Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2018
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: Category: Compliance Know-How
Nov 19, 2018

In today’s edition of Daily Compliance News:

  • Very strange deaths surround allegations of bribery and Odebrecht in Colombia. (Wall Street Journal)
  • Why do employees cut corners and what does it mean for compliance.(Fast Times)
  • The reputational damage to Facebook from the NYT exposé continues. (New York Times)
  • Can you do business when a culture is corrupt? GE is about to find out when selling turbines into Iraq. (Wall Street Journal)
Nov 12, 2018

In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries where they do business. AMI does independent integrity monitoring in multiple countries outside the US and for many non-US organizations. This work has given them a unique vantage point to observe developments. In this Part I, I visit with Vin DiCianni on the trends he sees in the global arena around ethics, compliance and monitoring.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Nov 12, 2018

In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries. AMI does independent integrity monitoring in multiple countries outside the US and for many non-US organizations. This work has given them a unique vantage point to observe developments. In this Part II, I discuss international enforcement trends with Feldman. 

In the next episode we consider the changes going on in the country of Spain.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Nov 12, 2018

In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries where. AMI does independent integrity monitoring in multiple countries outside the US and for many non-US organizations. This work has given them a unique vantage point to observe developments. In this Part IV, I discuss the changing face of monitors in the international arena with DiCianni.

I conclude in the final episode with thoughts on proactive and reactive monitorships in the international context. 

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Nov 12, 2018

In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries. AMI does independent integrity monitoring in multiple countries outside the US and for many non-US organizations.

AMI's work has given them a unique vantage point to observe developments. AMI has a long history of working with internationally based companies. It is therefore well positioned to observe some of the challenges for monitors working internationally. In this concluding Part V, I discuss some of the challenges for monitors in the international arena with Feldman.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Oct 29, 2018

In this podcast, I consider Sherlock Holmes as a teacher and the role he sets out for every Chief Compliance Officer. In a blog post by Maria Konnikova, entitled “What Sherlock Holmes Can Teach Us About Decision Making”, she explored some of the ways that Holmes “insights into the human mind do more to teach us about how we do think and how we should think than many a more conventional source.” Her insights included that Holmes “teaches us to be constantly mindful of our surroundings”; he goes beyond seeing to actually observing; and teaches us to use our senses to increase our mindfulness.

I thought about Konnikova’s insights into Holmes while reading an article in the Corner Office Section of the New York Times (NYT), entitled “In Sports or Business, Always Be Prepared for the Next Play”, where Adam Bryant reported on an interview he did with LinkedIn Chief Executive Officer (CEO) Jeff Weiner. The article had many nuggets of wisdom from Weiner who talked about his journey to becoming the CEO of LinkedIn and some of the things he has learned along the way.

Be Prepared

The first thing is to be prepared; which Weiner expressed in the phrase “next play”. He came up with this from Duke University basketball coach Mike Krzyzewski who says it each time his Blue Devil team goes up and down the court “he doesn’t want the team lingering too long on what just took place. He doesn’t want them celebrating that incredible alley-oop dunk, and he doesn’t want them lamenting the fact that the opposing team just stole the ball and had a fast break that led to an easy layup. You can take a moment to reflect on what just happened, and you probably should, but you shouldn’t linger too long on it, and then move on to the next play.”

In another context, I have previously written about compliance maven Stephen Martin, who urges compliance counsel to put together a 1, 3 and 5 year strategic plan which should be utilized as a road map for a compliance program in these time frames. Martin believes that such a strategic plan could well lead to the development of credibility for your company and your compliance program in the event of one of the aforementioned eventualities. In other words, “next play”.

Culture and Values

Weiner spoke about LinkedIn’s culture and values. He defined culture as “who we are” while defining values as “the principles upon which we make day-to-day decisions.” He stated that the company’s culture has five dimensions: transformation, integrity, collaboration, humor and results. The company has six values which are “members first; relationships matter; be open, honest and constructive; demand excellence; take intelligent risks; and act like an owner. And by far the most important one is members first. We as a company are only as valuable as the value we create for our members.” Weiner recognizes that values are a subset of culture so that they are “inextricably linked”. He believes that the company’s culture and values help in several ways including recruiting, motivating, inspiring and productivity.

Going Forward

Bryant ended his interview with Weiner by asking him “What career advice do you give to business school students?” While recognizing that Weiner’s answer was for a different target market than compliance professionals, nevertheless I found his advice highly practical for the compliance practitioner. First, you must have two things, passion and skill. In other words, to do compliance well you not only need the technical capacity but you should also be passionate about doing it. Second, you should endeavor “to surround yourself with amazing people.” Weiner believes that “in this more networked, interconnected world we live in, it’s just all about the people you work with.” This is not about having a mentor but it’s “about the people you work with and the people who report to you. It’s about everyone you’re associated with, day in and day out. Surround yourself with only the best you can find.” Lastly, Weiner said that you should always be learning. You should never lose your intellectual curiosity.

I hope you have enjoyed this week’s podcast series on Adventures in Compliance, on the intersection of Sherlock Holmes and compliance.

If you are looking for the top compliance training class around, the Compliance Master Class. If you would like information please email at tfox@tfoxlaw.comand I can forward you the agenda. If you would to register, you can do so here.

Oct 29, 2018

In this episode, I consider Conan Doyle’s third Sherlock Homes novel, The Hound of the Baskervilles. The novel, originally serialized in The Strandfrom 1901 to 1902, is generally recognized by Sherlockians as the premier Doyle work regarding his fictional detective. I use this novel to illustrate how you can plan out and schedule 90 days to innovation for your compliance function. 

Doyle’s idea for the story derived from the legend of Richard Cabell, which was a tale of a hellish hound and a cursed country squire. Squire Cabell was a hunting man and who was described as a “monstrously evil man”. He had a reputation “for, amongst other things, immorality and having sold his soul to the Devil. He was also alleged to have murdered his wife. As the story goes, Cabell was laid to rest in ‘the sepulchre’, but night of his interment saw a phantom pack of hounds come baying across the moor to howl at his tomb. From that night onwards, he could be found leading the phantom pack across the moor, usually on the anniversary of his death. If the pack were not out hunting, they could be found ranging around his grave howling and shrieking. In an attempt to lay the soul to rest, the villagers built a large building around the tomb, and to be doubly sure a huge slab was placed. To add good measure, the folklore of the county where the tale occurs, Devon, includes tales of a fearsome supernatural dog known as the Yeth hound.”

