I continue my five-podcast exploration of working with monitors. I am joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. (the sponsor of this five-part series) on working with monitors. Today we consider the various manners in which regulators at all levels, from the federal, to state and local levels, use monitors. We also consider how monitors can be used outside the regulatory context in areas as diverse as mergers and acquisitions, business ventures, IP and licensing.
Most compliance practitioners are aware of the role monitors play in the Foreign Corrupt Practices Act (FCPA) enforcement arena. However, the use of independent monitors is much broader than simply in criminal or civil enforcement actions involving a Deferred Prosecution Agreement, Non-Prosecution Agreement, Corporate Integrity Agreement or other form of resolution. Federal agencies use monitors for a wide variety of roles to ensure compliance with agreements.
At its most basic level, an independent monitor is a way for the government to extend its reach. Both in terms of lengthening out the time that you have true government oversight and in terms through many of the techniques we discussed earlier: focus group meetings, review documents, talking senior and middle management. It is a very cost-effective way for federal, state and even local governments to extend out their reach. This cost-effectiveness is driven home by that fact that the cost is not borne by the governmental entity or the regulators. The cost is borne by the entity involved.
Stern pointed to the use of an independent monitor by the Federal Communications Commission (FCC) to ensure that the conditions around anti-competitive and other issues, the FCC approved for the merger between AT&T and Direct TV, were fulfilled. He went on to provide an example where “one of the conditions was they had to offer a discounted broadband service to certain low-income households. The FCC wanted access to broadband for low income families, particularly for school kids. The monitor assessed the marketing program on this issue, looking at their efforts to provide discounted broadband, low income households.”
Stern provided another example of regulator use of an independent monitors, this time by a state regulator, the Attorney General of Rhode Island in the area of hospital conversions. This is the situation where a non-profit hospital is purchased by a for profit chain. In such situations, the state attorney general in most states will have to approve that transfer of assets from charitable assets to for-profit assets, applying certain conditions. It could be in the area of recruiting physicians or requiring the acquiring institutions to keep the mental health services open. You don't have to spend x millions of dollars on new equipment. It is generally around very specific metrics and it is “increasingly being used by government agencies as a way of not only having confidence that the regulatory decisions are being followed but provides some comfort and confidence to the public knowing that who is looking over the shoulder of the organizations in the public’s interest.”
Yet an independent monitor can be used in non-regulatory areas. One that certainly comes up is pre-acquisition due diligence in the FCPA realm. An independent monitor can be used to assess whether a target or takeover candidate has a robust compliance program. These same concepts also work in the licensing area in pre-acquisition work and even for company which want to test the audit compliance of customers.
The bottom line is independent monitors can come in and look at the system of controls in a wide variety of regulatory and legal areas. This is true because there is no substitute for having somebody independent of the company with some expertise and common sense and practical reality coming in and asking, how are you doing? Stern concluded, “You don't have to do this all the time. It isn't something you need to do even every year, but every once in a while, have somebody come in and take a hard look at how you're doing and then reporting back internally to the company. It is money well spent because you have established that the organization being reviewed has a good program and if you need to fine tune your program in certain ways. Here again, I think that's all to the good.”
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
I conclude this five-podcast exploration of working with monitors, where I have been joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. (the sponsor of this five-part series) on working with monitors. In this final episode we consider lawyers using monitors, most typically where the clients are under investigation for some regulatory issue, such as a Foreign Corrupt Practices Act (FCPA) enforcement action.
Stern said the biggest mistake lawyers make is to wait too long before bringing in an independent monitor. His experience is that if you wait until after the conclusion of a matter, you have lost valuable time and potentially cost yourself money, in the form or higher fines and penalties, by waiting. The government expects compliance shortcomings to be remediating during the pendency of an investigation. A monitorship can even begin before self-reporting to the government. This is because a company should want to find the problem before it voluntarily reports the problem to the government. In this manner, the company could receive get the credit for having done so. It also allows the company to package the entire process “in a way to say not only we discovered the problem, not only are we reporting the problem, but we fixed the problem. We did with an independent third party and we may even want to keep that third party with us to independently assess how we do going forward. That's very persuasive to prosecutors and I've certainly seen situations where in some cases it's resulted in a declination or in a significantly diminished” fine and penalty.
This is using an independent monitor in a pro-active manner which demonstrates how serious the company is about compliance. It can also be a way to demonstrate any illegal conduct may simply have been an outlier and does not reflect the values, culture and the way the company generally does business. This can provide quite a positive story to present to prosecutors, particularly under the new FCPA Corporate Enforcement Policy.
