJ and under the Yates Memo. He considers whether the Evaluation draw anything from the Yates Memo or are they really apples and oranges and whether the Evaluation build upon the 2012 FCPA Guidance or does it supplement it.
For Mike Volkov’s posts on the Evaluation see the following:
Under the Dark of Night, DOJ Moves the Compliance Ball;
DOJ’s Compliance Program Evaluation: the Role of the CCO;
DOJ’s Compliance Program Evaluation: Risk Assessment, Policies and Procedures and Third-Party Risk Management; and
DOJ Compliance Expectations Concerning Training, Internal Investigations and Audits
For Tom Fox’s posts on these topics see the following:
New DOJ Evaluation-Valuable Document for the Compliance Practitioner, Part I; and
New DOJ Evaluation-Valuable Document for the Compliance Practitioner,
Part II
For Jay Rosen’s post see, Still in the Enforcement Business and Evaluation of Corporate Compliance Programs
The members of the Everything Compliance panel include:
Jay Rosen – Vice President of Business Development and Monitoring Specialist at Affiliated Monitors. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around, Volkov is the Founder and Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance and former Editor of Compliance Week. Kelly can be reached at [email protected].
Jonathan Armstrong – Rounding out this distinguished panel is our UK colleague, a lawyer with Cordery Compliance in London. Armstrong can be reached at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/16/2017 • 28 minutes, 50 seconds
Day 11 of One Month to Operationalization of Your Compliance Program
Today I want to explore in some detail the first Objective in the COSO 2013 Framework-the Control Environment as a path to operationalize your compliance program. This Objective lays out five steps you can take to put the responsibility on function corporate disciplines to imbue compliance into the fabric of an organization. A. Control Environment Rittenberg said this “sets the tone for the implantation and operation of all other components of internal control. It starts with the ethical commitment of senior management, oversight by those in governance, and a commitment to competent employees.” The five principles of the Control Environment object are as follows: Principle 1 - The organization demonstrates a commitment to integrity and ethical values. Principle 2 - The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Principle 3 - Management establishes with board oversight, structures, reporting lines and appropriate authorizations and responsibility in pursuit of the objectives. Principle 4 - The organization demonstrates a commitment to attract, develop and retain competent individuals in alignment with the objectives. Principle 5 - The organization holds individuals accountable for their internal control responsibilities in the pursuit of the objective. Principle 1 - Commitment to integrity and ethical values What are the characteristics of this Principle? First, and foremost, is that an entity must have the appropriate tone at the top for a commitment to ethics and doing business in compliance. It also means that an organization establishes standards of conduct through the creation of a Code of Conduct or other baseline document. The next step is to demonstrate adherence to this standard of conduct by individual employees and throughout the organization. Finally, if there are any deviations, they would be addressed by the company in a timely manner. This requires an auditor to be able to assess if a company has the met its requirements to ethics and compliance and whether that commitment can be effectively measured and assessed. Principle 2 - Board independence and oversight This Principle requires that a company’s Board of Directors establish oversight of a compliance function, separate and apart from the company’s senior management so that it operates independently in the compliance arena. There should be compliance expertise at the Board level which allows it actively manage its function. Finally, and perhaps most importantly, a Board must actively provide oversight on all compliance control activities, risk assessments, information, compliance communications and compliance monitoring activities. Here, the Board’s Compliance Committee must demonstrate independence. There must also be documented evidence that the Board’s Compliance Committee provides sufficient oversight of the company’s compliance function. Principle 3 - Structures, reporting lines, authority and responsibility This may not seem as obvious but it is critical that a compliance reporting line go up through and to the Board. Under this Principle, you should consider all of the structures of your organization and then move to define the appropriate roles of compliance responsibility. Finally, this Principle requires establishment of the appropriate authority within the compliance function. You must be able to assess whether compliance responsibilities are appropriately assigned to establish accountability. Principle 4 - Attracting, developing and retaining competent individuals This Principle gets into the nuts and bolts of operationalizing compliance. It requires that a company establish compliance policies and procedures. Next there must be an evaluation of the effectiveness of those compliance policies and procedures and that any demonstrated shortcomings be addressed. This Principle next turns the human component of a compliance program. A company must attract, develop and retain competent employees in the compliance function. Lastly, a company should have a demonstrable compliance succession plan in place. You must be able to demonstrate, through compliance policies and their implementation and operationalization a commitment to attracting, developing and retaining competent persons in the compliance function and more generally employees who accept the company’s general principle of doing business ethically and in compliance. Principle 5 - Individuals held accountable This is the ‘stick’ Principle. A company must show that it enforces compliance accountability through its compliance structures, authorizations and responsibilities. A company must establish appropriate compliance performance metrics, incentives to do business ethically and in compliance and, finally, clearly reward such persons through the promotion process in an organization. Such reward is through an evaluation of appropriate compliance measures and incentives. Interestingly a company must consider pressures that it sends through off-messaging. Finally, each employee must be evaluated in his or her compliance performance; coupled with both rewards and discipline for employee actions around compliance. This Principle requires evidence that can demonstrate to an auditor there are processes in place to hold employees accountable to their compliance objectives. Conversely, if an employee does not fulfill the compliance objectives there must be identifiable consequences. Lastly, if this accountability is not effective, the internal controls should be able to identify and manage the compliance risks that are not effectively mitigated. The COSO formulation for internal controls is a key component for any best practices compliance program; whether based upon a FCPA formulation or another anti-corruption law, such as the UK Bribery Act. Moreover, as it probably the most utilized internal controls formulation under Sarbanes-Oxley 404(b) reporting, it should be well-known to your corporate internal controls function and therefore assessable to you as a Chief Compliance Officer (CCO) or compliance professional. In addition to the Principles articulated herein the specific Points of Focus listed in the COSO 2013 Framework can provide a roadmap for testing and evidencing your compliance program in this area. You should not fail to take advantage of it. Three Key Takeaways The COSO 2013 Framework sets out a structure which the compliance practitioner can use to put compliance into the fabric of an organization. For any public company, using the COSO Framework will allow a full response to any SOX 404(b) inquiry by regulators or auditors. The Control Environment Objective allows for not only implementation of controls but also requires individual accountability, as is set out in the Justice Department Evaluation of Corporate Compliance Programs. This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2017 • 12 minutes, 44 seconds
Compliance into the Weeds-Episode 32
In this episode, Matt Kelly and I take a deep dive into a dramatic 48 hours in the life of the FCPA last week, which portends the trend of continued FCPA enforcement. It included the announcement by Kevin Blanco, acting assistant attorney general for the Criminal Division, who speaking at the American Bar Association’s annual white collar crime conference of the extension of the FCPA Pilot Program; the retort by Secretary of State Rex Tillerson to President Trump on the power of the FCPA for US companies doing business overseas, the Justice Department brief and oral argument in the Hoskins appeal where the DOJ continued to press for an expansive view of FCPA jurisdiction as originally preferred by the Obama DOJ; and finally we discuss the summary of all US attorneys by the Trump administration and Matt's proffers an interesting theory on why Preet Bharara was fired.
For more reading, see Matt's piece on Radicalcomplinance.com entitled, "FCPA: Pilot Program Extended, and Much More".
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/15/2017 • 31 minutes, 4 seconds
Day 10 of One Month to Operationalizing Your Compliance Program
Under the Prong entitled “Policies and Procedures” subtexted Operational Integration, the Evaluation states:
Payment Systems – How was the misconduct in question funded (e.g., purchase orders, employee reimbursements, discounts, petty cash)? What processes could have prevented or detected improper access to these funds? Have those processes been improved?
While of the basic Watergate maxims has always been appropriate in any FCPA investigation, Follow The Money, the Evaluation takes payment systems and their internal controls several steps further past the detect and even investigatory precepts. There is not a set of “compliance internal controls” but rather internal controls permeating throughout an organization which creates their effectiveness. Today, we examine what are effective compliance internal controls and how the payroll function can assist in fulfilling those requirements.
What are internal controls?
What are internal controls in a FCPA compliance program? The starting point is the law itself, and as stated in the FCPA requires the following:
Section 13(b)(2)(B) of the Exchange Act (15 U.S.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to:
devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—
(i) transactions are executed in accordance with management’s general or specific authorization;
(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and
(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences …
The Department of Justice and SEC, in their 2012 FCPA Guidance, state, “Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.”
The FCPA Guidance specifies that internal controls are a “critical component” of a best practices anti-corruption compliance program. This is because the design of an organization’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption. A company’s compliance program should be tailored to these differences. After a company analyzes its own risk, through a risk assessment, it should design its most robust internal controls around its highest risk.
Global Payroll Internal Controls
Max van der Klis-Busink, in his Global Payroll Management Institute’s three-part series, entitled “Take Charge With a Global Payroll Control Framework”, laid out how to design, implement and then improve internal controls around global payroll. His article details how one can operationalize your payroll controls to answer the questions posed in the Evaluation.
There are several specific internal payroll controls which will facilitate a company operationalizing your compliance program, as required under the Evaluation. These controls help keep an eye on the money trail as the money to pay a bribe is usually hidden in some company expenditure. The four general areas of payroll control should include: (1) Segregation of duties; (2) Accountability, authorization, and approval; (3) Security of assets; and (4) review and reconciliation.
To meet these four general goals, consider using a selection of the following controls for payroll systems, irrespective of how timekeeping information is accumulated or how employees are paid:
Audit. Have either internal or external auditors conducted an annual audit of the payroll accuracy.
Change authorizations. Only allow a change to an employee’s marital status, withholding allowances, or deductions if the employee has submitted a written and signed request for the company to do so. Any change request should be reviewed and approved by a manager more senior.
Change tracking log. If you are processing payroll in-house with a computerized payroll module, have a secure change tracking which will provide an audit trail.
Expense trend lines. This is your data and it is within your company somewhere. Look for changes in payroll-related expenses in the financial statements and then investigate if warranted.
Issue payment report to supervisors. Request supervisors review payroll summaries for correct payment amounts and unfamiliar names.
Restrict access to records. Prevent unauthorized access to payroll records.
Segregation of duties. You should never allow one person prepare the payroll, authorize it and create payments.
The role of global payroll in FCPA compliance is not often considered in operationalizing your compliance program, yet the monies to fund bribes in violation of the FCPA must come from somewhere. Unfortunately, one of those places is out of payroll. All Chief Compliance Officers need to sit down with his or her head of payroll, have them explain the role of payroll, then you should to review the internal controls in place to see how they facilitate the goals of compliance. From that review you can then determine how to use payroll to help to operationalize your compliance program.
Three Key Takeaways
The Evaluation focuses your preventive prong on payroll, supplementing the prior focus on detection controls.
You still need internal controls around payroll to ‘follow the money’.
Do not forget upgrading and updating payroll controls.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/14/2017 • 12 minutes, 56 seconds
Day 9 of One Month to Operationalizing Your Compliance Program
If there is one over-riding theme from the recently released Evaluation of Corporate Compliance programs it is that a corporate compliance program must be operationalized. Indeed that is the theme of this month’s series of podcasts. Another way to think about operationalization is the connectedness of compliance throughout an organization. In an article from the Harvard Business Review (HBR), entitled “How Smart, Connected Products are Transforming Companies”, by Michael E. Porter and James E. Heppelmann, focused on the new products. It provided some interesting insights into both the interconnectedness of processes and structures, which apply to the compliance practitioner going forward. I call it “connected compliance.” It provides another mechanism for you to consider in operationalizing your compliance program. Process in Connected Compliance Processes are being reshaped by the data which is now available and more “intense coordination among [corporate] functions is now required.” Regarding structures, the authors believe, “new forms of cross-functional collaboration and entirely new functions are emerging.” Obviously compliance is a business process. Yet it should also be a continuous process. The data from a wide variety of sources should be used to track the types of risk that compliance professionals must manage. This begins with third parties. Continuous monitoring of third party watch lists seems almost pedestrian now yet many companies do not understand they have a continuing obligation to understand who they are doing business with, even after the contract is signed. Put simply, due diligence once every two years is a recipe for trouble. But this type of information should not only be limited to third parties’ in your sales business. You should also consider your exposure from your customers. However, what if a large part of your company is exposed to the financial risk of a corrupt company slowing down its business? If you are in the auto supply business or even the software industry, have you considered how much of your business is at risk through your relationship with a company like Volkswagen (VW)? Most Foreign Corrupt Practices Act (FCPA) risk analysis considers corruption risks involving third parties in the sales arena or vendors that come in through the Supply Chain, now, based upon the VW, Petrobras or you name the scandal, you may need to know the corruption propensity of your customers as well. Finally, connected compliance will help make people, materials, energy, plant and equipment far more productive, and the repercussions for business processes will be felt throughout the economy. The authors’ state, “We will see a whole new era of “lean.” Data flowing to and from products will allow product use and activities across the value chain to be streamlined in countless new ways.” For the compliance practitioner, waste will be cut or eliminated. Connected compliance will also allow a compliance solution to be delivered when certain thresholds are met, rather than according to a schedule. New data analytics will lead to previously unattainable efficiency improvements and allow you to do more business in compliance going forward. Structures in Connected Compliance Just as processes have evolved in connected compliance, so do structures. The classical organizational approach combines “two basic elements: differentiation and integration. Dissimilar tasks, such as sales and engineering, need to be “differentiated,” or organized into distinct units. At the same time, the activities of those separate units need to be “integrated” to coordinate and align them.” Connected compliance will have a major impact on both differentiation and integration in your company going forward. This structural changes means that compliance will be integrated into diverse functional units of the company such as manufacturing, logistics and SC, sales and finance. This integration across functional units will occur through the business unit leadership team and through the design of formal processes for connected compliance with multiple units having roles. This sounds quite like operationalizing compliance, exactly as specified by the DOJ in the Evaluation document. However connected compliance gives you the means and methods to think through how to accomplish this goal. You will have to coordinate between and across multiple functions within your organization. It will require the critical function of not only data management but also data analysis. What does it all mean? Such an approach will require “dedicated data groups that consolidate data collection, aggregation, and analytics, and are responsible for making data and insights available across functions and business units.” Once again the compliance function is uniquely situated to be at the fulcrum of this connectedness. But more importantly, you already have this information inside your organization but most usually the compliance function does not have visibility into the data. Compliance must find the tools and processes to cut through the siloed nature of corporate information. It is through connected compliance that all groups within a company will become responsible for compliance. The integration of this data into compliance is still viewed as cutting edge; nonetheless companies have this data, structured within their own ERP systems. Connected compliance will allow senior management to view information to make the business more efficient and allow a company to take more risk because the risks will be managed more effectively. Three Key Takeaways Connected compliance is the inter-relatedness of interconnectedness of compliance processes and structures. Compliance should be ongoing and a continuous process. Compliance must use data analytics tools to cut through the siloed nature of corporate data. This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/13/2017 • 12 minutes, 7 seconds
FCPA Compliance Report-Episode 314, John Champion
In this episode, I have back John Champion, one-half of the podcast duo going through every Star Trek TV episode and movie at missionlogpodcast.com. Today, I visit with John on his reflections on the 50th anniversary of Star Trek, what Star Trek was like both with and post Gene Roddenberry, our differences over the TNG episode Relics and John's upcoming conference appearance. Check out John and his partner Key Ray, each week at missionlogpodcast.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/13/2017 • 36 minutes, 10 seconds
FCPA Compliance Report-Episose 315, James Koukios
In this episode, I visit with Morrison and Forrester partner James Koukios, on the firm's publication "Top Ten International Anti-Corruption Developments for January 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/12/2017 • 22 minutes
This Week in FCPA-Episode 43
In this episode, Jay Rosen reports live from the ABA White Collar Conference at the Fontainebleau Hotel in Miami. In addition to providing his insights on the highlights of the conference and the buzz around the new Justice Department Evaluation of Corporate Compliance Programs document released in February, we discuss:
Adam Davidson’s piece in the New Yorker Magazine entitled, “Donald Trump’s Worst Deal” which looks at a Trump organization transaction in Azerbaijan which raises both FCPA and sanctions issues.
The newly revamped Justice Department’s Fraud Section’s website.
Highlight the rollout of the International Association of Independent Certified Monitors’ (IAICM) new website.
Review the week’s FCPA related issues.
Take a deep dive into the blockbuster trade announced between the Houston Texans and Cleveland Browns where the Texans sent their starting QB and a second round pick to the Browns for a fourth round pick in return (who says Texans are not great horse-traders!)
Jay previews his weekend report.
Tom reports on a talk about 3rd party ROI at the upcoming Third-Party Risk Management & Oversight Summit, on March 20 & 21 at the Princeton Club in New York City. Listeners to this podcast will receive a 15% discount off of the regular price of the event. To take advantage of this offer enter the Code CMP 161. For more information on the event, check out the website by clicking here.
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/10/2017 • 30 minutes, 57 seconds
Day 8 of One Month to Operationalizing Your Compliance Program
Operationalizing your compliance program can take many shapes and forms. Using the entire risk management process to embed your compliance program within the contours of your organization is an important, key step as it will allow you to have full visibility of your compliance risks through a longer life cycle. Forecasting allows you to consider your business strategy and wed the risks you can foresee. Risk assessments allow you to evaluate and measure known risks. Risk-based monitoring allows you to monitor both the compliance risks you and detect those you do not know, on an ongoing basis.
I think there are several key lessons to be considered by any Chief Compliance Officer (CCO) or compliance practitioner. The first is the process around risk management. Most compliance practitioners understand the need for a risk assessment as it is articulated as Hallmark No. 4 of the Ten Hallmarks of an Effective Compliance Program. From the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” In addition to this business case, the FCPA Guidance also specified the enforcement reasons for performing a risk assessment, “DOJ and SEC will give meaningful credit to a company that implements in good faith a comprehensive, risk-based compliance program, even if that program does not prevent an infraction in a low risk area because greater attention and resources had been devoted to a higher risk area.” The DOJ Evaluation of Corporate Compliance Programs builds on this.
Yet as compliance evolves and corporate compliance programs become more sophisticated, compliance is seen not as simply a legal prophylactic, but as a business process. Seen in this light, it is clear the risk management process should begin with forecasting as it attempts to estimate future aspects of your business. Locwin noted that companies should be able to say with some degree of authority, “We think the following will happen in the next three months, six months, twelve months, twenty-four months, is really something that the businesses try to wrap their heads around in such a way that they can shunt resources where they think is appropriate in order to meet these future demands.”
By starting with forecasting, a compliance function utilizes risk assessment to consider issues which forecasting did not predict for or issues which the forecasting model raised as a potential outcome which warranted a deeper dive. If you are moving into a new product or sales area and are required to use third-party sales agents, a risk assessment would provide information that a company could use to ameliorate the risks.
Risk-based monitoring follows on from the issues that your risk assessment identified as your highest risks. Locwin said, “Risk-based monitoring tends to look at things on an ongoing basis, and the models that are behind the risk-based modeling, risk-based monitoring models, they’re continuously refined based on incoming data.”
All of these three tools tie back into process management and process improvement. Locwin stated, “There’s always this balance between what’s actually important for our business or for proper execution, versus what’s actually going on in the whole process. If you’re not measuring at a high enough resolution, you’re not capturing a lot of the environmental, market force, external factors that probably are of high leverage to your operations in business that you just don’t know about.”
Locwin tied them together with the following example, “There’s a 30% chance of this abject market failure happening, this product fails, this restaurant site contaminates people, this product doesn’t ship before Christmas, this phone explodes.” If you knew that in advance, the executive committee probably almost everywhere would say, “We have to act, and act now.” That’s where the rubber meets the road and you’ve got to forecast and a contingency in place. A lot of times, there isn’t that level of forecasting done in advance to say, “We think there’s this 30% chance of it occurring, therefore not only do we need a strong contingency plan, but we should expect to have to use it in Quarter 2. It’s right there sitting on everybody’s dashboard all the time.”
In other words, it comes down to execution. This means you have to use the risk management tools available to you and when a situation arises, you remediate when required. This is not only where the rubber hits the road but the information and data you garner in the execution phase should be fed back into process loop. From this, you will develop continuous feedback and continuous improvement.
I have gone through this in some detail to emphasize the business process nature that compliance has evolved into as a corporate discipline. By using these techniques, the CCO or compliance practitioner makes the business run more efficiently and at the end of the day, more profitably. The more you can bring these types of insight to a Chief Executive, the more you demonstrate how compliance adds to the bottom line and is not simply a cost center.
Three Key Takeaways
The risk management process is an important backbone of operationalizing compliance.
You should be able monitor and measure both known and unknown risks.
All of these steps help a business to run more efficiently and more profitably.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/10/2017 • 11 minutes, 27 seconds
Day 7 of One Month to Operationalizing Your Compliance Program
I continue my discussion of operationalizing your compliance program through the risk management process by considering risk-based monitoring. I continue this series based upon interviews with Ben Locwin, Director of Global R&D at BioGen and an operational strategist in pharma and healthcare, to explore risk forecast, risk assessment and risk monitoring for the compliance profession.
Locwin said, “Risk-based monitoring is really about continuous, ongoing monitoring for those things which provide the most potential future risk to you. In other words, instead of a static risk registry that may come in part with forecasting, where you would say, “We’re trying to anticipate these risks.” By using risk-based monitoring to review issues on an ongoing basis, and the models that are behind the risk-based modeling, risk-based monitoring models, they’re continuously refined based on incoming data.”
The problem for many companies is they are siloed in not only their data but also in the systems. Locwin explained that because of the disparity of data systems, “They may not be tracking rigorous, quantified information all the time.” He cited to an example from the pharmaceutical world where a company could well have 50 worldwide sites where a drug product is being tested. Some patients receive a placebo and some patients receive the medication being tested. As data comes in you begin to note patterns in certain patients and groups, which might actually point towards a variety of testing errors by physicians administering the test.
Through the use of risk-based monitoring, you can begin to see things in “almost real-time, time-based trends of real data that you can then jump on and try to make adjustments before things get really wacky.” The implications to the compliance practitioner? Having access to information around sales, the sales process and corporate largess in things from Corporate Social Responsibility (CSR) work to gifts, travel and entertainment to conferences for customers and end users. Through the use of such risked-based monitoring a compliance professional would have the opportunity see trends developing which could allow an intervention for a prescriptive solution which could prevent an issue from becoming a Foreign Corrupt Practices Act (FCPA) violation.
Yet Locwin cautioned that compliance professionals should guard against bias. In an article by Locwin, entitled “Be Careful When Appraising Industry Trends”, he stated, “Social media has rapidly accelerated the agility with which the public can change allegiance and direction. It used to be that when information dissemination was slower and more compartmentalized within regions and market segments, that the market resistance to fluctuation was more robust. Now well-placed advertising, social commentary, or public response to corporate missteps can swirl into a maelstrom of market changes within hours that is agnostic to region or market segment.”
In today’s world, the speed at which reputational damage reigns out can overwhelm a corporation’s ability to respond. Here one might consider Wells Fargo and how fast the situation spun out of control for them after its $185MM fine was announced. It is through the use of risk-based monitoring, which allows for this almost real-time input, that a response to a forecasted, assessed or even unassessed risk can be developed. In the compliance world, such tools could be brought to bear when considering not only the expense side of such areas as gifts, travel and entertainment but also sales side data. This could be internal company data on its own salesforce and also information developed from or concerning your third-party sales team.
