Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2018
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: February, 2018
Feb 28, 2018

In today’s episode of Countdown to General Data Protection Regulation (GDRP), Jonathan Armstrong, a partner at Cordery Compliance Ltd in London, and myself consider the role of the Data Protection Officer (DPO) in complying with the new regulations which go live on May 25, 2018. The Cordery Compliance FAQs note that DPO must be appointed to deal with data protection compliance where: 

  • The core activities of the data controller or the processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or,
  • The core activities of the data controller or the processor consist of processing on a large scale of special categories of personal data, namely those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and, the processing of genetic and biometric data in order to uniquely identify a person, or data concerning health or sex life and sexual orientation (which can only be processed under certain strict conditions such as where consent has been given), or, data relating to criminal convictions and offences. 

The DPO must be suitably qualified and is mandated with a number of tasks, including advising on data-processing, and, must be independent in the performance of their tasks – they will report directly to the highest level of management. Businesses will therefore have to determine whether a DPO must be appointed or not, but, given the significance of privacy compliance today, even if technically-speaking a DPO is not required to be appointed, a business of a particular size that regularly processes data may wish to consider appointing one in any event. 

 

The role of the DPO is critical in complying with GDPR. The time to start is now. For more information, visit the Cordery GDPR Navigator, which provides a wealth of information to utilize in your data privacy compliance program. Finally, Jonathan Armstrong will be in Houston on April 10, 2018 to put on a 3-hour workshop on GDPR. The event will be held at the South Texas College of Law, from 9-12 AM. You can find out more information on the event and register by going to the GHBER.org site.

Feb 27, 2018

In this episode, Matt Kelly and I take a deep dive into the implications flowing from the Supreme Court’s decision last week in the Digital Realty Trust v. Somers decision. Matt initiated a ‘tweetstorm’ in articulating his thoughts on the effects of the decision, including its effect on corporations, Chief Compliance Officers, corporate compliance functions and the Securities and Exchange Commission.

We consider what possible remedies Congress to engage into to help fix the Dodd-Frank Whistleblower protections and remedies to support employees who want to report internally and still be protected from discrimination and harassment. We consider whether corporate legal departments will now use this decision to root out and cudgel employees who report actions they believe are securities law violations. Finally we consider the potential negative impact of this decision light of the requirement for self-disclosure under the new FCPA Corporate Enforcement Policy. 

For more on the Digital Realty Trust v. Somers decision, see the following: 

Matt Kelly’s piece 16 Tweets About One Whistleblower Ruling

Tom Fox’s pieces Whistleblowers at the Supreme Court: Part I - Supreme Court Decision in Somers

Whistleblowers at the Supreme Court: Part II - Impact of the Somers Decision

Feb 26, 2018

Last week the US Supreme Court issued its decision in Digital Realty Trust v. Somers (Somers). It was a closely watched case in the compliance community. Yesterday, I reviewed the Court’s decision. In this podcast, Roy Snell and I consider the impact of the Court’s decision on a variety of actors; including the SEC itself, Chief Compliance Officers (CCOs) and compliance practitioners, compliance programs and corporate America.

While we both agreed the Supreme Court came to the correct legal decision, there are several areas which this decision may well lead to negative impacts. The first is the message that it sends to potential whistleblowers; if you do not report to the Securities and Exchange Commission (SEC) you will not receive any legal protections against discrimination or retaliation.

Second, is the impact on every Chief Compliance Officer (CCO) or compliance practitioner. This decision will negatively impact attempts to create a best practices compliance program. A key part of any best practices compliance program is an internal reporting mechanism (Hallmark 8 of an Effective Compliance Program).

Third is that companies will be cut off from its best sources of information, that from its own employees, companies now will have less ability to detect and then remediate any problems before they become legal violations or keep legal violations from expanding.

Finally is the impact the decision will have on the SEC itself. Now there is no incentive to report internally because you are not eligible for any financial incentive nor will you receive any protections from discrimination or retaliation. It is possible the SEC will be literally inundated with potential securities-laws violations.

Feb 23, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week, including inquiring into where are the chickens in England.

