Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2018
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: April, 2018
Apr 30, 2018

In this episode I visit with Morrison and Foerster partner James Koukios on the firm's January and February Top Ten international anti-corruption cases, issues and developments. In this episode we discuss the following:

  1. PDVSA and related indictments/issues/enforcement actions and the push from the business community to attack corruption from the demand side, as opposed to a FCPA-supply side. 
  2. In February 2018, two FCPA-related civil RICO suits were filed. While FCPA-related plaintiff suits are increasingly common, they more often take the form of shareholder derivative actions or securities fraud class actions. What are the implications if any for the compliance professional?
  3. The implications of Digital Realty Trust from the (former) DOJer perspective.This decision may well be a mixed bag for companies with a short term win translating into long-term negative consequences. 
  4. Canadian DPA initiative and the working relationship between anti-bribery prosecutors in the US and Canada. 
  5. Petrobras shareholder settlement-outlier or harbinger of things to come. We explore if the unique set of facts led to the settlement or will it mean more and similar actions.
  6. Declinations in January and February-what if anything do they communicate to the compliance practitioner, particularly in light of the new FCPA Corporate Enforcement Policy announced by the Justice Department in late 2017. 

For further reading see the Morrison and Foerster, Top Ten International Anti-Corruption Developments for January 2018 and Top Ten International Anti-Corruption Developments for February 2018

Apr 27, 2018

After being joined by Jay’s girls to celebrate our 100th  anniversary episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Dun & Bradstreet settles FCPA with first declination under new DOJ FCPA Corporate Enforcement Policy. Dick Cassin reports in the FCPA Blog. Henry Cutter reports in the WSJ Risk and Compliance Journal.
  2. Will there ever be transparency in the corporate monitorship process with the DOJ? There will be if Dylan Tokar gets his way. Veronica Root reports in the NYU Compliance and Enforcement Blog.
  3. What is ISO 37001 certification worth? Not much in the eyes of SEC FCPA unit chief Charles Cain. Kelly Swanson reports in GIR Investigative(sub req’d)
  4. SEC fines Yahoo $35 million for failing to disclose data breach. Dick Cassin reports in the FCPA Blog.
  5. Former Justice Department FCPA unit chief Pat Stokes hits back on DOJ requests for statute of limitations tolling. Kelly Swanson reports in GIR Investigative(sub req’d)
  6. Starbucks took a huge black eye for its treatment of two African-American men waiting on a friend. Matt Kelly considers from the policy angle in Radical Compliance. Tom considers from the risk management perspective in the FCPA Compliance & Ethics Blog. They debate these and other topics in Episode 79 of Compliance into Weeds.
  7. Was Facebook’s monitor(s) asleep on the job? Does FB’s repeat misconduct even matter? Tony Romm explores the former question in the Washington Post. Veronica Root explores the latter question in the NYU Compliance and Enforcement Blog.
  8. What is Brady laundering? Dan Portnov explores this question on Grand Jury Target.
  9. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in May 2018. It is available for PreSale here.
  10. Tom has a busy May planned. Join him at Brazil’s largest compliance conference, the 6th International Compliance Congress, held by LEC – Legal, Ethics and Compliance, May 8 to 10, in São Paulo, Brazil. Registration and information here; Hear him speak to the Houston chapter of ACAMS, from 11:30 -2 PM on Thursday May 17thin Houston on “Driving Compliance and Ethics through Data Analysis”. Information and registration here;and join in a session on Using Frameworks to Prove Compliance Competency at Compliance Week 2018 in Washington DC, May 20-23. Information and registration are here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 26, 2018

In this episode of Countdown to GDPR, Jonathan Armstrong and myself are interviewed by Laura Petrolino, the Chief Client Officer at Arment Dietrich, Inc. on the applicability of GDPR to the professional communications industry. It was a fascinating way to discuss some of the key points of GDPR in the context of one industry/profession. 

Some of the topics we discussed are:

  • What are the top three areas where most businesses’ data protocols are currently not GDPR compliant?
  • Communicators deal with databases and email lists a lot. If they already have residents of the EU in their database, do they need to get them to re-opt-in, in order to be GDPR compliant?
  • Are communications agency owners liable if they are in charge of their client’s email lists or databases, and those databases aren’t GDPR compliant?
  • Article 5 says only data needed for the consented exchange is collected. Theoretically, to sign-up to download an eBook the only info really needed is an email address. Often in situations like this, we will collect additional demographic, interest, or industry information in order to create segment lists and further communicate (with content or offers specific to them). Is that no longer OK?
  • Along those same lines, if they sign-up to download an eBook and then a few months later we send them a blog post they might be interested or something else, is that against GDPR? How specific do we need to be upon sign-up about anything we might send them in the future?
  • Article 5 also says we can only keep the data for the amount of time needed. What type of timelines or guidelines should we use to know how long is too long to keep an email?
  • How would you respond to Americans who think the GDPR won’t affect them?
  • Anything else communicators should know?