In Locwin’s primary world of pharmaceutical testing and product development, the need for such real-time information can be more critical. Yet through the development of these techniques as compliance tools, the compliance profession can add value to an organization through the use of risk-based monitoring. With the plethora of data on where and how corruption is likely to occur, coupled with meaningful sales and expense data, the compliance professional should be able to move from detect to prevent to prescriptive compliance solutions to prevent legal violations.
Finally, the beauty of all these techniques is that they are tools that can make companies more efficient and, at the end of the day, more profitable. They also move compliance into the fabric and DNA of an organization or in the terminology of the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, operationalize compliance. The DOJ has made clear what it expects around the risk management process. You need to develop your response now.
Three Key Takeaways
Risk-based monitoring is a follow on from forecasting and risk assessments in the risk management process.
Risk based monitoring can provide real-time feedback and input from your operationalized compliance program.
Use risk-based monitoring to cut through corporate siloes.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/9/2017 • 11 minutes, 13 seconds
FCPA Compliance Report-Episode 313, Adam Davidson
In this episode, I visit with New Yorker reporter Adam Davidson, who penned an article in the New Yorker which looked at a hotel deal between the Trump organization and a family of Politically Exposed Persons (PEPs) in Azerbaijan. Davidson talks about what intrigued him about the story, his reporting and most troubling, the PEPs alleged ties to funding from the Iranian Revolutionary Guard. It is a cautionary tale about major construction project in countries with a high perception of corruption, the need to understand who your business partners are and the source of their funding. The article is Donald Trump's Worst Deal.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/9/2017 • 49 minutes, 30 seconds
Day 6 of One Month to Operationalizing Your Compliance Program
The DOJ Evaluation of Corporate Compliance Programs states:
Risk Management Process – What methodology has the company used to identify, analyze, and address the particular risks it faced?
Information Gathering and Analysis – What information or metrics has the company collected and used to help detect the type of misconduct in question? How has the information or metrics informed the company’s compliance program?
I continue my exploration of the risk management process by focusing today on risk assessments. One cannot really say enough about the role of risk assessment in compliance programs. Each time you hear a regulator talk about compliance programs, it starts along the lines of you cannot manage your FCPA risk without first determining what your company’s risk is; and to determine that compliance risk, the process you should utilize comes through a risk assessment.
We previously considered forecasting. The differences between forecasting and risk assessment is that risk assessment attempts to consider things which forecasting either did not reliably predict for, or those things which the forecasting models have raised as potential outcomes which could be troubling, critical themes and issues. As Ben Locwin has explained, “What you’re trying to do then is decide on how you would address these. Risk assessments should create your risk registry. Those items which are most consequential for your organization, whatever it happens to be.”
Within the context of an anti-corruption compliance program, you are trying to make adjustments based on the risks of violation of the law, out in the marketplace. For instance, in a compliance forecast, third-party risk should be considered at the top of your ordinal list of risk and you should consider a multitude of factors such as the operating procedures, processes and systems and training. Of course, the execution of that process is a critical component as well.
All these things, to some degree, should appear in a risk assessment for the organization. Meaning, at the corporate level, what happens if you change products or sell into a new geographic area which is perceived to be more high-risk? There should be a risk assessment node which has a component that notes these changes so that you can adapt as necessary. Locwin stated, “The risk assessment itself is designed to be able to elevate these, and if something does happen, the next step would be to take appropriate course of action to address any of those risks.”
An example which illustrates the differences between forecasting and a risk assessment, yet how the two are complimentary. This winter when I began purchasing hot coffee products from Starbuck, as opposed to the cold drinks I buy during the hotter parts of the year, I discovered that baristas’ no longer put sleeves on coffee cups but now require you to ask for one. The second time I had to ask for a sleeve, I inquired from the barista why I had to do so. She replied that corporate had changed the policy for environmental reasons and that she could only provide a sleeve at the specific request of the customer. When I pointed out that it slowed the line down and was much less efficient in the delivery of Starbuck’s coffee, she replied, “You're absolutely right. I hate it. Would you please email Starbucks and tell them of your dissatisfaction?”
I will let Locwin pick it up from here, “what you’ve put your finger on is the crux of the balance of forecasting versus risk assessment. They’re two very different things, but at the same time, as they weave through time, they interchange. For example, Starbucks would potentially say, “We forecast that consumers are going to be more concerned about paper use, sleeves, the economic costs to the world, of extra paper waste and things. We’re going to, in certain locations, let’s say across Texas, we’re going to pilot that we don’t give out sleeves unless they’re asked for.” In their risk assessment, which I can tell you didn’t change from that forecast, what they then should have had was a commensurate line item which said, “If consumers start to have a problem with what’s being done at these locations, our immediate contingency plan is to do the following, to strip it away immediately, full stop, so that every cup gets a sleeve, so that they’re not slowing down lines, consumers say you heard us immediately, and then the organization is back on track.”
Their forecast plans something, the risk assessment should have had countermeasures to address, and instead if they didn’t have this in place, they’re going to have to wait until they start to have a Twitter feed that blows up… The risk assessment model should say, “Then we will do the following.” Really they don’t have the capability in a lot of cases to measure the effect of this and immediately course correct. It’s probably going to be a month, two months, four months before they start to get wind of this in a consistent way to say, “Texas was dissatisfied by this change and same in our pilot in Wisconsin. Let’s stop not giving out sleeves… Then eventually that starts to dissipate and they get rid of this whole new silly paradigm.”
Locwin’s point was that your risk assessment can help to inform your response to FCPA violation, corporate crisis or even (in my opinion) the misstep of requiring Starbucks customers to ask for sleeves for their coffee purchases. In another article by Locwin, entitled “Quality Risk Assessment and Management Strategies for Biopharmaceutical Companies”, he noted, “knowledge is power”. He went on to add, “Once we have assessed risks and determined a process that includes options to resolve and manage those risks whenever appropriate, then we can decide the level of resources with which to prioritize them. There always will be latent risks: those that we understand are there but that we cannot chase forever. But we need to make sure we’ve classified them correctly. With a good understanding of each of these, we’re in a much better position to speak about the quality of our businesses.”
Three Key Takeaways
The Evaluation put renewed emphasis on risk assessments.
Risk assessments logically follow and are complimentary to forecasting.
The risk assessment output allows you to prioritize your response with plan funding and deliver resources in a risk management solution.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/8/2017 • 12 minutes, 34 seconds
Compliance into the Weeds-Episode 30
The Justice Department Fraud Section recently revamped its website and it is quite an upgrade. I do not know when the Fraud Section did this update but as with the Evaluation of Corporate Compliance Programs document, it certainly was a soft launch. It appears the new site compiles several disparate sources of Fraud Section and Justice Department information into one website. Also, there looks to my eye to be some information posted on the Fraud Section website for the first time. In short, it is an excellent and most welcomed resource.
A quick review of the site has a slide show of recent Justice Department resolutions scrolling across the screen. Go down to the bottom of the screen and you will see two very interesting documents, a 2015 and 2016 Fraud Section Year in Review. The FCPA Unit section includes such information as prior enforcement actions, Opinion Releases, other anti-corruption treaties and resources. There is also a list of Fraud Section leadership.
However, the Fraud Section is made up of more than simply the FCPA unit and there are tabs for the following Health Care Fraud and Securities and Financial Fraud. Most interesting to me was the tab for the Strategy, Policy and Training Unit, which I have to admit, did not know was a part of the Fraud Section. The opening page for this Unit provides a description of its work. It is as wide ranging as international coordination and interaction with foreign prosecutors and investigators.
This new website revamp is a most welcomed resource for the compliance community. While it may be viewed as simply a compilation of other sites and locations within the greater Justice Department website by some; I believe the vast majority of compliance practitioners will find it a most welcomed compilation and resource.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/8/2017 • 18 minutes, 47 seconds
Day 5 of One Month to Operationalizing Your Compliance Program
At its heart, every business tries to plan for its future. It is a critical aspect of any management of any organization, non-profits, privately owned for profits and, of course, publicly traded companies. It is important that management be able to set out what it opines will happen in the next three, six, twelve and twenty-four months. Noted health care process expert Ben Locwin has said this “is really something that the businesses try to wrap their heads around in such a way that they can shunt resources where they think is appropriate in order to meet these future demands. Forecasting really at its heart is an educated guess and really as much as it becomes a reliable model more so and less so a guess, is based on the quality of the input data.” It is a process through which you are attempting to “prognosticate what the future will bring to you”. Unfortunately, forecast models are only as good as the data which are put into them or the GIGO (Garbage In, Garbage Out) Principal.
Three Key Takeaways
Risk management is a process and forecasting is the first step in that process.
GIGO and the only constant is change.
Forecasters must always remember that more than one outcome is possible.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2017 • 13 minutes, 13 seconds
FCPA Compliance Report-Episode 312, Ben Locwin
In this Part III to a three part podcast series, I visit with noted risk management expert, Ben Locwin on risk-based monitoring as a adjunct to forecasting and risk assessments. We discuss how to accomplish it and how to integrate into your overall monitoring and feedback loops. We conclude with a stitching together of the risk management process. For More Information see my five part blog series on the Risk Management Process.
1. Forecasting
2. Risk Assessments
3. Risk-Based Monitoring
4. White Noise and Interpreting Data
5. What does it all mean?
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/7/2017 • 20 minutes, 26 seconds
Day 4 of One Month to Operationalizing Your Compliance Programs
Analysis and Remediation of Underlying Misconduct
Root Cause Analysis – What is the company’s root cause analysis of the misconduct at issue? What systemic issues were identified? Who in the company was involved in making the analysis?
A root cause analysis should be a method to learn more about your business process and what went wrong so that the systems and process itself can be changed because there is a thinking in the field which basically centers around the theme of, unless you have changed the process, then you're going to keep getting similar or the same results. The process is going to deliver whatever it delivers, whether that be right, wrong, or indifferent. Until you change the process and the systems, you can basically expect that you're going to have some sort of output that is going to repeat itself over and over again. Finding blame does not necessarily help and really you want to get deeper into those root causes. The reason it is monikered “root cause analysis”, is to emphasize the need to drill down below the superficial pieces of the framework to fix, and into the things that are actually driving the outcomes and the behaviors.
Three Key Takeaways
The DOJ Evaluation mandates a root cause analysis.
You cannot have a culture of blame for a root cause analysis to be effective.
Always remember CAPA.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/6/2017 • 12 minutes, 51 seconds
This Week in FCPA-Episode 42
Jay Rosen and I dedicate the entire episode to the FUBAR surrounding the Oscar ceremony where the Best Picture award was given to the wrong picture. We consider the control failures around the incident, look at it from a compliance program perspective, consider the failures in light of the new Justice Department Evaluation of Corporate Compliance Programs and conclude with the lessons to be learned for the compliance practitioner from the entire fiasco.
For some additional reading see, Jay’s piece on Linkedin, “David vs. Goliath; Ethics & Compliance Lessons to be Learned from the Oscars” and Matt Kelly look at the control failures and other issues in his blog post on Radical Compliance, “And the Oscar for Control Failures Goes to…”
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
[email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/3/2017 • 25 minutes, 22 seconds
Day 3 of One Month to Operationalizing Your Compliance Program
Yesterday I began a two-part series on the Department of Justice (DOJ’s) “Evaluation of Corporate Compliance Programs” (Evaluation) posted on the Fraud Section in February. The document is an 11-part list of questions which encapsulates the DOJ’s most current thinking on what constitutes a best practices compliance program. Within the list are some 46 different questions that a Chief Compliance Officer (CCO) or compliance practitioner can use to benchmark a compliance program. In short, it is an incredibly valuable and most significantly useful resource for every compliance practitioner.
Three Key Takeaways
This DOJ Evaluation provides clear guidance on the expectations of government regulators regarding what your program should consist of, how it should be effected and where you need to go down the road. It is also a valuable teaching tool as you can lay out for your Board and senior management the clear requirements for any best practices compliance program.
The document also re-emphasizes that you should listen when the DOJ communicate their expectations around compliance. Beginning with the initial public remarks of Hui Chen and comments by former Assistant Attorney General Leslie Caldwell in November 2015, through the announcement of the FCPA Pilot Program in April 2016 and subsequent public remarks by Caldwell, Sally Yates and Daniel Kahn, the DOJ has consistently articulated the need for the operationalization of a corporate compliance program. Indeed, one can draw a straight-line from Caldwell’s November 2015 remarks at the SIFMA Compliance and Legal Society New York Regional Seminar where she presented the requirements to operationalize compliance in discussing compliance program metrics.
Any company which simply puts a paper program in place, whether it is certified or not, and then sits back on its collective hands, is in for a very rude awakening if it comes before the DOJ in an investigation or enforcement action. For it is in operationalization of your compliance program that the DOJ will give credit to a functioning compliance program.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/3/2017 • 13 minutes, 14 seconds
Day 2 of 30 Days to Operationalize Your Compliance Program
The Evaluation, most generally, follows the DOJ and Securities and Exchange Commission’s (SEC) seminal Ten Hallmarks of an Effective Compliance Program, released in the 2012 FCPA Guidance. If there is one over-riding theme in the Evaluation, it is the DOJ’s emphasis on operationalizing your compliance program as the questions posed are designed to test how far down your compliance program is incorporated into the very DNA and fabric of your organization. The Evaluation is not simply a restatement of the Ten Hallmarks, as it clearly incorporates the DOJ’s evolution in what constitutes a best practices compliance program over the past 18 months and it certainly builds upon the information put forward in the DOJ’s FCPA Pilot Program regarding effective compliance programs, most particularly found in Prong 3 Remediation.
Three Key Takeaways
The Evaluation follows a consistent theme of DOJ pronouncement over the past 18 on to operationalize your compliance program.
There is one new area with a focus on root cause analysis and risk assessments.
There is a greater consideration of how the CCO is treated and viewed within an organization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
One event which promises to be most excellent is the upcoming Third-Party Risk Management & Oversight Summit, on March 20 & 21 at the Princeton Club in New York City. I will be attending and speaking at the event and I hope that you can join me. I have had the previously had the opportunity to do a podcast with the Event Chair, Melissa Evans, Lead Quality Systems, Supply Chain Management, Royal Caribbean Cruises (Episode 307). Today I visit with Forrest Deegan, the Chief Ethics and Compliance Officer for Abercrombie & Fitch.
Forrest detailed How to Perform an ROI analysis of a third-party program for both the sales and supply chain side of things, drawing from his experience at A&F. He related some of the costs for getting it wrong in the short-term, along with smart money investments and cost-cutting ideas and then provided some insight into the cost-benefit analysis on A&F third-party programs.
The best part is listeners to this podcast will receive a discount to the event. You can receive a 15% discount off the regular price by entering the Code CMP 161. For more information on the event, check out the website by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/2/2017 • 17 minutes, 16 seconds
Day One of One Month to Operationalizing Your Compliance Program
Last month, the Department of Justice (DOJ) very quietly released a document, entitled “Evaluation of Corporate Compliance Programs” (Evaluation), on the Fraud Section website. The document is an 11-part list of questions which encapsulates the DOJ’s most current thinking on what constitutes a best practices compliance program. Within the list are some 46 different questions that a Chief Compliance Officer (CCO) or compliance practitioner can use to benchmark a compliance program. In short, it is an incredibly valuable and most significantly useful resource for every compliance practitioner. The document has one clear theme that I will be exploring this month—you must operationalize your compliance program.
The Evaluation, most generally, follows the DOJ and Securities and Exchange Commission’s (SEC) seminal Ten Hallmarks of an Effective Compliance Program, released in the 2012 FCPA Guidance. If there is one over-riding theme in the Evaluation, it is the DOJ’s emphasis on doing compliance as the questions posed are designed to test how far down your compliance program is incorporated into the fabric of your organization. The Evaluation is not simply a restatement of the Ten Hallmarks, as it clearly incorporates the DOJ’s evolution in what constitutes a best practices compliance program, and it certainly builds upon the information put forward in the DOJ’s FCPA Pilot Program regarding effective compliance programs, most particularly found in Prong 3 Remediation. Once again, I detect the hand of DOJ Compliance Counsel Hui Chen in not only helping the DOJ to understand what constitutes an effective compliance program but also providing solid information to the greater compliance community on this score.
Three Key Takeaways
The DOJ Evaluation requires you to operationalize your compliance program.
The DOJ Evaluation makes clear compliance is a business process.
The DOJ Evaluation is significant for what it does not focus on, legal solutions or even legal language.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/1/2017 • 10 minutes, 10 seconds
Compliance into the Weeds-Episode 30
In this episode Matt Kelly and myself take a deep dive into SOX 404(b), what it requires and how companies comply with the reporting requirements set out in this statute. We consider the recent announcements from Congressman Jeb Hensarling to amend this section to exempt companies under the $500MM who wish to go public from its reporting requirements. We consider the corporate and audit response currently in place for 404(b) and how this response is now well embedded in not only corporate controls but also in reporting. We discuss the importance of internal controls over the time frame since the enactment of SOX and how any change may not be well received by institutional investors and private equity funders.
For a more detailed discussion, see Matt’s blog post entitled, “Tale of Sound & Fury: The 404(b) Debate”.
Learn more about your ad choices. Visit megaphone.fm/adchoices
3/1/2017 • 22 minutes, 56 seconds
Day 20 of One Month to a Better Board
I end my One Month to a Better Board series with a discussion from the recently released Justice Department Evaluation of Corporate Compliance Programs as it relates to a Board of Directors. In an area of inquiry entitled, “Oversight” the DOJ asked three basic questions which we have explored throughout this series. The questions presented by the DOJ were:
What compliance expertise has been available on the board of directors?
Have the board of directors held executive or private sessions with the compliance function?
What types of information has the board of directors examined in their exercise of oversight in the area in which the misconduct occurred?
In addition to specifically stating that a Board of Directors must have a compliance subject matter expert going forward, it opines there should be a Board level committee dedicated to compliance as well. I have previously explored questions a Board should ask a Chief Compliance Officer (CCO). Today I want to focus some attention on questions by a Board of Directors around the Compliance Committee itself. To facilitate the answers to these DOJ questions, I have ended this series with a list of 20 questions below which reflect the oversight role of directors. These are questions which the Board should ask of both senior management and the Board itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary.
The comments summarize the most current thinking on the issues and the practices of leading organizations. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.
Part I: Understanding the Role and Value of the Compliance Committee
What are the Compliance Committee’s responsibilities and what value does it bring to the board?
How can the Compliance Committee help the board enhance its relationship with management?
What is the role of the Compliance Committee?
Part II: Building an Effective Compliance Committee
What skill sets does the Compliance Committee require?
Who should sit on the Compliance Committee?
Who should chair the Compliance Committee?
Part III: Directed to the Board
What is the Compliance Committee’s role in building an effective compliance program within the company?
How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?
How long should directors serve on the Compliance Committee?
How can the Compliance Committee assist directors in retiring from the board?
Part IV: Enhancing the Board’s Performance Effectiveness
How can the Compliance Committee assist in director development?
How can the Compliance Committee help the board chair sharpen the board’s overall performance focus?
What is the Compliance Committee’s role in board evaluation and feedback?
What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?
Should the Compliance Committee have a role in chair succession?
How can the Compliance Committee help the board keep its mandates, policies and practices up-to-date?
Part V: Merging Roles of the Compliance Committees
How can the Compliance Committee enhance the board’s relationship with institutional shareholders and other stakeholders?
What is the Compliance Committee’s role in CCO succession?
What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?
How can the Compliance Committee help the board in deciding CCO pay, bonus and resources made available to the corporate compliance function?
Three Key Takeaways
The DOJ Evaluation of Corporate Compliance Program requires active Board of Director engagement around compliance.
Board communication on compliance is a two-way street; both in bound and out bound.
Has the Board built an effective Board Compliance Committee?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/28/2017 • 12 minutes, 25 seconds
FCPA Compliance Report-Episode 310
This podcast considers the differences between forecasting and risk assessment is that risk assessment attempts to consider things which forecasting either did not reliably predict for, or those things which the forecasting models have raised as potential outcomes which could be troubling, critical themes and issues. As Locwin explained, “What you’re trying to do then is decide on how you would address these. Risk assessments will percolate to the top of the list, your risk registry. Those items which are most consequential for your organization, whatever it happens to be. Again, just like forecasting, risk assessments apply to every organization.”
Within the context of an anti-corruption compliance program, you are trying to make adjustments based on the risks of violation of the law, out in the marketplace. For instance, in a compliance forecast, third-party risk should be considered at the top of your ordinal list of risk and you should consider a multitude of factors such as the operating procedures, processes and systems and training. Of course, the execution of that process is a critical component as well.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/28/2017 • 21 minutes, 17 seconds
Day 19 of One Month to a Better Board
There are three core areas upon which Directors should focus their attention regarding to help establish and maintain an effective compliance program. They are: (1) structure, (2) culture and (3) risk management.
Structural Questions
This area consists of questions which will aid in determining the fundamental sense of a company’s overall compliance program. The questions should begin with the basics of the program through to how the program operates in action. Some of the structural questions Board members should ask are the following.
Who oversees the operation of the program?
What is in the Code of Conduct? Is each Board member aware of corporate standards and procedures?
How are complaints being received?
Who conducts investigations and acts on the results?
What corporate resources are being devoted to the compliance and ethics program?
How much money is allocated to the program?
What types of training is required? How effective is it?
Have any compliance failures been detected? If so, how was such detection made?
If a company’s compliance program is less mature, what are the charter compliance documents?
If a company’s compliance program is more mature, there should be queries regarding the roles of the General Counsel vs. a Chief Compliance Officer. What is the CCO reporting structure?
Cultural Questions
This area of inquiry should focus on the culture of the organization regarding compliance. Board members should have an understanding of what message is being communicated not only from senior management but also middle management. Equally important, the Board needs to understand what message is being heard at the lowest levels within the company. Some of the cultural questions Board members should ask are the following.
When did the company last conduct a survey to measure the corporate culture of compliance?
Is it time for the company to resurvey to measure the corporate culture of compliance?
If a survey is performed, what are the results? Have any deficiencies been demonstrated? If so, what is the action plan going forward to remedy such deficiencies?
Did any compliance investigations arise from a cultural problem?
Regardless of any survey results, what can be done to improve the culture of compliance within the company?
If there were any acquisitions, were they analyzed from a compliance culture perspective?
Are there any M&A deals on the horizon, have they been reviewed from the compliance perspective?
Risk Management Questions
Board members need to understand the company’s process being used to identify emerging risks, their evaluation and management. Such risk analysis would be broader than simply a compliance risk assessment and should be tied to other broader corporate matters.
What is the risk assessment process?
How effective is this risk assessment process? Is it stale?
Who is involved in the risk assessment process?
Does the risk assessment process take into account any new legal or compliance best practices developments?
Are there any new operations that pose substantial compliance risks for the company?
Is the company tracking enforcement trends? Are any competitors facing enforcement actions?
Has the company moved into any new markets which impose new or additional compliance risks?
Has the company developed any new product or service lines which change the company’s risk profile?
Three Key Takeaways
A Board of Directors should inquire into the structural component of the compliance program as it will aid in determining the fundamental sense of a company’s overall compliance program.
Cultural questions should be asked to garner an understanding of what message is being communicated not only from senior management but also middle management.
Risk management questions should be asked to understand the company’s process being used to identify emerging risks, their evaluation and management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/27/2017 • 13 minutes, 50 seconds
Day 18 of One Month to a Better Board
Where does “Tone at the Top” start. With any public and most private US companies, it is at the Board of Directors. But what is the role of a company’s Board in FCPA compliance? We start with several general statements about the role of a Board in US companies. First a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this through asking hard questions, risk assessment and identification.