If your company is active in the remediation phase, particularly through an independent monitorship, it is looking at the problem in a holistic approach. It is more than assessing that problem, coming up with some solutions and then implementing the solutions. More importantly an organization is taking that information and looping it back in, in a literally a feedback loop so the companies can improve their compliance program. This is an approach which can be persuasive to regulators.
Stern noted this approach is even more critical for what he called ‘repeat customers’ or recidivist actors. He said government regulators are becoming much more sophisticated in understanding whether a compliance program is simply a paper program. The government wants to know if this a real program. One clear indicia is the feedback loop from an assessment by an independent monitor looping the information back to the company, making changes, testing to see whether the changes are real changes are working changes.
One final area that using an independent monitor is in the area of credibility. One thing I have consistently heard from white-collar practitioners perhaps the most important thing in any FCPA investigation or enforcement action is credibility with the prosecutors. By having a truly independent monitor who is even independent of the outside counsel, who may be heading up an investigation and assessing the compliance program; is one more way to bring that credibility to a, in front of the prosecutors. Stern noted that as the former US Attorney for Massachusetts, your reputation in representing clients before the government is absolutely critical. Having that independence as a monitor can aid a company by giving credibility to their compliance program efforts and this can pay off with real benefits in terms of lesser penalties all the way to a declination.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
In this episode Susan Divers, Senior Advisor at LRN returns to talk about LRN’s 2018 Program Effectiveness Report. Divers noted that in 2017, in its Evaluation of Corporate Compliance Programs and new FCPA Corporate Enforcement Policy, the DOJ refocused ethics and compliance programs on outcomes, not procedures. The 2018 Program Effectiveness Report demonstrates that, programs focused on values outperform those based primarily on checklists and rules. Divers believes this has only become more important in the wake of the Weinstien scandal and the #MeToo movements, as sexual harassment scandals continue to erupt in companies with programs that may well have codes of conduct and reporting procedures, but apparently lack traction in preventing and dealing with actual misconduct.
We discuss some of the Report’s key findings the most effective E&C programs – and the ones that meet the 2017 DOJ criteria engage in the following:
Those which fall short have the following characteristics:
For LRN Corporation’s 2018 Program Effectiveness Report go to: http://pages.lrn.com/2018-program-effectiveness-report.
As we celebrate all things Star Wars on the May the Fourth Be With You edition, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
In this episode of Across the Board, I visit with Preston Pugh and AIysha Hussain from the firm of Miller & Chevalier on their recent paper entitled, “A More Effective Way For Corporate Boards To Respond In A #MeToo World” which they authored with Ian Herbert. In this paper they suggest ways Boards of Directors could begin to address corporate harassment scandals. We use their article as a starting point to explore the roles and responses of Boards to the #MeToo and other corporate scandals.
With these and other scandals putting corporate brands at a fundamental risk, the days of Boards of Directors taking a hands-off approach to what was viewed as fundamentally litigation risks are over. We discuss some of the specific ways a Board can address these matters. Both Pugh and Hussain see #MeToo as compliance issues, not simple employment issues. As such they advocate a much broader remit by the Board. Some of the topics we discuss are:
This timely and topical podcast will help you as a Board member understand how your role has changed as the risks to your organization has evolved.
For more information go to the paper, “A More Effective Way For Corporate Boards To Respond In A #MeToo World”
In this episode of Across the Board, I visit with Preston Pugh and AIysha Hussain from the firm of Miller & Chevalier on their recent paper entitled, “A More Effective Way For Corporate Boards To Respond In A #MeToo World” which they authored with Ian Herbert. In this paper they suggest ways Boards of Directors could begin to address corporate harassment scandals. We use their article as a starting point to explore the roles and responses of Boards to the #MeToo and other corporate scandals.
With these and other scandals putting corporate brands at a fundamental risk, the days of Boards of Directors taking a hands-off approach to what was viewed as fundamentally litigation risks are over. We discuss some of the specific ways a Board can address these matters. Both Pugh and Hussain see #MeToo as compliance issues, not simple employment issues. As such they advocate a much broader remit by the Board. Some of the topics we discuss are:
This timely and topical podcast will help you as a Board member understand how your role has changed as the risks to your organization has evolved.
For more information go to the paper, “A More Effective Way For Corporate Boards To Respond In A #MeToo World”
In this episode, Matt Kelly and I take a continued deep dive the underlying assumptions around the reasons for lack of IPOs by small and mid-cap sized firms. We focus on a speech by SEC Commissioner Robert Jackson recently gave exploring possible reasons why middle market companies aren’t going public. It turns out that the numbers showed that the costs for going public, roughly 7% of the total return has remained constant since the early 90s.