  1. The Supreme Court narrows the definition of who is a whistleblower in Digital Realty v. Somers. See Kevin LaCroix’s report in the D&O Diary, Dick Cassin’s report in the FCPA Blog, Sam Rubenfeld’s report in the WSJ Risk and Compliance Journal. Henry Cutter surveys white collar defense and vendor reaction in his piece in the WSJ Risk and Compliance Journal.
  2. Banks behaving badly yet again. Mike Volkov reports on Rabobank’s $368MM penalty for conspiracy to money launder and obstruct justice in Corruption, Crime and Compliance.
  3. Bill Coffin hits his 3rd straight homerun. He writes about the ethical and compliance failures of Twitter in his Compliance Week
  4. Companies need to prepare for more robust international investigations and enforcement of anti-corruption laws. Mara Lemos Stein reports in the WSJ Risk and Compliance Journal.
  5. Jaclyn Jaeger reviews due diligence practices for corporate sponsors in Compliance Week.
  6. Curling goes big-time with a doping scandal. An amazed Adam Turteltaub writes in the SCCE Compliance and Ethics Blog.
  7. How can you evaluate in-house investigations? Sundar Narayanan explores in an article in Corporate Compliance Insights.
  8. Hui Chen and Professor Eugene Soltes consider a more analytical approach to testing compliance program effectiveness, in an upcoming Harvard Business Review article (sub req’d).
  9. KFC shuts down in the UK for (wait for it) lack of chicken to fry. Tom considers what is risk in a piece for the FCPA Blog.
  10. Tom had a week-long series on the intersection of Sherlock Holmes and innovation in compliance. Check out the following topics: Digital Strategies; Using the Digital Twin; CCO as Data Interpreter; Interpreting Data; and Digital Future in Compliance.
  11. The Everything Compliance gang is back for wrap up of their highlights from the first year of compliance under Trump. It is available on the FCPA Compliance ReportiTunesLibsynYouTubeand JDSupra.
  12. Tom and Jonathan Armstrong premier a new podcast, Countdown to GDRP. This podcast will consider what US companies can do to prepare for GDPR on its go live date of May 25, 2018. For the inaugural episode, click here. Episode 2 will go up next Wednesday, February 28th.
  13. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
Feb 22, 2018

The top compliance roundtable podcast is back with a wrap up with a review of  the first year of the Trump Administration and its impact on the compliance profession. Stayed tuned to the end for riffs and rants in this edition.

  1. Is Jay Clayton who we thought he was? Matt Kelly takes a look at SEC Chairman Jay Clayton and explores some of the SEC’s changes, initiatives and what did not change. Matt riffs on the new compliance officer comedy, which will be piloting on FX television. 

For Matt Kelly’s musings on Jay Clayton, the PCAOB, government rule-making and the SOX compliance debate, see the following: 

8 Compliance Events to Watch in 2018

Clayton, Congress Talk Cybersecurity

The Private Market Stresses Driving SOX Compliance Debate

Framing the Arguments Over SOX Compliance

Treasury Report Eyes SOX Compliance

Regulatory Czar Eyes Agency Guidance

COSO Names New Chairman 

  1. Mike Volkov summarizes the Mueller investigation, using a timeline to highlight where it has been, key pleas from key players and where it may be going. Belying his normal contrarian state, Mike relates how doing yoga has put him in a blissful state. 

For Mike Volkov’s excellent 3-part podcast series on the Mueller investigation and related blog posts, see the following: 

Obstruction of Justice-A Primer

Understanding Special Counsel Mueller’s Authorization

Perspective on the Russian Investigation — Analysis and Review of Manafort/Gates Indictment and Papadopolous Plea (Part I of III)

Perspective on the Russian Investigation — The Michael Flynn Plea Agreement (Part II of III)

Perspective on the Russian Investigation — Next Steps for Special Counsel Mueller’s Investigation (Parts III of III) 

  1. Did anything really change over the past year for the compliance practitioner? Jonathan Armstrong considers what really changed in the world of anti-corruption compliance under the Trump Administration and answers with a resounding Not Much. Jonathan Armstrong rants on Hudson’s News stores at airports which inevitably do not have anything Traveler Armstrong needs.