For the communications specialist, you learn a lot about GDPR compliance and data privacy and protection. But the key takeaways should give you a lot to think about as far as how you use data as part of your communications strategy. They include:

  1. GDPR is an opportunity to make sure you, your organization, and/or your clients use data in a strategic and effective way.
  2. No tactic in absence of a strategy is effective. And more data isn’t necessarily better.
  3. GDPR compliance forces smart communications. It’s good for our industry and it’s good for your communications strategy.

Properly viewed GDPR implementation can be business opportunity for the communications professional. 

To see Laura Petrolino's blogs on GDPR for the communications professional check out her musing on SpinSucks:

GDPR Compliance: Everything Communicators Need to Knowand 

The Communicator’s GDPR Checklist and Resource Guide

Apr 25, 2018

In this episode, Matt Kelly and I go into the weeds to consider the recent racial incident at Starbucks store in Philadelphia where two African-American males were arrested for criminal trespass while waiting for a third colleague to join them for a business meeting. They had not purchased any products but were not engaging any type of disruptive behavior. They were released with no charges filed.

We consider several points around this incident from the compliance perspective, including the lessons for compliance officers are really about the challenges of policy and procedure at large organizations. The gap between those two requirements is filled by employee judgment — and that is where things went awry. We consider if a single solution, such as  all seats and bathrooms are reserved for patrons who have already purchased a product, create more problems than they solve. We also review the underlying premise of ‘what is Starbucks’ to see if a more robust risk assessment process might have helped identify these gaps.

This week’s discussion is literally torn from recent headlines. It provides an excellent example of the many compliance challenges every business and CCO face.

For more reading, see Matt’s blog post Starbucks and Policy Management Perilsand Tom’s blog post Starbucks and Lessons for the Compliance Practitioner in Risk Management

Apr 23, 2018

In this episode of the FCPA Compliance Report, I visit with Laura Perkins, a partner at Hughes Hubbard & Reed. Perkins formerly worked with the Department of Justice, FCPA Unit, departing in September 2017. We discuss the decision to self-disclose a potential FCPA violation to the Justice Department. Some of the highlights include:

  • What should a company expect after it makes a decision to self-disclose the to DOJ? What information should be in the initial self-disclosure?
  • What should be in the initial investigation plan they present to the DOJ?
  • When should remediation begin and how much information does the government want to know about in this area?
  • What should a company do to satisfy the government it has secured all documents and communications?

We next turned to the resolution phase and discussed several topics including:

  • When is a company ready to present information to the DOJ that it believes the matter should be closed?
  • Whether through declination or charging document?
  • How is the final penalty decided? and
  • Is it through negotiation or simply presented to the company?

For more information on Laura Perkins and Hughes Hubbard & Reed, check out the firm’s website, here.

Apr 23, 2018

In this episode of the FCPA Compliance Report, I visit with Laura Perkins, a partner at Hughes Hubbard & Reed. Perkins formerly worked with the Department of Justice, FCPA Unit, departing in September 2017. We discuss the decision to self-disclose a potential FCPA violation to the Justice Department. Some of the highlights include:

  • What should a company expect after it makes a decision to self-disclose the to DOJ? What information should be in the initial self-disclosure?
  • What should be in the initial investigation plan they present to the DOJ?
  • When should remediation begin and how much information does the government want to know about in this area?
  • What should a company do to satisfy the government it has secured all documents and communications?

We next turned to the resolution phase and discussed several topics including:

  • When is a company ready to present information to the DOJ that it believes the matter should be closed?
  • Whether through declination or charging document?
  • How is the final penalty decided? and
  • Is it through negotiation or simply presented to the company?

For more information on Laura Perkins and Hughes Hubbard & Reed, check out the firm’s website, here.

Apr 20, 2018

With Wells Fargo about to be fined $1 billion for behaving badly, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Wells Fargo expected to be fined $1 billion for variety of alleged misdeeds. Emily Flitter and Glenn Thrush report in the New York Times.
  2. Michael Held, general counsel and executive vice president of the Legal Group at the Federal Reserve Bank of New York, talks about the 3 lines of defense. His remarks are found in the NYU Compliance and Enforcement Blog.
  3. New Assistant DAG, Matthew Miner said in private practice he wants to give corporations more breaks on sentencing and cut back on Yates Memo. Will he continue to do so now that he is on the team? Adam Dobrik reports in GIR Investigative(sub req’d)
  4. Engaging in bribery and corruption still doesn’t pay as Feds seek 40-month sentence for cooperating Florida telecom exec. Dick Cassin reports in the FCPA Blog.
  5. If you lie to the DOJ and you are under a DPA, you are in big trouble, the ZTE experience. See Dick Cassin’s report in the FCPA Blog.
  6. Yet another guilty plea in the PdVSA corruption case. This time it was Ceasar Rincon and it was for money-laundering. Henry Cutter reports on it in the Wall Street Journal, Risk and Compliance Journal. See DOJ Press Release. See also Rincon’s Indictment.
  7. Will DPAs really work outside the US? Rick Messick explores in theGlobal Anti-Corruption Blog.
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  9. The Everything Compliance gang is back in Episode 27 with a deep dive into Mark Zuckerberg’s Facebook testimony, the Michael Cohen subpoena and more. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTubeand JDSupra.
  10. Tom will be presenting a webinar with Opus Global and Hiperos on the Convergence of ABC and GDPR, next Wednesday, April 25 at 11 AM EDT. The event is at no charge. For registration and additional information, click here

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 19, 2018

This week the gang goes for more of a roundtable Q&A with a couple of topics. We first consider the testimony of Facebook CEO Mark Zuckerberg before Congress and his company’s imbroglio with Cambridge Analytica and then the search warrant issued to Michael Cohen. Stayed tuned to the end for rants in this edition.