The Hound of the Baskervilleswas a tale that appeared to have supernatural implications. Yet, upon closer examination, a more temporal solution was determined. I thought of this novel when reading the article entitled “Build an Innovation Engine in 90 Days” by Scott D. Anthony, David S. Duncan and Pontus M. A. Siren in Harvard Business Review.  

The authors recognize that innovative ideas get brought to the marketplace often through “individual heroism and a heavy dose of serendipity” but companies need a mechanism to “make the process more reliable and repeatable without making major organizational changes.” To do so, they suggested a solution they call the “minimum viable innovation system” which can bring an innovation to fruition within 90 days. I have adapted their system for the compliance function.

Day 1 To 30 - Define Your Innovation Buckets

Innovations can either be inward or outward facing. This is also true in the compliance function as your compliance program relates to your own internal clients, customers and your third parties. It all begins with two steps (1) Determine between compliance goals and current operations; and (2) determine broad categories of compliance solutions which could fill that gap. If your gap is large, you might sub-divide your compliance efforts so that “you can map them to different directions for future [compliance] growth. You should not take on more than three as an initial effort.

Day 20 To 50 - Zero in on a Few Strategic Opportunity Areas

You need to meet with your customer base to “probe unmet needs”. You can use town meetings, compliance focus groups or meetings with individual employees. Also look outside your company by engaging in benchmarking through investigation on new developments in your industry and in the compliance space. This is also a time when you can best use big data through a data analytic approach to spots trends in your organization that might present opportunities for compliance innovation.

Day 20 To 70 - Form a Small Dedicated Team to Develop the Innovations

In three steps you should accomplish the following. First, dedicate a handful of the company to developing the compliance innovations. Second, work with the Chief Executive Officer and Chief Financial Officer to eliminate “zombie” compliance projects. Third is to develop a process checklist.

Day 45 To 90 - Create a Mechanism to Shepherd Projects

During this time frame, the authors suggest two major goals for oversight. First is that the CCO needs to select and train compliance leaders to oversee the innovation team and to establish oversight rules. The group of compliance leaders who will have the autonomy to make decisions about starting, stopping, or redirecting compliance innovation projects. You should take care not to simply replicate the current executive committee, because if you do, it will be too easy for group members to default to their corporate-planning mindset or to let day-to-day business creep into discussions about compliance innovations meant to fulfill long-term goals.

The authors’ formulation is an excellent way for a CCO or compliance practitioner to think through the process to design and create innovation in your compliance function. Just as Holmes methodically worked through the clues in front of him (and some behind him) in the The Hound of the Baskervillesyou can use this protocol to assist you moving forward. 

If you are looking for the top compliance training class around, the Compliance Master Class. If you would like information please email at tfox@tfoxlaw.comand I can forward you the agenda. If you would to register, you can do so here.

Oct 29, 2018

In this podcast, we consider Conan Doyle’s second Sherlock Homes novel, The Sign of Four.  The novel was published in 1890 but the story is set in 1888. The story entails a complex plot involving service in East India Company, India, the Indian Rebellion of 1857, a stolen treasure, and a secret pact among four convicts and two corrupt prison guards. It presents the detective's drug habit and humanizes him in a way that had not been done by Doyle to-date. It also has a rather happy ending as it introduces us to Dr. Watson's future wife, Mary Morstan to whom he proposes at the end of the novel. It also introduces today's topic of the innovation process. 

The Sign of Fourwas an intricate tale with many strands woven throughout. I thought of this novel when reading the article entitled “Leading Your Team into the Unknown” by Nathan Furr and Jeffrey H. Dyer in the Harvard Business Review. The article is a good starting point to help a CCO or compliance practitioner help move a compliance function down into the DNA of an organization to make compliance a more standard process for operationalizing compliance through “A Comprehensive Approach to Innovation” which I have adapted for the CCO or compliance practitioner to facilitate innovation in the compliance function. 

  1. Generate Insights. As a CCO or compliance practitioner, you can push compliance boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models. But it means getting out there and seeking input from those outside your direct compliance function.
  1. Identify an Important Problem. Give your team an opportunity to synthesize the issues. You will need to dedicate both resources and time for the process to run its course. I recognize that all corporate employees have a day job so you will need to set aside specific time for such issue identification. In addition to providing resources and time, you will need to provide your innovation team support by removing the inevitable organizational barriers, which will be thrown up in their path.
  1. Develop the Solution. Begin byconstructing a set of simple prototypes of many different compliance tools. Start with a visual representation, which could be just a drawing; next move to testing a minimum viable prototype with internal consumers of the compliance solution through the simplest, quickest physical version of the offering you can devise. Finally, pilot test the full-blown compliance solution with a wider audience, including trusted and integral third parties to your organization.
  1. Devise the Business Model. Finally, once you have worked out the offering, apply the same experimental approach to developing and testing the components of the business model, including approaches to implementation.

Concluding, there are multiple values to such an approach. First, you will have generated “insight value-that is, the insight into the unknown that comes from reducing uncertainty.” Second is the “option value-the option upon resolving an unknown, to pursue, alter, or abandon a course of action.” Third is the “strategic value” which is both the value derived by your internal compliance consumers but also that of all the knowledge you will have gained throughout the course of the project; what worked and what did not work and, more importantly, why.

If there is one over-riding theme that the Department of Justice has communicated over the years it is that your compliance function needs to constantly evolve. It certainly must evolve as the corruption risks your company encounters develop but also it should also mature as your compliance program grows and becomes more ingrained in your organization. Moreover, as compliance moves into its next phase and becomes the best practiceof a well-run business, innovation will become more of a focus. 

If you are looking for the top compliance training class around, the Compliance Master Class. If you would like information please email at tfox@tfoxlaw.comand I can forward you the agenda. If you would to register, you can do so here.

Oct 29, 2018

In this podcast, we celebrate Doyle’s final novel, The Valley of Fear. This novel was written in 1914 and serialized in the Strand Magazinebetween 1914 and 1915. It was notable for two reasons. The first that it was at least inspired by events in America involving the Molly Maguires, the Pinkerton Agency and its undercover agent James McParland. It informs the topic of virtual teams. 

In this story, Holmes decodes a cipher from Professor Moriarty's organization for a person named Douglas in Birlstone. It is discovered that there is a corpse who was an assassin sent to kill Mr. Douglas. Douglas literally blew the head off of his American assassin and dressed the body as himself. Holmes intoned that a dumb-bell weighed down the killer's clothes in a moat. The assassin left a calling card, monikerred VV341, which was a code for the Vermissa Valley Lodge 341. This was a reference to undercover work that Douglas did years before for the Pinkerton Agency when he went undercover, first with Freemen in Chicago, then west to a desolate mountain coal mine area, to take down corrupt murderers who ran the Valley Freemen Lodge. Years later the US criminals enlisted Professor Moriarty to find Douglas. Holmes warns Douglas to flee England. But Moriarty prevails and the story ends with Mrs. Douglas wiring Holmes that her husband was lost overboard on his way to South Africa.