For the Cordery Compliance client alerts see the following: 

EU Conflict Minerals and Metals Regime

Bribery Due Diligence

Disruptive Technology Start-Ups & The Need For Legal Compliance

New Schrems Case Poses a Threat to International Data Flows? 

  1. In a year where it appeared not much happened in the FCPA, Jay Rosen says the new FCPA Corporate Enforcement Policy is a significant step forward for compliance. Jay Rosen rants on his New England Patriots Super Bowl loss.

For Jay Rosen’s post on the new FCPA Corporate Enforcement Policy see the following:

Jay Rosen’s Most Significant FCPA Event from 2017 - FCPA Corporate Enforcement Policy (or a 5 Min History of How We Got From There to Here) 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
Feb 21, 2018

In this episode Matt Kelly and I go meta as we podcast about another podcast that Matt posted this week on his site, Radical Compliance, where he interviewed Paul Sobel, the incoming Chairman of COSO. We discuss how Sobel sees his new role at COSO, some of the initiatives that he has in mind for the organization and how companies can use the various COSO frameworks, including the Internal Controls and ERM frameworks to better manage risk some the strategic perspective. 

We use the Sobel interview as a starting point to consider how Boards of Directors can think about risk management for a wide variety of issues, from climate change to cybersecurity to sustainability. We also discuss how the COSO frameworks can be used in conjunction with more tactical forms to create a more robust overall risk management program. Join Matt and myself as we go meta this week and take going into the weeds to a new level. 

For Matt Kelly's interview with Paul Sobol click here.

For Matt Kelly's blog post on the COSO ERM Framework see, "COSO Debuts Final ERM Framework

For Tom Fox's blog post on the COSO ERM Framework see, "The COSO ERM Framework

 

Feb 20, 2018

Whether you are ready or not, the EU General Data Protection Regulation (GDPR) goes live on May 25, 2018. It will impact companies doing business in London as much as any other EU legislation. To help US companies prepare, Jonathan Armstrong and myself have started a countdown to GDPR podcast. In this premier episode we discuss what is GDPR and why it is so important that you begin preparing now.

It is quite a wide piece of legislation and covers all personal data. Armstrong noted it is incumbent to remember that the definition of personal information is much wider than the US definition as it includes information such as geographical locations. GDPR applies to anyone doing business in the EU. It could be as simple as having a website which is accessible to people in the EU. GDPR has heightened obligations on data security; in most cases your organization will be required to report data breaches to a UK data regulator within 72 hours of the awareness of the breach. Another distinction is the right for an individual to ask companies what information it may hold on them and to exercise the right to be forgotten. All of these requirements present special challenges for US companies. Finally, one area that has received quite a bit of attention is the fine range. Armstrong noted, “if you’re a small business then you’re subject to a fine of 20 million euros. And if you’re a larger business that fine can be 4% of your global annual general revenue.” Lastly, to top it all off, there is a private right cause of action under GDPR.

Even at this late date, there are steps you can take to begin to get ready. Armstrong laid out three steps a company can take now. First, through a proper plan which is achievable, and concentrates on the main issues, Armstrong believes “that are less likely to get you into trouble with the regulator or expose you to private rights of action.”

Second, Armstrong said you should look at how you relate to individuals, whether they are consumers or employees, you are going to have to be much clearer with them about how you are using data around them. To do so, you will need to engage with marketing and sales teams to provide them with some awareness as to the changes that GDPR is going to make to what they do with individuals and the transparency obligations.

Third is to have a real focus on data security. You will need to make sure that you secure everything that you can, including both soft and hard copies of data. In conjunction with this final point, you must plan for and rehearse data breach responses, because under GDPR you have, in most cases, just 72 hours to respond to a data breach so you need to practice the scenario to be able to do that efficiently.

Near and dear to the compliance professionals heart, Armstrong said it all begins with a risk assessment. This means your corporate compliance function may well play a very large role in your GDPR compliance. From there manage the risks that you see in your data protection and management program. In the Cordery FAQs (FAQs) regarding GDPR it states, “Privacy by design and/or default will not be an add-on, but, instead, will become the norm as businesses will have to incorporate data protection safeguards into their products and services from the beginning.”