  1. Matt rants on the sexual scandals surrounding Missouri governor Eric Greitens. 
  1. Mike rants on inanity of quarterly FCPA enforcement statistics as being used for anything meaningful.
  1. Armstrong rants about the lack of authenticity of American politicians who film advertisements of themselves driving pick-up trucks.
  1. Jay gives a shout out and rants about his Boston Red Sox leading the AL.

I give a shout out to invertebrates and the most recent addition from the political class, Paul Ryan.

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly– Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
Apr 18, 2018

In this episode, Matt Kelly and I go meta as we go into the weeds about Weed, in the context of the recent announcement by the administration that it would not prosecute persons or producers in states where marijuana sales are legal. In exchange for this concession, Colorado Senator Corey Gardner says he will lift a hold he placed on all Justice Department nominations since January. We also discuss the recent addition of John Boehner and William Weld as advisory directors to the marijuana producer Acerage and how this changing landscape impacts compliance. 

For more see Matt’s blog post Weed Compromise Moves DOJ Nominees

Apr 16, 2018

In March the SEC made its biggest-ever whistleblower award. It gave one person more than $33 million and in the same case split nearly $50 million between two others. The previous high for an SEC award to a single whistleblower was $30 million in 2014. All three whistleblowers were represented by the law firm of Labaton Sucharow and the awards were based upon SEC enforcement actions against Merrill Lynch. Today, I have with me Steve Durham, a partner at the firm to talk about the awards and its implications in light of the recent Supreme Court decision in Digital Realty Trust v. Somers. 

There are several key points to take away from the awards which we discuss. Initially the awards were divided into two separate awards; one to two individuals for $50 million and a second of $33 million to one individual. We discuss what is original information in the eyes of the SEC which can qualify for an award. In the award, the SEC noted the initial two whistleblowers could have received a higher amount if their information had been more timely delivered to the SEC, which is as soon as they were learned of the misconduct. This timing issue is critical not only to help set the amount of the award but also to establish a whistleblower is qualified to receive an award as there were other individuals who stepped forward later with the same or similar information.

We also explore where the SEC is in its overall whistleblower award program. Durham believes there are several large whistleblower awards in the SEC pipeline and that the SEC Whistleblower program has been an overall success. Even with the Congressional attacks on Dodd-Frank, there is no call to reform this part of the law.

Apr 13, 2018

With the Red Sox leading the AL with a 10-2 start and back to brawling with the NY Yankees, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Is there a new health care focus coming in FCPA enforcement actions? Joseph Spinelli and Lisa Murtha explore this issue in the FCPA Blog.
  2. Mark Zuckerberg testifies before Congress. What are the implications? Sascha Matusak says a wave of litigation is coming on the SCCE Compliance and Ethics.  Ben DiPietro wraps up national coverage on the WSJ Risk and Compliance Journal. Joe Mont explores the potential regulatory aspect in Compliance Week. (Sub Req’d)
  3. The SEC awarded more than $2.1 million to a former company insider "whose information led to multiple successful enforcement actions. Dick Cassin reports in the FCPA Blog.
  4. Do ‘No-Poach’ agreements violate anti-trust law? Jaclyn Jaeger explores in Compliance Week. (sub req’d)
  5. A Navex Global report says that more hotline and whistleblower reports are turning out to be valid after corporate investigations? Henry Cutter reports on the report in the WSJ Risk and Compliance Journal. Carrie Penman considers three key finding on Navex’s Ethics and Compliance Matters
  6. Tom Topolski and Eric Feldman talk about how make the relationship between a corporate monitor and corporation work. Check out the SCCE Compliance Perspectives podcast, hosted by Adam Turteltaub.
  7. FinCen rules on customer due diligence and ultimate beneficial ownership go into effect on May 11. What are the implications for non-financial institutions? Check out FinCen’s FAQs here.
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  9. Tom will be leading Convercent Roundtables on using data to drive ethics to the center of business on Houston (April 17) and Dallas (April 18). He will lead discussions on using data to drive ethics into the center of business.
  10. The Everything Compliance gang will be back on Thursday April with a deep dive into Mark Zuckerberg’s Facebook testimony, the Michael Cohen subpoena and more. Check it out next Thursday.
  11. AMI’s Eric Feldman will be speaking on How Audits Become Investigations at the 2018 Public Service Internal Audit Conference in Singapore, hosted by The Institute of Internal Auditors Singapore, on April 18, 2018. For information and registration, click here.
Apr 12, 2018

In this episode of Countdown to GDPR, Jonathan Armstrong, a partner at Cordery Compliance in London and I consider the roles of vendors in GDPR. These roles are both in complying with GDPR and substantively following the regulation itself. The first area is a vendor which is a subject matter expert in the areas of data protection and data privacy.