I thought about this final Holmes novel, with its multi-continent settings, in connection with an article in the Harvard Business Review, entitled “Managing Yourself Getting Virtual Teams Right”, by Keith Ferrazzi. It provided insight for any Chief Compliance Officer (CCO) or compliance practitioner to master this most valuable and necessary tool is a skill in the modern multi-national organization.

The Right Team

It all starts with the right people, the right size and the right roles. Your team, no larger than 10 should have “good communication skills, high emotional intelligence, an ability to work independently, and the resilience to recover from the snafus that inevitably arise. There are three groups.  The core consists of executives responsible for strategy. The operational group leads and makes decisions about day-to-day work but does not tackle the larger issues handled by the core. Finally the outer network consists of temporary or part-time members who are brought in for a particular stage of the project because of their specialized expertise. 

The Right Leadership

The group must have trust by getting to know each other as people, if only through the virtual format. Once trust is established the next step is foster open dialogue or. Finally, it is important to clarify goals and guidelines or “the importance of establishing a common purpose or vision, while also framing the work in terms of team members’ individual needs and ambitions. Explain to everyone why you are coming together and what benefits will result, and then keep reiterating the message.”

The Right Touchpoints

There are three key points at which the team should get together; kickoff, onboarding and milestones. Kickoff allows everyone to put a face with a name. Onboarding is when you bring a new person onto the virtual team. Finally, Ferrazzi says that even the most dedicated teams can lose momentum as team members begin to feel disconnected. To counter-act this, he suggests bringing the full team together at milestones.

The Right Technology

Some of the obvious is conference calling, direct calling and text messaging and virtual team rooms all which can make the virtual team experience work well. When data on employee resource use was made available, “a few interested parties self-organized into a virtual project team to create a system that documents individuals’ cost savings over time. As people began to compete for the biggest savings, the company benefited.”

The earliest virtual teams were formed to facilitate innovation among top experts around the world who didn’t have time to travel. However in today’s corporate environment, teams of physically dispersed employees are more often just a necessity of doing business. The compliance function will almost always be dispersed across a wide multi-national area. Some of the tips presented herein can help you run a more efficient organization while allowing greater flexibility going forward. 

If you are looking for the top compliance training class around, the Compliance Master Class. If you would like information please email at tfox@tfoxlaw.comand I can forward you the agenda. If you would to register, you can do so here.

Oct 29, 2018

In this episode, I consider the first novel, A Study in Scarlet. There are two items of note that I learnt in researching this work. The first is that it was written in 1886 and even Conan Doyle had trouble finding a publisher for what went on to become the most famous detective character of all-time. The second was the title. I had always thought it referred to the color of blood but it turns out that it comes from a speech given by Holmes to Dr. Watson on the nature of his work, in which he describes the story's murder investigation as his “study in scarlet”: “There's the scarlet thread of murder running through the colourless skein of life, and our duty is to unravel it, and isolate it, and expose every inch of it.” Furthermore, a ‘study’ is a preliminary drawing, sketch or painting done in preparation for a finished piece. The story informs today’s topic about using power. 

While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the FCPA; this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in the ‘why’ they should do business ethically and in compliance with such laws but it is more that power is shifting inside corporations. In a HBR article, entitled “Understanding “New Power””, authors Jeremy Heimans and Henry Timms explore how leadership dynamics are changing and what companies might be able to do to harness them.

The authors have three prescriptions that I found could be useful for the CCO or compliance practitioner to incorporate into a mature and evolving compliance program moving forward. Compliance functions need to “engage in three essential tasks: (1) assess their place in a shifting power environment, (2) channel their harshest critic, and (3) develop a mobilization capacity.

Assess where you are

This prong is quite close to something compliance practitioners are comfortable with in their role, a risk assessment. However the authors suggest that the assessment be turned inward so you should assess the compliance function on this “new power compass—both where you are today and where you want to be in five years.”

Incorporate business unit interests

If you are going to ask the business unit to be a significant partner or better yet be your business partner, you will need to have a mechanism in place to engage your business unit so there can be an inflow of input before the compliance function has an output of requirements. As the authors write, “This level of introspection has to precede any investment in any new power mechanisms” to which I would add any successful compliance function.

Mobilize your capacity

Here I suggest you consider contracted third parties and other third parties such as joint venture (JV) partners as an avenue through which the compliance function can bring greater benefits to an organization.

As the compliance profession matures, it will become more a component of a company’s business function. This means less of a lawyer’s top down mentality of do it because I said to do it, to more collaboration. It also means, as with the premier of Sherlock Holmes in A Study in Scarletthat something new is on the horizon and it could be here for quite sometime to come. 

If you are looking for the top compliance training class around, the Compliance Master Class. If you would like information please email at tfox@tfoxlaw.comand I can forward you the agenda. If you would to register, you can do so here.

Oct 15, 2018

This week I return to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over this new podcast series, I will be considering themes from the short stories to illustrate broader application to components of a best practices compliance program. In this Episode I, I consider the theme of communication. 

Shmoop found that in addition to the overall storytelling of Dr. Watson, “nearly every character in the Sherlock Holmes stories is a storyteller.” Storytelling is a crucial part of the entire detective fiction genre, and the Sherlock Holmes stories really explore this aspect. Each tale begins with a new case, which is always narrated by a participant, and ends with some sort of confession/explanation scene. While we are on this journey with Holmes and Watson, both they and we “encounter tons of different people and listen to their stories. In a way, the cases that Holmes and Watson solve are like giant umbrella stories composed of a dozens of smaller stories being told by a revolving door of characters.”

In the story The Adventure of the Red Circle, Holmes solves the immediate mystery in front of him, as told by the landlady of a boarding house. The first mystery is that a lodger has not been seen for over 10 days, always staying in his room and only communicating with oblique messages such as SOAP, MATCH, DAILY GAZZETTE printed on a torn piece of paper. But Holmes divines a greater mystery as it turns out the lodger is not a man but a woman whose life is under threat and her male traveling companion can only communicate with her through references to newspaper columns. Holmes stated to Watson, “Education never ends, Watson. It is a series of lessons with the greatest for the last. This is an instructive case. There is neither money nor credit in it, and yet one would wish to tidy it up. When dusk comes we should find ourselves one stage advanced in our investigation.”