You should anticipate the need to appointment a Data Protection Officer (DPO) in your company. The FAQs state:

A DPO will have to be appointed to deal with data protection compliance where:

  • The core activities of the data controller or the processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or,
  • The core activities of the data controller or the processor consist of processing on a large scale of special categories of personal data, namely those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and, the processing of genetic and biometric data in order to uniquely identify a person, or data concerning health or sex life and sexual orientation (which can only be processed under certain strict conditions such as where consent has been given), or, data relating to criminal convictions and offences.

“The DPO must be suitably qualified and is mandated with a number of tasks, including advising on data-processing, and, must be independent in the performance of their tasks – they will report directly to the highest level of management.”

In addition to the basic risk assessment, Cordery advises, companies should undertake ““Data Protection Impact Assessments” (DPIAs). Where processing operations, in particular those using new technologies, “are likely to result in a high risk for the rights and freedoms of individuals,” an impact assessment of the envisaged processing operations on the protection of personal data must be carried out, prior to the processing, “taking into account the nature, scope, context and purposes of the processing.” The new rules also set out other additional criteria that will necessitate an impact assessment. A data protection regulator must also be consulted prior to the processing of personal data where an assessment “indicates that the processing would result in a high risk in the absence of measures taken by a data controller to mitigate the risk”.

DPIAs are likely to become common and should prove to be a very useful tool for businesses in addressing privacy risks.”

For more information, visit the Cordery GDPR Navigator, which provides a wealth of information to utilize in your data privacy compliance program. Finally, Jonathan Armstrong will be in Houston on April 10, 2018 to put on a 3-hour workshop on GDPR. The event will be held at the South Texas College of Law, from 9-12 PM. You can find out more information on the event and register by going to the GHBER.org site.

Feb 19, 2018

In this episode, podcast favorite James Koukios returns to discuss highlights from international anti-corruption efforts, enforcement actions and developments highlighted in Morrison and Foerster’s December report. We highlight five developments: 

  1. The Keppel Offshore FCPA enforcement action and the attendant fallout in Singapore, where the country has announced it is investigation possible criminal charges against the company’s senior executives. We also highlight the new Singaporean initiative for a type of Deferred Prosecution Agreement. We explore how countries in the Far East are ramping up anti-corruption investigations and their continuing cooperation with the United States in investigations.
  2. The Trump Administration reaffirms fight against international corruption as a top priority. We discuss the December release by the Administration of its first National Security Strategy paper, detailing the administration’s top foreign policy priorities. Among five “Priority Actions,” the paper pledges that the U.S. will “continue to target corrupt foreign officials and work with countries to improve their ability to fight corruption. . . .” We explore how the administration see corruption as a threat to American companies’ ability to compete fairly abroad and also asserts that corruption and weak government allow terrorists and criminal networks to prosper and how vigorous anti-corruption enforcement is seen as one of several “economic tools” the U.S. will use “to deter, coerce, and constrain adversaries.”
  3. The public call by Attorney General Sessions greater cooperation in international criminal cases. We note how this follows several other public comments by political appointees of the Administration on the need for not only robust anti-corruption enforcement but also enhanced international cooperation in investigations and enforcement.
  4. United Kingdom Sets Course for Long-Term Anti-Corruption Strategy; and 
  5. The warnings issued by the Chinese government officials and employees of state-owned enterprises. We consider how this fits into the Chinese anti-corruption campaign and whether it will be inward or outwardly focused. We conclude with what it may mean for DOJ prosecutions under the FCPA and what US companies doing business in China may expect going forward.