Armstrong discussed an actual advertisement where a company claimed to be a ‘GDBR’ expert. Leaving aside the copy editing FUBAR, the ad also cited regulatory requirements from preliminary drafts of GDPR which were superseded by the final version of the legislation. He stated, “there's still the difficult thing that corporations out there that are struggling but there are snake oil salesmen who are trying to prey on them and sell them projects that they don't need and not sell them projects that they do need. There is definitely a skills gap. And obviously as we get closer to GDP that gets all the more worrying.”

Beyond this problem of technical competence, vendors present another set of risks under GDPR. Many organizations with literally worldwide operations are concerned with their potential liability for their vendors in the United Kingdom in the EU or in countries under GDPR.  Armstrong noted that the initial inquiry a company should make is who is the data controller and who is the data processor. Under the old rules, data controller was the corporation and the data processors were the vendor. With days of cloud computing and software as a service (SaaS) these lines are more blurred. He noted “as a very general rule the corporation remains liable for everything that it does even if it uses a vendor to process data on its behalf or to manage part of the service.”

GDPR will require a more robust third-party risk management process for vendors. Armstrong explained, “when you are bringing vendors onboard you need to go through a proper process to do due diligence on them. “There are some warning signs to start off with, such as if a vendor says I understand all about GDPR and then talks to you about PPI you should show them the door.”

He went on to add, “If they say you can't have any audit rights. Show them the door. If they say we will not commit to telling you about data breaches within 72 hours. Show them the door. There are various minimum requirements that a vendor has to meet under GDPR and if they don’t, find somebody else.” But simply performing background due diligence is not enough.

You should have an appropriate set of contract terms and conditions around GDPR compliance in your agreement with them.  There should also be “some sort of attestation about what they're doing particularly” around continued GDPR compliance. If certainly would want to know where the data is going to be hosted and if there are ISO 27000 certificates in place for the data centers. Finally, the management of this risk must continue throughout the life-cycle of the third-party relationship with the customer.

Apr 11, 2018

In this episode, Matt Kelly and I take a deep dive into the weeds to what drives misconduct at the C-Suite, Senior executive level by considering the most current examples of privilege and arrogance in the current administration, Scott Pruett at the EPA. We consider his actions from the compliance perspective, the HR perspective and corporate governance perspective.

What drives CEOs, C-Suiters and senior executives to engage in behavior which is beyond the pale of corporate norms and acceptability? How can a company deep from hiring a senior executive who will harm its reputation? Find out the answer to these and other questions on Compliance into the Weeds.

See Matt Kelly’s blog post What Drives Misconduct: The EPA Example

Apr 9, 2018

In this episode of the FCPA Compliance Report, I visit Hogan Lovells partner Stephanie Yonekura on the always difficult decision on whether a company should self-disclose a potential FCPA violation or even allegations of a potential FCPA violation to the Justice Department. We consider such questions as:

  • What should a company do to prepare for a multi-national multi-jurisdictional anti-corruption enforcement action?
  • What should a company do to prepare when an internal investigation determines there may be instances of ABC violations in multiple countries, all of which have ABC laws.
  • How should a company prepare for self-disclosure? To US authorities only or to multi-jurisdictions at once?
  • Do evidentiary standards differ across the globe and how should a company prepare or respond?
  • How should a company prepare for multiple fines and penalties from multiple jurisdictions?
  • How can a company negotiate one pie in the context of an international anti-corruption enforcement action?

Yonekura is the Former Acting US Attorney for the Central District of California so she brings a wealth of knowledge to the topic. We consider all of these questions and more in light of the new FCPA Corporate Enforcement Policy and whether it has changed the calculus for self-disclosure or not. We also visit on whether the recent lack of monitors required under DOJ/SEC FCPA enforcement actions is an omen of things to come or not.

She ends with one of the great pieces of advice you can receive, “You don’t want to poke the bear, whether there is no bear to be poked.”

Apr 7, 2018

With the Astros off to a 6-1 start and the Facebook FUBAR continuing, Jay Rosen and myself take a look at some of the top compliance stories over the past week. 