While the Administration has consistently talked about the costs of going public driven by the administrative cost required under Sarbanes-Oxley and Dodd-Frank, it turns out that is only part of the equation. The other part is investment bankers whose fees have not dropped or even become more efficient in nearly 25 years. We explore the implications from this finding, what it may mean for the SEC’s attempts to bring more small and mid-cap companies into the public market and compliance going forward.
For more see Matt Kelly’s piece More on Declining IPO Trends
In this episode I visit with Morrison and Foerster partner James Koukios on the firm's January and February Top Ten international anti-corruption cases, issues and developments. In this episode we discuss the following:
For further reading see the Morrison and Foerster, Top Ten International Anti-Corruption Developments for January 2018 and Top Ten International Anti-Corruption Developments for February 2018
After being joined by Jay’s girls to celebrate our 100th anniversary episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
In this episode of Countdown to GDPR, Jonathan Armstrong and myself are interviewed by Laura Petrolino, the Chief Client Officer at Arment Dietrich, Inc. on the applicability of GDPR to the professional communications industry. It was a fascinating way to discuss some of the key points of GDPR in the context of one industry/profession.
Some of the topics we discussed are:
For the communications specialist, you learn a lot about GDPR compliance and data privacy and protection. But the key takeaways should give you a lot to think about as far as how you use data as part of your communications strategy. They include:
Properly viewed GDPR implementation can be business opportunity for the communications professional.
To see Laura Petrolino's blogs on GDPR for the communications professional check out her musing on SpinSucks:
In this episode, Matt Kelly and I go into the weeds to consider the recent racial incident at Starbucks store in Philadelphia where two African-American males were arrested for criminal trespass while waiting for a third colleague to join them for a business meeting. They had not purchased any products but were not engaging any type of disruptive behavior. They were released with no charges filed.
We consider several points around this incident from the compliance perspective, including the lessons for compliance officers are really about the challenges of policy and procedure at large organizations. The gap between those two requirements is filled by employee judgment — and that is where things went awry. We consider if a single solution, such as all seats and bathrooms are reserved for patrons who have already purchased a product, create more problems than they solve. We also review the underlying premise of ‘what is Starbucks’ to see if a more robust risk assessment process might have helped identify these gaps.
This week’s discussion is literally torn from recent headlines. It provides an excellent example of the many compliance challenges every business and CCO face.
For more reading, see Matt’s blog post Starbucks and Policy Management Perilsand Tom’s blog post Starbucks and Lessons for the Compliance Practitioner in Risk Management
In this episode of the FCPA Compliance Report, I visit with Laura Perkins, a partner at Hughes Hubbard & Reed. Perkins formerly worked with the Department of Justice, FCPA Unit, departing in September 2017. We discuss the decision to self-disclose a potential FCPA violation to the Justice Department. Some of the highlights include:
We next turned to the resolution phase and discussed several topics including:
For more information on Laura Perkins and Hughes Hubbard & Reed, check out the firm’s website, here.
In this episode of the FCPA Compliance Report, I visit with Laura Perkins, a partner at Hughes Hubbard & Reed. Perkins formerly worked with the Department of Justice, FCPA Unit, departing in September 2017. We discuss the decision to self-disclose a potential FCPA violation to the Justice Department. Some of the highlights include:
We next turned to the resolution phase and discussed several topics including:
For more information on Laura Perkins and Hughes Hubbard & Reed, check out the firm’s website, here.
With Wells Fargo about to be fined $1 billion for behaving badly, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
This week the gang goes for more of a roundtable Q&A with a couple of topics. We first consider the testimony of Facebook CEO Mark Zuckerberg before Congress and his company’s imbroglio with Cambridge Analytica and then the search warrant issued to Michael Cohen. Stayed tuned to the end for rants in this edition.
I give a shout out to invertebrates and the most recent addition from the political class, Paul Ryan.
The members of the Everything Compliance panel include:
In this episode, Matt Kelly and I go meta as we go into the weeds about Weed, in the context of the recent announcement by the administration that it would not prosecute persons or producers in states where marijuana sales are legal. In exchange for this concession, Colorado Senator Corey Gardner says he will lift a hold he placed on all Justice Department nominations since January. We also discuss the recent addition of John Boehner and William Weld as advisory directors to the marijuana producer Acerage and how this changing landscape impacts compliance.