 

For more information read the full Morrison & Foerster white paper Top Ten International Anti-Corruption Developments for December 2017

Feb 16, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. A very interesting article by T. Markus Funk and Andrew Boutros entitled, “The Evolution and Status of ‘Carbon Copy”. For the full copy go to Bloomberg White Collar Report.
  2. Time to go back to college and take that Econ course as John Bray explores the intersection of sunk costs and third party bribery payments, in the FCPA Blog.
  3. Bill Coffin really nails it this week. He opines that compliance officers are the conscious of a company in his Compliance Week (sub req’d)
  4. Dick Cassin notes that the Justice Department ends its investigation of Core Labs the company’s relationship to Unaoil (here) and Juniper Networks gets a Declination (here). Henry Cutter explains both the WSJ Risk and Compliance Journal.
  5. The PdVSA ‘management team’ in charge of bribes are all indicted over money-laundering based on FCPA violations. Sam Rubenfeld leads the coverage in the WSJ Risk and Compliance Journal.
  6. Sally Afonso explains why you need to get out of our compliance conference comfort zone, in the SCCE Compliance and Ethics Blog.
  7. Joe Mont explores whether businesses misuse NDAs in his article, “Companies twist and abuse non-disclosure agreements”. See article in Compliance Week (sub req’d)
  8. Ethisphere announces its 2018 World’s Most Ethical Companies Awards, see Press Release Matt Kelly explores some of the key similarities in Radical Compliance.
  9. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. You can find out more on his website by clicking here.
Feb 15, 2018

One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell has worked on and with Boards of Directors at various companies and I wanted to garner his understanding of the role of a Board and both senior management and a Chief Compliance Officer (CCO). Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong”, can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer putting the little bit of sand in the shoe to make sure that you’re thinking about things carefully can cause you to step back and really focus your resources where they're needed.”

Board’s do this by posing questions to management that help them challenge their own assumptions, especially those assumptions which senior management is most confident about. Howell said that Board’s “need to help senior management consider the things that management is so sure about that maybe are going to play out the way that they expect. For example, the things that can hurt investors more than anything else is a surprise. Chaos does not help investors in general. The things that surprise investors frequently are the things that also surprise management. Does management consider all of the things that can go wrong and have they built an environment where they can both help prevent those things from happening and detect them when they’re small and they can actually do something about them.” 

Howell noted the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “one very good example is the whole, the reputation of those stakeholders involved in the company and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell went on to state, “it’s very important as we go through some of the ways the board can help management in that role. I think the things that really make a difference to management is when the board is able to be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their own underlying assumptions and biases.” 

One of continuing struggles I hear from Board members is asymmetrical information, largely due from the siloed nature of company information and structures. Howell acknowledged, “These sorts of barriers are pervasive in any company of any size that has a particularly operations and different product lines and different markets and different countries and different time zones. These limitations in the free flow of information by themselves create a risk to the organization, to the investors of the organization, to the employees of the organization and the board’s ability to ask questions. If nothing else in their governance control creates this reminder to management to open up itself to itself and listen carefully to its own organization and be able to link information to all of the places it needs to be fed.”

I asked Howell to further explain his phase “open itself up to itself and listen”. He provided the following example, “how can the Chief Financial Officer make sure that he is giving all the information that the Chief Compliance Officer needs to do his job? Those questions from the board can be very valuable in making sure that the Chief Financial Officer doesn’t forget these issues and the Chief Compliance Officer has an opportunity to engage constructively with the Chief Financial Officer and others in the organization.”

Somewhat counter-intuitively, Howell noted that when it comes to the Board’s oversight role around internal controls, less is often more. This occurs by helping management understand a company can overdo a control environment, “in the sense that when management guides controls around risks that are not going to be the most serious risks to the company, that they end up building excessive amounts of energy and protection where they're not really needed. That you as a management team end up deluding your attention and deluding your resources.”

Howell went on to explain it is simply a matter of resources, “When things do go wrong, you’re in effect spread so thin that you don’t see those risks coming at you. The real question where less is more can be very valuable is when the board continues to challenge the management team on the scenarios that could play out. That could be devastating to an organization where risk really matters.”

I asked Howell if he could provide any discrete examples and he pointed to the food service industry for the following., “For example, in a food service company or a restaurant company, if there were contamination or if there were things that could happen either at the plant or by people who are touching the food. Those are very serious risks that a company needs to both be mindful of and to be able to prevent. If something goes wrong, you need to be able to detect early. When customers of the company or others are hurt that there’s a consequence of failures that can be devastating.”