This story illustrates a couple of key points for every CCO and compliance practitioner. The first is listening. This second compliance pointer The Red Circle Illustrates is communication, for just as education never ends for Holmes, it should never end for a compliance practitioner, your communications on compliance should never end either. Third, the audience. To communicate effectively you need to understand your audience. In any corporation, there are multiple audiences who are the key stakeholders in the 360-degree process.

Finally, you need to evaluate what you have done. You can monitor your communication activities by tracking attendance at events, website statistics, open rate of emails, downloads of materials, video hits; in other words, the same techniques that your marketing folks would use to determine their messaging’s effectiveness. The objective is to build trust for the 360-degree process by determining if the goal is achieved. You can utilize surveys or focus groups to assess the impact on your target audience. By focusing on your customer customers of compliance, i.e., your employees, it allows you to identify gaps and improve the communication process for your compliance program.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind(Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes(shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes(Klinger) edited with notes by Leslie S. Klinger.

Oct 15, 2018

This week returns to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over the next few days, I will be blogging on themes from the short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of institutional justice. 

In the story The Adventure of the Abbey Grange, Holmes feels something is just not right about the story told by Lady Mary Brackenstall regarding the death of her step-father Sir Eustace Brackenstall. Holmes’ largest concern turns on the contents of three wine glasses, one of which contains beeswing and the other two do not. It turns out that Sir Eustace was killed by a companion of Lady Mary, which Holmes uncovers. However, Holmes has an adaptability for justice when the situation demands it, stating, “Once or twice in my career I feel that I have done more harm by my discovery of the criminal than ever he had done by his crime.” Satisfied the actions of the criminal and his accomplice (Lady Mary) were both warranted and just; Holmes does not report his findings to the local police. Klinger dryly noted, “his sympathies may have overridden his judgement: Many scholars believe that Holmes lets himself be fooled by a villainess clever than he credited.”

This story illustrates a key point for every CCO and compliance practitioner; institutional justice. As a CCO or compliance practitioner how can you work towards achieving it? Institutional justice is a primary factor as to whether an employee will come forward with a concern. Management might try a quick-fix reaction to a messy investigation with more reporting mechanisms, posters or asking a Chief Executive Officer (CEO) to use compliance training to generally get the word out. Employees view it as a trust issue, and you must garner that trust through providing institutional justice.

One of the ways to insure institutional justice is through the Fair Process Doctrine which mandates that every hotline complaint should be treated with both dignity and respect; with an efficient and thorough vetting. From there if discipline is warranted, a company should follow a prescribed process. Follow that process and an employee would almost always uphold a company’s decisions. Fail to follow the process and the employee would be required to engage in remedial action.

Companies must have an absolute prohibition against retaliation. If not, any sense of institutional justice will be destroyed. A final problem of inconsistent outcomes is that companies must demonstrate that consistent and fair outcomes are routine, regardless of people, relationships or scenarios. If employees view outcomes as fair, they will be more compelled to report concerns. Employees know that inconsistency equals personal risk.

Both the Fair Process Doctrine and the more recent concept of institutional justice are central to the modern compliance profession. The compliance profession must remind companies that even if they can engage in an action, they should not always do so. Sometimes the reputational damage, even if an action is legal, is so great that the risk cannot be managed. The compliance discipline within every company is the one corporate function most well suited to bringing institutional justice into the fabric of a company.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie S. Klinger.

Oct 15, 2018

This week I have returned to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. I am using themes from the Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of criminality and compliance.

In the story The Adventure of the Priory School, Watson meets a character, Reuben Hayes, who  believes to be the most “self-evident villain” he has ever seen. The tale revolves around the disappearance of a Duke’s son who is kidnapped by the Duke’s illegitimate son, James Wilder, who has in turn hired that most evil person Hayes to kidnap the lad. In pulling off the crime, Hayes had killed the lad’s tutor, one Heidegger, who had gone off in search of the boy. Holmes resolves the matter, while Hayes swings for his crime, the illegitimate son, Wilder is packed off to Australia.

Rarely do employees in companies begin with an intent to commit criminal acts. Yet by the time they have engaged in criminal fraud, there has usually been significant damage to the organization. One might only consider the recent criminal indictment of Elizabeth Holmes, founder and former Chief Executive Officer (CEO) of Theranos, Inc. and the company’s former COO, Sunny Balwani. I greatly doubt they originally planned to defraud investors out of millions of dollars or intentionally wrongly reported on the health of all those who were tested with their products. Yet the indictment alleges, at the end of the day, that they did so defraud a wide variety of stakeholders, customers and others. Now the company is down to just a few remaining employees.

But this type of massive fraud, perpetrated at the highest level, is a rarity in Foreign Corrupt Practices Act (FCPA) cases (although not unheard of). Yet, as the Association of Certified Fraud Examiners (ACFE) noted in its most recent Report to the Nations(Report), corruption represents one of the most significant fraud risks for organizations. This means that companies should understand the specific factors involved in corruption schemes so they can work to effectively prevent, detect and remediate them.

Some of the key findings in the Report around corruption were that 70% of corruption cases were perpetrated by someone in an organization who was in a position of authority; either a manager or senior executive. The top red flags in corruption cases were (1) an employee living beyond their means; (2) employees with unusually close associations with vendors or customer; (3) employees who were in financial difficulties; and (4) employees who had a ‘wheeler-dealer’ attitude when it came to doing business. Interestingly, corruption continues to be a worldwide problem. However, the part of the Report that will bring some of the most important insights to the compliance practitioner is the similarities between the fraud perpetrator and the employee engaged in corruption. They share the same profile. The mechanisms for concealing fraud are concealing or altering documents, creating fraudulent transactions and entries in the accounting system, altering transactions or files and override of internal controls to allow fraudulent transactions.

These observations point to the need for robust internal controls in every best practices compliance program. Such compliance internal controls can help detect and prevent fraud and corruption from occurring in a much more objective manner. For the reality is if the red flags noted as the top indicators of fraud appear in your organization, it is an objective sign that a more thorough investigation should take place.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie S. Klinger.

Oct 15, 2018

This podcast series returns to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. In Adventures in Compliance, I consider themes from the short stories found in Holmes storiesto illustrate broader application to components of a best practices compliance program. Today, I consider the theme of imagination in your compliance program. 

The Adventure of the Empty House may well be one of the most famous in the entire Holmes oeuvre. It was the first story in over ten years, although Doyle set the tale only three years after the meeting of Holmes and Moriarty at Reichenbach Falls. Returned from touring the world, Watson and Holmes have an emotional reunion (at least for Watson) and then begin to tackle a locked room murder. This leads to Holmes being in jeopardy and putting a mannequin in his window to draw an attempted assassination attempt by Colonel Sebastian Moran, a henchman of Dr. Moriarty. Moran uses an air rifle which makes the murder and attempted murder all the more sinister.