  1. Embraer dodges a shareholder action based on its FCPA violations. Henry Cutter reports in the WSJ Risk and Compliance Journal. Tom considers the decision as a rift in the time space continuum in the FCPA Compliance and Ethics Blog. Kevin LaCroix considers from the more traditional legal angle in the D&O Diary.
  2. Facebook continues to either (1) not get it; (2) throw its users under the bus, and/or generally show it has no idea what it is doing going forward, click here. Mark Zuckerberg will explain it all to Congress. Larry Robinson on Fast Company online lays out what the company need to do. Tom explores the tone at the company in Compliance Week (sub req’d)
  3. What should you ask in an interview of a compliance professional? Maurice Gilbert, founder at Conselium Search gives some great tips in his eBook, Hiring Compliance Officers available at no charge on Corporate Compliance Insights.
  4. Bob Conlin, the CEO at Navex explains why CEO trust is so low. Check out his article here.
  5. What is the SEC whistleblower safe harbor rule? Henry Cutter reports in the WSJ Risk and Compliance Journal.
  6. Mike Volkov puts on an excellent podcast on how to deal with search warrant on the Corruption, Crime and Compliance podcast.
  7. Check out this week’s 5-part podcast series on corporate monitorships with Vin DiCianni and Eric Feldman. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  9. Jonathan Armstrong will be in Houston on April 10 to put on a half-day GDPR workshop. You can find out more and register at the Greater Houston Business and Ethics Roundtable website, org. Tom will host a breakfast meeting with Jonathan on a UK Bribery Act update. For details and registration contact Tom.
  10. Tom will be leading Convercent Roundtables on using data to drive ethics to the center of business on Houston (April 17) and Dallas (April 18). He will lead discussions on using data to drive ethics into the center of business.
  11. Jay details a webinar hosted by Convercent where AMI SVP Eric Feldman presents a qualitative look on how quickly an ethical scandal can impact a company. To listen, click here

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit Affiliated Monitors at www.affiliatedmonitors.com.

Apr 5, 2018

The top compliance roundtable podcast is back with a wrap up of the some of the top compliance stories over the first quarter of 2018. Stayed tuned to the end for rants in this edition. 

  1. Matt Kelly considers the moves by the Congress to amend Dodd-Frank, considering the approaches by both the House and the Senate. He explores a couple of interesting side notes. First the Senate bill requires the Department of Treasury consider cybersecurity risks. Second, he notes the lack of movement against the Consumer Financial Protection Board. He also considers the Trump Administration’s claim of regulatory reduction; exploring my question: Is it real or is it Memorex? Matt rants on the manner of the firing of the Secretary of the Department of Veteran’s Affairs. 
  1. Mike Volkov considers the recent pronouncements by the Justice Department that it may extend the reach of the declination program first laid out in the new FCPA Corporate Enforcement Policy. Would such an approach work for other laws? If so, which ones are likely candidates? Is this a sop to big business or is there something else going on? What might be the reaction of the Congress? Mike rants on the corruption and conflicts of interest present in the current Administration.

 

  1. Jonathan Armstrong considers the Facebook/Compliance Analytica imbroglio from the UK/EU angle. He discusses where the EU and UK investigations currently lie, what the potential penalties might be, including criminal sanctions and next steps for all involved. It turns out the EU has been investigating Cambridge Analytica for over one year. Armstrong gives a shout out to the SCCE European Compliance and Ethics Institute and rants on travels who still don’t know to bag their liquids and take their shoes off at security in airports. 
  1. Jay Rosen considers the current state of monitorships. He begins with a review of monitorships over the past few years to explore whether the Justice Department and SEC cutting back on their use? If so, what are the implications for enforcement and compliance going forward? What are some of the tangible steps a company can take to make the case they do not need a monitor even after a FCPA violation? Jay explains remediation through a proactive monitorship can be a key step. Jay gives a shout out to the state Attorney’s Generals who brought the Emolument Lawsuit against the President. 

I take the opportunity to give a Happy Trails shout out to one of my boyhood heroes; Rusty Staub who recently passed away and rant on the New York Times for waiting almost a full week before running an Obituary on Phillp Kerr. 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
Apr 4, 2018

The golden age of polar exploration lasted from about 1895 to 1912 during which time explorers reached both the North Pole and the South Pole. Yet even today their explorations and expeditions raise admiration and even awe. In this episode, we discuss the race to the South Pole and what leadership lessons may be drawn from it. The three principals we discuss in this episode are Englishmen Ernest Shackleton and Robert Falcon Scott and Norwegian Roald Amundson. In this episode we explore:

  • Leaders need a clear strategic focus; 
  • Leaders need to be open to innovation;
  • Leaders need to rely on their team members (you don't have to do it all); and
  • Leaders should forge team bonds.

The Final Word

Perhaps the final word should come from Apsley Cherry-Garrard, a member of Scott’s second expedition, who made the following observation: “For a joint scientific and geographical piece of organization, give me Scott. . . for a dash to the Pole and nothing else, Amundsen: if I am in the devil of a hole and want to get out of it, give me Shackleton every time.”

Apr 2, 2018

This week, in a five-part podcast series, I have been exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I have been joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for Affiliated Monitors, Inc. (AMI), who is the sponsor for this series. Today, for our final episode in this series, we consider the always controversial topic of monitorship costs and expenses.