In another example Howell said he had seen situations where internal “controls that are used for financial reporting for example, when examined in the light of where the risk really exists for the company, the companies have been able to reduce their controls actually by as many as half and improve their overall control environment and reduce the aggregate risk to the company. It’s interesting that even spending less money on controls by having fewer controls can improve the overall comfort that the company and its management and investors are protected from risk.”

A Board is not simply there to be a rubber stamp for senior management. It must exercise independent judgment, action and oversight. Further, it is the Board’s role to ask hard, difficult and probing questions to make sure management is not only doing its job but has considered other risk possibilities.

Feb 14, 2018

In this episode, Matt Kelly and I go into the weeds on the fascinating subject relating to the intersection of compliance and technology: AI and hotlines. Matt blogged on and podcasted with Scott LaVictor, CEO of Neighborhood Watch for Corporations. His firm has been developing an app to help employees report harassment in a way that is secure and anonymous for them, but useful for compliance officers. We explore how this phone app can assist the compliance practitioner by using technology to overcome the inherent tension in an anonymous reporting system where the reporter may desire anonymity while the CCO wants and needs as much information as possible. 

The hotline app example would seem to incorporate several of these concepts starting with an incredible ease of use as a phone app. But the AI features allow it to inquire directly from the reporter additional information which will be important to the compliance professional. We discussed the following example from Matt’s blog post; “an employee might call a telephone hotline and leave a recorded message, “I saw my boss bribing some guy $500 the other day!” An app could be programmed to ask: 

  • What is your boss’s title?
  • Had he met with the other person before?
  • What time of day did the meeting happen? 

We also discuss why if there was one technology tool for compliance to be bullish about it is AI. There is an obvious cost savings but more importantly there is the opportunity for more effective compliance risk management simultaneously with greater business efficiencies. All of this will lead to more profitability that the compliance function can point to going forward. This can include overseeing routine transactions, answering routine questions and extracting data from documents can be moved to a more efficient and useful platform. 

For additional reading and listening, see 

Matt’s blog post and podcast

Better Whistleblower Reporting

 

Tom’s blog posts

Using AI in Compliance-Introduction

Using AI in Compliance-Design Challenges

Using AI in Compliance-Implementation Challenges

Using AI in Compliance-AI Projects for Compliance

Feb 13, 2018

We are back with more leadership lessons from Oscar-winning Best Picture movies and today’s offering is the 1981 film Chariots of Fire 1981. It relates the based-on fact story of two athletes in the 1924 Olympics: Eric Liddell, a devout Scottish Christian who runs for the glory of God, and Harold Abrahams, an English Jew who runs to overcome prejudice. The film was directed by Hugh Hudson. It was nominated for seven Academy Awards and won four, including Best Picture and Best Original Screenplay. The film is also notable for its memorable electronic theme tune by Vangelis, who won the Academy Award for Best Original Score. Its principal stars were Ben Cross and Ian Charleson starred as Abrahams and Liddell, alongside with Ian Holm as Sam Mussabini, Abrahams coach. We will consider leadership lessons for these three characters.

Feb 12, 2018

In this episode I visit with Carlos Ayres, partner at Medea, Ayres and Sarubbi in Sao Paulo. We visit on the past year in anti-corruption enforcement in Brazil and where it may lead in 2018. Carlos discusses the continued fallout from the Odebrecht corruption scandal, across the continent of Latin America with the new anti-corruption laws being implemented in Argentina, Peru and Chile. We also discuss what US and UK companies need to do if they are doing business in those countries to protect themselves.

For more on Carlos Ayres and his firm Meada, Ayres and Sarubbi, check out their website by clicking here

Feb 10, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week. 