In a recent White Paper, entitled “Risk Intelligence Governance-A Practical Guide for Boards” the firm of Deloitte & Touche laid out six general principles to help guide Boards in the area of compliance risk governance. I have adapted them for the Board role around compliance.
Define the Board’s Role-there must be a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities.
Foster a culture of compliance risk management-all stakeholders should understand the compliance risks involved and manage such risks accordingly.
Incorporate compliance risk management directly into a strategy-oversee the design and implementation of compliance risk evaluation and analysis.
Help define the company’s appetite for compliance risk-all stakeholders need to understand the company’s appetite or lack thereof for compliance risk.
Execute the compliance risk management process-the compliance risk management process should maintain an approach that is continually monitored and had continuing accountability.
Benchmark and evaluate the compliance process-compliance systems need to be installed which allow for evaluation and modifying the compliance risk management process for compliance as more information becomes available or facts or assumptions change.
All of these factors can be easily adapted to FCPA compliance and ethics risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s Chief Compliance Officer to either the Audit Committee or the Compliance Committee. This commentator recommends that a Board create a Compliance Committee as the Audit Committee may more appropriately deal with financial audit issues. A Compliance Committee can devote itself exclusively to non-financial compliance, such as FCPA compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information the Board can give oversight to any modifications to managing FCPA risk that should be implemented.
There is one other issue regarding the Board and risk management, including FCPA risk management, which should be noted. It appears that the Securities and Exchange Commission (SEC) desires Boards to take a more active role in overseeing the management of risk within a company. The SEC has promulgated Reg SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company which fails to make it to fines, penalties or profit disgorgement.
Three Key Takeaways
The Board’s role is to keep really bad things from happening to a Company.
There are six general areas the point can inquire into and lead from.
SEC Reg SK 407 may put greater scrutiny on Boards.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/24/2017 • 13 minutes, 58 seconds
This Week in FCPA-Episode 41
In this special live, on location episode, Jay Rosen and I discuss the recent SCCE 2017 Utilities and Energy Conference held in Washington DC. He hit on the highlights, topics, vendors and key note speakers. We also discuss the impact of the recently released DOJ Evaluation of Corporate Compliance Programs. Finally we have a guest appearance by Jim Moore, recently installed as SVP at Trust Point International. For a copy of the Evaluation of Corporate Compliance Programs, click here. For my two blog posts on the Evaluation, Part I and Part I
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/24/2017 • 30 minutes, 42 seconds
FCPA Compliance Report-James Koukios
In this episode I visit with Morrison Forrester partner James Koukios on the firm's December newsletter on the Top Ten International Anti-Corruption Developments for December 2016. James and I visit about some of the lesser known highlights from the month of December 2016 in the global enforcement of anti-corruption.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/23/2017 • 24 minutes, 39 seconds
Day 17 of One Month to a Better Board
In this final five days of my One Month to a Better Board series, I will look at inquiries and questions a Board can take to help the organization actually do compliance going forward. I begin with an exploration of how can a Board work to incorporate the compliance function into a long-term business strategy of the organization. A Board can do so by engaging with the Chief Compliance Officer and compliance function through having a strong Board which is committed to doing business ethically and incompliance with anti-corruption laws such as the FCPA and engaging actively with the CCO and compliance function. This post will begin a discuss of various tools and techniques a Board can use and engage to move to this level of engagement.
The first point is to develop a framework for incorporating compliance into your long-term strategy. This framework draws from the State Street Global Advisors’ strategy for sustainability and adapts it to compliance. To set up the framework for evaluation of the compliance function is a three-step process, which you can use to determine how comprehensive you compliance program is as a starting point.
Step 1-has the company identified the compliance issues relevant to the Board?
Step 2-has the company assessed and incorporated those compliance issues into its long-term strategy?
Step 3-has the company communicated its approach to compliance and the influence of those factors on its overall strategy?
From this initial inquiry you can move into some specific questions that the Board can use to determine the overall state of your company’s compliance program. First a Board can work to identify compliance issues material to your organization. This can be accomplished with compliance related key performance indicators, which a Board should then prioritize to elevate their impact on compliance. A Board should consider these through the life-cycle of a business line or geographic sales area. Next the Board should work to move compliance into both the long-term strategy for the company and also have the CCO detail the long-term strategy for the compliance function.
Drawing from the February release Justice Department Evaluation of Corporate Compliance Programs (Evaluation), the Board should actively work to incorporate compliance into the long term capital allocation of the company. Obviously the earlier the investment the better as it brings benefits such as benefits through brand differentiation, lowering the risk profile of the company and improving nimbleness in market responses
The Board should oversee the incorporate of KPIs into senior management performance evaluations and compensation. Once again building upon the Evaluation which asks how the company monitors its senior leadership’s behavior and how senior leadership modelled proper behavior to subordinates, the Board should make certain systems are in place to quantify or measure performance related to compliance issues, should establish performance goals against which they measure compliance achievement and finally disclose to shareholders the material compliance issues that drive compensation, the specific goals or performance targets that
management has to achieve and report on the actual performance against established goals to justify compensation payouts.
Finally the Board should work to communicate the influence of compliance factors on overall corporate strategy by demonstrating how compliance was integrated into the business. Not only is this good from a business perspective and shareholder expectation but also as the DOJ Evaluation makes clear what the government expects is the operationalization of compliance going forward.
These general factors will lead us into more specific questions that a Board can pose as we continue one month to a better board for a best practices compliance program.
Three Key Takeaways
Having a long term strategy is critical.
What is the Board’s framework for assessing compliance?
Create KPIs to measure senior management’s actions around compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/23/2017 • 13 minutes, 34 seconds
Day 16 of One Month to a Better Board
Yesterday, I considered the Board of Director’s role in hiring of senior executives and in other key positions and corporate positions and corporate relationships. Today I want to consider the Board’s role in succession planning. In an article entitled, “Advancing Board Refreshment Through the Director Succession Planning Process” authors William Libit and Todd Freier posited that a Board’s ability to “refresh itself on a regular basis can help ensure it maintains a proper mix of experience and expertise to meet the organization’s current and long term needs.”
While noting that there is no ‘one-size-fits-all-approach’ to succession planning, the authors believe there are some key traits you should consider in succession planning. To facilitate this theorem, the authors laid out a seven-step approach for Director succession planning.
Examine the Key Corporate Documents-this includes Board review of all relevant corporate governance documents, including guidelines, the Charter for Board Governance, the Director Nomination Policy and any relevant policies setting out the appropriate protocols and procedures.
Use an Assessment Framework-here the authors have a four step self-assessment which suggests you consider including (a) the current strengths and weaknesses of the board and each board committee; (b) the short- and long-term skills needs of the board; (c) evaluating how the board’s assessment changes regarding retiring directors; and (d) “shifting the board’s approach of automatically re-nominating existing directors to one that bases a director’s re-nomination on a number of criteria, such as the board’s evolving needs and director performance.”
Conduct Due Diligence-as noted in Day 15, you should conduct an executive level due diligence background investigation, not simply a background check.
Maintain a Pipeline-every Board should maintain a pipeline of qualified candidates as “Significant changes in director employment, health concerns or other unexpected personal or professional events may necessitate quick director succession. Having potential qualified candidates already identified will greatly assist with the effectiveness and efficiency of the succession process.”
Assess Board Policies-just as a company should periodically assess and reassess its policies and procedures, the Board “should incorporate periodic (at least annual) assessments of its board leadership, committee membership, rotation and mandatory retirement policies.” From this exercise, a Board can identify current and future leadership and committee needs and the specific subject matter expertise required going forward.
Disclose Your Succession Strategy-both a large number of institutional investors and good corporate governance advocates suggest that companies disclose their Board of Director succession strategies. The authors noted, “Although not currently mandated by rule or regulation, boards should consider disclosing their director succession strategy to provide greater transparency to shareholders and other stakeholders.”
Benchmark Your Succession Strategy-the authors conclude by noting that a Board should benchmark its succession strategy with industry peers around the use of the steps outlined in this piece and to stay aligned with the evolving policies and positions of large institutional shareholders and good corporate governance advocates.
Three Key Takeaways
Board ‘refreshment’ is a hot topic in corporate governance.
Review your Board policies to understand what subject matter expertise a Board will need going forward.
Transparency in Board succession planning.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/22/2017 • 11 minutes, 42 seconds
FCPA Compliance Report-Ben Locwin
In this episode, I begin a three-podcast series on risk management in compliance with Ben Locwin, Director of Global R&D at BioGen and an operational strategist in pharma and healthcare, to explore risk forecast, risk assessment and risk monitoring for the compliance profession. Today we consider forecasting in the risk management process.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/22/2017 • 21 minutes, 47 seconds
Day 15 of One Month to a Better Board
What is the role of a Board of Directors in hiring senior executives, Chief Compliance Officers and even other Board members? I recently explored this issue with Candice Tal, founder and CEO of Infortal, a global security and risk management consulting company. Tal began by noting, that a bad senior executive hire can cost a company much more than simply dollars. She noted, the “financial costs in day-to-day operations easily can quadruple that of a regular employee, but it can also impact the company’s corporate governance and Board of Directors if that executive hire was found to be involved with unethical and illegal activities. Not even a signed contract can protect a company if an executive hire’s unethical actions come to the attention of the national media. Fiduciary risk and exposure for the board of directors cannot be overlooked.”
She pointed to the example of Yahoo! and its hire of Scott Thompson back in 2012. It turned out that Thompson had incorrect information on his online biography regarding his academic credentials. As Tal noted, “implications went beyond the activist shareholder accusations to reflect on the board of directors for not vetting his background more carefully. The company may have been exposed to claims of providing false information to the SEC and potential stockholder law suits. Thompson’s 120-day tenure at Yahoo! cost the company over $7 million and seriously tarnished the company’s reputation in the business community.”
The key is that a company engage in an executive due diligence investigation rather than simply a routine or even executive-level background investigation. Tal explained that an executive background search, is “typically limited to a 5 component review of: criminal records, employment verification, degree or education verification, social security validation, address verification and sometimes credit history.” Such searches are “very limited searches.”
Conversely, executive due diligence, “looks in-depth at all available public records sources: criminal history, civil litigation issues, financial and legal issues, relationships with other companies and board advisory positions, reputation, misrepresented education and overstated work history, behavioral history (for example litigiousness), and, in particular, undisclosed or adverse issues.” While it is generally “more costly than executive background checks and takes more time, the information gathered is extremely valuable and can save a company substantially more. A high quality due diligence review can find important information which would not be returned in a routine executive background check.”
Infortal has found that up to 20% of executive search candidates fail a deep level due diligence investigation. Now consider how many senior executive slots your company has and add to that seats on the Board of Directors and you can quickly see the risk of failure to consider an executive due diligence search when promoting or hiring. Moreover, you need an executive level due diligence in other business situations as well, including the senior management of new business acquisitions brought into your organization through a merger or other acquisition, selecting new Board members, screening corporate Boards of Directors and of course, for third party business partners and other agents in the sales and supply chain channels.
Three Key Takeaways
The costs of a bad executive hire can far exceed the dollar loss.
Do not forget the differences between an executive background check and executive level due diligence.
20% of all senior executives fail an executive level due diligence check.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/21/2017 • 12 minutes, 48 seconds
Compliance into the Weeds-Episode 29
In this episode, Matt Kelly and myself take a deep dive into the Department of Justice (DOJ) recent release, entitled “Evaluation of Corporate Compliance Programs” (Evaluation), which went up on the Fraud Section website on February 8.
The document is an 11-part list of questions which encapsulates the DOJ’s most current thinking on what constitutes a best practices compliance program. Within the list are some 46 different questions that a Chief Compliance Officer (CCO) or compliance practitioner can use to benchmark a compliance program. In short, it is an incredibly valuable and most significantly useful resource for every compliance practitioner.
The Evaluation, most generally, follows the DOJ and Securities and Exchange Commission’s (SEC) seminal Ten Hallmarks of an Effective Compliance Program, released in the 2012 FCPA Guidance. If there is one over-riding theme in the Evaluation, it is the DOJ’s emphasis on doing compliance as the questions posed are designed to test how far down your compliance program is incorporated into the fabric of your organization. The Evaluation is not simply a restatement of the Ten Hallmarks, as it clearly incorporates the DOJ’s evolution in what constitutes a best practices compliance program, and it certainly builds upon the information put forward in the DOJ’s FCPA Pilot Program regarding effective compliance programs, most particularly found in Prong 3 Remediation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/21/2017 • 42 minutes, 45 seconds
Day 14 of One Month to a Better Board
The bribery and corruption case of GlaxoSmithKline PLC (GSK) resonated across the corporate globe. While many questions are still unanswered, one that seems to be at the forefront of the inquiry was where was the GSK Board of Directors? This matter demonstrates role of a Board of Directors is becoming more important and more of a critical part of any effective compliance program.
In an article in the NACD Directorship, entitled “Corruption in China and Elsewhere Demands Board Oversight”, Eric Zwisler and Dean Yoost noted that as “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? Since 2010, over 25% of all FCPA enforcement actions have derived from China.
Corruption can be endemic in China. Further FCPA enforcement actions have made clear that Chinese businesses are quite adept at appearing compliant while hiding unacceptable business practices. A Board of Directors should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just a paper compliance program. This means that both monitoring and auditing should be visible to the board. Echoing one of the Board’s roles, as articulated in the FCPA Guidance, the authors believe that a “board must ensure that the human resources committed to compliance management and reporting relationships are commensurate with the level of compliance risk.” So if that risk is perceived to be high in a country, such as China, the Board should follow the prescription in the Guidance which states “the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
To help achieve these goals, the authors suggest a list of questions that they believe every director should ask about a company’s business in China.
How is “tone at the top” established and communicated?
How are business practice risks assessed?
Are effective standards, policies and procedures in place to address these risks?
What procedures are in place to identify and mitigate fraud, theft, corruption?
What local training is conducted on business practices and is it effective?
Are incentives provided to promote the correct behaviors?
How is the detection of improper behavior monitored and audited?
How is the effectiveness of the compliance program reviewed and initiated?
If a problem is identified, how is an independent and thorough investigation assured?
Third parties generally present the most risk under a FCPA compliance program and that as much as 95 percent of reported FCPA cases involve the use of third-party intermediaries such as agents. However, in China all potential opportunities retain some level of compliance related issues. As joint ventures and the acquisition of Chinese entities are important business strategies for many western companies, it is important to have Board oversight in the mergers and acquisition process.
The authors understand that “non-compliant business practices and how to bring these into compliance is often a major and defining deal risk.” But, more importantly, it is a company’s “inability to understand actual business practices, the impact of those practices on the core business, and effectively dealing with a transition plan is one of the main reasons why joint ventures and acquisitions fail.” So even if the conduct of an acquisition target was legal or tolerated in its home country, once that target is acquired and subject to the FCPA or Bribery Act, such conduct must stop. However, if such conduct ends, it may so devalue the core assets of the acquired entity so as to ruin the business basis for the transaction. The authors cite back to the FCPA Guidance and its prescribed due diligence in the pre-acquisition stage as a key to this dilemma. But those guidelines also make clear that post-acquisition integration is a must to avoid FCPA liability if the illegal conduct continues after the transaction is completed.
The authors conclude by articulating that many Boards are not engaged enough to understand the way that their company is conducting business, particularly in a business environment as challenging as China. They believe that a Board should have a “detailed understanding of the business if it is to be an effective safeguard against fraud or corrupt practices.” They remind us that not only should a Board understand the specific financial risks to a company if a FCPA violation is uncovered; but perhaps more importantly the “potential impact on the corporate culture and the risk to the company’s reputation, including the reputations of individual board members.” Finally, the authors believe that “effective oversight of corruption in China will only become increasingly more important”. That may be the most important lesson for any Board collective or Board member individually to take away from the ongoing GSK corruption and bribery scandal.
Three Key Takeaways
China presents the highest FCPA risk and after GSK domestic law corruption risk.
Chinese companies’ adept at hiding corrupt business practices from their western owners.
M&A work is equally risky and should be managed accordingly.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/20/2017 • 13 minutes, 58 seconds
Day 13 of One Month to a Better Board
Today I want to consider a couple of failures at the Board level around bribery and corruption.
VimpelCom
Board of Directors and Senior Management Involvement
VimpelCom sought to enter the telecom market through the acquisition of a local player, Unitel, as an entrée into the Uzbekistan market. Unitel made clear to VimpelCom that to have access to, obtain and retain business in the Uzbeki telecom space, VimpelCom would have to, according to the VimpelCom DPA, “regularly pay Foreign Officials millions of dollars” who was Gulnara Karimova, the daughter of the then President of the country. VimpelCom also acquired another entity Butzel, that was at least partially owned by an Uzbeki government official, who hid their interest through a shell company, which was known to VimpelCom. VimpelCom did not articulate a legitimate business reason for the deal and paid $60MM for Buztel.
As laid out in the VimpleCom’s Information, its senior management was well aware of the potential FCPA risk. The Information stated, “From the beginning of VIMPELCOM’s deliberations concerning its entry into Uzbekistan, there was an acknowledgment of the serious FCPA risks associated with certain VIMPELCOM management’s recommendation to purchase Buztel in addition to Unitel… Documents prepared for the December 13, 2005 Finance Committee meeting explained that Buztel was owned by a Russian company “and a partner” without further detailing the identity of the “partner” who was in fact Ms. Karimova. The materials documented that “[t]hrough a local partner, [VIMPELCOM was] in a preferred position to purchase both assets . . . .”” The Finance Committee “identified the likelihood of corruption and expressed concerns.” Even with these reservations, the Finance Committee failed to identify the local partners.
But there was even more specific cautions around a FCPA violation when one Finance Committee member ““expressed concern on the structure of the deal and FCPA issues” and noted “that if [VIMPELCOM] goes into this deal under this structure and if the structure violates the FCPA picture, [VIMPELCOM’s] name could be damaged.”” The Finance Committee voted to move forward with the Buztel portion of the transaction “provided that all issues related to the FCPA should be resolved.”
These concerns moved up to the VimpelCom Board of Directors. In a December, 2005 Board meeting, “the likelihood of corruption was further discussed” and that “there was a recognition that a thorough analysis was needed to ensure that the Buztel payment was not merely a corrupt pretext for other services and favors. There were also numerous requests to ensure that the deal complied with the FCPA. Ultimately, VIMPELCOM’s board approved the Buztel and Unitel acquisitions, with a condition that FCPA analysis from an international law firm be provided to VIMPELCOM.”
Here VimpelCom management defrauded its own Board of Directors. The Information states, “VIMPELCOM’s management then sought FCPA advice that could be used to satisfy the board’s requirement while allowing VIMPELCOM to proceed with a knowingly corrupt deal. Despite the known risks of Foreign Official’s involvement in Buztel, certain VIMPELCOM management obtained FCPA legal opinions from an international law firm supporting the acquisition of Unitel and Buztel; however, certain VIMPELCOM management did not disclose to the law firm Foreign Official’s known association with Buztel. As a result, the legal opinion did not address the critical issue identified by the VIMPELCOM board as a prerequisite to the acquisition. Management limited the law firm’s FCPA review of the transaction to ensure that the legal opinion would be favorable. Having obtained a limited FCPA legal opinion designed to ostensibly satisfy the board’s requirement, certain VIMPELCOM management then proceeded with the Buztel acquisition and corrupt entry into the Uzbek market.”
b. Fraudulent Stock Transfer
But that was only the start as VimpelCom then entered into a partnership with the foreign official who was given an ownership interest in Unitel, through the shell corporation. The shell company held an option to sell this interest back to VimpelCom in 2009. It would appear that the owner of the shell corporation was well known within both VimpelCom and Unitel but both entities referred to this person as the “partner” or “local partner”. VimpelCom set up partnership where, “Shell Company obtained an indirect interest of approximately 7% in Unitel for $20 million, and Shell Company received an option to sell its shares back to Unitel in 2009 for between $57.5 million and $60 million for a guaranteed net profit of at least $37.5 million.”
VimpelCom’s Board was required to and did approve the partnership but as with the original acquisition, “approval again was conditioned on “FCPA analysis by an international law firm” and required that the “the identity of the Partner . . . [be] presented to and approved by the Finance Committee.” VIMPELCOM received an FCPA opinion on the sale of the indirect interest in Unitel to Shell Company on or about August 30, 2006. The FCPA advice VIMPELCOM received was not based on important details that were known to certain VIMPELCOM management and that certain VIMPELCOM management failed to provide to outside counsel, including Foreign Official’s control of Shell Company. In addition, documents, including minutes from the Finance Committee’s meeting on August 28, 2006, failed to identify the true identity of the local partner by name while noting the “extremely sensitive” nature of the issue.”
Some three years later, the shell company exercised its option to be bought out of the partnership for $57.5MM, after having invested $20MM. This netted a profit of $37.5MM. Unfortunately for all involved, they routed the payments for the transaction through financial institutions in the US, thereby creating FCPA jurisdiction.
BizJet
Another FCPA enforcement action involved the Tulsa-based company BizJet, which had four senior executives convicted for their participation in a bribery scheme. But this case also involved the Board of Directions. In the Criminal Information it stated, that in November 2005, “at a Board of Directors meeting of the BizJet Board, Executive A and Executive B discussed with the Board that the decision of where an aircraft is sent for maintenance work is generally made by the potential customer’s director of maintenance or chief pilot, that these individuals are demanding $30,000 to $40,000 in commissions, and that BizJet would pay referral fees in order to gain market share.”
In both cases, this is where the rubber hits the road. If a company is willing to commit bribery and engage in corruption to secure business no amount of doing compliance is going to help. If senior management is ready, willing and able to lie, cheat and steal, the Board is the final backstop to prevent such conduct. Both the VimpelCom and BizJet Boards sorely failed in their compliance duties.
Three Key Takeaways
Board liability will be severe based upon similar conduct going forward.
Board members must critically challenge management on its conduct.
The Board is the ultimate backstop against bribery and corruption.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/17/2017 • 14 minutes, 1 second
Day 12 of One Month to a Better Board
What are metrics for a Board around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Justice Department would consider in a review of compliance programs. These metrics are:
Does the institution ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
Does the Board maintain a material role in overseeing a company’s overall compliance framework?
These requirements move beyond simply having the correct ‘Tone at the Top’ which every Board should articulate. They charge the Board with a substantive role in the actual doing of compliance going forward. One of my concerns is this metric sets up Board members and senior management for prosecution under the Foreign Corrupt Practices Act (FCPA) in the new era of the Yates Memo where companies are required to investigate and turn over individuals to the DOJ for prosecution if they want to receive any credit for cooperation. Of course, the Yates Memo also articulated the DOJ’s stated intention to more aggressively prosecute individuals as well.
Board Role
You begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?
Boards of Directors should take a more active role in overseeing the management of risk within a company. Now this includes having a FCPA compliance program in place and actively oversee that function. This means if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward. Some of the areas for hard questions include
Corporate Compliance Policy and Code of Conduct – Is there an overall governance document which will inform the company, its employees, stakeholders and third parties of the conduct the company expects from an employee, translated into appropriate local langauges. Is there documents of delivery and training on this or these documents?
Risk Assessment – Has the Board assessed the compliance risks associated with its business?
Implementing Procedures – The Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy. Once again, have these implementing procedures been translated as appropriate and do employees understand these procedures? Are all of the above documented?