DiCianni noted that in any post-resolution monitorship, the monitor is coming in at the end of a long process. If it was a Foreign Corrupt Practices Act (FCPA) enforcement action, it could have been a years-long process with a lengthy investigation, coupled with an extensive remediation and then long negotiation with the government over the final penalty. Yet there is an approach that a company can use to help the final leg of this process more palpable.

DiCianni breaks the process down into three key areas. The first is the scope of the monitorship. You must understand the settlement documents so that you can fully appreciate the scope of the monitor’s remit and what the government expects from the monitor. DiCianni noted that some resolutions can have a narrow focus, with a finite number of records or other documents to review. With such information, you can work to scope out a range of what your costs might be. Conversely the settlement documents can literally be wide-open, which obviously will have a dramatic impact on potential costs and even estimating.

DiCianni related the next factor to consider is frequency. By this he meant how often is the monitor actually engaging in monitorship activities for the company. Is it daily? Is it weekly? Is it quarterly? The frequency of monitoring will have a significant role on your overall monitorship costs. The final factor to consider is duration. Tied to this question of frequency is the length of the monitorship. How long will the monitorship last, one-year, two-years, three-years or even five years; is a critical element.

The final factor is the experience of the monitor. As we explored in Episode 4 of this series, you really need to have a very direct conversation with monitor candidates to determine if they have the experience to work with other individuals or teams of individuals. Does the monitor understand their role, as prescribed by the four corners of the settlement document(s). Are they going to reinvent the wheel for each new part of the monitorship? DiCianni said, “as they are going along which is going to add to the cost of the monetization so that's a factor that I think companies should consider”. This brings up another important factor on costs is the not only the scope of the monitorship but also the efficiency of the monitor.

DiCianni noted a key document for cost control can be the monitor’s workplan, which lays out the monitor’s anticipated services. This gives the monitor, the company and the government a set of expectations for the tasks to be accomplished. Even though it may turn out to be a preliminary document, it does help to provide a level of certainty. Equally important is for the monitor to understand they do not have to look at everything during the monitorship. You can randomly sample and drill down to test if you need to do so. A monitor does not have to interview all persons in a high-risk location but can select certain employees for a focus group and then perform a round of interviews if required. The workplan and its execution can be a powerful tool to help not only estimate the total cost but also keep them down.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 2, 2018

This week, in a five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I am joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for Affiliated Monitors, Inc. (AMI), who is the sponsor for this series. Today, we consider what issues a company should consider when hiring or retaining a corporate monitor. 

It is important to note right of the bat, that the selection of an appropriate monitor can either make or break the entire monitorship program for an organization. Feldman advises that the forestall such a problem a company needs to have a clear understanding of what it is trying to get out a monitorship. If you are at the end of a Foreign Corrupt Practices Act (FCPA) enforcement action, your goals may be different than attempting to engage in a pre-settlement monitorship. You also need to understand what might be required by the government in any post-resolution settlement.

After this initial self-assessment of the company’s goals, you can move to considering the monitor. Here you need to assess the what Feldman called the philosophy of potential candidates. Is the monitor coming in to simply investigate the company or help to prevent or resolve issues? This means staying away from the prosecutorial ‘gotch-ya’ mindset and move towards a monitor who is focused on remediation “to help you be a better company”.

The next line of inquiry is can the company obtain the maximum value it can get from the expertise, the independence and the viewpoints the monitor can provide. In other words, what is the value the monitor will deliver to your organization? Feldman suggests asking a question such as: “Can the Monitor help my business?”

Third is the expertise of the monitor. But this is more than being a subject matter expert in the area of law being applied such as the FCPA; it is being an expert in monitorships. It is also more than simple cost-effectiveness. It is also how the monitor will work without disrupting your organization or working to keep such disruptions to a minimum. Such expertise would include how to conduct an evaluation, how to create a work plan which is rigorous yet cost-effective, and to “socialize the work plan with the company and with the government.” This means the monitors should have experience in balancing the interests of the government and the company. Other skills necessary include interview skills, ability to conduct focus groups, together with data gathering and analytics are also critical. Finally is the writing of the report and communication of information, for as Feldman stated, “There's no value added if there's not a clearly written factually based monitoring report, at the end of the process, that makes recommendations that logically flow from the information gathered and are culturally appropriate for that particular company. There is no one size fits all for the reporting or for the recommendations.”

Feldman spoke about the different types of value a monitor can bring. Obviously, the situation where there is a Deferred Prosecution Agreement (DPA) or other enforcement action resolution document in place would suggest one type of value. Yet there are other more business-process focused values a monitor can add. In the area of internal controls, a monitor’s assessment can lead to more effective internal controls, often through a reduced number of overall internal controls.

Feldman spoke to another ‘soft’ factor when he noted, “There's also another interesting factor involving value in a company. That is that the actual methods that we use to do the monitoring to go in and talk to employees, to do employee surveys to do interviews. That alone can have something of a cathartic effect on the company's employees and on the mood and the morale in the company. And we've seen that over and over again, when employees see that the company cares enough to bring in a firm that asks their opinions on what works and what doesn't work and ask their opinions about whether their managers are creating and an open environment to communicate issues and to report issues. It helps improve the company and as we know better morale in the company improves the bottom line.”