  1. What do Steve Wynn’s resignation and Wells Fargo’s continuing problems tell us about corporate governance? Matt Kelly takes a look at Wynn on Radical Compliance. Tom explores the Fed’s penalty levied on Wells Fargo and its Board on the FCPA Compliance Report. They explore the intersection of both on Compliance into the Weeds.
  2. Bill Coffin asks why Wells Fargo, Volkswagen and Samsung are on Fortune’s World’s Most Admired Companies list in his Compliance Week (sub req’d)
  3. Japan is offering leniency deals for companies which provide information on other violations. Michael Griffiths reports in GIR. (sub req’d)
  4. Banks behaving badly. Dick Cassin on Rabobank’s guilty plea, $369MM forfeit for laundering Mexico drug money. Jessica Tillipman and Samantha Bland ask if $4.8bn in penalties has deterred HSBC? Both articles appear in the FCPA Blog. Sam Rubenfeld weighs in on Rabobank in the WSJ Risk and Compliance Journal.
  5. Both the UKSerious Fraud Office and US Justice Dept. and SEC reopen their investigations into allegations of GSK corruption in China. Henry Cutter reports on the UK reopening in the Wall Street Journal Risk and Compliance Report. Dick Cassin considers the US reopening in the FCPA Blog.
  6. Why does the ABA oppose transparency in anti-money laundering law reform? Matthew Stephenson ask in Global Anti-Corruption Blog.
  7. The Pentagon loses some money ($$millions really). Brian Bender reports in Politico.  
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. You can find out more on his website by clicking here.
  9. Join Tom and Jonathan Marks at his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  10. The lads reflect on the Super Bowl win by the Eagles over the Patriots.
Feb 8, 2018

In this episode, Matt Kelly and I take a deep dive into the events which led to the resignation of Steve Wynn as the CEO and Chairman of Wynn Casinos for sexual harassment and misconduct. We consider how quickly the scandal escalated after it was initially reported by the Wall Street Journal and the response (or lack thereof) by the Board of Directors to Wynn’s conduct which had been an open secret for almost 20 years. We review what structural inputs a company should have in place when it has a true charismatic leader. We consider the role of the Board of Directors in light of the recent Wells Fargo penalty levied by the Federal Reserve to limit growth and require the Wells Fargo Board to refocus its efforts on more robust corporate risk management.

For more on the Wynn scandal and corporate governance, see Matt’s blog post So Much Wynning You Can’t Stand It

For more on the Federal Reserve’s penalty on Wells Fargo and the Board of Director’s need for a compliance profession on the Board, see Tom’s blog post, Wells Fargo, Put a Compliance Professional on Your Board

Feb 6, 2018

In this episode I visit with Dr. Marsha Ershaghi Hames, Managing Director, Strategy Development at LRN. We discuss the ongoing national conversation about sexual harassment which has been ongoing from Weinstein to #METOO. How has this awareness of sexual harassment changed the corporate conversation? Dr. Ershaghi Hames has written the article The Value in Having a Difficult Conversation. We explore why she wrote this and why not is the time to have that conversation. We consider the role of senior management, as well in that conversation? What is the role of compliance? How should supervisors, managers and co-workers be trained to report harassment they might observe that happens to others or that others report to them.

Feb 2, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week, including:

  1. Justice Department Escalates Inquiry on Global Sports Corruption. Rebecca Ruiz reports in the New York Times. Andy Spalding comments in the FCPA Blog.
  2. On his Conflicts of Interest Blog, Jeff Kaplan discusses a new review of the Wells Fargo scandal.
  3. COSO gets and new chairman and may consider internal controls guidance. Tammy Whitehouse reports in Compliance Week (sub req’d). Matt Kelly details in Radical Compliance.
  4. Jonathan Marks considers whether the roles of the GC and CCO should be split, in his Board and Fraud
  5. US becomes second largest home of tax havens (although Trump says we’re No. 1). Sam Rubenfeld reports in the Wall Street Journal Risk and Compliance Report. The issue is impacting home sales in Houston. See article in Houston Chronicle.
  6. Ben DiPietro considers when a company should use its CEO as a point spokesperson during a crisis in the WSJ Risk and Compliance Report.
  7. An article in GIR reviews SFO Director David Green’s called for the UK defence bar to embrace artificial intelligence and said the authority will use the newly-enacted unexplained wealth orders in corruption case. See article by Waithera Junghae (sub req’d).
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. You can find out more on his website by clicking here.
  9. Join Tom and Jonathan Marks at his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  10. Tom announces his new podcast series Countdown to GDPR with Jonathan Armstrong. It will be a monthly series for the US compliance practitioner about how to prepare for the upcoming go live of GDPR in May, 2018.
  11. Tom and Jay announce their Super Bowl predictions.
1