In every recent Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA) issued by the Department of Justice (DOJ) they all include an element along the following strictures, “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]. This means that the DOJ expects imagination in your compliance program to keep up with evolving international and industry standards. This requires your imagination in your compliance strategy.

All of this means you should begin with a strategy for your compliance program. The key to success is something that every CCO or compliance practitioner should take to heart; which is that a compliance practitioner must be able to lay out a strategy for compliance that details the efforts to support the overall business strategy. This means creating a compliance program that will create value for customers, i.e., employees, third parties and customers; show how the company will capture that compliance value going forward and finally which types of compliance imagination to pursue.

If you have a good strategy, it can promote alignment among diverse groups in a company, help to clarify objectives and priorities and guide your focus on those objectives. It can also be modified as necessary and with sufficient feedback. There are several questions you need to consider in connecting your strategy to the business. Initially, how will it create value for the customers of compliance; i.e., your employees and relevant third parties? Your imagination can make compliance faster, easier, quicker, nimbler and so on. Focus on that creation of value going forward. Next what types of imagination will allow the company to create and capture value, and what resources should each type receive, such as a change in technology and a change in a business process?

Obviously senior management has a key role around imagination in compliance, as it can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resources allocated but management must also incentivize the business units to proceed with implementing the imaginations. Another area where senior management is critical is with making trade-offs. A supply-push approach comes when your imagination is focused on something that does not yet exist, for example if you are initially implementing a Foreign Corrupt Practices Act (FCPA) compliance regime. A demand-pull approach works more closely with your existing customer base to determine what they might need and works to implement imagination around those needs.

Finally, consider what every speaker from the DOJ or Securities and Exchange Commission (SEC) says when they talk about the basics of any best practices compliance program. It is that both compliance and strategies must evolve. You must recognize that your compliance program will have to be innovative. Start with a strategy, that has senior management buy-in and support, then move to implement. Finally use data in a feedback loop to fine tune your imaginations. Imagination in compliance is one of the key differences between those who advocate static compliance standards embodied in a written paper program and those who advocate an operationalized compliance program and it is the latter that creates an active, vibrant and effective compliance program. That is the bottom line for imagination in compliance.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie S. Klinger.

Oct 15, 2018

This week is a return to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over this week, I am considering themes from the Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of mentoring in compliance.

In the story The Adventure of the Six Napoleons, Inspector Lestrade says to Holmes, “Well,” said Lestrade, “I’ve seen you handle a good many cases, Mr. Holmes, but I don’t know that I ever knew a more workmanlike one than that. We’re not jealous of you at Scotland Yard. No sir, we are very proud of you, and if you come down to-morrow, there’s not a man [...] who wouldn’t be glad to shake your hand.” This comment provides insights into how Holmes is viewed by other law enforcement officers; Holmes is a sort of living legend and the other officers respect his skills.

The matter involved the theft of jewelry as Inspector Lestrade of Scotland Yard brings Holmes a seemingly trivial problem about a man who shatters plaster busts of Napoleon. One was shattered in Morse Hudson’s shop, and two others, sold by Hudson to a Dr. Barnicot, were smashed after the doctor’s house and branch office had been burgled. Nothing else was taken in any of the break-ins. It turns out that the thief had stolen several pieces of jewelry and then hid them in the Napoleonic busts. The thief, having been released from prison on an unrelated offense, was tracking down the busts in which he had placed the jewels for hiding, breaking them open and reclaiming his purloined property.

What are some of the ways that you might mentor a younger or less senior compliance professional? I think there are several ways suggested by Conan Doyle as epitomized by the statement by Lestrade and his relationship with Holmes and Watson. CCOs and seasoned compliance professionals tend to be passionate about compliance even if (like myself) they have a legal background and came to compliance from a corporate legal department. You should work to transmit that passion to others you are mentoring. In today’s hyper-transparent world of reputational risk, that passion can stand out as a differentiator. It is not simply the crossing of siloed boundaries but understanding the differences in business units, corporate functions and even geographic locations that can bring this broad sense of context.

As compliance professionals, transmit the ability to see not only the technical details but also the big picture of compliance. Introduce your mentees to others in your organization, so that they can be exposed to different leadership styles and see how such leadership styles work in various areas and with different constituencies. Encourage mentees to have a powerful sense of compliance community by encouraging cultivation in personal and professional networks. Any chance to participate in such an opportunity should be accepted.

Beyond passion, help them to develop purpose around careers in compliance. This can be aided through reflection, introspection and ability to change as a leader. Moreover, rather than influencing others through individual speeches or stories, the everyday connections between a compliance professional’s sense of purpose and the compliance vision can work to form an indelible impression about the importance of compliance to an organization. This is Louis Sapirman’s 360-degees of compliance in action.

If you are mentoring a compliance professional, you probably have a next generation mindset. But it is equally important that you communicate that to your mentee as it is certainly important that each generation of compliance leaders be fit for the future and be committed to continuous improvement going forward.

By using these steps, a successful enterprise leader, a CCO or compliance practitioner can bring greater corporate wide presence to the compliance function. Moreover, by using them as guideposts for mentoring, you will make compliance a part of the business process as it becomes second nature and a recognized part of any business transaction. As you communicate to those under you to develop better relationships and how to mobilize compliance for the greater good, it will have the direct benefit of allowing you as the mentor to deliver more value for the company. It does not get much better than that.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its contribution, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the two-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie Klinger.

Oct 8, 2018

Opinion Release 12-01is significant as it demonstrated not only the evolving nature of best practices under the FCPA but also the DOJ’s thinking on the subject. I think that the DOJ has underlined again the fact intensive nature of the analysis required under the FCPA and how companies, if they used a reasoned approach for a specific FCPA issue or problem, can go a long way towards protecting themselves from potential FCPA liability or exposure. Find out in today's episode. 

Oct 8, 2018

In this episode of the Opinion Release Papers, we consider Opinion Release 14-02, where the question presented is if a US company purchases a  company not previously subject to the FCPA and the target had engaged in bribery and corruption, would the US company be liable for the targets prior acts under the FCPA? 

Oct 8, 2018

In this episode, we consider Opinion Release 14-01, where the Department of Justice opined that paying a foreign government official for monies he was owed in the sale of a business interest that he owned prior to becoming a foreign government official would not be prosecuted as a Foreign Corrupt Practices Act violation. As intuitive as this decision might sound, there is, nevertheless, significant information for the compliance practitioner to take away from 14-01.