For more see Matt’s blog post Weed Compromise Moves DOJ Nominees
In March the SEC made its biggest-ever whistleblower award. It gave one person more than $33 million and in the same case split nearly $50 million between two others. The previous high for an SEC award to a single whistleblower was $30 million in 2014. All three whistleblowers were represented by the law firm of Labaton Sucharow and the awards were based upon SEC enforcement actions against Merrill Lynch. Today, I have with me Steve Durham, a partner at the firm to talk about the awards and its implications in light of the recent Supreme Court decision in Digital Realty Trust v. Somers.
There are several key points to take away from the awards which we discuss. Initially the awards were divided into two separate awards; one to two individuals for $50 million and a second of $33 million to one individual. We discuss what is original information in the eyes of the SEC which can qualify for an award. In the award, the SEC noted the initial two whistleblowers could have received a higher amount if their information had been more timely delivered to the SEC, which is as soon as they were learned of the misconduct. This timing issue is critical not only to help set the amount of the award but also to establish a whistleblower is qualified to receive an award as there were other individuals who stepped forward later with the same or similar information.
We also explore where the SEC is in its overall whistleblower award program. Durham believes there are several large whistleblower awards in the SEC pipeline and that the SEC Whistleblower program has been an overall success. Even with the Congressional attacks on Dodd-Frank, there is no call to reform this part of the law.
With the Red Sox leading the AL with a 10-2 start and back to brawling with the NY Yankees, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
In this episode of Countdown to GDPR, Jonathan Armstrong, a partner at Cordery Compliance in London and I consider the roles of vendors in GDPR. These roles are both in complying with GDPR and substantively following the regulation itself. The first area is a vendor which is a subject matter expert in the areas of data protection and data privacy.
Armstrong discussed an actual advertisement where a company claimed to be a ‘GDBR’ expert. Leaving aside the copy editing FUBAR, the ad also cited regulatory requirements from preliminary drafts of GDPR which were superseded by the final version of the legislation. He stated, “there's still the difficult thing that corporations out there that are struggling but there are snake oil salesmen who are trying to prey on them and sell them projects that they don't need and not sell them projects that they do need. There is definitely a skills gap. And obviously as we get closer to GDP that gets all the more worrying.”
Beyond this problem of technical competence, vendors present another set of risks under GDPR. Many organizations with literally worldwide operations are concerned with their potential liability for their vendors in the United Kingdom in the EU or in countries under GDPR. Armstrong noted that the initial inquiry a company should make is who is the data controller and who is the data processor. Under the old rules, data controller was the corporation and the data processors were the vendor. With days of cloud computing and software as a service (SaaS) these lines are more blurred. He noted “as a very general rule the corporation remains liable for everything that it does even if it uses a vendor to process data on its behalf or to manage part of the service.”
GDPR will require a more robust third-party risk management process for vendors. Armstrong explained, “when you are bringing vendors onboard you need to go through a proper process to do due diligence on them. “There are some warning signs to start off with, such as if a vendor says I understand all about GDPR and then talks to you about PPI you should show them the door.”
He went on to add, “If they say you can't have any audit rights. Show them the door. If they say we will not commit to telling you about data breaches within 72 hours. Show them the door. There are various minimum requirements that a vendor has to meet under GDPR and if they don’t, find somebody else.” But simply performing background due diligence is not enough.
You should have an appropriate set of contract terms and conditions around GDPR compliance in your agreement with them. There should also be “some sort of attestation about what they're doing particularly” around continued GDPR compliance. If certainly would want to know where the data is going to be hosted and if there are ISO 27000 certificates in place for the data centers. Finally, the management of this risk must continue throughout the life-cycle of the third-party relationship with the customer.
In this episode, Matt Kelly and I take a deep dive into the weeds to what drives misconduct at the C-Suite, Senior executive level by considering the most current examples of privilege and arrogance in the current administration, Scott Pruett at the EPA. We consider his actions from the compliance perspective, the HR perspective and corporate governance perspective.
What drives CEOs, C-Suiters and senior executives to engage in behavior which is beyond the pale of corporate norms and acceptability? How can a company deep from hiring a senior executive who will harm its reputation? Find out the answer to these and other questions on Compliance into the Weeds.
See Matt Kelly’s blog post What Drives Misconduct: The EPA Example
In this episode of the FCPA Compliance Report, I visit Hogan Lovells partner Stephanie Yonekura on the always difficult decision on whether a company should self-disclose a potential FCPA violation or even allegations of a potential FCPA violation to the Justice Department. We consider such questions as:
Yonekura is the Former Acting US Attorney for the Central District of California so she brings a wealth of knowledge to the topic. We consider all of these questions and more in light of the new FCPA Corporate Enforcement Policy and whether it has changed the calculus for self-disclosure or not. We also visit on whether the recent lack of monitors required under DOJ/SEC FCPA enforcement actions is an omen of things to come or not.