Finally a company needs to consider whether monitor who is “independent and conflict free”. Feldman says this is important “Because if not, then the value of the findings the value of the entire effort can be at risk. And we've seen this over time in organizations that bring in monitors that you know may within their broader organizational structure have some kind of a conflict within the industry or within that company.”

Any company faced with the selection of a monitor should take care in the process. Use a deliberative process which allows you to understand not only your goals, but also your requirements back from a monitor.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 2, 2018

This week, in a five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I am joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for Affiliated Monitors, Inc. (AMI), who is the sponsor for this series. Today, we consider what is a pre-settlement monitorship and how it can be such a powerful tool for the compliance professional.  

Feldman explained that most generally, a “pre-settlement monitorship is an organization using an independent body to conduct any kind of a third-party review or assessment.” It can also be considered as a proactive monitorship. It involves a company desiring to assess its implementation of a compliance and ethics program on a proactive basis. Such a monitorship does more than simply focus on whether there is a compliance program in place but more fully assesses its effectiveness. This assessment can be used by a wide variety of parties, such as the corporation itself, with its stakeholders, with regulators or even with the public to demonstrate compliance with a wide variety of issues.

Feldman explained that a key piece of the pre-settlement monitorship is to assess the company’s culture of compliance. Using such a proactive monitorship can help an organization to assess not only where they might be at this point in time but also work to create a road map to improve and strengthen their culture of compliance and ethics. Finally, as Feldman noted, “Another reason for doing a pre-settlement monitorship might be when a company wants to explicitly demonstrate its due diligence to law enforcement or regulators should something occur in the future that would result in action against the company.”

He noted German enforcement authorities are now assessing if companies engage in sufficient investigations of not only whom they are doing business; which is traditional third-party due diligence, but these same authorities are inquiring if a company is putting the same effort into assessing itself. The pre-settlement monitorship is an excellent mechanism to do so. He stated, “in Germany there have there has been a move on the part of the governments to take into account all due diligence activities that a company has taken in the past which would include a pre-settlement kind of monitorship when there is any fine or penalty or action on any issue against the company in the United States.”

Another way to consider it might be as a “preemptive strike against more punitive action on the part of government agencies”. Feldman related that his company, Affiliated Monitors has had instances where companies subject to an action with one level of government, such as a US Attorney’s Office in one area of the country, will use the pre-settlement monitorship to avoid being suspended or barred by the federal government and from federal government contracts. The pre-settlement monitorship performed a complete review, then made recommendations for remediations. This led to positive resolution with the government in the form of no suspension or debarment.

When viewed in the light of the three prongs of any best practices compliance program, prevent, detect and remediate, the power of a pre-settlement monitorship comes more clearly into focus. A monitorship was traditionally viewed as an after-the-fact piece of an enforcement action. However through the pre-settlement monitorship, the tool becomes not only proactive but prescriptive as you are using as an ongoing monitoring solution. It is even more powerful because of the independent nature of the monitor, in bringing an unbiased eye to a compliance program.

Another use of the pre-settlement monitorship is in the mergers and acquisition arena. Feldman noted, “We have had situations where companies will, as part of the merger and acquisition pre-acquisition due diligence process, will hire an independent third-party monitor to review the target company to ensure that they in fact have the right kind of ethics and compliance posture and corporate ethical culture to be able to fully integrate into their organization if closing occurs.” Once again, this scenario speaks to the breadth and scope of the pre-settlement monitorship as a tool.   

Feldman concluded that it is critical that the monitor bring real value through the monitorship. He said the monitorship should provide insight through using a variety of investigative techniques, including interviews, document reviews and forensic auditing. All of this can provide solid information to not only a Chief Compliance Officer (CCO) but also the leadership of an organization.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 2, 2018

This week, in a five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I am joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for Affiliated Monitors, Inc. (AMI), who is the sponsor for this series. Today, we consider what is a post-resolution monitorship.  

Feldman explained that most generally, a “post resolution monitor ship is essentially a situation where a government agency and a private organization, it could be a corporation it could be a nonprofit organization, as a requirement of settling some kind of a dispute or a matter between those two entities the company; the regulator agrees they are going to use a monitor to ensure that any specific conditions of the agreement to settle the matter are met.” He went on to note it is usually an independent third-party who is brought in for this purpose.

Post-resolution monitorships are well-known to the compliance community through the Foreign Corrupt Practices Act (FCPA) enforcement. Yet Feldman stressed they are use in a much wider area of practice than simply FCPA. He said, “Other kinds of enforcement scenarios would involve state Attorneys Generals that perhaps are investigating and settling cases with companies involving consumer protection or even civil rights cases. State regulatory boards medical boards and other types of licensing institutions and various states they could sign agreements that require a monitor to monitor the conditions of those agreements.” Of course, there are situations where there is court ordered enforcement as a result of a court ordered settlement and “a monitor is required to report to the court and both parties’ compliance with that particular agreement.”