Oct 8, 2018

“Each case turns on its own facts.” How many times have you heard a representative of the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) make that statement at a conference or other public event? The reality is that this is true and, in the context of Foreign Corrupt Practices Act (FCPA), both regulators look at the facts and circumstances around each case in making a wide range of assessments. While this is frustrating to business types, as a lawyer I find it to be not only an appropriate analysis but also an accurate way in which to look at things. 

Late in 2013 the DOJ issued its only Opinion Release, that being Opinion Release 13-01. One of the things that this Opinion Release stands for is that each fact scenario presented under the FCPA must be evaluated on its own facts. While this maxim is certainly true, I believe that the Opinion Release goes further and provides significant information to the compliance practitioner for charitable donations going forward.

Oct 8, 2018

In Opinion Release 12-02, certain Requestors, which were 19 non-profit adoption agencies located in the US, asked the DOJ about bringing certain foreign governmental officials involved in the foreign country’s adoption process to the US. All the foreign governmental officials are involved in the process of allowing children from their country go through the adoption process with the US non-profits involved. The trips to the US were for two days of meetings. Can the Requestors do so, without running afoul of the FCPA?

Oct 1, 2018

In this special five-part podcast series, I have visited with Thomas Sehested, founder and CEO of, Valerie Charles, Chief Strategy Officer and Peter Chang, Head of Customer Success of GAN Integrity. In this series, we will consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In this Part V, I visit with Charles some of her birdseye view of compliance.

Charles has worked in private practice as a white-collar defense lawyer and as a Chief Compliance Officer (CCO). While in-house, Charles tended to view technology as a tactical solution to an issue. She did not see it as a strategic solution and frankly did not understand the power of tech in compliance. However, after her move to GAN she began to see how technology could bring a much larger strategic focus to compliance, for example in such areas a tech solution for compliance integrated into the company’s overall risk management strategy, leading to integrated reporting and an entire infrastructure of the tech solutions tied to the corporate structures.

We explored how Charles perceives that technology has changed the way(s) she considers compliance. She began by noting how much more advanced and mature the financial sector has been in developing and embracing tech than compliance. This extended to corporate financial disciplines so that now there are integrated standard-bearer platforms. Good technology can import and export data easily that allows greater movement of information with more transparency between business units. She noted that Human Resources (HR) has also benefited greatly from tech solutions.

She contrasted those examples with the corporate compliance function, which she believes has been hamstrung by the lack of an integrated tech solution in compliance. Tech for compliance has been fragmented. Typically, it has been the norm for a compliance professional to go one vendor to purchase technology to roll out policies & procedures, another vendor for e-learning and surveys and still another to register conflicts of interest, gift giving and receiving. Of course vetting your third parties is another set of vendors as is hotline and case management software.

She stated,  “if you can't tie together the critical components of the program into one integrated system that talks to each other and can easily be checked out or have data flowing to and from the other business units, you're kind of still an odd guy out.” If there was such a tech solution, it would elevate the compliance profession.  

Charles believes the most effective and forward thinking compliance professionals are those who consider how not only will compliance impact an organization but also how a compliance program should integrate into the company’s overall business strategy. She explained that this means considering “everybody from, you know, ops people to sales folks to the marketing team.” You should really try to understand how the business flows and sort of how do you put these gates, how do you put these processes, procedures, and controls in places that will meet your goal of keeping everybody safe and the company, but doing it in a way that will slow down the company as little as possible.”

A CCO can begin to accomplish this by having conversations with the corporate functions and business operations to understand how any changes from the compliance function will impact the day-to-day processes of the organization. If you do this spadework and take the concerns of those you talk to into account, Charles believes it will be much easier for you, as CCO, to get senior management buy-in for changes, upgrades and/or enhancements of your compliance program.

This research is effective is for a couple of reasons. First by garnering buy-in from other corporate disciplines, it makes those disciplines feel like they were a part of a team effort or at the very minimum their concerns were listened to. Which leads directly into a key (if not thekey) skill of any senior business leader, including a CCO, which is listening. Yet listening is even more important for a CCO or compliance practitioner because of the collaborative nature of the compliance function. But information is a two-way street so you must not only listen but also educate your corporate partners in finance, internal audit, HR and internal controls.

From such discussions, Charles believes you can determine the types of controls that would be effective for compliance. Such controls could be incorporated into policies and procedures or internal controls. She noted, “there’s an art to looking at the flow of a business and placing controls in those specific spots. If you are able to listen and process other people’s goals alongside your own and then marry those concepts together, it creates something that works for everybody and everybody can push for it. You listen to a bunch of ideas and then crunch them out in a way that people can understand and see the results.”

Another interesting observation by Charles was that she views the compliance profession as the “true partners of the business.” She contrasted this with a corporate legal department, which exists to protect the company. Compliance is there to prevent, detect and remediate, which means to enhance a business process through the lens of compliance. Charles stated, “compliance has the creativity and flexibility that the legal team doesn’t always have. We can utilize that to align ourselves with business goals in a way that the business team can understand.” This means that if a CCO or compliance function sees something that is not working, it can make a change. The more a compliance team focuses on dynamic and changing risks, the more it will appear as a way to respond to business needs. Equally important, such an approach not only anticipates but also supports the continuous improvement model of compliance. As you garner feedback and data from your compliance program you can use that information to improve your overall compliance process.

Charles concluded by noting that execution is a key element and this is where the rubber meets the road. After you have listened, designed or enhanced and received senior management buy-in, did you, as the CCO or compliance function, execute on your long-term strategy? At the end of the day, you will be judged on how you executed your strategy.

For more information on GAN Integrity, visit our sponsor’s website, www.ganintegrity.com.

Oct 1, 2018

 In this special five-part podcast series, I visit with Thomas Sehested, founder and CEO of, Valerie Charles, Chief Strategy Officer and Peter Chang, Head of Customer Success of Gan Integrity. In this series, we will consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In this Part I, I visit with Thomas Sehested on his journey from professional athlete to tech entrepreneur to compliance solution provider.

Some of the most interesting innovations in compliance come from folks who do not have a background in either compliance or legal training. I have found it is because their perspective is so different that they spot things that we legally trained compliance professionals often do not spot. That insight was reinforced when I recently interviewed Thomas Sehested, co-founder and Chief Executive Officer (CEO) of GAN Integrity Inc., (GAN) for an upcoming podcast series, sponsored by GAN. Sehested has been a world champion Windsurfer, became a tech entrepreneur in the antipiracy world and now works in the compliance space.