Training – Has the Board been trained to understand its role in an effective compliance program?
Monitor Compliance – Has the Board independently tested, assessed and audited to determine if its compliance policies and procedures are a living and breathing program and not just a paper tiger.
There are several paths a Board of Directors can take to fulfill this duty. Obviously the full Board can be apprised of compliance issues and handle them appropriately. However this may be unwieldy or not workable if there is a large Board and the compliance function only has limited time to present a quarterly and annual report. The Audit Committee is usually considered a natural venue for the compliance function to report to as it handles issues somewhat related to compliance already.
Through the convergence of the Yates Memo and these metrics, it is time for companies to create a Compliance Committee separate and a part from the Audit Committee. This Board-level Compliance Committee would be charged with oversight of FCPA compliance and ethics but could also be the reporting venue for anti-money laundering compliance (AML), export control compliance and all other such disciplines within an organization. Further after the Volkswagen emissions-testing scandal, not only have a robust compliance program but direct and transparent Board oversight may be the only thing stopping injury to your reputation from a competitor’s illegal or unethical conduct.
Three Key Takeaways
The Justice Department expects active engagement by a Board around compliance.
Does the Board exercise independent review of the compliance program?
The convergence of the Yates Memo, Hui Chen and the FCPA Pilot Program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/16/2017 • 13 minutes, 2 seconds
Everything Compliance-Episode 7
This episode is dedicated to the chaotic (at best) first three weeks of the Trump administration.
Jonathan Armstrong leads a discussion of the Trump administrations devolution towards Privacy Shield and what it may portend for American companies doing business in the UK and EU. He highlights the recent opening of a new trial in Ireland brought by Max Schrems and also discussed the putative Muslim refugee ban in the context of broader business implications.
For the Cordery Compliance client alert on Privacy Shield, see here
Jay Rosen considers what companies the intersection of business and politics under the Trump administration, the Tech sector response to the Muslim refugee ban and the more general business response to the first few weeks of the Trump administation.
For Jay’s post see, Where Do Politics End and Ethics & Compliance Begin?
Matt Kelly opens with a discussion of the management process practices of the Trump administration in issuing Executive Orders and lays down some markers around compliance and regulatory issues under the new administration.
For Matt Kelly’s posts see the following:
Compliance in the Trump Era: More Markers Placed
Five Questions for SEC Nominee Jay Clayton
Yes Government Ethics is Happening
Dodd-Frank Reform Starts Coming into View
For Tom Fox’s posts on these topics see the following:
The Trump Administration-Kaos is Bad for Business
The Trump Administration-Part II, Failures in Leadership and Management
The Trump Administration-Part III-Preparing for a Catastrophe
The Trump Administration-Part IV-the Business Response
The members of the Everything Compliance panel include:
Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected]
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/16/2017 • 49 minutes, 47 seconds
Day 11 of One Month to a Better Board
In an article in the Corporate Board magazine, entitled “Successful Board Investigations” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP posited seven considerations to facilitate a successful board investigation.
Consider whether you need independent outside counsel
The appearance of partiality undermines the objectivity and credibility of an investigation. That means you should not use your regular counsel. The authors cite to the Securities and Exchange Commission (SEC) analysis of how independent board members truly are to explain the need for independent counsel. They state, “the SEC considers the following criteria when determining whether (and how much) to credit self-policing, self-reporting, remediation and cooperation” which will consist of the following factors:
Did management, the board or committees consisting solely of outside directors oversee the review?
Did company employees or outside persons perform the review?
If outside persons, have they done other work for the company?
If the review was conducted by outside counsel, had management previously engaged such counsel?
How long ago was the firm’s last representation of the company?
How often has the law firm represented the company?
How much in legal fees has the company paid the firm?
Consider hiring an experienced “investigator” to lead the internal investigation
Jim McGrath has written and spoken about the need to utilize specialized counsel in any serious investigation. If a board is leading an investigation, I would submit by definition it is serious. Your investigation needs to lead by a lawyer with significant experience in conducting internal investigations; a strong background in criminal or SEC enforcement; and has substantive experience in the particular area of law at issue.
Consider the need to retain outside experts
In any FCPA or other anti-corruption investigation, there will be the need for a wider variety of subject matter experts (SME’s) than a compliance professional. If there are accounting issues, forensic accountants might be needed. In this day and age, an electronic discovery consultant is often required, and can be a cost effective option for gathering and processing electronic data for review.
Analyze potential conflicts of interest at the outset and during the investigation
There are two types of conflicts of interest that may come to light during an investigation. First is the one which comes up when the law firm or lawyers conducting the investigation are those whose prior legal advice has some bearing on the matters being investigated because a company’s regular outside lawyers represent the company. During an internal investigation, however, the lawyers may be hired by, and represent, the board or its committee. The second occurs when a lawyer or law firm jointly represents the board and employees at the company as regulators have become increasingly concerned with joint representations. The trickier question is what to do when there simply is a risk that representing one client could limit the lawyers’ duties to the other. So in these situations, joint representation may not be appropriate.
Carefully evaluate Whistleblower allegations
Whistleblowers have become more important and taking their allegations seriously is paramount. This does not mean trying to find out who the whistleblowers might be to punish or stifle them, even if they are located outside the United States and therefore do not have protections under these laws. They can still get hefty bounties. Regulators are very wary of boards that do not satisfactorily evaluate a whistleblower’s complaint based on a perception of the whistleblower himself, as opposed to the substance of the complaint.
Request regular updates from outside counsel, without limiting the investigation
These types of investigations are long and very costly. They can easily spin out of cost control. But, by trying to manage these costs, a board might be perceived as placing improper limits on the investigation. The “goal is to strike the right balance between the cost of the investigation and its thoroughness and credibility.” To do so, flexibility is an important ingredient. The scope of what to investigate is not a static, one-time decision. It can, and usually does, evolve.
Consider whether an oral report at the conclusion of the investigation is sufficient
While there may be instances in which, due to complexity and the nature of allegations involved, a written report is necessary, there may be times when an oral report delivered to a board is better than a written report for “a written report may be easier to follow and appear to be the logical conclusion to an investigation, it is an expensive and time-consuming endeavor, and it comes with great risk.” The authors indicate three reasons for this position.
The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.”
Three Key Takeaways
Retain the right counsel. Consider conflicts and appearance.
Carefully evaluate all whistleblower allegations and reject retaliation.
Consider receiving oral reports on an ongoing basis and one lengthy oral report at the end of the investigation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/15/2017 • 15 minutes, 34 seconds
Day 10 of One Month to a Better Board
Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises? However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board of Directors does not get an investigation which it handles right, the consequences to the company, its reputation and value can all be quite severe.
In an article in the Corporate Board magazine, entitled “Successful Board Investigations” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP write about five key goals that any investigation led by a Board of Directors must meet. They are:
Thoroughness - The authors believe that one of the key, and most critical, questions that any regulator might pose is just how thorough is an investigation; to test whether they can rely on the facts discovered without having to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators, in terms of what is investigated, or how the investigation is conducted. This question can be an initial deal-killer particularly if the regulator involved views an investigation insufficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded ‘Where else’ question.
Objectivity - Here the authors write that any “investigation must follow the facts wherever they lead, regardless of the consequences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that in addition to the objectivity requirement in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed with some askance, particularly if the client is a high volume client of the law firm involved, either in dollar amounts or in number of matters handled by the firm.
Accuracy - As in any part of a best practices anti-corruption compliance program, the three most important things are Document, Document and Document. This means that the factual findings of an investigation must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its own investigation of the same issues.” This is never good and your company may well lose what little credibility and good will that it may have engendered by self-reporting or self-investigating.
Timeliness - Certainly in the world of FCPA enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act Whistleblower provisions. But there are other considerations for a public company such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent as a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
Credibility - One of the realities of any FCPA investigation is that a Board of Directors led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-Morning Quarterbacking but quite a bit of post event analysis. So the authors believe that any Board of Directors led investigation “must be (and must be perceived as) credible as to what was done, how it was done, and who did it. Otherwise, the board’s work will have been for naught.”
Three Key Takeaways
The Board should have a written protocol for investigations prepared in advance.
Any Board led investigation must be both credible and objective.
The investigation must be thorough but the Board can be cost effective.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/14/2017 • 11 minutes, 48 seconds
FCPA Compliance Report-Episode 306
In this episode, I visit with Linda Lattimore, developer of Cross Sector law which assists lawyer and companies in developing expertise around corporate social responsibility.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/14/2017 • 22 minutes, 2 seconds
Day 9 of One Month to a Better Board
One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell has worked on and with Boards of Directors at various companies and I wanted to garner his understanding of the role of a Board and both senior management and a Chief Compliance Officer (CCO). Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management.
The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong”, can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer putting the little bit of sand in the shoe to make sure that you’re thinking about things carefully can cause you to step back and really focus your resources where they're needed.”
Board’s do this by posing questions to management that help them challenge their own assumptions, especially those assumptions which senior management is most confident about. Howell said that Board’s “need to help senior management consider the things that management is so sure about that maybe are going to play out the way that they expect. For example, the things that can hurt investors more than anything else is a surprise. Chaos does not help investors in general. The things that surprise investors frequently are the things that also surprise management. Does management consider all of the things that can go wrong and have they built an environment where they can both help prevent those things from happening and detect them when they’re small and they can actually do something about them.”
Howell noted the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “one very good example is the whole, the reputation of those stakeholders involved in the company and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell went on to state, “it’s very important as we go through some of the ways the board can help management in that role. I think the things that really make a difference to management is when the board is able to be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their own underlying assumptions and biases.”
One of continuing struggles I hear from Board members is asymmetrical information, largely due from the siloed nature of company information and structures. Howell acknowledged, “These sorts of barriers are pervasive in any company of any size that has a particularly operations and different product lines and different markets and different countries and different time zones. These limitations in the free flow of information by themselves create a risk to the organization, to the investors of the organization, to the employees of the organization and the board’s ability to ask questions. If nothing else in their governance control creates this reminder to management to open up itself to itself and listen carefully to its own organization and be able to link information to all of the places it needs to be fed.”
I asked Howell to further explain his phase “open itself up to itself and listen”. He provided the following example, “how can the Chief Financial Officer make sure that he is giving all the information that the Chief Compliance Officer needs to do his job? Those questions from the board can be very valuable in making sure that the Chief Financial Officer doesn’t forget these issues and the Chief Compliance Officer has an opportunity to engage constructively with the Chief Financial Officer and others in the organization.”
Somewhat counter-intuitively, Howell noted that when it comes to the Board’s oversight role around internal controls, less is often more. This occurs by helping management understand a company can overdo a control environment, “in the sense that when management guides controls around risks that are not going to be the most serious risks to the company, that they end up building excessive amounts of energy and protection where they're not really needed. That you as a management team end up deluding your attention and deluding your resources.”
Howell went on to explain it is simply a matter of resources, “When things do go wrong, you’re in effect spread so thin that you don’t see those risks coming at you. The real question where less is more can be very valuable is when the board continues to challenge the management team on the scenarios that could play out. That could be devastating to an organization where risk really matters.”
I asked Howell if he could provide any discrete examples and he pointed to the food service industry for the following., “For example, in a food service company or a restaurant company, if there were contamination or if there were things that could happen either at the plant or by people who are touching the food. Those are very serious risks that a company needs to both be mindful of and to be able to prevent. If something goes wrong, you need to be able to detect early. When customers of the company or others are hurt that there’s a consequence of failures that can be devastating.”
In another example Howell said he had seen situations where internal “controls that are used for financial reporting for example, when examined in the light of where the risk really exists for the company, the companies have been able to reduce their controls actually by as many as half and improve their overall control environment and reduce the aggregate risk to the company. It’s interesting that even spending less money on controls by having fewer controls can improve the overall comfort that the company and its management and investors are protected from risk.”
A Board is not simply there to be a rubber stamp for senior management. It must exercise independent judgment, action and oversight. Further, it is the Board’s role to ask hard, difficult and probing questions to make sure management is not only doing its job but has considered other risk possibilities.
Three Key Takeaways
Boards should force management to open up the company to itself.
Boards should be a grain of sand in the shoe of management.
Boards should make sure senior management is aware of and planning for both known and unknown risks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/13/2017 • 12 minutes, 46 seconds
Day 8 of One Month to a Better Board
James Doty, Acting Commissioner of the Public Company Accounting Oversight Board (PCAOB) was once asked if the Board or its sub-committee which handles audits was a part of a company’s internal financial controls. He answered that yes, he believed that was one of the roles of an Audit Committee or full Board. I had never thought of the Board as an internal control but the more I thought about it, the more I realized it was an important insight for any Chief Compliance Officer or compliance practitioner as it also applies as a compliance internal control.
In the FCPA Guidance, in the Ten Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first in Hallmark No. 1 , which states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Doty’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.
Board liability for its failure to perform its assigned function in any compliance program is well known. David Stuart, an attorney with Cravath, Swaine & Moore LLP, noted that FCPA compliance issues can lead to personal liability for directors, as both the Securities and Exchange Commission (SEC) and DOJ have been “very vocal about their interest in identifying the highest-level individuals within the organization who are responsible for the tone, culture, or weak internal controls that may contribute to, or at least fail to prevent, bribery and corruption”. He added that based upon the SEC’s enforcement action against two senior executives at Nature’s Sunshine Products, “Under certain circumstances, I could see the SEC invoking the same provisions against audit committee members—for instance, for failing to oversee implementation of a compliance program to mitigate risk of bribery”. It would not be too far a next step for the SEC to invoke the same provisions against audit committee members who do not actively exercise oversight of an ongoing compliance program.
Further, the SEC has made clear that it believes a Board should take a more active role in overseeing the management of risk within a company. The SEC has promulgated Regulation SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company, which fails to make it, to fines, penalties or profit disgorgement.
I believe that a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward.
A Board’s oversight is part of effective compliance controls, then the failure to do so may result in something far worse than bad governance. Such inattention could directly lead to a FCPA violation and could even form the basis of an independent SOX violation as to the Board.
Three Key Takeaways
A Board must engage in active oversight.
A Board should review the design of internal controls on a regular basis.
Failure to do so could form the basis for an independent legal violation under SOX.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/10/2017 • 13 minutes
Day 7 of One Month to a Better Board
The basic framework for internal controls is derived from the COSO Model developed by the Committee of Sponsoring Organizations of the Treadway Commission in 1992 (COSO). This model has become the standard for an internal control framework and provides a structure to ensure companies address the key elements that should result in an effective system of internal controls. Using the COSO Model, as modified in 2013, provides a very supportable approach when regulators challenge whether a company has effective internal controls. The COSO Model defines internal controls in a pyramid, from bottom to top, as follows: (a) Control environment, (b) Risk assessment, (c) Control activities, (d) Information and communication, and (e) Monitoring.
Which internal controls does a company need to institute? Each company defines its internal controls to fit its business by determining what the Company wishes to protect and what type of control environment does it want to have in place. This means that they can be less formal in smaller companies but still effective if the focus is on the right risks. For anti-corruption risks, the most common control needs have been identified as follows: (i) Dealings with third parties; (ii) Gifts and entertainment, and (iii) Charitable donations. Yet even within those categories, a wide range of risks exists, depending on a company’s business practices. A Top Down ‘Check-the-box’ generic set of policies will not likely result in effective controls.
The process to determine which internal controls are needed will be of some familiarity to the compliance professional. It all starts with a risk assessment to establish the corporate policies which are applicable, tailored to the company, and sufficiently specific. The risk assessment will also help to identify the types of transactions across the company which should be addressed (gifts and entertainment, maintenance of bank accounts and movement of cash, dealings with third parties, etc.). The next step is to prepare a set of documents which define the control objectives to be in place for each type of transaction – example: Controls will be in place to ensure no vendor has been added to the vendor master file until complete due diligence has been completed and the vendor has been approved in accordance with Corporate policies. Thereafter, you need to document how the controls will be performed and how they will be evidenced and then incorporate the control procedures into applicable work instructions and job descriptions.
Each business location, determine the specific controls needed to accomplish each control objective. In many companies, a disparity of operating practices and accounting systems will result in different controls being needed. While this assignment may seem overwhelming it can be done in reasonable stages, pursuant to a specific implementation plan - it does not have to be done all at once for the entire company.
Internal controls for a Board or Board Compliance Committee should be broken down into five concepts:
Risk Assessment – A Board should assess the compliance risks associated with its business.
Corporate Compliance Policy and Code of Conduct – A Board should have an overall governance document which will inform the company, its employees, stakeholders and third parties of the conduct the company expects from an employee. If the company is global/multi-national, this document should be translated into the relevant languages as appropriate.
Implementing Procedures – A Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy.
Training – There are two levels of Board training. The first should be that the Board has a general understanding of what the FCPA is and it should also understand its role in an effective compliance program.
Monitor Compliance – A Board should independently test, assess and audit to determine if its compliance policies and procedures are a ‘living and breathing program’ and not just a paper tiger.
Three Key Takeaways
Has your company implemented COSO 2013?
What was the Board’s involvement?
What is your documentation?
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/9/2017 • 13 minutes, 21 seconds
Compliance into the Weeds-Episode 27
In this episode, Matt and I take a look at the sorry story of Chris Correa, the St. Louis Cardinal executive convicted of hacking into the Houston Astros computer system, which expanded last month when Federal Judge Lynn Hughes unsealed details about the extent of the illegal conduct. For all his efforts, Correa was severely punished by Judge Hughes at this sentencing. Hughes accepted the US government’s recommendation in sentencing Correa to 46 months of incarceration and fining him some $300,000. Correa was also banned from Major League Baseball (MLB) for life by Commissioner Rob Manfred. Matt and I have both blogged on this matter. Matt takes a look at some of the lessons to be garnered by the compliance professional in his post, Two Compliance Lessons from the Baseball World. I delved into the facts to mine some interesting tidbits and consider how to compensate a business when you have stolen their IP, in blog post Of Greek Gods and Data Breaches. Rather amazingly the Greek gods make an appearance proving once again that the fall of man is always related to hubris.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/9/2017 • 18 minutes, 45 seconds
Day 6 of One Month to a Better Compliance Program
Where does “Tone at the Top” start. With any public and most private US companies, it is at the Board of Directors. But what is the role of a company’s Board in FCPA compliance? We start with several general statements about the role of a Board in US companies. First a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this through asking hard questions, risk assessment and identification.
In a White Paper, entitled “Risk Intelligence Governance-A Practical Guide for Boards” Deloitte & Touche laid out six general principles to help guide Boards in the area of risk governance. These six areas can be summarized as follows:
Define the Board’s Role-there must be a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities.
Foster a culture of risk management-all stakeholders should understand the risks involved and manage such risks accordingly.
Incorporate risk management directly into a strategy-oversee the design and implementation of risk evaluation and analysis.
Help define the company’s appetite for risk-all stakeholders need to understand the company’s appetite or lack thereof for risk.
How to execute the risk management process-the risk management process maintaining an approach that is continually monitored and had continuing accountability.
How to benchmark and evaluate the process-systems need to be installed which allow for evaluation and modifying the risk management process as more information becomes available or facts or assumptions change.
All of these factors can be easily adapted to FCPA compliance and ethics risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s Chief Compliance Officer to either the Audit Committee or the Compliance Committee. This commentator recommends that a Board create a Compliance Committee as an Audit Committee may more appropriately deal with financial audit issues. A Compliance Committee can devote itself exclusively to non-financial compliance, such as FCPA compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information the Board can give oversight to any modifications to managing FCPA risk that should be implemented.
There is one other issue regarding the Board and risk management, including FCPA risk management, which should be noted. It appears that the Securities and Exchange Commission (SEC) desires Boards to take a more active role in overseeing the management of risk within a company. The SEC has promulgated Reg SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company which fails to make it to fines, penalties or profit disgorgement.
CCO reporting to the Audit/Compliance Committee has to be structured carefully to promote ethics and compliance. Here are my five best practices that should guide the reporting:
Quarterly Reports — The CCO should report in person to the Audit/Compliance Committee every quarter. If the CCO submits a written report and does not appear before the Committee, the failure to appear before the Committee reflects a defective relationship. The quarterly report is critical for both the CCO and the Committee to hear about compliance performance and challenges.
Executive Session – Every quarterly report should be concluded with an executive session where the CCO and the Committee can have a frank discussion on any potential issues. It is a valuable opportunity to raise important issues. An executive session demonstrates that the CCO is independent and empowered within the organization, and reinforces the CCO’s direct access to the Board, if necessary.
Sitting In on Other Reports – The CCO should sit in the Committee meeting when other important officers report to the Committee. For example, the CCO should attend the presentations by the Internal Auditor, the General Counsel, and the CFO. The CCO has a macro-view of the company and needs to be informed as to issues in other areas that may be significant and have compliance implications.
Informal Relationship – A CCO should actively maintain an ongoing informal relationship with the Chair of the Audit/Compliance Committee. A CCO has to have the ability to pick up the phone and call to Chair to discuss issues that may arise. A weekly meeting for coffee or a meal is important to develop and maintain the relationship.
Annual Report to Full Board – A CCO should report to the full Board once a year. The Audit/Compliance Committee quarterly reports are important but the full Board needs to hear about the challenges and risks facing the company, as well as improvements needed for the ethics and compliance program.
Three Key Takeaways
A Board Compliance Committee should provide oversight not management.
A CCO should use multiple reports to communicate with the Board Compliance Committee.
Board Compliance Committee oversight makes companies more efficient and at the end of the day more profitable.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/8/2017 • 13 minutes, 12 seconds
Day 5 of One Month to a Better Board
The Office of Inspector General (OIG), Department of Health and Human Resources, issued a paper entitled “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the OIG Guidance). It provides an excellent road map for thinking about how to structure a Compliance Committee for your Board and a Board’s obligations.
As an introduction, the OIG Guidance states that a Board must act in good faith around its obligations regarding compliance. This means that there must be both a corporation information and reporting system and that such reporting mechanisms provide appropriate information to a Board. It stated, “The existence of a corporate reporting system is a key compliance program element, which not only keeps the Board informed of the activities of the organization, but also enables an organization to evaluate and respond to issues of potentially illegal or otherwise inappropriate activity.” The OIG Guidance sets out four areas of Board oversight and review of a compliance function; “(1) roles of, and relationships between, the organization’s audit, compliance, and legal departments; (2) mechanism and process for issue-reporting within an organization; (3) approach to identifying regulatory risk; and (4) methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives.”
While noting that a corporate compliance function should promote the prevention, detection and remediation of compliance violations, the OIG Guidance goes on to state that an organization’s Chief Compliance Officer (CCO) “should neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department, in any manner.” Rather the Board must ensure the CCO and compliance function have resources to fulfill their assigned role within an organization and access to the Board. The Board should evaluate and discuss how management works together to address risk, including the role of each in:
identifying compliance risks,
investigating compliance risks and avoiding duplication of effort,
identifying and implementing appropriate corrective actions and decision-making, and
communicating between the various functions throughout the process.
A key component of Board oversight is through the flow of information. The OIG Guidance says, “The Board should set and enforce expectations for receiving particular types of compliance-related information from various members of management. The Board should receive regular reports regarding the organization’s risk mitigation and compliance efforts—separately and independently”. These reports can come to the Board via a variety of reporting mechanisms; regular Board meetings, special Executive Sessions where the Board meets with the CCO or compliance leadership outside of the presence of senior management and ad hoc communications from the CCO. All of these help create a “continuous expectation of open dialogue” which is paramount for proper Board oversight. Of course, if a serious compliance issue arises, it needs to be communicated directly, and in a timely manner, to the Board.