Yet monitorships have been employed in anti-trust scenarios to ensure compliance not with Consent Decrees but with Federal Trade Commission or Federal Communications Commission-approved merger conditions. Here Feldman pointed to the example of the merger conditions between DirecTV and AT&T. In that case, the monitor was charged with reviewing and assessing compliance with certain merger conditions. Feldman noted there was no enforcement action and no wrongdoing but a recognition by all parties involved for the need of a truly independent third party to assess compliance with the acquisition conditions.

One thing about the post-resolution monitorship is that if viewed as a tool for compliance, a wider variety of uses can be envisioned. In the FCPA world, we have seen shareholder actions brought against Boards of Directors and companies for failing in their duties to put compliance programs in place. Occasionally, these actions are resolved before the conclusion of a FCPA investigation or enforcement action. If you had a post-settlement monitorship for the shareholder action, both the findings of the monitor and the monitor’s report could potentially help the recalcitrant company under the new FCPA Corporate Enforcement Policy. In such a scenario a post-resolution monitorship could have the impact of a pre-settlement monitorship.

Feldman concluded by noting, there are a number of applications and uses of an independent, credible third-party to facilitate the resolution of disputes. There are different ways having a third party come in and help to resolve issues; the number of ways is almost infinite or at the very least, limited to your imagination.  Often a monitor could come in collect information on what one or both of the parties are doing to help facilitate a settlement. Feldman discussed matters such as consumer protection issues. He noted that AMI has done monitorships where state agencies have done investigations of consumer protection and AMI would come in as a “secret shopper” to determine whether an organization is in fact doing what it is supposed to be doing.

The bottom line is that there is certainly no finite number of categories for the post-resolution monitorship. They can be utilized in a wide variety of ways to help facilitate not only resolution of enforcement actions but to satisfy compliance with a wider variety of cares, concerns and issues.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 2, 2018

What is the role of a corporate monitorship? Is a corporate monitorship to be feared if your company is in the middle of a Foreign Corrupt Practices Act (FCPA)? Can a monitor be used in a manner other than post-settlement, such as in a pro-active manner to help forestall a government enforcement action, fine or penalty? If your company is in the market for a monitor what are some of the indicia you should consider? Finally there are lots of rumors about the alleged exorbitant costs of monitorship? Is this an urban myth or is it based on facts? If the former, what can a company do to protect itself. I will explore these and many other questions in a new podcast series I am putting on sponsored by Affiliated Monitors, Inc. (AMI).

In this five-part podcast series, I am exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I am joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for AMI. Today, we consider what is a corporate monitorship?

DiCianni explained that most generally, a corporate monitorship is “an individual or team of individuals that are independent of an entity that is subject to the monitoring group bring a level of expertise perhaps in that subject matter that has to be overseen.” The person or group would have the ability bring a level of expertise, training and learning to any task where a true independent is needed to assess the validity of the required criteria, as that criteria is defined in the four corners of the relevant document. In the FCPA world that could be a Deferred Prosecution Agreement (DPA), Non-Prosecution Agreement (NPA) or other document.

Monitors generally report to an oversight agency or regulator but work with a company or individual. The cost of the monitorship is borne by the company being overseen. It is a unique model that has been created where an unrelated, independent private person or entity who is still being overseen by a government agency or regulator monitoring a company but with specific terms for that third party. It is spelled out in the settlement documents which for the basis of the monitorship.

Another key for a successful corporate monitorship is in the area of subject matter expertise. Obviously first-rate knowledge of compliance and ethics is critical but as monitoring is used across multiple industries and businesses, a wider variety of technical experience is required. Monitors have been used in health care, financial services, police department just to name a few. A wide variety of subject matter experts may be needed to be a part of the monitorship team to successfully complete the assignment.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 2, 2018

In this episode I visit with Tom Sporkin, partner at Buckley Sandler. Sporkin has a whistleblower practice. He spent some 20+ years at the SEC, ending his tenure at the Chief of the office of Market Intelligence. In this episode I continue my exploration of the implications and fallout from the Supreme Court decision in Digital Realty Trust v. Somers. Sporkin discusses his views on the decision and how the SEC created the regulations around the whistleblower protections under Dodd-Frank.

Sporkin explains the overlap and interplay of Dodd-Frank, SOX and other rights or remedies a whistleblower can avail themselves. He details the steps that a whistleblower needs to take to not only protect themselves from retaliation but also the rights for potential financial redress to whistleblowers. Finally, we discuss the role of whistleblower counsel in conjunction with the SEC’s Office of the Whistleblower to help both protect whistleblowers against retaliation and discrimination but also fulfill the SEC’s role of protecting investors in public companies.

It is a fascinating interview. If you are a potential whistleblower, you certainly need to under the rights and timeline-obligations that you have under federal laws; if you are a Chief Compliance Officer, you need to understand how the Digital Realty Trust decision may impact your compliance program going forward and if you are in a company, you need to understand both the role of the SEC and what rights & obligations your organization has after the Supreme Court decision.

 

1