While in business he had felt (like many business folks) that compliance was the Land of No and Chief Compliance Officers (CCOs) largely inhabited it as Dr. No. Yet when he looked more closely into the compliance space he saw a profession that had been lawyer driven yet seemed to be more focused on business process, something that lawyers are certainly not trained for nor have the tools to accomplish. Moreover, the breadth and scope of requirements for a corporate compliance function are almost endless as it literally touches every other corporate discipline.

I found Sehested’s insight very interesting, that compliance professionals are faced with a pretty rigorous set of things that they need to live up to, “it’s really kind of a minefield in terms of what they need to focus on as a team”. However, he felt they lacked the tools to do this efficiently. He also saw “very small teams, two or three people, managing compliance for thousands of employees and thousands of third-party vendors.” To actively manage this number of persons and entities without a technological solution is well-nigh impossible. Sehested saw an opportunity to create technological solutions to remedy this anomaly. This is what he set out to do when he created GAN. Sehested not only wants to put more technological solutions in the hands of the compliance professional to manage the tasks they have at hand but also give them methods to present that information to senior management and the Board of Directors.

I asked Sehested what a compliance professional might consider to focusing on initially from a tech standpoint. Interestingly, he noted that even with the wide range of company sizes and industry foci, “you want to look at what you do on a day to day basis and automate that so that you, as a compliance professional, can focus on what you’re good at and that’s making the strategic decisions about how your company should handle compliance. It should not be about chasing people down and making sure that they filled out their questionnaires and trainings.

This means you should consider automating the typical administrative tasks which fill so much of our day-to-day work. Sehested believes “All of that should be automated. If you have a lot of third-party vendors, you should make sure there’s a solid system in place to deal with the vast majority which do business in compliance. In that way, you can use your bandwidth to deal with the few rotten eggs that are likely to kind of float to the top.” The same is with employees from the compliance perspective, you should be “focused and dedicate your attention to where it’s needed. You need something to present you with the daily view of your organization from a compliance perspective to make sure you can dedicate your time to that.” The bottom line is that a compliance professional should consider the work they are doing today and see what can be automated.

I found Sehested’s perspective quite thought-provoking. As a compliance professional you should assess what is in your portfolio that can be automated for greater efficiency. By starting here, you can put together a business case about how a tech solution will save your organization money right out of the gate. From there you can move to higher level functions and duties in your department. This approach also has the benefit of incremental process improvements. You are not reinventing the compliance wheel in your organization but rather improving the business process. That is something that not only senior management and the Board looks for but the regulators as well.

For more information on GAN Integrity, visit our sponsor’s website, www.ganintegrity.com.

Oct 1, 2018

In this special five-part podcast series, I visit with Thomas Sehested, founder and Chief Executive Officer (CEO), Valerie Charles, Chief Strategy Officer, and Peter Chang, Head of Customer Success, from GAN Integrity, Inc. (GAN). Throughout this series, we consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In Part II, I visit with Charles on her journey from legal to compliance to tech.

Charles practiced law as a white-collar defense lawyer before moving in-house as a global compliance lead. Now she is the Chief Strategy Officer at GAN. It is somewhat unusual for a lawyer/compliance professional to move into a tech company which specializes in the compliance space. I was interested in what caused her to make this move. She related that she has always been curious about the use of technology in the practice of law and in the compliance profession. She said that her in-house compliance role demonstrated the inefficient use of her time. She was performing many administrative tasks which she felt could be handled more quickly with a tech solution. Charles stated, “for that reason when I bumped into the GAN folks and realized what they were doing a, it made a lot of sort of natural sense to me.”  She then had a “now or never” moment and decided to jump into the tech side of compliance with both feet.

She related that many in-house compliance professionals are spending time chasing people to do things that people could be chased to do by technology. I asked Charles about some of the tasks she observed that lent themselves to a tech solution. She said it could be “rolling out a new policy, circulating the internal approvals to get that policy or that procedure approved. It could be wedding a third party or more often reinventing a third party at a predetermined frequency. It may be keeping up with a lot of administrative deadlines and then exercising the activity you are supposed to at that time.”

But the reality is that most compliance professionals would much prefer to spend their time strategizing about what they’re doing at a more macro level. Many of the tasks she articulated not only take up too much administrative time but keep folks from working on more significant tasks such as longer-term strategic issues. Charles said that one of the things that intrigued her after her move from compliance to tech was her shift in focus of how to use technology in a best practices compliance program.

While in-house, Charles tended to view technology as a tactical solution to a compliance issue. She did not see it as a strategic solution and frankly did not understand the power of tech in compliance. However, after her move to GAN she began to see how technology can bring a much larger strategic focus to compliance, in such areas as a compliance tech solution integrated into the company’s overall risk management strategy, getting integrated reporting with the entire infrastructure of the tech solution tied to corporate structures.

We explored how Charles perceives that technology has changed the way(s) she considers compliance. She began by noting how much more advanced and mature the financial sector has been in developing and embracing tech than compliance. This extended to corporate financial disciplines so that now there are integrated standard bearer platforms. Good technology can import and export data easily that allows greater movement of information with more transparency between business units. She noted that Human Resources (HR) has also benefited greatly from tech solutions.

She contrasted those examples with the corporate compliance function, which she believes has been hamstrung by the lack of integrated tech solutions. Tech for compliance has been fragmented. Typically, it has been the norm for a compliance professional to go to one vendor to purchase technology to roll out policies and procedures, another vendor for e-learning and surveys and yet another to register conflicts of interest, gift giving and receiving. Of course, vetting your third parties is another set of vendors, as is hotline and case management software. She stated, “if you can’t tie together the critical components of the program into one integrated system that talks to each other and can easily be checked out or have data flowing to and from the other business units, you’re kind of still an odd guy out.” If there was such a tech solution, it would elevate the compliance profession.  

As tech has moved to cloud-based solutions, there is the ability to integrate many of these functions. When this can be accomplished, it will allow a Chief Compliance Officer (CCO) or compliance professional to review consolidated data and reporting. Charles concluded when that occurs, “the evolution of compliance technology will match the evolution of the importance of the field itself.”

Visit our podcast sponsor, GAN Integrity by clicking here

Oct 1, 2018

During this five-part podcast series, I have visited with Thomas Sehested, founder and Chief Executive Officer (CEO), Valerie Charles, Chief Strategy Officer, and Peter Chang, Head of Customer Success, of GAN Integrity, Inc. (GAN). Over this series, we consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In Part III, I visit with Sehested on how tech solutions can make not only compliance more efficient, but companies run more efficiently and at the end of the day more profitably.