But in addition to setting the expectations for the flows of information, a Board must also set expectations for holding senior management accountable for areas such as compliance. This can be through the assessment of “individual, department, or facility-level performance or consistency in executing the compliance program” and using this information to payout or withhold discretionary based bonuses “based upon compliance and quality outcomes.” The OIG Guidance also notes, “Some companies have made participation in annual incentive programs contingent on satisfactorily meeting annual compliance goals. Others have instituted employee and executive compensation claw-back/recoupment provisions if compliance metrics are not met.” However the key component is that “Through a system of defined compliance goals and objectives against which performance may be measured and incentivized, organizations can effectively communicate the message that everyone is ultimately responsible for compliance.”
A Board also needs to have regular reports on the risks that any organization may face. This means keeping abreast of “relevant and emerging regulatory risks, the role and functioning of an organization’s compliance program in the face of those risks and the flow and elevation of reporting of potential issues and problems to senior management.” The OIG Guidance speaks to technological solutions when it says, “Some Boards use tools such as dashboards—containing key financial, operational and compliance indicators to assess risk, performance against budgets, strategic plans, policies and procedures, or other goals and objectives—in order to strike a balance between too much and too little information. For instance, Board quality committees can work with management to create the content of the dashboards with a goal of identifying and responding to risks and improving quality of care.”
Moreover, a Board should also mandate that the company’s compliance function have the proper tools in place to facilitate compliance reporting internally. It states, “Boards should also consider establishing a risk-based reporting system, in which those responsible for the compliance function provide reports to the Board when certain risk-based criteria are met. The Board should be assured that there are mechanisms in place to ensure timely reporting of suspected violations and to evaluate and implement remedial measures. These tools may also be used to track and identify trends in organizational performance against corrective action plans developed in response to compliance concerns.”
Ultimately a Board should drive home of the message of compliance as “a way of life” so that it permeates into the DNA of a health care organization. For if a Board can help drive compliance into the fabric of an organization, it will have done more than simply fulfill its legal obligations starting in the Caremark decision and going forward. The Board will have helped to make the entire organization more compliance-centric and when a Board can help to facilitate such a change in attitudes, it will have moved the organization several steps down the road of doing business in compliance with relevant laws and issues.
The OIG Guidance is an excellent review for not only compliance professionals and others in the health care industry but a good primer for Boards around their own duties under a best practices compliance program. The US Federal Sentencing Guidelines, the Ten Hallmarks of an Effective Compliance Program, the “OIG voluntary compliance program guidance documents, and OIG Corporate Integrity Agreements (CIAs) can be used as baseline assessment tools for Boards and management in determining what specific functions may be necessary to meet the requirements of an effective compliance program. The Guidelines “offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program.” The compliance program guidance documents were developed by OIG to encourage the development and use of internal controls to monitor adherence to applicable statutes, regulations, and program requirements.”
Three Key Takeaways
Information flow up to the Board is critical.
Compliance should be institutionalized in your company as a way of life.
A Board needs to consider all risks.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/7/2017 • 13 minutes, 36 seconds
Day 4 of One Month to a Better Board
Every Board of Directors need a true compliance expert sitting on their Board. Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such compliance subject matter expertise at the Board level?
An arm of the US government has recognized the need for such expertise at the Board level. In 2015 the Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.
Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.”
Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.
Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.
Key Takeaways
Boards must have compliance expertise.
Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/6/2017 • 13 minutes, 38 seconds
Day 3 of One Month to a Better Board
Under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The US Department of Justice (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Moreover, the FCPA Guidance requires a CCO to have direct access to the Board or an appropriate sub-committee. The Guidance also requires a tangible commitment from the top levels of an organization, starting with the Board of Directors that the company create an ethical culture.
At the Board of Directors level, a Board Compliance Committee can devote itself exclusively to non-financial compliance, such as FCPA compliance. While many companies have fulfilled these obligations through an Audit Committee, clearly the better practice is to have a separate Compliance Committee. The reason is clear, that compliance has become not only central to any well-run business but it is critical to overseeing a wider variety of risks than the typical Audit Committee has experience with, which is usually only aimed towards financial risks.
The Board Compliance Committee should begin its inquiry with a basic: ‘How do we know it is working?’ In other words, is a company’s compliance program living up to the hallmarks of an effective compliance program in the eyes of the government. Here I lay out four areas of more specific inquiry.
The Board Compliance Committee should obtain information on the processes to carry out the compliance function, rather than details on specific compliance issues. They need to understand that there is a single individual or internal corporate discipline keeping track of the compliance function and making sure that it is being handled properly. They need to understand that there is a system in place that keeps track of compliance requirements.
Another area the Board Compliance Committee interest should be in is the area of hotlines or other internal reporting mechanisms. Here, the Board Compliance Committee needs to know details about both inbound issues and the responses thereto. In the inbound side this means details about who answers the reports, that come in either via email or phone, how this information is triaged and in what time frame. It also requires an understand of whether the reporting system is truly anonymous, with no use of caller-ID or GPS tracking.
The next series of questions deals with the responses to any information which comes to the attention of the company, including such basic inquiries as how are the reports classified and routed? Who gets notified for what types of calls? How the investigative process is divided among various functions or is it outsourced? Finally, what is the response rate and response time?
The Board Compliance Committee must know who is accountable and responsible for each segment of a compliance program. They should obtain assurance that the compliance function has developed a charter that makes it clear to them where obligations fall across management so it can assess accountability. While it is true an effective Board Compliance Committee will allow management do their job running the business on a day-to-day basis, and they understand that their job is to set long-term strategy.
Strategic planning is another area well suited for oversight by a Board Compliance Committee. For such a committee to be both effective and informed it must have an appreciation of where the corporate compliance function stands not only at the present moment, but also has a strategic plan for how the compliance and ethics program can continue to grow. Similarly, Stephen Martin, a partner at Arnold and Porter, has long advocated a 1-3-5-year compliance game plan. However, a Board Compliance Committee should demand the compliance function be nimble enough to respond to new information or actions, such as mergers or acquisitions, divestitures or other external events. If a dynamic changes, you want to get your board’s attention on the changes which may need to happen with the [compliance] program.
Today’s regulatory climate band hyper-transparency in social media make a Board Compliance Committee’s task seem Herculean. But more than simply the regulatory climate, shareholders are taking a much more active role in asserting their rights against Boards of Directors. It is incumbent that Boards seek out and obtain sufficient information to fulfill their legal obligations and keep their company off the front page of the New York Times, Wall Street Journal or Financial Times, just to name a few, to prevent serious reputational damage. A Board Compliance Committee is a good place to start.
Key Takeaways
This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
This committee should work to hold the CCO accountable to hit appropriate metrics.
This committee is ideal for leading the efforts around strategic planning.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/3/2017 • 13 minutes, 23 seconds
Day 2 of 30 Days to a Better Board
What are the obligations of a Board member regarding the FCPA? Are the obligations of the Compliance Committee under the FCPA at odds with a director’s “prudent discharge of duties to shareholders”? Do the words prudent discharge even appear anywhere in the FCPA? In webinar, entitled “Reporting to the Board on Your Compliance Program: New Guidance and Good Practices”, Rebecca Walker and Jeffery Kaplan, explored these and other issues.
As to the specific role of ‘Best Practices’ in the area of general compliance and ethics, Walker looked to Delaware corporate law for guidance. She cited to the case of Stone v. Ritter for the proposition that “a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate exists.” From the case of In re Walt Disney Company Derivative Litigation, she drew the principle that directors should follow the best practices in the area of ethics and compliance.
In a recent Compliance Week article, Melissa Aguilar examined the duties of Board members regarding FCPA compliance. The conclusions of several of the FCPA experts that Ms. Aguilar interviewed for the article were that companies which have not yet had any FCPA issues rise up to the Board level are usually the ones which are the most at risk. Albert Vondra, a partner with PricewaterhouseCoopers stated that such companies “don’t have the incentive to spend the resources or take the rigorous approach to their anti-compliance programs. Their attitude is, ‘We’ve got it covered,’ but they don’t”. Richard Cassin, managing partner of Cassin Law, stated that there must be written records demonstrating that the audit committee and that the board members asked questions and received answers regarding FCPA compliance issues. Such documentation demonstrates the Board members have “fulfilled their fiduciary obligations,” Cassin says.
Board failure to head this warning can lead to serious consequences. David Stuart, a senior attorney with Cravath Swaine & Moore, noted that FCPA compliance issues can lead to personal liability for directors, as both the Securities and Exchange Commission (SEC) and DOJ have been “very vocal about their interest in identifying the highest-level individuals within the organization who are responsible for the tone, culture, or weak internal controls that may contribute to, or at least fail to prevent, bribery and corruption”. He added that based upon the SEC’s enforcement action against two senior executives at Nature’s Sunshine, “Under certain circumstances, I could see the SEC invoking the same provisions against audit committee members—for instance, for failing to oversee implementation of a compliance program to mitigate risk of bribery”.
According to Haynes and Boone in its publication, “Corporate Governance and the Role of the Board” a board’s role is not to actually manage the company, but instead to oversee and monitor the management of the company. In the realm of compliance, this means the Chief Compliance Officer. The board has the responsibility to fulfill the role of strategic and business advisor to management of the company. In addition, the board has the role of monitoring the performance of the compliance function, including monitoring the performance of it using customary economic metrics, and by overseeing compliance with applicable laws and regulations. While the board is not responsible for auditing or ferreting out compliance problems, it is responsible for determining that the company has an appropriate system of internal controls. The board should also monitor company policies and practices that address compliance and matters affecting the public perception and reputation of the company. Every company should ensure that it conducts appropriate compliance training for employees and conducts regular compliance assessments. Finally, the board must take appropriate action if and when it becomes aware of a material problem that it believes management is not properly handling.
Alas, there is no reference to prudent discharge in the FCPA itself. However, if I were a remaining member of the Board of China Northeast Petroleum, I might well think more than twice about my prudent discharge of duties to the shareholders as both the DOJ and SEC now might well wish to look into this matter under a Board’s prudent discharge of duties under the FCPA.
Three Key Takeaways
What is ‘prudent discharge’?
What is your process for doing compliance at the Board level?
A Board must have active rather than passive engagement around compliance.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/2/2017 • 13 minutes, 32 seconds
Everything Compliance-Episode 6
Show Notes for Episode 6, the Rolls-Royce Global Corruption Enforcement Action
This episode is dedicated exclusively to the Rolls-Royce global corruption enforcement action.
Jonathan Armstrong leads a discussion the UK side of the enforcement action.
For the Cordery Compliance client alert on Rolls-Royce, see Rolls-Royce case sends a strong signal
Jay Rosen considers what companies which did business with RR should do now or even companies in the same or similar industries should consider in the face of the enforcement action.
For Jay’s post on Rolls-Royce, see Rolls-Royce Takes Global Anti-Corruption to New International Heights + Potential Next Steps for a CCO Whose Company has Bid/Worked with Rolls-Royce
Mike Volkov talks about the types of resolution documents used in anti-compliance enforcement and some of the key strategy used by RR during the process to achieve their positive result.
For Mike Volkov’s post on Rolls-Royce, see Serious Fraud Office Makes Big Splash with UK Bribery Act Resolution with Rolls Royce
Matt Kelly brings it all home and ties it together by walking us through the global implications of this settlement.
For Tom Fox’s posts on these topics see the following:
Part I
Part II
Part III
Rants will return next week.
The members of the Everything Compliance panel include:
Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/2/2017 • 1 hour, 2 minutes, 37 seconds
Day 1 of One Month to a Better Board
Case Law
As to the specific role of ‘Best Practices’ in the area of general compliance and ethics, one can look to Delaware corporate law for guidance. The case of In Re Caremark International Inc. was the first case to hold that a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.”
In the case of Stone v. Ritter, the Supreme Court of Delaware expanded on the Caremark decision by establishing two important principles. First, the Court held that the Caremark standard is the appropriate standard for director duties with respect to corporate compliance issues. Second, the Court found that there is no duty of good faith that forms a basis, independent of the duties of care and loyalty, for director liability. Rather, Stone v. Ritter holds that the question of director liability turns on whether there is a "sustained or systematic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists.”
According to Haynes and Boone in its publication, “Corporate Governance and the Role of the Board” a director’s business decisions generally qualify for protection by the “business judgment rule.” Under the business judgment rule, courts presume that directors making business decisions acted on an informed basis, in good faith, and with the honest belief that the action taken was in the best interests of the corporation. In lawsuits brought against directors brought by shareholders, courts applying the business judgment rule will determine only whether the directors making the decision (i) were free from conflicts of interest, (ii) appropriately informed themselves before taking the action, and (iii) acted after due consideration of all relevant information that was reasonably available. Under the business judgment rule, the board’s action will not subject board members to liability if the action or decision of the directors can be attributed to any rational business purpose. Directors that meet the criteria of the business judgment rule do not have to worry about having their business decisions second-guessed by a court, even where their decisions result in corporate losses.
FCPA Guidance and US Sentencing Guidelines
A Board’s duty under the Foreign Corrupt Practices Act (FCPA) is well known. In the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance, under the Ten Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first in Hallmark No. 1, entitled “Commitment from Senior Management and a Clearly Articulated Policy Against Corruption”, states “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3 entitled “Oversight, Autonomy and Resources”, where it discusses that the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ’s Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment?
There is one other issue regarding the Board and risk management, including FCPA risk management, which should be noted. It appears that the SEC desires Boards to take a more active role in overseeing the management of risk within a company. The SEC has promulgated Regulation SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company, which fails to make it, to fines, penalties or profit disgorgement.
From the Delaware cases, I believe that a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. The specific obligations set out regarding the FCPA drive home these general legal obligations down to the specific level of the statute.
Three Key Takeaways
The Delaware courts have led the way with the Caremark and Stone v. Ritter decisions.
Note the obligations of the Board under the 10 Hallmarks of an Effective Compliance Program.
The US Sentencing Guidelines also require Board involvement and oversight.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2/1/2017 • 13 minutes, 48 seconds
Day 30 of 30 Days to a Better Compliance Program
John MacKessy, writing in the Finance Professionals’ Post, in a piece entitled “Knowledge of Good and Evil: A Brief History of Compliance”, noted that the FCPA and Environmental Protection Act (EPA) “prompted companies to develop internal resources that would actively monitor compliance with the laws, rules, and regulations of their industries.” The next step in the evolution of the compliance profession was the defense procurement scandals from the 1980s, where the industries sales of “$400 hammers and $600 toilet seats” to the US government led to the Defense Industry Initiative (DII). This industry led initiative created “a set of principles endorsing ethical business practices and conduct” within the defense industry for its dealings with the US government.
The next step in the evolution of the compliance profession was the 1992 US Sentencing Guidelines which, for the first time, set out what the government would consider for credit in sentencing of organizations. Many tribute these 1992 Sentencing Guidelines for the creation of the modern compliance profession. These guidelines included credit for “the specific elements of an effective compliance and ethics program. Companies that embarked on such programs would be eligible for more lenient sentences. To qualify as “effective,” a company’s compliance program would not only have to establish standards and procedures to prevent and detect criminal conduct, but would have to actively promote a culture encouraging ethical conduct and compliance with the law. The implementation of those guidelines in 2004 reflected the need for corporate boards to demonstrate knowledge of compliance programs and fulfillment of oversight responsibilities as part of monitoring the effectiveness of companies’ compliance and ethics programs.”
The next major step was the financial accounting frauds and scandals of the late 1990s and early 2000s including Enron, WorldCom and Tyco. These scandals were so wide-ranging, with senior executive participation, if not directing of the corporate fraud that a new legislative response was required and this response was the passage of the Sarbanes-Oxley Act of 2001 (SOX). Aaron Einhorn, writing in the Denver Journal of International Law & Policy, in an article entitled “The Evolution and Endpoint of Responsibility: The FCPA, SOX, Socialist-Oriented Governments, Gratuitous Promises, and a Novel CSR Code”, said, “sections 302 and 404 of SOX together require corporate executives to state their responsibility for designing internal controls, to create such controls, to assess and evaluate these controls, and to draw conclusions about their effectiveness…” SOX specifically charges executive officers with internal controls duties.” Einhorn ends this section by noting, “internal controls have been transformed from a recitation of general duties lodged upon the corporation as a whole to a statement of specific duties imposed on corporate executives in particular.” This strengthened the compliance professional who was called upon to design these internal controls.
The next major legislation which enhanced the compliance function was the Dodd-Frank Act of 2010, passed in response to the 2008 financial crisis. MacKessy pointed to the downfalls of Bear Stearns and Lehman Brothers as drivers of more compliance because they both “demonstrated the degree to which external risk events can create a loss of confidence resulting in permanent reputational damage and impaired shareholder value.” The legal and legislative response has been that companies should design effective compliance programs which use risk based programs as a basis to design, create and implement effective compliance programs. Joe Howell, Executive Vice President (EVP) for Workiva Inc., has gone further, drawing a straight line from the FCPA to SOX to Dodd-Frank in the development of the compliance function.
All of this means compliance is not going away, no matter what the law enforcement priorities of the new administration. Companies understand that compliance and business ethics have a role in not only driving business strategies and initiatives but that more compliant companies are better run companies and at the end of the day more profitable because they have better controls. MacKessy ends his piece by stating the compliance programs “can provide multiple rewards - from risk mitigation, to reputational enhancement, to business strategy development.”
The compliance discipline is where the harmonic convergence occurs in a corporation. Whether it be specific tasks of making sales, vetting relationships or the spade work of creating policies and procedures, it is compliance that drives the discussion of how we should do business. The corporate compliance profession fulfills the business obligation in doing things the right way for, at the end, it will be the compliance profession which implements the requirements of compliance whether those requirements are anti-corruption laws such as the FCPA, the UK Bribery Act, Anti-Money Laundering (AML), export control, anti-trust regulations, or any other regulation that you can name. Equally importantly, the compliance profession is teaching corporations how to evaluate risks and the compliance profession leads that discussion. It is the compliance profession that is the most innovative in not only protecting corporations, but actually helping corporations do business, do business more efficiently, and do business more profitably.
Three Key Takeaways
Doing compliance is Doing Business.
Properly accomplished, compliance makes a business more efficient and more profitable.
Use the Robert Gates as a great example of how the FCPA means more business for US companies.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/31/2017 • 13 minutes, 15 seconds
Day 29 of 30 Days to a Better Compliance Program
Today is the penultimate day of my 30 days to a better compliance program. Just as compliance programs sprang up, grew and began to evolve and mature in the middle of the last decade; the sophistication of the regulators has also increased. We most clearly see this in the appointment of the Department of Justice (DOJ) Compliance Counsel, Hui Chen.
With her initial public remarks, Chen provided insight into how she would consider the effectiveness of a compliance program. Her key point was companies should operationalize their compliance program by tying it to functional disciplines within your company. This means that Human Resources (HR), Payment, Audit, Vendor Management and similar corporate disciplines should be involved in the operation of your compliance program in their respective areas of influence. Then in April 2016 under the remediation prong, with the initiation of the DOJ Pilot Program around FCPA enforcement, the DOJ once again emphasized the operationalization of a company’s compliance program as a key metric in determining benefits under the program. You must actually be doing compliance going forward.
This evolution in the DOJ’s thinking and its sophistication of compliance program analysis is in clear response to how the market initially responded to the requirement to have a compliance program back in the 2004-time frame. More recently, each Deferred Prosecution Agreement (DPA), in Schedule C under the details of a best practices compliance program, has required the company to take “into account relevant developments in the field and evolving international and industry standards” in upgrading their compliance program. This requirement has led companies to keep abreast of best practices and continually evolve their compliance program forward. The DOJ in turn, has upped its game and now requires companies to operationalize compliance.
Compliance is a service within your organization, yet under the operationalized model, compliance is a profit generator for a business. Just as law departments generate business by doing transactions, compliance can be viewed as delivering services not only to the business unit but also third parties with whom the company does business. This means not only traditional transaction partners such as sales agents, representatives and distributors but also joint venture (JV) partners, teaming partners and others. Compliance can deliver compliance related services to these third parties as a profit center.
Doing compliance means doing business. There are multiple types of risks in a business; operational, regulatory and reputational, just to name a few. The effort to measure and then manage each of these risks can be led by the compliance function. The more efficiently these risks are measured (i.e. assessed) the more easily and efficiently these risks can be managed. This means that the business is not faced with a binary 1/0 or Go/No Go decision on risk but if compliance moved into measuring and the managing risk through the operationalization of compliance into the business unit; the process would help you to do business more efficiently and with greater profitability.
Compliance is a platform to make your company not only a better run organization but can also demonstrate the thoughtfulness and effectiveness of your compliance program should a regulator ever come knocking. This is because if you operationalize compliance into the fabric of your organization, compliance internal controls will touch every aspect of the employment experience in a way that is not obtrusive and will not slow down what you are trying to achieve.
Take compliance as a platform in HR. At every point in talent management, HR can insert compliance into the cycle. Those points include the pre-employment interview and screening, the interview process with progressively higher senior management, the initial on-boarding process, the quarterly, semi-annual or annual performance review, annual bonus review, assessment and award, promotions and even exiting of an employee. The platform of compliance can record each of these touch points and you now have an internal control burned into HR which is a compliance internal control. Further, if there is any attempt to circumvent or over-ride one of these HR internal controls involving the hiring of a son or daughter of a foreign governmental official, a red flag can be raised and sent to the compliance function for further review.
Compliance is a marketing platform. Some attention has been paid to the use of compliance as a recruiting and hiring tool for millennials. One of the facts of their generation is they want to work at companies which are seen to be doing business ethically, all the while making money. Moreover, as Ethisphere demonstrates annually with its World’s Most Ethical Company awards, businesses which win those awards, on average, exceed the New York Stock Exchange (NYSE) blue chip average for profitability. It will be interesting to see the results of ISO 37001 certification on financial profitability.
Compliance embraces public advocacy. The Volkswagen (VW) emissions-testing scandal is one of the largest corporate scandals of the past few years. One thing that makes the VW scandal so unique is that it is one of the few scandals where a company’s actions were so transgressive they damaged the reputations of its competitors. As a response to the VW scandal, Ulrich Grillo, President of the German industry association BDI, recognized that compliance is the answer. He urged companies to check their management processes, including compliance and control systems. He suggested one of the key questions to ask should be “Are we doing everything right?” When you have the President of a national industrial association saying compliance is the answer, you need to sit up and take notice.
Three Key Takeaways
You must work to operationalize your compliance program.
You must keep you program evolving in light of regulatory change and industry practices.
Compliance is a business process.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/30/2017 • 11 minutes, 51 seconds
Day 27 of 30 Days to a Better Compliance Program
Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.
Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the SEC retaliatory language prohibition which attempts prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC langauge language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.
When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.
Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.
I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.
Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.
The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.
Three Key Takeaways
Adjust your separation agreement language to meet current SEC requirements.
Treat severed employees with respect.
Monitor, triage and respond to the hotline timely, even if you have to move other resources to do so.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/28/2017 • 12 minutes, 50 seconds
Day 26 of 30 Days to a Better Compliance Program
As they made clear with several FCPA enforcement actions in 2016, the SEC has placed a renewed interest in the accounting provisions of the FCPA, specifically the internal controls provisions. The BHP enforcement continued this trend, where there was no evidence that bribes were paid or offered in violation of the FCPA, the poor internal compliance controls at BHP led to a $25MM fine. Indeed Kara Brockmeyer, Chief, FCPA Unit; Division of Enforcement of the SEC, reiterated that the SEC was committed to protecting investors in US public companies and those which list other securities in the US, through enforcement of the accounting provisions, including internal controls provisions of the FCPA. It would seem that the reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.