She ends with one of the great pieces of advice you can receive, “You don’t want to poke the bear, whether there is no bear to be poked.”
With the Astros off to a 6-1 start and the Facebook FUBAR continuing, Jay Rosen and myself take a look at some of the top compliance stories over the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit Affiliated Monitors at www.affiliatedmonitors.com.
The top compliance roundtable podcast is back with a wrap up of the some of the top compliance stories over the first quarter of 2018. Stayed tuned to the end for rants in this edition.
I take the opportunity to give a Happy Trails shout out to one of my boyhood heroes; Rusty Staub who recently passed away and rant on the New York Times for waiting almost a full week before running an Obituary on Phillp Kerr.
The members of the Everything Compliance panel include:
The golden age of polar exploration lasted from about 1895 to 1912 during which time explorers reached both the North Pole and the South Pole. Yet even today their explorations and expeditions raise admiration and even awe. In this episode, we discuss the race to the South Pole and what leadership lessons may be drawn from it. The three principals we discuss in this episode are Englishmen Ernest Shackleton and Robert Falcon Scott and Norwegian Roald Amundson. In this episode we explore:
Perhaps the final word should come from Apsley Cherry-Garrard, a member of Scott’s second expedition, who made the following observation: “For a joint scientific and geographical piece of organization, give me Scott. . . for a dash to the Pole and nothing else, Amundsen: if I am in the devil of a hole and want to get out of it, give me Shackleton every time.”
This week, in a five-part podcast series, I have been exploring the role of corporate monitorships in compliance and some of the key issues which companies and compliance professionals may face in dealing with monitors. I have been joined in this exploration by Vincent DiCianni, founder and President of AMI and Eric Feldman, Senior Vice President and Managing Director of Corporate Ethics and Compliance Programs for Affiliated Monitors, Inc. (AMI), who is the sponsor for this series. Today, for our final episode in this series, we consider the always controversial topic of monitorship costs and expenses.
DiCianni noted that in any post-resolution monitorship, the monitor is coming in at the end of a long process. If it was a Foreign Corrupt Practices Act (FCPA) enforcement action, it could have been a years-long process with a lengthy investigation, coupled with an extensive remediation and then long negotiation with the government over the final penalty. Yet there is an approach that a company can use to help the final leg of this process more palpable.
DiCianni breaks the process down into three key areas. The first is the scope of the monitorship. You must understand the settlement documents so that you can fully appreciate the scope of the monitor’s remit and what the government expects from the monitor. DiCianni noted that some resolutions can have a narrow focus, with a finite number of records or other documents to review. With such information, you can work to scope out a range of what your costs might be. Conversely the settlement documents can literally be wide-open, which obviously will have a dramatic impact on potential costs and even estimating.
DiCianni related the next factor to consider is frequency. By this he meant how often is the monitor actually engaging in monitorship activities for the company. Is it daily? Is it weekly? Is it quarterly? The frequency of monitoring will have a significant role on your overall monitorship costs. The final factor to consider is duration. Tied to this question of frequency is the length of the monitorship. How long will the monitorship last, one-year, two-years, three-years or even five years; is a critical element.
The final factor is the experience of the monitor. As we explored in Episode 4 of this series, you really need to have a very direct conversation with monitor candidates to determine if they have the experience to work with other individuals or teams of individuals. Does the monitor understand their role, as prescribed by the four corners of the settlement document(s). Are they going to reinvent the wheel for each new part of the monitorship? DiCianni said, “as they are going along which is going to add to the cost of the monetization so that's a factor that I think companies should consider”. This brings up another important factor on costs is the not only the scope of the monitorship but also the efficiency of the monitor.
DiCianni noted a key document for cost control can be the monitor’s workplan, which lays out the monitor’s anticipated services. This gives the monitor, the company and the government a set of expectations for the tasks to be accomplished. Even though it may turn out to be a preliminary document, it does help to provide a level of certainty. Equally important is for the monitor to understand they do not have to look at everything during the monitorship. You can randomly sample and drill down to test if you need to do so. A monitor does not have to interview all persons in a high-risk location but can select certain employees for a focus group and then perform a round of interviews if required. The workplan and its execution can be a powerful tool to help not only estimate the total cost but also keep them down.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.