One of the things I evangelize the longest and loudest about is that properly practiced, an effective, fully operationalized best practices compliance program makes a company operate more efficiently and, therefore, more profitably. Organizations such as Ethisphere have consistently demonstrated, with nearly 15 years of data from its World’s Most Ethical awards, that companies who win the award outperform the Standard & Poor’s average. I was therefore very interested to visit with Sehested on this topic.

In a prior episode we discussed the tactical approach for tech in compliance; where a compliance professional can bring a tech solution to the plethora of administrative tasks which inundate every corporate compliance department. However, Sehested said that even this approach could well have immediate benefits beyond the compliance function’s greater efficiency as it begins the journey to use data. Here you might even consider Edward Deming’s well-known adage, “In God We Trust, all others bring data.” By using a tech solution to move a compliance function away from mundane administrative tasks, you begin to create a culture around data. This weans a corporate compliance function from the legalistic approach, which is primarily taught in law schools, to an evolving business process approach.

From this perch it is easy to see that all the data flowing through (or at least should flow through) a compliance function. It can range from employee gift, travel and entertainment (GTE) spend, charitable donations, commissions paid to third-party sales agents, corporate social responsibility (CSR) information, marketing spend and overall sales figures. If this amount of data can be accessed and then analyzed, you would have a well-spring of information to make your company run more efficiently.

It all begins with multiple sources of data which flow through the compliance function but moves on from there. If someone actually looked at the data, you could see where the inefficiencies in your own sales process were and actually increase efficiencies in your sales process. With such data, the compliance function could partner with other corporate functions to help determine greater business efficiencies, all while maintaining and even enhancing a corporate culture around doing business ethically and in compliance. A corporate compliance function should be closely aligning with multiple other departments, sales, procurement, finance and internal audit to name a few. Yet even the work with outside stakeholders, such as third-part sales agents or distributors, can be a part of this regime by sending out questionnaires and communications around compliance. Sehested sees this as “deploying different strategies of nudging to make sure that they influence their vendors to think the same way as their employees, when it comes to being ethical.”

How does a Chief Compliance Officer (CCO) make this pitch to a CEO or senior management? This is where Deming and Sehested come in as it is all about the data, not just the raw data but how it is presented. As a CCO, you need to come up with reports, backed up by the data to support these assertions. Sehested can attest that CEO’s have a wide variety of demands on their time so the more concise and direct you can be, the better it will be for your case. Use data, case studies and graphics to demonstrate not only the cost savings but the increase in efficiencies.

The opportunities for the compliance function to improve overall business efficiencies are only beginning to be appreciated. Moving from the legalistic approach to a more data driven business process is what the Department of Justice (DOJ) intoned in its 2017 Evaluation of Corporate Compliance Programs (Evaluation). As compliance programs and the compliance function continue to evolve into the 2020’s; those who are truly innovative will use the data to help drive business ethics. Having insights from someone outside the compliance space, such as Sehested, can help drive that innovation.

Check out GAN Integrity by clicking here.

Oct 1, 2018

Over this five-part podcast series, I have visited with Thomas Sehested, founder and Chief Executive Officer (CEO), Valerie Charles, Chief Strategy Officer, and Peter Chang, Head of Customer Success, from GAN Integrity, Inc. (GAN). In this series we consider how the effective use of technology can drive not only a more effective, operationalized compliance program but make your business run more efficiently. In Part IV, I visit with Chang on the GAN approach to client success and how it acts towards continuous improvement of a compliance program.

Execution is where the rubber meets the road in compliance. For any Chief Compliance Officer (CCO) or compliance practitioner, having not only an effective tech strategy for compliance but one that is executed is critical. This is where Chang and his team at GAN can step to make a very big difference. He began by emphasizing that typically a CCO has come from the General Counsel’s (GCs) office or has some type of legal or other non-tech professional. While resources and head count are always an issue for a CCO, work on administrative matters can also put a strain on the compliance program. Chang said that one of the first conversations he has with a CCO is do they have an automated program to handle the administrative tasks and then couples it with measurable data which allows a CCO to move from a detect mode to preventative and even prescriptive. With this consistency, you can deliver a more robust risk management strategy to senior management and the Board of Directors.

Another challenge for many CCOs is how to interpret the data they receive from a tech solution. In short, what does it all mean? Chang said that when his team begins a project, they actually work backwards to figure out not only what type of metrics will be generated but what a CCO might need going forward. You want to be “very clear on what you are capturing in terms of reporting and what is needed to execute the compliance program.” Chang advocates starting your analytics at the transaction level and “rolling them up in to a state where you can see the big picture”. While it is obviously important for a tech solution implementation to be successful, if you work towards it from the beginning it can help to make things “clear and concise” at the end.

Next, we considered system deployment. This means both adoption of a tech solution and its continued and even expanding use. Chang and his team begin by putting the compliance program into the tech solution and then moves to train on the solution going forward. This training works not only for the compliance professionals present at deployment but those who might come into the corporate compliance function after deployment. Chang called this continuous adoption, which is working with each customer so they can grow and expand the use of the tech solution to not only cover the original issue(s) but expand the tech solution to meet new challenges.

This approach has some very significant and positive implication for the compliance professional. This is another way to talk about continuous improvement in a compliance program. Chang noted that is to make sure there is a 100% attention rate in order to stay relevant within the organization. Ensuring there is continued coverage to support not only from the home office level but also the county level, essentially partnering with corporate compliance to ensure that as it grows the tech solution is right sized for them. Chang said there are cases where GAN has started with “medium sized companies who later want to grow into bigger due diligence solutions for their compliance program. In those cases, we may help them right size the program and make sure that if there’s high risk vendors who they may need, there are additional reports and the tech solution is configured properly so that they can get additional reports that they need. And this is all part of continuously working with the customers and with them to ensure that their programs are right sized.”

Think about that for a moment as this is taking the concept of continuous improvement and adding an ongoing tech solution. This is one of the areas both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) discussed in their jointly issued 2012 FCPA Guidance, as Hallmark 9 in the Ten Hallmarks of an Effective Compliance Program. This is not simply taking data from your compliance program and feeding it back in to create continuous improvement, but it is using a tech solution to not only make your compliance program run more efficiently but using that same tech solution to help continuously improve your compliance program.

Such an approach uses the subject matter expertise (SME) of the tech solution provider to help the compliance professional come up with a more effective compliance program. For the compliance professional it is expanding out their reach and scope through the use of not only this tech SME but with the information from their own compliance program to create greater efficiencies and effectiveness.

Check out our sponsor, GAN Integrity by clicking here.

1 2 3 4 5 6 7 Next » 18