What can you do around the FCPA’s requirements for internal controls and current SEC emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the FCPA Guidance. While most compliance practitioners are familiar with the Ten Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Framework as your starting point.
As a lawyer or compliance practitioner you may not be familiar with all the internal controls that you have in place. This exercise would give you a good opportunity to meet with the heads of Internal Audit, Finance and Accounting (F&A), Treasury or any other function in your company that deals with financial controls. Talk with them about the financial controls you may already have in place. An easy example is employee expense reports. Every company I have ever worked at or even heard about requires expenses for reimbursement to be presented, in documented form on some type of expense reimbursement form. This is mandatory for IRS reporting; so all entities perform this action. See how many controls are in place. Is the employee who submits the expense reimbursement required to sign it? Does his/her immediate supervisor review, approve and sign it? Does any party in the employee’s direct reporting chain review, approve and sign? Does anyone from accounts payable review and approve, both for accuracy and to make sure that all referenced expenses are properly receipted? Is there any other review in accounts payable? Is there any aggregate review of expense reports? Is there a monetary limit over which additional reviews and approvals occur?
Now if an employee has submitted expenses for activities that occurred outside the US are there are any foreign government officials involved? Were those employees identified on the expense reimbursement form? Was the business purpose of the meal, gift or other hospitality recorded? Can you aggregate the monies spent on any one foreign official or by a single employee in your expense reporting system? All of these are internal controls that can be mapped to the appropriate prong of the Ten Hallmarks or other indicia of your compliance program.
You can take this exercise through each of the five objectives under the COSO 2013 Framework and its attendant 17 Principles. From this mapping you can then perform a gap analysis to determine where you might need to implement internal compliance controls into your anti-corruption compliance program. This can lead to remedial steps that you can take. For example you can recommend procedures be written for all key compliance areas in which there are currently no procedures and your existing procedures can be updated to include compliance issues and clear definition how controls are to be evidenced. Through this you can move from having detect controls in place, to having prevent controls, whenever possible.
As a Chief Compliance Officer (CCO) or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. As I said last week, compliance is a straightforward exercise. This does not mean that it is easy; you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.
Three Key Takeaways
Learn the internal controls your company currently has in place.
Map your compliance internal controls to the COSO 2013 Framework,
Use your gap analysis as a basis for remediation.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/27/2017 • 12 minutes, 20 seconds
Day 25 of 30 Days to a Better Compliance Program
Many Chief Compliance Officers (CCOs) and compliance practitioners struggle with metrics to demonstrate revenue generation. Most of the time, such functions are simply viewed as non-revenue generating cost drags on business. This may lead to compliance functions being severely reduced in this downturn. However I believe such cuts would be far from short-sighted; they would actually cost energy companies far more in the short and long term.
In an economic downturn, I see two increasing compliance risks for companies. The first is that companies will attempt to reduce their costs by cutting their compliance personnel. A tangent but equally important component of this will be that companies that do not invest the monies needed to beef up their oversight through monitoring or other mechanisms are setting themselves up for serious compliance failures. Moreover, what will be the pressure on the business folks of such companies to ‘get the deal done’? Further, if there is a 10% to 30% overall employee reduction, what additional pressures will be on those employees remaining to make their numbers or face the same consequences as their former co-workers?
I think both of these scenarios are fraught with increased compliance risks. For companies to engage in behaviors as I have outlined above would certainly bring them into conflict with the Ten Hallmarks of an effective compliance program as set out in the FCPA Guidance. For instance on resources, the FCPA Guidance does not say in a time of less income, when your compliance risk remains the same or increases, you should cut your compliance function. Indeed’ it intones the opposite, when stating, “Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.”
The FCPA Guidance speaks to an analysis from the DOJ side, which would presumably be a criminal side review. For instance, if a company cuts its compliance staff while its risk profile has not decreased, does this provide the required intent to commit a criminal act under the FCPA? Moreover, who would be the guilty party under such an analysis? Would it be the Chief Executive Officer (CEO) who ultimately decides we need a fixed percentage cut of employees or simply a raw number to be laid off? How about the department head (as in the CCO) who is told to cut your staff 10% or we will make the cuts for you? Or is it a company’s Human Resources (HR) department?
But there is a second reason that I believe that energy companies risk profiles will increase in this industry-specific downturn. Unfortunately it will come from those employees who survive the lay offs. They will be under increased pressure to do the jobs of the laid-off folks so there will be a greater chance that something could slip through the cracks. If you are already working full time at one job and one, two or three other employees in your department are laid-off, which job is going to get priority? Will you only be able to put out fires or will you be able to accomplish what most business folks think is an administrative task?
But more than the extra work the survivors will have laid upon them will be the implicit message that some companies senior management may well lay down, that being Get the Deal Done. If economic times are tough, senior management will be looking even more closely at the sales numbers of employees. The sales incentives could very well move from a question of what will my bonus be if I close this transaction to one of will I be fired if I do not close this transaction. If senior management makes clear that it is bring in more business or the highway, employees will get that message.
Once again, where would the DOJ look for to find intent? Would it be the person out in the field who believed he was told that he or she either brought in twice as much work since there were half as many employees left after lay-offs? Would it be the middle manager who is more closely reviewing the sales numbers and sending out email reminders that if sales do not increase, there may well have to be more cuts? What about the CEO who simply raises one eyebrow and says we need to hunker down and get the job done?
Three Key Takeaways
Less personnel does not equal less risk.
Do less with less.
Increase you use of technological solutions to make your compliance program more efficient.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/26/2017 • 13 minutes, 18 seconds
Day 24 of 30 Days to a Better Compliance Program
Today, I the Holy Grail of compliance –Return on Investment—for your compliance program. In a very interesting article by Paul Healy and George Serafeim entitled, “An Analysis of Firms’ Self-Reported Anticorruption Efforts”. In this academic paper, the authors looked at the issue of not simply profitability of companies, which had more robust anti-corruption compliance programs but also what was the direct effect on the companies’ return on equity (ROE) in countries which were perceived to have a high incidence of corruption.
Not surprisingly, in countries in a low risk for corruption, there was not much difference in the sales growth for companies with robust anti-corruption compliance programs and those business which into the authors’ ‘cheap talk’ category. However when it came to growth in countries which had a high propensity of corruption, there was a dramatic difference.
When quantitative types say, “The magnitudes of the estimated coefficients are economically interesting”; it is a HUGE deal. These findings are equally large and important for the CCO or compliance practitioner. The authors conclude by making several observations. First, companies which have more robust compliance programs are from countries which have more robust enforcement and monitoring. Second the more robust your compliance program is the lower your sales growth may be but the higher your overall return in a high risk country will be going forward. Finally even if a company sustains high sales grow in a high risk country; if it does not have a robust compliance program, the sales will drop off dramatically and may well lead to negative ROE.
All of this information points to companies which are on the Ethisphere list of the World’s Most Ethical Companies and their financial performance. They have better than average financial performance because they are better run. The are on this list because they have robust finance internal controls which include compliance internal controls. To mix metaphors, robust internal controls around compliance do not slow you down but allow you to go faster and move more safely into high risk countries.
So the next time some business type tries to say that following the law by having a robust FCPA anti-corruption compliance program in place; you can correct him. Spikes in sales in high-risk countries do not translate into sustained growth and without an effective compliance program in place; your company may actually lose money.
Key Takeaways
Demonstrating ROI is the Holy Grail of compliance-use it.
Compliance helps drives sales in high risk countries.
Long term sales and profitability drop off when bribes are paid in high countries.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/25/2017 • 11 minutes, 30 seconds
Day 23 of 30 Days to a Better Compliance Program
I often write about the nuts and bolts of an effective compliance program but one of the most basic things that an effective compliance program must have is a compliance department present to ask the basic questions of compliance to and receive an answer from. I think to the DOJ and SEC this means a couple of things. First, and foremost, there must be the requisite number of resources dedicated to the compliance function. This means that a compliance department must be staffed with an appropriate number of compliance professionals to do the day-to-day basic work of compliance. Head count is always important in any corporation but there must be some minimum number of people in the compliance department to answer the phone or respond to email.
But, equally important to this resource issue is providing centralized assistance and what the FCPA Guidance says is “to provide guidance and advice on complying with a company’s ethics and compliance program”. In other words, it is up the corporation to have someone there to answer the phone but once they are in that compliance department seat, they have to actually pick up the phone and respond. It is the responsibility of a compliance practitioner to provide the guidance to company personnel who call in or email with questions. Following compliance policies and procedures is always important but to have a live person to answer questions or walk a non-compliance person through the process is a must.
In other words, if someone calls, not only does a compliance person have to be there, someone has to pick up the phone. How many times has a compliance department been called on a Friday afternoon to find that no one is there to answer the phone? But if someone is there, they have to actually pick up the phone and provide an answer. I have inveigled against the compliance function being “The Land of No”; but the situation I am discussing is where a compliance department does not or will not provide the basic answers to a person working out in the field.
The same concepts are a part of a best practices compliance program; someone must be around the pick-up and answer the phone when it rings on Friday afternoon and provide some answers to the question(s) posed.
Three Key Takeaways
Pick up the phone.
Compliance cannot be The Land of No populated by Dr. No, leave that honor to the Law Department.
The Justice Department now requires compliance expertise and competence of compliance practitioners as a part of a best practices compliance program.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/24/2017 • 12 minutes, 13 seconds
Day 19 of 30 Days to a Better Compliance Program
Every Board of Directors need a true compliance expert sitting on their Board. Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such compliance subject matter expertise at the Board level?
An arm of the US government has recognized the need for such expertise at the Board level. In 2015 the Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.
Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.”
Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.
Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.
Key Takeaways
Boards must have compliance expertise.
Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/20/2017 • 10 minutes, 4 seconds
FCPA Compliance Report-Episode 301, Jonathan Armstrong
In this episode I visit with Jonathan Armstrong about the UK portion of the Rolls-Royce global anti-corruption settlement. We discuss the UK Deferred Prosecution Agreement, how it came about, what it might mean for the Serious Fraud Office going forward and how the judicial review of the UK DPA process adds a level of transparency not seen in the United States DPA practice.
For more on the Rolls-Royce settlement see:
Cordery Compliance client alert, click here.
FCPA Compliance Blog articles on the settlement, Part I and Part II
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/19/2017 • 20 minutes, 46 seconds
Day 18 of 30 Days to a Better Compliance Program
Continuous improvement requires that you not only audit third parties but also monitor whether employees are staying with the compliance program. In addition to the language set out in the FCPA Guidance, two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.
Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. Many compliance practitioners understand you should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.
Yet ongoing monitoring is not limited to the financial component of compliance. The concept is straightforward; at regular intervals you can sweep through your company email database for identified key words that can be flagged for further investigation, if required. The beauty of this approach is that does not require an extensive eDiscovery software tool or license purchase. It can be accomplished generally in two days or less. Also it is not limited to anti-corruption compliance but any of the risk factors identified for your company.
The objective of this approach is to ‘find the smoke’ which may be the evidence of a compliance breakdown (and related fire) by sweeping through emails is to uncover those that may contain real issues. From this starting point, you can assess and prioritize, by checking and verifying that there are issues worth investigating. From here you can identify the issues you want to investigate first. Further, and if warranted, you can invoke your investigation protocol, with all the requisite protections and securities.
In addition to the cost effectiveness of this approach, in that you are only paying for the services when you need them and as they are delivered, this approach satisfies the Tom Fox mantra of Document, Document, and Document because everything you have done can be verified and audited. Finally, as the regulators continue to evolve in their understandings and appreciation of a best practices compliance program, you will evolve your compliance program to a new level of detection that could well allow you to have a more robust prevent mode. When your compliance program has a strong prevent prong, it can be the most effective to stave off anything issues from becoming Foreign Corrupt Practices Act (FCPA) violations.
Continuous improvement through continuous monitoring will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based upon new and updated best practices specified by regulators. A compliance program is a continuously evolving organism, just as your company is continually improving its business processes. The FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.”
Three Key Takeaways
Ongoing employee monitoring is a standard tool of an effective compliance program.
Focus your email sweeps on a high risk product, business unit or region.
Use your findings. Review, analyze and act.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/19/2017 • 12 minutes, 1 second
Everything Compliance-Episode 5
Show Notes for Episode 5, Year End Review, Part II
We turn to the 2016 year in review, in this Part II of a two-part series.
Jonathan Armstrong leads a discussion on Privacy Shield, information and data privacy issues the past year.
Mike Volkov relates what he saw as the top enforcement highlights from 2016, the block-buster year for FCPA fines and penalties and the growing trend of globalization of enforcement. Matt Kelly discusses the arrival of front pay, and general escalation of retaliation risk for company’s vis-a-vis whistleblowers, ideas on auditing corporate culture and what types of data and information should go on a compliance dashboard.
For Matt’s posts on these topics see the following:
Another Front in Retaliation Risk: Front Pay
Ideas on Auditing Organizational Culture
What Goes on a Compliance Dashboard?
Rants will return next week.
The members of the Everything Compliance panel include:
Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/19/2017 • 57 minutes, 19 seconds
Day 17 of 30 Days to a Better Compliance Program
One of the more prescient authors I know is Ryan C. Hubbs, who in 2014, wrote an article for Fraud Magazine entitled “Shell Games”. Shell companies can come in different shapes and sizes. Shelf companies are those formed but not used for a long period of time. This provides the facade of appearing. Finally this type of fraud needs directors and nominees to fill out the package and provide the aura of legitimacy. The final area of concern is ‘hot spot’ or one location which is the home for multiple shell companies.
In your basic research do not limit your search to the International Consortium of Investigative Journalist’s database of companies listed in the Panama Papers themselves. Initially this database is reported to only have listed 5-7% of the world’s shell companies. Some of the basic questions you should be looking at from your own data and information such as information mis-matches around address, phone, fax, ship to, bank, cell contact. Also consider whether incoming/outgoing wire transfer documents to determine if payments are forwared to or received from an unrelated third party.
Some specific reviews and steps you can take in public source information includes the following:
Review web history. In this day and age, if a company or person does not have an active, up and running website, it should immediately raise a red flag.
Review public records searches to identify owners and tracking to known associates. There is a variety of information, which a competent due diligence provider can search. Public records are an important source of information to link entities and individuals.
Mapping the network. This is a key step as you must be able to document the linkage between all the information uncovered. You should map every scrap of information you uncover.
‘Whois lookup’ for domain ownership, IP addresses. Using “Whois lookup” search engines, you can discover” such information as: domain ownership, IP addresses, the physical addresses of websites, the website administrators and their contact information and finally website creation dates.
Evaluating online presences. Shell incorporators have difficulty fabricating an active and robust online presence because these companies technically do not exist. Some indicia of online authenticity include a properly designed website, which has other online content. There should be periodic and regular updates of information. Finally, there should be legitimate email addresses for contacting the company which are associated with a legitimate website address.
Three Key Takeaways
Do you have a mechanism to review your own vendors and agents for shell companies?
Do not forget the open source tools available to you.
Review your previously approved third parties in light of the Panama Papers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/18/2017 • 12 minutes, 53 seconds
Compliance into the Weeds-Episode 25
In this episode Matt Kelly and I take a deep dive into a couple of recent SEC enforcement actions. The first involved L-3 Technologies and accounting irregularities. The second involves BlackRock and the continued issues around pre-taliation. We connect these enforcement actions to broader issues involving the COSO 2013 Framework, the DOJ mandated expertise in compliance, a speak-up culture and remedial actions. For additional information, check out Matt's blog posts on these topics:
Lessons Galore in New SEC Internal Controls Case; and
SEC Dings BlackRock for Pre-Taliation Clauses.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/18/2017 • 23 minutes, 25 seconds
Day 16 of 30 Days to a Better Compliance Program
Many compliance practitioners often inquire how to set up a data analysis program and how to use it to help monitor for a compliance program. I draw from Joe Oringel, co-founder of Visual Risk IQ for the firm’s five-step process for any analytics project. The steps are: (1) Brainstorming, (2) Acquire and Map Data, (3) Write Queries, (4) Analyze and Report, and (5) Refine and Sustain.
Step 1 - Brainstorming
It all begins with Step 1, brainstorming. Any data analysis project in a compliance setting, or any business context, begins by picking the business questions to answer with data. So in an initial meeting, you could ask one or more of the following opening questions: What do we expect to find if we do a detailed review of this data? What policies should have been followed? What would a mistake or even fraud look like? The data to be reviewed could be expense reports, accounts payable invoices, or sales contracts. The key to successful brainstorming is to identify the questions you want to ask and answer, and then identify the digital data sources that can best answer these questions. This process should be iterative, with questions being refined based on the available sources of digital data.
Step 2 - Acquire and Map the Data
Acquiring and mapping data can be a technical step, but most modern software can create files that can be easily read by basic data analysis software, such as Microsoft Excel, as well as more advanced tools. Mapping data is simply identifying, naming, and categorizing the data fields (e.g. text, dates, numbers) so that the software tool can best interpret the data for analysis. Once the data is loaded into the analysis tool, control totals should be compared to source systems for completeness and accuracy. Oringel recommends comparing record counts, grand totals, and even selected balances for a sample of records to make sure that nothing was lost in translation into the data analysis tool.
Step 3 - Writing the Queries
While writing queries surely sounds technical, it can be quite simple. Sorting data from oldest to newest or biggest to smallest is often only a few clicks of the mouse. Once sorted by several different columns, business insights can be quick. Writing queries is simply writing the business questions you laid out in the brainstorming session, and using software in a way that makes it easy to understand the answers.
Step 4 - Analyze and Report Results
You should summarize the results of data analysis into visual form, for example by showing color, size, and location in a graph, so that the compliance practioner can understand what has happened, quickly see the data and conclude whether the picture supports a decision of whether the transaction was or was not compliant and if required, an action step becomes apparent.
Step 5 - Refine and Sustain
That brings us to Step 5, which Oringel identified as refine and sustain. Part of this step is about about fixing the root cause of any problem identified through data analysis. I certainly believe one of the key functions for any compliance practitioner, and one of the first things you should do, is to make sure any violations of your policies and procedures do not move to an illegal conduct stage.
Three Key Takeaways
What information to you want to look at?
Once you analyze it, you must take appropriate remedial steps.
Data analysis is a continuous feedback loop.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/17/2017 • 13 minutes, 56 seconds
FCPA Compliance Report-Episode 300, Matt Ellis
In this episode, I visit with Matt Ellis, a partner at Miller & Chevalier. Ellis has recently published his first book The FCPA in Latin America. Ellis' discusses why he wrote the book, some of the key issues around FCPA compliance in Latin America and debunks the myth that Latin Americans desire bribery and corruption in their business dealing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/17/2017 • 29 minutes, 13 seconds
Day 15 of 30 Days to a Better Compliance Program
What if you want to take you post-training analysis to a higher level and begin to consider the effectiveness through your return on investment (ROI)? Joel Smith, the founder of Inhouse Owl, a training services provider, advocates performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. Smith admits that calculating legal ROI is very difficult as ethical and compliance behavior is an end-goal and of itself - not necessarily one that everyone feels should be subject to a ROI calculation.
Smith noted, “it is extremely difficult to isolate the training effect to calculate what costs you avoided due solely to your ethics and compliance training. Although each organization will have a unique ROI measurement due to unique training objectives, it is possible to use a general formula to calculate ethics and compliance training ROI.”
Smith’s model uses four factors to help determine the ROI for your ethics and compliance training, which are: (1) Engagement, (2) Learning, (3) Application and Implementation, and (4) Business Impact. These four factors are answered through posing the following questions.
Figure out what you want to measure (i.e. what’s the “benefit”?) Before you ever train an employee, you should have a goal in mind. In the FCPA, you want them to avoid ethical and non-compliant actions that would lead to FCPA violations.
Were employees satisfied with the training? What is their engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job.
Did employees actually learn anything? If you want to understand the “benefit” of training employees, you must know whether they actually learned anything during training.
Are employees applying your training? You should determine employee application and their implementation of the training topics, with employee surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations.
What’s the quantitative business impact of your training? There are two parts to the business impact calculation: (1) the benefit calculation and (2) the isolation calculation. Determine with these 5 questions.
How often could a noncompliance event occur?
How much revenue would be involved?
What is the profit margin on the revenue?
What are the other costs?
What are the noncompliance hard costs?
Now it is time to calculate the ROI. Here I turn to the formula as laid out on Smith’s company website: “Total FCPA Noncompliance Costs Avoided - Total FCPA Training Program Costs ÷Total FCPA Training Program Costs ($20,000) x 100=ROI”. Smith concludes by noting, “Even though calculating training benefits is often difficult and imprecise, it’s incredibly important to make an attempt to quantify training ROI” to demonstrate not only effectiveness but also “so you can show business people the incredible effect that engaging training can have on the bottom line.”
The importance of determining effectiveness and the evaluation of your ethics and compliance program is becoming something that is emphasized more by the Department of Justice (DOJ). Beginning last fall, we started to hear that the DOJ wants to see the effectiveness of your compliance program. This is something that many Chief Compliance Officers (CCOs) and compliance professionals struggle to determine. Both the simple guidelines suggested by the Biegelmans and the more robust assessment and calculation laid out by Smith provide you with formulae you can use going forward.
Three Key Takeaways
You need to know the effectiveness of your compliance training.
What is the quantitative business impact of your compliance training?
What is the qualitative business impact of your compliance training?
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/16/2017 • 13 minutes, 51 seconds
Day 14 of 30 Days to a Better Compliance Program
For compliance training to be effective its needs to risk-based in its focus. This means employees with highest risk of exposure to bribery and corruption need to receive the highest levels of training and refreshers. From there you can tailor your training down to an appropriate level for those less at risk.
The risk ranking of employees is usually considered in a tripartite structure of (1) high-risk, (2) medium risk and (3) low risk. High-risk employees can be defined as those employees whose roles in your company can significantly impact the company. Medium risk employees can be defined as those employees who face risk on regular basis or present a moderate level of negative impact to a company if they mishandle the risk. Low risk employees can be considered those employees with a low likelihood of facing the attendant risk. Through the risk ranking process, you have internalized the admonition that one size does not fit all in deciding the content and intensity of training needs for each role or individual. You should be now ready to design your compliance training.
The first step is to define what you are trying to achieve in your compliance training. This certainly means more than simply ‘check-the-box’ training and when implementing compliance training you have put some significant time and thought into it. It should be well designed to the targeted group of employees who will receive it. Your compliance training can and should have several business-related goals, in addition to specifics of anti-bribery laws such as the FCPA. These include identifying the business objectives of engaging in commerce in a legally compliant manner; managing threats which may come to employees you have identified as high-risk and the business opportunities afforded if you have sufficient compliance systems in place to prevent bribery and corruption. Moreover, you can present tangible business benefits if you address these issues in a positive manner. Finally, such focused training can and should help to ensure integrity and the company’s reputation by strengthening your business culture and ethical conduct.
You are now ready to design your compliance training, with the above goals in mind. You should include the development of curriculum using a risk-based model and set uniform methods for acquiring content, maintaining records and reporting. This should be followed by the establishment of standards for selecting appropriate content, delivery methods, frequency, and assurance based on risk exposure. You can review any technological solutions for both e-learning delivery and documentation. Lastly, you will need to consider training content revision when requirements or risk analyses change.
After the design of the training program, the next level is to design the specific training courses. Here you should establish your learning objectives and map the training to legal and competency requirements. You must always remember who your audience is and what their characteristics might be. For the high-risk employee, you will need focused training so that they will be able to act with confidence in a wide range of scenarios and conditions based on a strong understanding of the risks, requirements and penalties. For the medium risk employee, compliance training should include scenarios so that they know the risks, requirements and penalties and should be able to apply their knowledge to common scenarios using standards and tools given to them. For the low risk employee, they should be made aware of the risks, requirements and penalties as well as your entity’s expectations about how to address it. They should know relevant policies and procedures and where to get assistance in addressing a risk or making a behavior decision.
Now you need to determine the most appropriate mechanism to deliver the content of your compliance training. You can use a variety of methods for each of the designed risk based rankings. The delivery of compliance training for high-risk employees should be repeated frequently using several methods of delivery. You can include ongoing risk profiling of individuals through assessment of behavior choices in online courses or live simulation exercises. Additionally, you should work to determine the effectiveness of your compliance training to this group through testing and certification. For your medium risk employees, your compliance training should have content to make them proficient in the subject, be refreshed periodically, use a mix of modes of delivery, both live and online, and have methods to demonstrate evidence of understanding. To address the content required for low risk employees it can be done largely through online training, again you will need to make sure the material is reviewed and updated on an as needed basis.
Three Key Takeaways
Identify your goals.
Risk rank your target audiences and risk base your training.
Develop multiple forms of training delivery mechanisms.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/15/2017 • 13 minutes, 14 seconds
Day 13 of 30 Days to a Better Compliance Program
You should work to create an action plan to use your data. But never forget you need to get your digital information right. That means several sources of data to help you choose the best course of action. Earlier this year, Deadspin reported on a joint investigation between BuzzFeed UK and the BBC, in an article entitled “The Tennis Racket”, which looked at what they believed was suspicious betting in professional tennis matches. They used a transactional analysis to come up with the players involved and matches they allegedly fixed at the behest of gamblers. This use of data analysis pointed to this key lesson, data analysis is only the starting point in any investigation. You need to review other data to make an action plan. Other sources of information might include interviewing witnesses, reviewing documents, looking at injury factors that might have influenced the outcome of tennis matches. It is not simply enough to identify suspicious activities, you need to determine the facts behind the numbers and then analyze both the numbers and the facts. If warranted, remedial action would then be appropriate. Any best practices program should prevent, detect, and remediate.
Another important point is the integration of compliance data into your overall business strategy. One area that compliance is often criticized is that it does not support an overall business goal. By determining a way to use compliance analysis from your data in a manner that supports the business unit going forward, compliance can become an input into business strategy. An example might be in your sales models. Does your business use employees, commissioned sales representatives or entities such as distributors to sell? All of these present not only different types of compliance risks but different types of compliance solutions. By building relationships with all levels throughout the company, you will have the opportunity to move into the trusted business partner realm.
This also means looking outside the compliance discipline for inspiration and innovation. Design thinking can be a key way for you avoid getting stuck in a specific paradigm inside your own organization. Think about what your internal or external clients will need to be able to do business in compliance, with the top risk management in place to allow them to move forward. Finally, practice transparency. Remember you are not the legal department, keeping information close to your vest. The compliance mandate is different. If a problem arises, the first job of the CCO is to fix the problem.
Key Takeaways
You must get the data right by looking at several sources before coming to any conclusion.
Data can assist the compliance function to aid the business unit to make quantitative and qualitative decisions.
Look outside the compliance function for innovation and inspiration.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2017 • 18 minutes, 50 seconds
This Week in FCPA-Episode 35
Show Notes for Episode 35, week ending January 13, the Friday the 13th edition
Hernandez and Beech FCPA guilty pleas. Hernandez Criminal Information, Beech Criminal Information.
VW guilty plea in emissions-testing scandal. Link to article in New York Times.
VW executive Oliver Schmidt arrested in US. See article on FCPA Compliance and Ethics Blog.
Zimmer Bio-Met in follow-up FCPA enforcement action. See article on FCPA Blog.
Mondelez FCPA enforcement action. See SEC Cease and Desist Order and article on FCPA Compliance and Ethics Blog.
Supreme Court to take up 5 year statute of limitations for profit disgorgement under Securities Act, which applies to FCPA enforcement actions brought by SEC. Article in Law360.
NFL Playoff update on Patriots, Cowboys and Texans.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/14/2017 • 34 minutes, 50 seconds
Day 12 of 30 Days to a Better Compliance Program
You should work to create a culture of data in your compliance program. This comes from an understanding that data is a product, which you can consume internally in the compliance function. Your data is a corporate asset so why not use it. That is a key point that you should recognize. Yet data is not simply big or even scary. It is information that you can use in helping you make better decisions. The CCO needs to find a way to deliver compliance analytics in a manner that is timely within your company’s everyday decision-making calculus.
One of the biggest misunderstandings about using data is that compliance practitioners tend to be myopic. They only look at individual data when it is more useful to know what a population of people are doing. As a CCO how many times have you heard something along the lines of “If we look we might find something”. This defensive attitude can keep you from making use of some of the most useful information to you, your own data. The more transparency there was involving data, the less they thought of it as a liability.
A key insight for the compliance function the democratization of data access has allowed companies to become much more data oriented in decision making. So do not hoard your data. This means more than simply using it but also making it available to the business folks to help them to make their decisions more in compliance. This transparency will not only improve the quality of your decision making but it should also allow you to bring more robust compliance analysis into the fabric of your organization.
Innovation in compliance is really nothing new. Best practices compliance programs have evolved from as far back as the Metcalf and Eddy enforcement action, through Opinion Release 04-02, to the current Ten Hallmarks of an Effective Compliance Program as set out in the FCPA Guidance. Even within these frameworks there has always been evolution of compliance. This is to be embraced because the consequences of not doing so are too catastrophic.
All of this means that compliance should use data to help establish a culture of innovation in the compliance function. Every CCO should be looking beyond today. Arnold & Porter LLP partner Stephen Martin has long advocated a one, three and five year compliance program outlook that you should regularly review and update. From the data perspective you should consider what this might mean from a technological perspective and how you can enable that transformation going forward.
Key Takeaways
Look at aggregations of data to spot trends.
The more transparency you have in data the less potential there is for liability going forward.
Data is a product and compliance should consume data.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/13/2017 • 9 minutes, 10 seconds
Day 11 of 30 Days to a Better Compliance Program
You should employ a 6-step process to revising your Code of Conduct.
Get buy-in from decision makers at the highest level of the company
Your company’s highest level must give the mandate for a revision to a Code of Conduct. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort.
Establish a core revision committee
You should create a cross-functional working group should head up your effort to revise your Code of Conduct. It can include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally, there should be functions within the company represented such as finance and accounting, IT, marketing and sales.
Conduct a thorough technology assessment
The foundation of the revision process is how your company captures, collaborates and preserves the decisions during the revision. Use should utilize the technology available to you to do so. This is also important in your distribution plan, particularly if the Code will only be available in hard copy.
Determine translations and localizations
The DOJ and SEC require a local language component. You need to use translations experts and know what they are doing when it comes to translations. Everyone must have the same understanding of the company’s Code-no matter the language.
Develop a plan to communicate the Code of Conduct
You should use the full panoply of tools available to it to publicize your new or revised Code of Conduct at roll-out. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide Code of Conduct meeting where the new or revised Code is rolled out across the company all in one day. Also remember, you must document that each employee receives it.
Stay on Target
If you set realistic expectations you should be able to stay on deadline and stay within your budget. Do not be distracted by other issues that might arise during the process.
Key Takeaways
When did you last revise your Code of Conduct?
You must have senior management buy-in to successfully revise your Code of Conduct.
Keep your eye on the ball.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/12/2017 • 11 minutes, 48 seconds
FCPA Compliance Report-Episode 299, Philip Urofsky
In this episode, I visit with Sherman & Sterling partner Phillip Urofsky who leads a team which produced the the 2017 FCPA Digest, one of the top annual compendium of annual FCPA reviews of the prior year's enforcement actions and related issues. We discuss the following:
Any trends or highlights that observed in the Digest;
How cases of Qualcomm, JPMorgan, and VimpelCom reflect new expansions of regulators’ views as to the scope of the term “anything of value” in FCPA bribery cases;
Why the ruling in the SEC’s ongoing case against the Magyar executives upheld a novel theory on the Commission’s jurisdiction to enforce the FCPA;
His thought on the Pilot Program; is it as a success? Where might it go after this first year? Will it be renewed or made permanent?
Do the Embraer and Odebrecht cases portend greater global anti-corruption enforcement?
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/12/2017 • 35 minutes, 31 seconds
Compliance into the Weeds-Episode 24
In this episode Matt Kelly and myself take a deep dive into the compliance weeds by looking at a paper written by then SEC General Counsel James Doty (later head of the PCAOB) in 2007 where he proposes a regulatory scheme for FCPA compliance. Matt and I discuss the pros and cons and how the SEC Chairman designate Jay Clayton may view the issues. We then take a brief look at the arrest of VW executive Oliver Schmidt and both conclude that it presents ZERO problems for any Chief Compliance Officer or compliance practitioner going forward.
For additional reading, see
Matt Kelly blog post on Doty article, "Ye Olde Plan for FCPA Compliance";
Matt Kelly blog post on Oliver arrest, "Enough About CCO Liability"
Tom Fox blog post on Oliver arrest "Honey I Think We Should Vacation at Home this Year"' and
Jim Doty article "Toward a Reg. FCPA: A Modest Proposal for Change in Administering the Foreign Corrupt Practices Act"
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2017 • 27 minutes, 8 seconds
Day 10 of 30 Days to a Better Compliance Program
A company that does not perform adequate due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps, most commonly, inadequate due diligence can allow a course of bribery to continue - with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. Equally important is that if a company engages in the suggested actions, they will go a long way towards insulating, or at least lessening, the risk of FCPA liability going forward.
Pre-Acquisition Risk Assessment
It should all begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk exposure, such as best/worst case scenarios. A pre-acquisition risk assessment could also be used as a “lens through which to view the feasibility of the business strategy” and help to value the potential target.
The next step is to develop the risk assessment as a base document. From this document, you should be able to prepare a focused series of queries and requests to be obtained from the target company. Thereafter, company management can use this pre-acquisition risk assessment to attain what might be required in the way of integration, post-acquisition. It would also help to inform how the corporate and business functions may be affected. It should also assist in planning for timing and anticipation of the overall expenses involved in post-acquisition integration. These costs are not insignificant and they should be thoroughly evaluated in the decision-making calculus.
It is also important that after the due diligence is completed, and if the transaction moves forward, the acquiring company should attempt to protect itself through the most robust contract provisions that it can obtain, these would include indemnification against possible FCPA violations, including both payment of all investigative costs and any assessed penalties. An acquiring company should also include reps and warranties in the final sales agreement that the entire target company uses for participation in transactions as permitted under local law; that there is an absence of government owners in company; and that the target company has made no corrupt payments to foreign officials. Lastly, there must be a rep that all the books and records presented to the acquiring company for review were complete and accurate.
Post-Acquisition Integration
There are generally three things a company must do in the M&A context, post-acquisition. They are immediately train high-risk employees of the newly acquired entity, perform a FCPA forensic audit and integrate the newly acquired company into the purchaser’s compliance program. One other factor is that if the purchaser uncovers FCPA violations they must be stopped at once and reported to the DOJ. It is critical to remember that once an acquired entity is folded into your organization, it is not committing FCPA violations on its own, your company is now the FCPA-violator. However, even if the prior entity did engage in FCPA violations and your investigation uncovered them and you stopped them and then you reported them to the DOJ, your company will not receive any springing FCPA liability.
All of this must be done in fairly strict time frames. You basically have 12 months to complete your training and integrating the acquired entity into your compliance program. You have 18 months to complete your forensic audit and then self-disclose the results to regulators if you discover a legal violation. The clock is ticking and you need to be prepared to move forward expeditiously.
Key Takeaways
When did you last revise your Code of Conduct?
You must have senior management buy-in to revise your Code of Conduct.
Use all tools available to distribute your Code of Conduct.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/11/2017 • 14 minutes, 6 seconds
Day 9 of 30 Days to a Better Compliance Program
No area has become more challenging in compliance than continuous improvement. The FCPA Guidance specifies that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” Continuous improvement requires that you not only audit but also monitor whether employees are staying with the compliance program. In addition to the language set out in the FCPA Guidance, two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs. One tool that is extremely useful in the continuous improvement cycle, yet is often misused or misunderstood, is ongoing monitoring. This can come from the confusion about the differences between monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance variances in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis across a wide spectrum of data and information. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. Although unique in protocol, however, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to further investigate the issue. Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local Finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance. What should you do with this information? I would suggest that you have a strategic plan in place ready to implement your findings of continuous improvement, by using the following: Review the Goals of the Strategic Plan. Design an Execution Plan. Put Accountabilities in Place. Schedule the Next Review of the Plan. Continuous improvement through continuous monitoring or other techniques will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based upon new and updated best practices specified by regulators. A compliance program is in many ways a continuously evolving organism, just as your company is. You need to build in a way to keep pace with both market and regulatory changes to have a truly effective anti-corruption compliance program. The FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.” Key Takeaways Where has your compliance program been, where is your compliance progam now and where is your compliance program going. Determine what technological improvements might help improve your compliance program. You should have a one, three and five year compliance plan that you update regularly. For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2017 • 15 minutes, 29 seconds
FCPA Compliance Report-Episode 298, Leona Lewis
In this episode I visit with Leona Lewis, the founder and host of the podcast Masters of Disaster. She reflects on her experiences over the past 18 months of podcasting; what she learned, what surprised her and she highlights some of her more memorable podcasts and guests.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/10/2017 • 24 minutes, 42 seconds
Day 8 of 30 Days to a Better Compliance Program
The FCPA Guidance has about as clear, concise and short a statement about hotlines than any other Tenet of an Effective Compliance Program. It states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” But more than simply hotlines, companies have to make real efforts to listen to employees. But you must spend time working on this issue. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.
The reason is that its own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the US Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.
What are some of the best practices for a hotline? I would suggest that you start with at least the following:
Availability.
Anonymity.
Escalation.
Follow-Up.
Oversight.
In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.
I would emphasize, yet again, that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.
What is your FCPA Investigation Protocol?
With the advent of the Securities and Exchange (SEC) Whistleblower Program, courtesy of Dodd-Frank, it is imperative that a company quickly and efficiently investigate all hotline reports. This means you need an investigation protocol in place so that the entire compliance function is on the same page and knows what to do. The following is a suggested starting point.
Step 1: Opening and Categorizing the Case.
Step 2: Planning the Investigation.
Step 3: Executing the Investigation Plan.
Step 4: Determining Appropriate Follow-Up.
Step 5: Closing the Case.
Three Key Takeaways
1.Pre-taliation is becoming a more important SEC enforcement tool.
2. Test your hotline on a regular basis to make sure it is working.
3. Utilize social media for both tips and reports and to spot trends.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/9/2017 • 12 minutes, 49 seconds
Day 7 of 30 Days to a Better Compliance Program
There are five steps in the life cycle of third party management.
Business Justification and Business Sponsor;
Questionnaire to Third Party;
Due Diligence on Third Party;
Compliance Terms and Conditions, including payment terms; and
Management and Oversight of Third Parties After Contract Signing.
Step 1 - Business Justification
The first step breaks down into two parts:
Business Sponsor
Business Justification
The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.
Step 2 - Questionnaire
The term ‘questionnaire’ is mentioned several times in the FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party.
One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.
Step 3 - Due Diligence
Most compliance practitioners understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner.
Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK MOJ stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique.
Step 4 - The Contract
You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.
After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 - the contract. In the area of compliance terms and conditions, the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.
Step 5 - Management of the Relationship
I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.
Final Thoughts
I continually give my Mantra of FCPA compliance, which is Document, Document, and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.
Three Key Takeaways
Use the full 5-step process for 3rd party management.
Make sure you have BD involvement and buy-in.
Utilize continuous due diligence going forward.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/8/2017 • 12 minutes, 50 seconds
30 Days to a Better Compliance Program-Day 6
The FCPA Guidance states, that “In addition to evaluating the design and implementation of a compliance program throughout an organization, enforcement of that program is fundamental to its effectiveness. A compliance program should apply from the board room to the supply room—no one should be beyond its reach. DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation. Many companies have found that publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”
This means you need to have recognized incentives for doing business under your Code of Conduct and in fulfillment of your compliance policy and procedures. Incentives can be immediate such as cash bonuses or other awards or more long term, such as promotion within an organization. Conversely, if someone violates your Code of Conduct, there needs to be consequences for such violation.
Incentives
There are some general ideas around incentive, which you can implement as compliance incentives do not have to be extravagant or groundbreaking. Even rather plain vanilla incentives can work if you deliver it consistently, if you make the rewards visible, as the FCPA Guidance states, “Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.” Lastly, make certain that your compliance incentives can be implemented on all levels within your organization.
Promotions
Another important part is around promotion of employees up to senior management. Human Resources (HR) could help you in compliance lead the effort to promote only employees who demonstrate a commitment to doing business in compliance. Once again the Fair Process Doctrine is critical here as a part of ongoing employee evaluations and promotions. If your company is seen to advance and only reward employees who achieve their numbers by whatever means necessary, other employees will certainly take note and it will be understood what management evaluates, and rewards, employees upon. I have often heard the tale about some Far East Region Manager which goes along the following lines “If I violated the Code of Conduct I may or may not get caught. If I get caught I may or may not be disciplined. If I miss my numbers for two quarters, I will be fired”. If this is what other employees believe about how they are evaluated and the basis for promotion, you have lost the compliance battle.
Discipline
The types of discipline within a company are fairly standard. Most generally it is any negative consequence, up to and including termination. However, I believe that the key to discipline is procedural fairness and this will help to bring bring credibility to your compliance program. Procedural fairness also goes by the moniker of the Fair Process Doctrine and this Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in processes involving rights.
Discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.
Three Takeaways
Always remember and employ the Fair Process Doctrine.
Discipline must be administered fairly throughout your organization and across the globe.
Consider the compliance angle in promotions.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2017 • 13 minutes, 24 seconds
This Week in FCPA-Episode 34
In this episode Jay Rosen and I take a dive into the General Cable FCPA enforcement action, consider the 'Invisible Hand' of regulatory enforcement, corporate response and innovation. We explain how these three factors combine in an 'Invisible Hand' to form a continuous improvement loop of compliance program innovation. It leads developments from cutting edge to best practices to becoming a routine part of an effective compliance program. We discuss the upcoming NFL divisional round of playoffs and conclude with Jay previewing the Jay Rosen Weekend Report. For more information on the General Cable FCPA enforcement action, check out my three-part blog post series.
Part I-the Bribery Schemes
Part II-the Comeback
Part III-the Denouement
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/7/2017 • 25 minutes, 30 seconds
30 Days to a Better Compliance Program-Day 5
Welcome to Day 5 of 30 Days to a Better Compliance Program. Today, I focus on training, ongoing communications and the use of social media in a best practices compliance program.
Training
The communication of your anti-corruption compliance program is something that must be done on a regular basis to ensure its effectiveness. The FCPA Guidance explains, “Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”
One of the key goals of any FCPA compliance program is to train company employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. Beginning in the fall of 2015 through the announcement of the FCPA enforcement Pilot Program, the Justice Department began to talk about whether you have determined the effectiveness of your training.
Communication and Use of Social Media
Next you need to consider the messaging of compliance inside of your corporation and how it is distributed. This means that you will need to work to hone your message but also continue to plug away to send that message out. I think the Morgan Stanley Declination will always be instructional as one of the stated reasons the Department of Justice (DOJ) did not prosecute the company as they sent out 35 compliance reminders to its workforce, over 7 years. Social media can be used in the same cost effective way, to not only get the message of compliance out but also to receive information and communications back from your customer base, the company employees.
In a compliance program, your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.
Three Key Takeaways
You need to demonstrate the effectiveness of your compliance training.
Ongoing communications from compliance is an often overlooked tool in compliance.
Utilize innovative social media techniques to communicate and train.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/6/2017 • 12 minutes, 10 seconds
30 Days to a Better Compliance Program-Day 4
Welcome to Day 4 of 30 Days to a Better Compliance Program. Today we tackle risk assessments. One cannot really say enough about risk assessments in the context of anti-corruption programs. The FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” The simple reason is straightforward; one cannot define, plan for, or design an effective compliance program to prevent bribery and corruption unless you can measure the risks you face.
What Should You Assess?
What risks should you assess? There are a number of ways you can slice and dice your basic inquiry. The FCPA Guidance states, “Factors to consider, for instance, include risks presented by: the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” Another way is to break the risk areas to evaluate down into the following categories: (1) Company Risk, (2) Country Risk, (3) Industry-Sector Risk, (4) Transaction Risk and (5) Third-Party Risk.
How Should You Assess Your Risks?
Risk assessments can be performed in a variety of ways. You can use some basic tools such as personal or telephone interviews of key employees; surveys and questionnaires of employees; and review of historical compliance information such as due diligence files for third parties and mergers and acquisitions, as well as internal audits of key offices. Another level might be a deeper dive into high risk countries, high risk business areas an more detailed review of your third party representatives.
How do You Evaluate a Risk Assessment?
Once risks are identified, they are then rated according to their significance and likelihood of occurring, and then plotted on a heat map to determine their priority. The most significant risks with the greatest likelihood of occurring are deemed the priority risks, which become the focus of the audit/monitoring plan. You should prepare a risk matrix detailing the specific risks you can relative remediation requirements identified and relevant mitigating controls.
Three Key Takeaways
Assess the risks relevant to your company.
Document your risk assessment protocol and results.
The evaluation of your risks and remediation therefrom.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/5/2017 • 11 minutes, 48 seconds
Compliance into the Weeds-Episode 23
In this episode Matt Kelly and I take a deep dive into 6 compliance issues you should keep an eye on in 2017. They include the Wal-Mart FCPA resolution, the future of the FCPA Pilot Program, the SEC Whistleblower program, the Next PCAOB Chairman, the future of new overtime rules and finally the Barclay's trial for mortgage fraud in the context of the 2008 financial crisis. We also take a look at the GOP attempt to denude the Office of Congressional Ethics and their immediate reversal in the face of intense criticism. For additional reading check out Matt's two blogs on these subjects: Ethics, Politics, and Optics in New Washington and Six Compliance Events to Watch in 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/5/2017 • 25 minutes, 12 seconds
30 Days to a Better Compliance Program-Day 3
Welcome to Day 3 of 30 Days to a Better Compliance Program. Today I want to consider the Chief Compliance Officer (CCO) in your organization, through three prisms: access, resources and opportunities.
Access
What access does your CCO have to the top decision makers in your organization? While it really does not matter whether the CCO reports to the CEO, Board or GC; it does matter that the CCO have direct access to corporate decision maker.
Resources
This means both head count of personnel to operate your compliance function and the money available to implement the appropriate technology to sustain an effective compliance program. If your compliance team is run on a shoestring, you will likely be downgraded for your overall commitment to doing business in compliance with the FCPA. Put another way, if you spend more on paper clips than on your compliance program, your compliance program may well be under-funded.
CCO Pay, Opportunity and Expertise
In the Pilot Program, the DOJ laid out another important element for every compliance program, which is expertise of your CCO and compliance function. I think the clear implication is that the DOJ will even look at salaries. Once again if a company tries to get by on the cheap, it may certainly come back to bite them in the end. Finally the DOJ has made clear that compliance is part of the corporate family by even requiring that the CCO have opportunities for advancement with the corporation at the senior management level and that the compliance function shall be afforded similar opportunities.
Three Key Takeaways
The CCO must have access to the highest levels of your organization.
The CCO must have adequate money and personnel resources to perform the function.
The CCO must be qualified, appropriately compensated and have opportunity for advancement within the organization.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2017 • 11 minutes, 57 seconds
Everything Compliance-Episode 4
Show Notes for Episode 4, Year End Review, Part I
We turn to the 2016 year in review, in this Part I of a two-part series.
Jonathan Armstrong leads a discussion on a very interesting UK Bribery Act enforcement action out of Scotland involving the Braid Group Ltd. It has some very significant implications for Bribery Act enforcement actions going forward. He also discusses the continued evolution of the UK DPA process and who it all works into the burgeoning global anti-corruption enforcement we saw in 2016.
For Cordery’s piece on the Braid case, click here.
For Cordery’s piece on the continued evolution of the UK DPA practice, click here.
Jay Rosen takes us through a Paul Krugman NYT post on some of the invidiousness of corruption, focusing on the corrupting nature of compliance around undue influence. Rosen explains incentives more than anything else and how such incentives skew the marketplace. He asks a couple of provocative questions. First are there too many FCPA, ethics and compliance conferences? Second, even with the robust FCPA enforcement and maturation of compliance programs, why does corruption still exist? For a link Krugman post, click here.
Rants will return in a couple of weeks.
The members of the Everything Compliance panel include:
Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/4/2017 • 1 hour, 2 minutes, 2 seconds
30 Days to a Better Compliance Program-Day 2
Welcome to Day 2 of 30 Days to a Better Compliance Program. Today I consider written protocols, which are the foundation upon which an effective compliance program is built. Written protocols consist of a Code of Conduct, policies and procedures and internal controls.”
Code of Conduct
The substance of your Code of Conduct should be tailored to your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.
Policies, Procedures and Controls
The written policies and procedures required for a best practices compliance program are well known and long established. You should include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.
Internal Controls
They are an interrelated set of compliance control mechanisms, designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records, the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”
Three Key Takeaways
The United Airlines domestic corruption enforcement action makes a Code of Conduct an internal control.
Translate your Code of Conduct and key policies into local languages.
Document, Document, Document
For more information check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2017 • 12 minutes, 14 seconds
FCPA Compliance Report-Episode 297
In this episode Mike Volkov and I take a look at the most significant enforcement actions from 2016, the most significant compliance related issues from 2016 and the issues and cases that may be the most significant going forward into 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/3/2017 • 35 minutes, 31 seconds
30 Days to a Better Compliance Program-Day 1
Welcome to Day 1 of 30 days to a better compliance program. Together with a podcast each day, I will be giving you tip to help you create a best practices compliance program in 2017. At the end of January, you will not only have a good summary of the basics of a best practices compliance program but information that you can incorporate into your compliance regime. Today I consider the various Tones in an organization. Any compliance program starts at the top and flows down throughout the company, which set the proper character for each level of your organization.
At The Top
Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. So how can a company overcome these employee attitudes and set, or re-set, its “Tone at the Top”? I once had a Chief Executive Officer (CEO) of a client who described his role at the company as “the ambassador for compliance.” I can think of no better description of the role of a CEO for a best practices compliance program.
In the Middle
A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.
At the Bottom
Even with a great ‘Tone-at-the-Top’ and in the middle, you cannot stop. One of the greatest challenges for a compliance practitioner is how to affect the ‘tone at the bottom’. To do so, you must work to engage those at the front lines, including training, communication and the tools to accomplish these tasks. A key question is how to tap into this belief system? The answer is to engage employees in a manner which allows you to not only find out what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program.
Three Key Takeaways
What is your tone at the top?
What is your tone in the middle?
What is your tone at the bottom?
For more information, check out my book Anti-Bribery Leadership, which is available through Amazon.com by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
1/2/2017 • 11 minutes, 33 seconds
FCPA Compliance Report-Episode 296
In this episode Mike Volkov and myself take a deep dive into the Odebrecht/Braskem and Teva FCPA enforcement actions. We review the underlying facts, the conduct of the parties, the results obtained and what it all means for the compliance practitioner going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/29/2016 • 34 minutes, 41 seconds
This Week in FCPA-Episode 33
Show Notes for Episode 33, week ending December 23, 2016-Holiday edition
Odebrecht/Braskem FCPA enforcement action. Braskem Information, Braskem Plea Agreement, Odebrecht Information, Odebrecht Plea Agreement, SEC Civil Complaint.
Goldman Sachs further ensnared in 1MDB scandal. Link to article in Wall Street Journal.
Teva FCPA enforcement action. Teva Information. Teva Plea Agreement. Teva DPA
Pre-taliation enforcement heats up, on Radical Compliance.
NFL Playoff update on Patriots, Cowboys and Texans.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/23/2016 • 35 minutes, 39 seconds
Unfair and Unbalanced-Episode 14
In this episode SCCE CEO Roy Snell and I continue are exploration of issues of import to the compliance profession. We consider the penalty assessed by the NCAA on Notre Dame for it use of two ineligible football players and whether the punishment fit the crime; the forced transparency leading to hyper transparency for today's corporate scandals and the sanctions assessed against former Wells Fargo CEO John Stumpf; advise not send out stupid emails and consider how the safety industry evolved 20 years ago and what implications it might have for the compliance profession going forward.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2016 • 25 minutes, 59 seconds
FCPA Compliance Report-Episode 295, Juliet Lui
In this episode I visit with Juliet Lui as we discuss how to best handle small and medium investigations in an efficient and cost effective manner. We discuss how such matters often slip through the cracks as they are not perceived as high profile yet can cause significant problems if allowed to fester. We discuss methodology, costs and deliverables. Lui details two case studies to emphasize how important small and medium investigations can be as they often uncover larger and more critical problems and issues.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/21/2016 • 30 minutes, 22 seconds
Unfair and Unbalanced-Episode 13
In this episode SCCE CEO Roy Snell and I take a deep dive into corporate governance and compliance, the public skewering of former Wells Fargo CEO John Stumpf and ask if a CEO should be involved in the hiring of a CCO.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/15/2016 • 34 minutes, 23 seconds
Compliance into the Weeds-Episode 22
In this episode Matt Kelly and I take deep dive into the United Airlines SEC enforcement action for violation of internal controls around its reinstitution of a route from Newark to South Carolina at the insistence of the then Chairman of the New York and New Jersey Port Authority David Sampson in exchange for a concession to expand its physical facilities at the Newark airport. We review the background facts, as set out in the SEC Cease and Desist Order and the Justice Department Non-prosecution. We take a look at the internal controls violation of the former UA CEO for violating the company's Code of Conduct, the finding of a lack of internal controls around its route reinstitution protocol and finally discuss the problem of senior management override of internal controls.
For more information on this enforcement action, check out Matt's blog post on this matter, entitled, "This Weird United Airlines Case Just Happened" and my blog post entitled, "The Chairman's Flight and the US Corrupt Practices Act".
Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, I visit with Houston Chronicle business columnist Chris Tomlinson about his time working internationally for the Associated Press. He relates his first hand view of the invidiousness of corruption in African countries. He also talks about how a major FCPA corruption trial would be covered. He concludes with thoughts about the role of the Fourth Estate in the international fight against corruption.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/13/2016 • 23 minutes, 19 seconds
This Week in FCPA-Episode 32
Show Notes for Episode 32, week ending December 9, 2016-the Fly the Not So Friendly Skies edition:
United Airlines SEC enforcement action for domestic; the Chairman’s Flight and the US Corrupt Practices Act, for a copy of the Justice Department NPA, click here and for a copy of the SEC Cease and Desist Order, click here.
Monetary Authority of Singapore seeks to suspend former Goldman Sachs trader in 1MDB scandal. Link to Fox blog post on Compliance Week.
FATF report that US weak on beneficial ownership issues, for a copy of the report, click here.
Wal-Mart up to $820MM in pre-settlement FCPA settlement spend, on Radical Compliance.
Release of eBook, Trump on Compliance.
SEC Director of Enforcement, Andrew Ceresny announces he will leave the SEC. See NYT article, here.
GibsonDunn briefing on The Road Ahead: DOJ and Federal Enforcement in the Trump Administration predicts a Southern California centered FCPA matter will be concluded by year end.
10th Annual SEC & DOJ HOT TOPICS 2017 -- Current Developments Materially Affecting Corporations, Financial Institutions, Individuals organized by Sandpiper Partners LLP and program developed by PwC, notes GibsonDunn partner Deb Yang listed as potential SEC Commissioner.
Jay Rosen weekend report update.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/9/2016 • 38 minutes, 49 seconds
Everything Compliance-Episode 3
We are back to our more rounded format for this episode on a variety of topics including anti-corruption enforcement across the globe, the new French anti-corruption law, Sapin II, the Agricultural Bank of China compliance enforcement action by the state of New York Department of Financial Services; how corruption influences as much as it pays money and individual accountability for corporate malfeasance is not a Democratic or GOP issue but a law enforcement issue. We end with a well-deserved one minute rant from the panel about what is in the front of their mind.
Mike Volkov discusses the internationalization of anti-corruption enforcement. He refers to the comments from the ACI FCPA conference, by Kara Brockmeyer and Dan Kahn about the increasing international enforcement efforts against corruption. This extends far beyond cooperation but also to enforcement. Recent examples are VimpelCom and Embraer where other countries received proceeds from fines and penalties. How does a company begin to deal with this type of complexity? Who does it disclose to? Who does it pay? When will the US give credit for payments made to other countries and when does it not? Finally this year saw of the third joint DOJ/SEC week long training for foreign prosecutors put on in DC. How do such events assist enforcement efforts, particularly around cooperation and mutual assistance?
For Tom Fox’s blog post, “Anti-Corruption Enforcement Has Gone International?” click here.
Matt Kelly leads a discussion dive into the AgBank enforcement/sanction action. He explains what does it all means and then pivots into a discussion of where he might see state regulators such as the state of New York Department of Financial Services or state banking regulators becoming more aggressive if the Trump administration pulls back? He discusses how these issues may have relevance for areas of compliance other than bribery and corruption and if so how. Finally, he ends with a reverse states’ rights discussion of Democratically aligned states fighting federal roll back of rights and privileges through litigation.
For Kelly’s posts, see post on the enforcement action involving the Agriculture Bank of China, click here.
Jonathan Armstrong leads a discussion on the new French anti-corruption law, Sapin II. He discusses the genesis of the law and why prior French efforts at anti-corruption law and enforcement was so harshly criticized by the OECD. He articulates how Sapin II differs from the UKBA, FCPA, the Brazilian Clean Companies Act and other anti-corruption laws across the globe. He talks about where he envisions French enforcement efforts going and the whistleblower protections of the law. Finally he ends with the key piece(s) of advice for clients regarding this law Cordery is suggesting around this law.
For Cordery’s piece on the new law click here.
Jay Rosen takes us through a Paul Krugman NYT post on some of the invidiousness of corruption, focusing on the corrupting nature of compliance around undue influence. Rosen explains incentives more than anything else and how such incentives skew the marketplace. We consider whether Trump’s discussions with the Carrier Corp over jobs was unduly influenced recalling President Kennedy’s ‘jawboning’ of the US steel industry in the 1960s. He also discusses the remarks of Sally Yates at ACI national FCPA conference about individual accountability and how this is not a GOP or Democratic issue but a criminal enforcement issue. For a link Krugman post, click here. For a copy of the text of Yates remarks, click here.
For a copy of Jay blog post entitled, “The DOJ and SEC Share Patriots Mantra—Next Prosecutor Up” click here.
Rants this week include the new UK surveillance law, the SEC domestic corruption enforcement action involving United Airlines for the Chairman’s Flight and the Chicken Littles of the compliance world claiming the sky is falling.
Learn more about your ad choices. Visit megaphone.fm/adchoices
12/8/2016 • 1 hour, 5 minutes
FCPA Compliance Report-Episode 292
Show Notes
Introduction What is the FAR
What’s the differences with DFARs
What types of companies should be concerned
What are some examples of covered with these regs (eg. Ozone depleting substances, child labor, sanctions/debarment)
Reporting requirements
What sort of resources are available to help demonstrate compliance
What is the Federal Acquisition Regulation (FAR)
The purpose of the FAR is to provide uniform policies and procedures for acquisition of goods supplied to the US federal government. Among its guiding principles is to have an acquisition system that satisfies customer's needs in terms of cost, quality, and timeliness; minimize administrative operating costs; conduct business with integrity, fairness, and openness; and fulfill other public policy objectives
At over 1,800 pages in its entirety, is a substantial and complex set of rules governing the procurement of all goods and services required by the U.S. Government
When a federal government agency issues a contract, it will specify the applicable FAR provisions, which may be numerous. In order to be awarded a contract, a company must either comply with the provisions, demonstrate that it will be able to comply with them once awarded, or claim an exemption from them (eg. Small business exemption)
All government issued contracts include any number of the FAR and/or DFARS clauses either in full text or by reference requiring the company issued the contract to demonstrate compliance to the requirements
Failure to comply with the requirements of FAR and DFARS may result in loss of contract or monetary fines
What’s the differences with DFARs?
Updated in July of this year the DFARS is one of the best-known examples of an agency supplement to the FAR addressing further reporting requirements put forth by the Department of Defense
This supplement covers contracts with the office of the secretary of defense, branches of the military, and other defense agencies
In order to be in the running for one of these highly lucrative defense contracts, companies need to stay on top of the latest changes to DFARS and ensure their contracts, systems and processes reflect these requirements
What types of companies should be concerned?
Companies that conduct their business with agencies of the US govt including defense contractors
Additionally those companies selling to organizations which conduct business with agencies of the US govt. will likely be asked to supply certain documentation to support their customer’s ability to demonstrate compliance
Winning a federal or defense contract means complying with laws and regulations unique to those doing business with the government. Many new contractors as well as their suppliers, are often unprepared for the rules and regulations they must follow and demonstrate, which can lead to costly errors and potential legal problems
Why should they be concerned?
Depending on the type of end product provided to government agencies, different types of concerns or risk becomes a focus in such situations
Reporting Requirements
In many cases sufficient screening, policy reviews and certification collection and validation will allow reporting companies to demonstrate compliance. But the issue isn’t necessarily what you have to collect to demonstrate compliance to meet FAR requirements (or report to customers which are obligated to) it’s how you do it. Having a platform which can automate the data collection process as well as act as a repository is where most struggle…
What sort of resources are available to help me demonstrate compliance with these regs We’ve created workflows to meet 48 of the specific FARs/DFARS supplier reviews and data collection processes
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/29/2016 • 24 minutes, 42 seconds
Everything Compliance-Episode 2
This episode is dedicated exclusively to where FCPA enforcement, SEC enforcement, the compliance profession and compliance programs may be headed under the Trump administration, with a dash of anti-trust enforcement and EU Privacy Shield.
Mike Volkov about where FCPA enforcement may be headed. We explore how FCPA cases are largely self-funded through company internal investigations which are turned over to the Justice Department. Volkov discusses funding and resources for the Department’s FCPA unit. He also touches on potential (or the lack thereof) of anti-trust enforcement going forward.
For Volkov’s post, “A New Administration: A New FCPA Enforcement Regime?” click here.
Matt Kelly leads a discussion on how the new administration may view the SEC going forward. He considers the announced resignation of SEC Chairman Mary Jo White and the appointment (and dismissal) of Kevin O’Connor from Trump’s transition team. Matt explains how Trump’s attacks on Dodd-Frank focus on easing rules for capital formation not on the whistleblower provisions or other sections more applicable to the compliance profession.
For Kelly’s posts, see the following:
Five Post-Election Points for CCOs to Ponder;
It’s Starting: Disclosure of ‘Trump Risk’;
Compliance in the Trump Era, Part I: The SEC;
A CCO Voice Emerges in Trump World; and
Well That Didn’t Last Long…
Jonathan Armstrong leads a discussion of the view from across the pond on where anti-corruption compliance enforcement may be headed after the election. He considers what the effects might be on the UK Serious Fraud Office (SFO)? He also considers what the effect of the Trump election might mean for EU and UK privacy advocates, privacy protections and privacy legislation going forward. He also discusses issues surrounding Privacy Shield. Privacy Shield faces a number of challenges from regulators, courts and possibly from the European Parliament. A new Trump administration is likely to make Privacy Shield’s future even more uncertain. Jonathan’s thoughts on Privacy Shield are here - http://www.corderycompliance.com/privacy-shield-faqs/
For Armstrong’s blog post, “What does the election of President Trump mean for compliance?” click here.
Jay Rosen takes us through how all of this may well be much ado about nothing. He points out that the compliance profession will continue to thrive as it becomes more as a part of business processes. From his role as ‘Mr. Translations’ he explains that companies have been moving compliance into the fabric of organizations and that by doing so, companies become better run, more efficient and more profitable.
For Rosen’s blog post (and great riff off of The Clash) “Should I Stay or Should I Go?”, click here.
For my blogs posts on these topics see the following:
FCPA Enforcement Going Forward in the Trump Administration;
Compliance Isn’t Going Away (and neither should you), Part I;
Compliance Isn’t Going Away (and neither should you), Part II;
Compliance Isn’t Going Away (and neither should you), Part III; and
Why FCPA Compliance Makes America Great.
The members of the Everything Compliance panel include:
Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at [email protected].
Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at [email protected]
Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at [email protected].
For additional reading check out some of the following posts:
Over at the Global Anti-Corruption Blog, Matt Stephenson talks about his nightmare version of a Trump administration for the global fight against anti-corruption.
NYT Times DealB%K- on what DOJ and SEC enforcement may look like going forward.
Sam Rubenfeld at the WSJ Corruptions Currents online site,a collection of some thoughts on what a Trump administration may mean for compliance.
SCCE CEO Roy Snell tells us how he has seen it all before and advises everyone to wait a year and see what happens.
Finally, in an uncharacteristically restrained post, the FCPA Professor advises everyone to take a deep breath, when it comes to FCPA enforcement under a Trump administration.
Mike Scher advises President-Elect Trump to consider compliance officers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/21/2016 • 1 hour, 3 minutes, 4 seconds
Everything Compliance-Episode 1
Show Notes for Episode 1
At the SCCE 2016 Compliance and Ethics Institute, I sat down with four of the top compliance commentators in the field for my first roundtable-style podcast. It was so successful that I persuaded the gang to come back together every couple of weeks for a formal podcast, which is entitled Everything Compliance. The premier episode is available for your listening pleasure today. I will post a new episode every two weeks.
I host these four well-known compliance practitioners and commentators:
Jay Rosen (Mr. Translations) - Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at [email protected].
Mike Volkov - One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at [email protected].
Matt Kelly - Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at [email protected]
Jonathan Armstrong - Rounding out is our UK colleague, who is an experienced lawyer with Cordery Compliance Limited in London. Armstrong can be reached at [email protected].
The format is a roundtable discussion where I throw out a question to one commentator to lead the discussion. From that starting point we will all join in. I also include an “On My Mind” segment where each participant discusses what is on the forefront of their mind. This podcast is longer than my others, coming in at around 60 minutes, which allows us to explore the week’s issues in depth.
In the inaugural episode we discuss the following subjects:
Mike Volkov leads a discussion of the unintended consequences of the Yates Memo/Pilot Program for internal investigations. We explore the issue of “de-confliction” where the government asks a company to halt its own internal investigation for the government to be the first to interview witnesses. We explore de-confliction in the context of a requirement of cooperation to gain the benefits of the pilot program and how such a request from the Department of Justice (DOJ) could lead companies to be unable to disclose to other agencies or to shareholders and keep a Board in the dark about the alleged wrongdoing. What does this mean for the company and the internal investigator?
For Volkov’s post on conflicts of interest (COI) in internal investigations after the Yates Memo, click here.
Matt Kelly leads a discussion on compliance and corporate governance. We explore the issue of compliance being involved in issues around pricing and sales in companies like Valeant and Wells Fargo. We discuss the role of compliance in areas outside of strict legal compliance but may move towards reputational risk, going into such areas as the new revenue recognition standards and executive compensation.
For Kelly’s blog post on the intersection of CEO pay and Chief Compliance Officers (CCOs), click here.
Jonathan Armstrong leads a discussion of funding and the UK Serious Fraud Office (SFO), in the context of the recent announcement that the SFO has received additional or supplemental funding to investigate Unaoil. Why does the SFO need supplemental funding and how does it obtain it? What does all of this mean for the continued existence of the SFO in light of a former critic now being PM? Finally, Armstrong ties all of this into Brexit, his recent interview of Max Schrems and issues surrounding Privacy Shield.
For Armstrong’s interview with Max Schrems, click here and Cordery’s FAQs on Privacy Shield, click here.
Jay Rosen takes us through the compliance conference scene. For those of you who are avid attenders of the various conferences, he discusses some of the key differences in the types observed, such as the nuts and bolts types (SCCE) and others which focus more on commentary (FCPA Blog NYC Conference). He discusses the relative strengths of each and how a compliance professional should think about selecting one or more to attend. He ends with his thoughts on why compliance certification is a plus (or minus).
For Rosen’s blog post Designing Your 2017 Ethics, Compliance & FCPA Conference Schedule, click here.
This new podcast Everything Compliance joins the four other podcasts I have on different aspects of compliance. The original FCPA Compliance and Ethics Report focuses on the nuts and bolts of compliance. Unfair and Unbalanced - is a podcast I do with SCCE CEO Roy Snell. In it we focus on wide ranging issues for the compliance profession. Compliance into the Weeds - is a podcast I do with Matt Kelly where we take a deep dive into the weeds of a compliance issue, typically technology, internal controls or GRC. We both indulge our inner geekiness in this podcast. Jay Rosen and I wrap up each week in FCPA, compliance and ethics with This Week in FCPA. All of these podcasts are available to you on my site, FCPAcompliancereport.com, and are available on iTunes under the same name.
Learn more about your ad choices. Visit megaphone.fm/adchoices
11/10/2016 • 56 minutes, 17 seconds
Episode 276-Regulator Evolution
In this episode I welcome back Red Flag Group CEO Scott Lane. We discuss the evolution of regulator thinking around what constitutes a best practices compliance program.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2016 • 19 minutes, 3 seconds
Episode 275-Key Energy Enforcement Action
In this episode, I take a deep dive into the Key Energy FCPA enforcement action.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2016 • 18 minutes, 48 seconds
Episode 274-Holistic Approach to 3rd Party Management
In this episode, Red Flag Group CEO Scott Lane and myself discuss the evolution of regulators when evaluating compliance programs for effectiveness.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2016 • 19 minutes, 23 seconds
Hallmark 10
In this episode I review Hallmark 10-Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration under the FCPA.
To read more, check out my blog post series on Hallmark 10.
For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
9/10/2016 • 13 minutes, 51 seconds
Series on the Ten Hallmarks of an Effective Compliance Program
In this episode I review Hallmark 9 - Continuous Improvement: Periodic Testing and Review. This podcast series is produced in a 10 article series.
To read more, check out my blog post series on Hallmark 9.
For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices