Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2018
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: Category: general
Sep 21, 2018

As Tom and Mrs. Compliance Evangelist trek to Ann Arbor MI to attend his law school reunion, Go Blue and watch the Wolverines trounce Nebraska and enjoy some cool autumn weather, he and Jay are back with a look at some of the week’s top compliance and ethics stories. 

  1. Due diligence is not a nice to have, it's a mandatory. Scott Shaffer explains in the FCPA Blog.
  2. Kavanaugh and compliance? Matt Kelly considers in Radical Complaince. Tom and Matt explore in this week’s Compliance into the Weeds.
  3. Why does a law firm admit its internal investigation was designed to be a whitewash (in the internal investigation report)? More on the very strange Dansk Bank money laundering imbroglio. Patricia Kowsmann and Drew Hinshaw report in the Wall Street Journal. Tom dishes on the FCPA Compliance and Ethics Blog.
  4. Mark Cuban makes $10MM donation. Is it enough to make up for 15 years of toxic corporate culture of sexual abuse and harassment? Kaelne Jones reports in Sports Illustrated.
  5. Big oil on trial in the UK. What will be the fallout? Mara Lemos Stein reports in the WSJ Risk and Compliance Journal.
  6. KPMG study finds slow adoption of tech in compliance. See full report here.
  7. Matthew Stephenson continues his two-part consideration of the Hoskins decision. In the Global Anti-Corruption Blog.
  8. SEC proposal to limit whistleblower awards draws withering criticism from commentary period. Sam Rubenfeld reports in the WSJ Risk & Compliance Journal.  
  9. Want the top compliance training from the guy who wrote the book on compliance? Tom will put on a Compliance Master Class in Boston, September 25 & 26, hosted by Affiliated Monitors. Registration and information, click here.
  10. Want a 50% discount to one of the top compliance conferences around? Join Tom and AMI’s Eric Feldman at CONVERGE18 in Denver on October 9-11. I hope you can join me at the event. For information on the event, click here. As an extra benefit to fans of This Week in FCPA, CONVERGE18 is offering a 50% discount off the registrationEnter discount code TOMFOXVIP.
  11. In this week’s podcast series I internview Rebecca Turco and Paul Johns from SAI Global on their current innovations in compliance learning. Part 1-the changing marketplace; Part 2-adaptive learning; Part 3-EthicsAnywhere; Part 4-trends in compliance; and Part 5-integrated risk management.

Check out the week's top compliance and ethics stories (and more) on This Week in FCPA-the Go Blue edition. 

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Sep 19, 2018

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a very deep dive into the process surrounding the allegations made against Supreme Court nominee Brett Kavanaugh by Christina Ford. We consider these allegations from the compliance perspective.  

Some of the highlights from this podcast are:

  1. Why investigation protocols are mandatory before an event arises so you are not making things up on the fly.
  2. What is the evidentiary standard you employ? Are you consistent in your approach? If a candidate lies, what does that tell you about their propensity to engage in illegal conduct going forward?
  3. What is redemption? Should it be considered when allegations of long-ago misconduct arise? Should you be required to show contrition?

We unpack of all these points and consider strategies going forward.

For more reading: see Matt’s piece The Kavanaugh Compliance Lesson

Sep 4, 2018

In this episode of the CONVERGE18 Preview Podcasts, I visit with Ellen Hunt, Senior Vice President, Audit, Ethics & Compliance Officer at AARP. We discuss the role of the Board of Directors and compliance. Some of the issues we tackle in this podcast are:

  • The role of the Board and the C-Suite and why is it important to running an effective ethics and compliance program.
  • A CCO must build trust with your Board and your C-Suite that you are a practical and reasonable business person who is there is help resolve problems not unnecessarily embarrass them.
  • Why E&C expert is needed on the Board.
  • The role of the CCO and Board is that of a partnership and for it to work there has to be education, understanding and communication.

In what is fast becoming one of the top ethics and compliance conferences around, I hope you can join me at CONVERGE18, hosted by Convercent. (I perform consulting work for Convercent.) This year’s event will be October 8-11 at the Omni in Bloomfield, Colorado. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

With the acceleration of the speak up culture and organizational accountability that social media is enabling and amplifying, companies need to incorporate integrity into every level of the organization. CONVERGE18 will help you do just that by addressing this ethical transformation head-on. Get the insights, information and solutions you need to put ethics into action. Join compliance executives from Salesforce, Kimberly Clark, Avis, U.S. Bank, AARP, Wells Fargo, Cheesecake Factory and many others to:

  • Network with 300 of your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Gain insights from 35 speakers including Ethics and Compliance advocate Hui Chen, ECI’s CEO Pat Harned, NBA’s Deputy Chief Compliance Officer Steph Vogel, President at OCEG Carole Switzer and more.
  • Bring actionable takeaways back to your program from various session types including 2 keynotes, 5 general sessions, 12 discussion-based roundtables, 18 interactive breakout sessions for you to listen, learn and share.
  • The goal of CONVERGE18 is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to readers of this blog, CONVERGE18 is offering a 50% discount off the registration price. Enter discount code TOMFOXVIP.

CONVERGE18 is a production of Convercent, which is the sponsor of this podcast series.

Aug 31, 2018

You can put away your all white linen suits and your seer sucker suits as well. With that hint of fall in the air, we are upon the (unofficial) end of summer with the Labor Day Weekend, Tom and Jay are back with a look at some of the week’s top compliance and ethics stories. 

  1. Second Circuit affirms most of Hoskins dismissal. Dick Cassin reports in the FCPA Blog.
  2. With a nod to Dwight Eisenhower, Hui Chen says compliance is about process not outcomes. Check out her article in Bloomberg.
  3. The 1MDB scandal only gets weirder. First Malaysian spies are linked to the scandal, Dick Cassin writes in the FCPA Blog. Next it turns out Chris Christie is representing Jho Low on a forfeiture case. Bradley Hope, Tom Wright and Rebecca Davis O’Brien report in the Wall Street Journal.
  4. Legg Mason bookends it NPA with a settlement with the SEC on its FCPA violations in Libya. Jack Hagel reports in the WSJ Risk and Compliance Journal. Tom reports in a tribute to Ed King on the FCPA Compliance and Ethics Blog. Dick Cassin reports in the FCPA Blog.
  5. Jaclyn Jaeger details some of the lessons learned from the Wynn scandal in Compliance Week. (sub req’d)
  6. Why is it important for integrity to a part of your brand. Nelson Pratt explains on Navex’s blog, Ethics and Compliance Matters. Tom tackles integrity in a tribute to John McCain on the FCPA Compliance and Ethics Blog.
  7. Does power corrupt or simply change you? Caterina Bullgarella explains why you must pay attention in a piece on com.
  8. Microsoft in trouble for its distributor network? Dick Cassin reports in the FCPA Blog. Tom details how to manage the distributor risk in Compliance Week. (sub req’d)
  9. Now former Cleveland Browns linebacker Mychal Kendricks indicted for insider trading. Tom Schad reports in USA Today. Once again demonstrating why they are the worst run organization in all of pro football, Browns only find out about the facts after then indictment and then cut him.Reported by Charlotte Carrol in Sports Illustrated.
  10. On this week’s featured podcast series, Tom explored the interestion of King Arthur and compliance. In Part 1 it was Arthuian leadership. In Part 2 it was the Pentecostal Oath and a Code of Conduct. In Part 3 it was the Round Table and whistleblowing. In Part 4 it was the Green Knight and whistleblower protection. In Part 5 it was the quest for the Holy Grail and a compliance defense for the FCPA.
  11. As the play off race begins to take shape, Astros lead the West by 2.5 games after taking 2 of 3 from the A’s in Houston. After being swept by the Rays, the Sox take it out on the Marlins and their lead is back to 7.5 games over the Yankees.
  12. The Compliance Master Class is coming to Boston on September 25 & 26. Learn how to create, design and implement a best practice compliance program from Tom Fox, the Compliance Evangelist. For information, click here. For registration click here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Jul 6, 2018

As we begin the post-holiday portion of our 4thof July week, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.

  1. Credit Suisse settles with DOJ and SEC for its illegal hiring of family members of Chinese government officials, in violation of the FCPA. See Justice Department NPA here. Dick Cassin reports ion the SEC settlement in the FCPA Blog. See SEC Administrative Order here.
  2. What is Homeland Security Investigations and how does it help in FCPA Investigations. Clara Hudson reports in Just Anti-Corruption.
  3. ZTE starts its come back by changing its senior management. Sam Rubenfeld reports in WSJ Risk and Compliance Journal.
  4. Jim Beam goes down harshly with a FCPA violation in India. Henry Cutter reports in the WSJ Risk & Compliance Journal. See SEC Adminstrative Orderhere.
  5. The former Prime Minister of Malaysia is arrested for corruption around the 1MDB scandal. Hannah Beech and Austin Razmy report in the New York Times.
  6. Matt Kelly explores two parts of compliance in a discussion of Michigan State and Larry Nassar. The first is escalation and tone at the top. The second is institutional repair through procedure and transparency. See his article in Radical Compliance.
  7. Should there be a difference reimbursement/remediation program in the Och-Ziff matter. Africo Resources says yes and makes their case to the DOJ. Kelly Swanson reports in GIR. (sub Req’d)
  8. Why should investigators prepare for Artificial Intelligence? Peter Humphreys explores in Global Investigation Review(sub req’d)
  9. Two great compliance events in Houston next week and both events are free. First the Greater Houston Business and Ethics Roundtable holds in members’ only summer workshop Thursday July 12. For information and registration, click here. Second Jonathan Marks will present to the Houston Compliance Roundtable on Friday July 13 at 8-9 AM. For more information, contact Tom Fox.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Jun 20, 2018

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the issue of the ZTE monitorship announced recently as a part of the settlement with the Department of Commerce on the death penalty sanctions levied on the company in April.  

That sanction was an export denial which barred American companies from selling components to ZTE and its subsidiary. American companies, such as the San Diego-based chipmaker Qualcomm supplied critical parts for ZTE’s its networking gear and smartphones. This sanction came on the heels of a $891 million fine and penalty the company agreed to in March 2017 for its first round of export control violations. The second sanction was for failing to live up to the terms of the DPA the company agreed to in 2017.

In the 2017, the company agreed to a monitor, who was appointed by the District Court which accepted the company’s guilty plea. Under the May 2018 supplemental sanction, ZTE agreed to pay an additional $1 billion in penalties, put $400 million in escrow, and accept a U.S.-appointed compliance department. According to the Department of Commerce Press Release, the new agreement requires ZTE "to retain a team of special compliance coordinators selected by and answerable to" the Commerce Department for ten years. This new compliance function will essentially serve as the Department of Commerce’s monitor at ZTE as the Press Release noted, "Their function will be to monitor on a real-time basis ZTE’s compliance with U.S. export control laws.”

Matt and I take a deep dive into the DOC resolution, the monitorship and how it might work and the use of a sanctions regime by the administration as a tool to brow beat other countries. We discuss in detail on this bizarro arrangement of U.S. regulators appointing an in-house compliance executive to act as a monitor to the Chinese telecom firm. The concept is intriguing, and the job could be the professional challenge of a lifetime — except for all those pesky details, including the ones this settlement still leaves unaddressed.

For more reading: see Matt’s piece on “FAQs on ZTE’s Compliance Settlement” and “Trade War! Trade War! Man the Barricades!”,both on Radical Compliance. See Tom’s piece, “The ZTE Department of Commerce Monitor: unchartered waters” in Compliance Week.  

Jun 15, 2018

With both VW and ZTE having very bad weeks, Jay Rosen and myself are back in the saddle  again to take a look at some of the top compliance stories from the past week.

  1. Having a bad week-Part 1, Volkswagen. First the head of its Audi unit is announced to be under investigation (here). Then Germany fines the company €1 bn for the emissions-testing fraud (here). Finally German prosecutors rejct the myth of “rogue engineers” in the scandal, saying the company is responsible as a whole (here). All reported in the New York Times.
  2. Having a bad week-Part 2, ZTE. After having reached a settlement between ZTE and the Department of Commerce, Congress moves to block the settlement. Michael C. Bender,  Siobhan Hughes and  Kate O’Keeffe report on the political perspective in the Wall Street Journal. From the compliance angle, many questions abound. Gerry Zack, writing in the FCPA Blog, says don't call the persons reporting to the DOC mandated compliance officers as they are monitors. Matt Kelly offers up informative FAQs on the monitorship in Radical Compliance. Tom considers the uncharted waters of the settlement in Compliance Week(sub req’d)
  3. The court evisserates the DOJ’s argument against the AT&T purchase of Time Warner. Henry Cutter uses the merger go-ahead from Judge Leon to explore the compliance challenges in mega-mergers (and small ones too). In the WSJ Risk & Compliance Journal.
  4. Bill Steinmann says (yet again) that FCPA enforcement is not dead. It’s not that he’s tired of saying it, he just wishes the nay-sayers would unplug their ears and start to listen. On the FCPA Blog.
  5. Goldman Sachs made $600 peddling 1MDB bonds. The new Malaysian government wants some of that money back. Alexandra Stephenson and Hannah Beech report in the New York Times.
  6. CCO’s behaving badly. The Standard Chartered CCO has left the bank for inappropriate behavior. Sam Rubenfeld reports in the WSJ Risk & Compliance Journal.
  7. Looking to do business with Trump’s newest buddy North Korea? Dick Cassin says be careful, be very careful in the FCPA Blog.
  8. Anti-piling on is a two-way street, as it requires responsible actions by companies as well. Michael Griffiths reports in GIRon remarks by Justice Department FCPA Unit Chief Dan Kahn.
  9. Need some CLE or Compliance know-how? Join Tom’s Compliance Master Class, which next week Houston on June 21 & 22. Just a couple of seats left. Information and registration is available here. Learn about compliance from the guy who wrote the book on compliance.
  10. Support your local book sellers! River Oaks Bookstore, 3270 Westheimer, in Houston is now stockingThe Complete Compliance Handbook. Tom will be on hand for a book signing on Thursday, June 28 from 5:30 to 7.
  11. Tom’s new book The Complete Compliance Handbookremains a hot seller. It is available oncom. Purchase an autographed copy here. It is reviewed in the FCPA Blog, Radical Complianceand Corruption, Crime and Compliance.
  12. Serving up some Breakfast and Compliance. Join Tom in Boston on June 25 at the offices of Affiliated Monitors to learn here about show the story of compliance is the story of innovation. For more information and registration, click here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

May 29, 2018

The call, e-mail or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward. 

This scenario was driven home in a FCPA enforcement action brought by the SECin July 2015 involving Mead Johnson Nutrition Company. In that case, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately, the first investigation, performed in 2011, did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.

Your company should have a detailed written procedure for handling any complaint or allegation of bribery or corruption, regardless of the means through which it is communicated. The mechanism could include the internal company hotline, anonymous tips, or a report directly from the business unit involved. You can make the decision on whether or not to investigate with consultation with other groups such as the Audit Committee of the Board of Directors or the Legal Department. The head of the business unit in which the claim arose may also be notified that an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis. Through the use of such a detailed written procedure, you can work to ensure there is complete transparency on the rights and obligations of all parties, once an allegation is made. This allows the Compliance Department to have not only the flexibility but also the responsibility to deal with such matters, from which it can best assess and then decide on how to manage the matter.

To purchase a copy of The Complete Compliance Handbook on Amazon.com click here.

To purchase an autographed copy of The Complete Compliance Handbook from the author click here.

 

Apr 27, 2018

After being joined by Jay’s girls to celebrate our 100th  anniversary episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Dun & Bradstreet settles FCPA with first declination under new DOJ FCPA Corporate Enforcement Policy. Dick Cassin reports in the FCPA Blog. Henry Cutter reports in the WSJ Risk and Compliance Journal.
  2. Will there ever be transparency in the corporate monitorship process with the DOJ? There will be if Dylan Tokar gets his way. Veronica Root reports in the NYU Compliance and Enforcement Blog.
  3. What is ISO 37001 certification worth? Not much in the eyes of SEC FCPA unit chief Charles Cain. Kelly Swanson reports in GIR Investigative(sub req’d)
  4. SEC fines Yahoo $35 million for failing to disclose data breach. Dick Cassin reports in the FCPA Blog.
  5. Former Justice Department FCPA unit chief Pat Stokes hits back on DOJ requests for statute of limitations tolling. Kelly Swanson reports in GIR Investigative(sub req’d)
  6. Starbucks took a huge black eye for its treatment of two African-American men waiting on a friend. Matt Kelly considers from the policy angle in Radical Compliance. Tom considers from the risk management perspective in the FCPA Compliance & Ethics Blog. They debate these and other topics in Episode 79 of Compliance into Weeds.
  7. Was Facebook’s monitor(s) asleep on the job? Does FB’s repeat misconduct even matter? Tony Romm explores the former question in the Washington Post. Veronica Root explores the latter question in the NYU Compliance and Enforcement Blog.
  8. What is Brady laundering? Dan Portnov explores this question on Grand Jury Target.
  9. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in May 2018. It is available for PreSale here.
  10. Tom has a busy May planned. Join him at Brazil’s largest compliance conference, the 6th International Compliance Congress, held by LEC – Legal, Ethics and Compliance, May 8 to 10, in São Paulo, Brazil. Registration and information here; Hear him speak to the Houston chapter of ACAMS, from 11:30 -2 PM on Thursday May 17thin Houston on “Driving Compliance and Ethics through Data Analysis”. Information and registration here;and join in a session on Using Frameworks to Prove Compliance Competency at Compliance Week 2018 in Washington DC, May 20-23. Information and registration are here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Apr 16, 2018

In March the SEC made its biggest-ever whistleblower award. It gave one person more than $33 million and in the same case split nearly $50 million between two others. The previous high for an SEC award to a single whistleblower was $30 million in 2014. All three whistleblowers were represented by the law firm of Labaton Sucharow and the awards were based upon SEC enforcement actions against Merrill Lynch. Today, I have with me Steve Durham, a partner at the firm to talk about the awards and its implications in light of the recent Supreme Court decision in Digital Realty Trust v. Somers. 

There are several key points to take away from the awards which we discuss. Initially the awards were divided into two separate awards; one to two individuals for $50 million and a second of $33 million to one individual. We discuss what is original information in the eyes of the SEC which can qualify for an award. In the award, the SEC noted the initial two whistleblowers could have received a higher amount if their information had been more timely delivered to the SEC, which is as soon as they were learned of the misconduct. This timing issue is critical not only to help set the amount of the award but also to establish a whistleblower is qualified to receive an award as there were other individuals who stepped forward later with the same or similar information.

We also explore where the SEC is in its overall whistleblower award program. Durham believes there are several large whistleblower awards in the SEC pipeline and that the SEC Whistleblower program has been an overall success. Even with the Congressional attacks on Dodd-Frank, there is no call to reform this part of the law.

Apr 5, 2018

The top compliance roundtable podcast is back with a wrap up of the some of the top compliance stories over the first quarter of 2018. Stayed tuned to the end for rants in this edition. 

  1. Matt Kelly considers the moves by the Congress to amend Dodd-Frank, considering the approaches by both the House and the Senate. He explores a couple of interesting side notes. First the Senate bill requires the Department of Treasury consider cybersecurity risks. Second, he notes the lack of movement against the Consumer Financial Protection Board. He also considers the Trump Administration’s claim of regulatory reduction; exploring my question: Is it real or is it Memorex? Matt rants on the manner of the firing of the Secretary of the Department of Veteran’s Affairs. 
  1. Mike Volkov considers the recent pronouncements by the Justice Department that it may extend the reach of the declination program first laid out in the new FCPA Corporate Enforcement Policy. Would such an approach work for other laws? If so, which ones are likely candidates? Is this a sop to big business or is there something else going on? What might be the reaction of the Congress? Mike rants on the corruption and conflicts of interest present in the current Administration.

 

  1. Jonathan Armstrong considers the Facebook/Compliance Analytica imbroglio from the UK/EU angle. He discusses where the EU and UK investigations currently lie, what the potential penalties might be, including criminal sanctions and next steps for all involved. It turns out the EU has been investigating Cambridge Analytica for over one year. Armstrong gives a shout out to the SCCE European Compliance and Ethics Institute and rants on travels who still don’t know to bag their liquids and take their shoes off at security in airports. 
  1. Jay Rosen considers the current state of monitorships. He begins with a review of monitorships over the past few years to explore whether the Justice Department and SEC cutting back on their use? If so, what are the implications for enforcement and compliance going forward? What are some of the tangible steps a company can take to make the case they do not need a monitor even after a FCPA violation? Jay explains remediation through a proactive monitorship can be a key step. Jay gives a shout out to the state Attorney’s Generals who brought the Emolument Lawsuit against the President. 

I take the opportunity to give a Happy Trails shout out to one of my boyhood heroes; Rusty Staub who recently passed away and rant on the New York Times for waiting almost a full week before running an Obituary on Phillp Kerr. 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
Mar 17, 2018

March Madness is upon us, with the first ever #16 knocking off a Number 1 see. In the midst of this true madness, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

 

  1. March Madness is here. So is corruption in NCAA basketball. Tom considers both stories in Compliance Week.
  2. Former FCPA Unit Head Chuck Duross says that self-reporting is still “probably not worth it”. See article in GIR (sub req’d)
  3. Elizabeth Holmes and Theranos were engaged in massive, years long fraud. She is fined, must return her Theranos stock and is banned from running public companies for 10 years. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal. See SEC Complaint for full details.
  4. What are some of the compliance lessons to be learned from the Novartis journey? Jaclyn Jaeger considers them in Compliance Week. (Sub req’d)
  5. First DPA granted under new French anti-corruption law, Sapin II. See article in NYU Compliance and Enforcement Blog.
  6. SFO Director David Green pushed back on the myth that DPAs are sweetheart deals in the FCPA Blog.
  7. Are corporate monitorships on their way out? Adam Dobrik reports in GIR (Sub req’d)
  8. The Trace Global Enforcement Report is out.
  9. On Tuesday, March 20, Tom will premier an exciting new podcast Innovation in Compliance. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  11. Jonathan Armstrong will be in Houston on April 10 to put on a half-day GDPR workshop. You can find out more and register at the Greater Houston Business and Ethics Roundtable website, org.
  1. March Madness is here. So is corruption in NCAA basketball. Tom considers both stories in Compliance Week.
  2. Former FCPA Unit Head Chuck Duross says that self-reporting is still “probably not worth it”. See article in GIR (sub req’d)
  3. Elizabeth Holmes and Theranos were engaged in massive, years long fraud. She is fined, must return her Theranos stock and is banned from running public companies for 10 years. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal. See SEC Complaint for full details.
  4. What are some of the compliance lessons to be learned from the Novartis journey? Jaclyn Jaeger considers them in Compliance Week. (Sub req’d)
  5. First DPA granted under new French anti-corruption law, Sapin II. See article in NYU Compliance and Enforcement Blog.
  6. SFO Director David Green pushed back on the myth that DPAs are sweetheart deals in the FCPA Blog.
  7. Are corporate monitorships on their way out? Adam Dobrik reports in GIR (Sub req’d)
  8. The Trace Global Enforcement Report is out.
  9. On Tuesday, March 20, Tom will premier an exciting new podcast Innovation in Compliance. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  11. Jonathan Armstrong will be in Houston on April 10 to put on a half-day GDPR workshop. You can find out more and register at the Greater Houston Business and Ethics Roundtable website, org.
Mar 1, 2018

In this episode I visit with Joel Solomon, author of “The Clean Money Revolution”. Solomon has worked in the investment community for many years, both in the United States and Canada. He heads Renewal Funds, which is Canada’s leading mission venture capital investment firm, with $98 million of assets under management in early growth stage Organics and EnviroTech companies in Canada and the USA. The Fund has over 150 individual, family, and foundation investors mostly split between Canada and the USA, with several in Europe and Asia. The goal is above market financial returns from a portfolio of companies offering positive societal advances. Renewal Funds dynamic team is led by Paul Richardson, President and CEO, and Joel Solomon, Chair, with crucial backing from Carol Newell. Renewal Funds has been named a "Best for the World Funds" by B the Change Media, for setting the measurement and management bar for impact investing. It has also been named a B Corp for "Best for the World Company."

We discuss what is mission venture capitalism and Solomon’s leadership in this field. We discuss his book, The Clean Money Revolution and explore how clean money investing is different than other types of investing. We explore the role of money managers in the clean money revolution and explore the broader role of money managers in environmental, social and governance investing and management. We consider the role of the Boards of Directors in public companies in contributing to the clean money revolution. We conclude with a fascinating exploration of the role of US government pull back in ESG and clean money investments; leaving a very large role for corporations to step in and fill going forward.

For more about Joel Solomon, check out his website, joelsolomon.org.

Feb 26, 2018

Last week the US Supreme Court issued its decision in Digital Realty Trust v. Somers (Somers). It was a closely watched case in the compliance community. Yesterday, I reviewed the Court’s decision. In this podcast, Roy Snell and I consider the impact of the Court’s decision on a variety of actors; including the SEC itself, Chief Compliance Officers (CCOs) and compliance practitioners, compliance programs and corporate America.

While we both agreed the Supreme Court came to the correct legal decision, there are several areas which this decision may well lead to negative impacts. The first is the message that it sends to potential whistleblowers; if you do not report to the Securities and Exchange Commission (SEC) you will not receive any legal protections against discrimination or retaliation.

Second, is the impact on every Chief Compliance Officer (CCO) or compliance practitioner. This decision will negatively impact attempts to create a best practices compliance program. A key part of any best practices compliance program is an internal reporting mechanism (Hallmark 8 of an Effective Compliance Program).

Third is that companies will be cut off from its best sources of information, that from its own employees, companies now will have less ability to detect and then remediate any problems before they become legal violations or keep legal violations from expanding.

Finally is the impact the decision will have on the SEC itself. Now there is no incentive to report internally because you are not eligible for any financial incentive nor will you receive any protections from discrimination or retaliation. It is possible the SEC will be literally inundated with potential securities-laws violations.

Feb 8, 2018

In this episode, Matt Kelly and I take a deep dive into the events which led to the resignation of Steve Wynn as the CEO and Chairman of Wynn Casinos for sexual harassment and misconduct. We consider how quickly the scandal escalated after it was initially reported by the Wall Street Journal and the response (or lack thereof) by the Board of Directors to Wynn’s conduct which had been an open secret for almost 20 years. We review what structural inputs a company should have in place when it has a true charismatic leader. We consider the role of the Board of Directors in light of the recent Wells Fargo penalty levied by the Federal Reserve to limit growth and require the Wells Fargo Board to refocus its efforts on more robust corporate risk management.

For more on the Wynn scandal and corporate governance, see Matt’s blog post So Much Wynning You Can’t Stand It

For more on the Federal Reserve’s penalty on Wells Fargo and the Board of Director’s need for a compliance profession on the Board, see Tom’s blog post, Wells Fargo, Put a Compliance Professional on Your Board

Jan 24, 2018

The role of the Chief Compliance Officer (CCO) has steadily grown in stature and prestige over the years. In the 2012 FCPA Guidance, under Hallmark Three of the 10 Hallmarks of an Effective Compliance Program, the focus was articulated by the title of the Hallmark, Oversight, Autonomy, and Resources. In it the 2012 FCPA Guidance focused on the whether the CCO held senior management status and had a direct reporting line to the Board; stating “In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively. Adequate autonomy generally includes direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors.”

This Hallmark was significantly expanded in both the Evaluation of Corporate Compliance Program (Evaluation) and the new FCPA Corporate Enforcement Policy (Policy). Over the next two blog posts, I will be considering how the Department of Justice (DOJ) has increased the prestige, authority and role of both the CCO and corporate compliance function.

The DOJ’s Evaluation of Corporate Compliance Programs, made the following query about the CCO position: 

  1. Autonomy and Resources 

Stature – How has the compliance function compared with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers? What has been the turnover rate for compliance and relevant control function personnel? What role has compliance played in the company’s strategic and operational decisions? 

 Autonomy Have the compliance and relevant control functions had direct reporting lines to anyone on the board of directors? How often do they meet with the board of directors? Are members of the senior management present for these meetings? Who reviewed the performance of the compliance function and what was the review process? Who has determined compensation/bonuses/raises/hiring/termination of compliance officers? Do the compliance and relevant control personnel in the field have reporting lines to headquarters? If not, how has the company ensured their independence? 

In the Policy, the DOJ laid out additional factors around CCO authority: 

  1. The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
  2. The authority and independence of the compliance function and the availability of compliance expertise to the board;
  3. The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and
  4. The reporting structure of any compliance personnel employed or contracted by the company.

There is a new requirement for compliance “independence”. The DOJ has not taken a position on whether a General Counsel (GC) can also be the CCO. However, this new language would seem to signal the death knell for the dual GC/CCO role. It may also signal the larger issue that the CCO should have a separate reporting line to the Board, apart from through the GC. While the DOJ’s stated position that it does not concern itself with whether the CCO reports to the GC or reports independently, it is more concerned about whether the CCO has the voice to go to the Chief Executive Officer (CEO) or Board of Directors directly not via the GC. Even if the answer were yes, the DOJ would want to know if the CCO has ever exercised that right. Yet the Evaluation comes as close to any time previously in articulating a DOJ policy that the CCO be independent of the GC’s office. Therefore, if your CCO still reports up through the GC, you must have demonstrable evidence of both CCO independence and actual line of sight authority to the Board.

The Evaluation and the Policy build upon the 10 Hallmarks of an Effective Compliance Program and demonstrate the continued evolution in the thinking of the DOJ around the CCO position and the compliance function. Their articulated inquiries can only strengthen the CCO position specifically and the compliance profession more generally. The more the DOJ talks about independence, coupled with resources being made available and authority concomitant with the CCO position, the more corporations will see it is directly in their interest to provide the resources, authority and gravitas to compliance positions in their organizations.

Three Key Takeaways

  1. How can you show compliance really has a seat at the senior executive table?
  2. What are the professional qualifications of your CCO?
  3. Does your CCO have true independence to report directly to the Board of Directors? 

This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to Convercent.com.

Jan 12, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Does Free Speech exist at the office? Can you tell your boss what you think of them? Ben DiPietro looks at a new Department of Labor approach in WSJ Risk and Compliance Journal.
  2. Are fraudsters like the rich (as in different than the rest of us)? Jonathan Marks explores the mind of the fraudster in his Board and Fraud blog.
  3. What can you do to manage your third parties more effectively? Rick Chapman provides his experiences in the SCCE Blog.
  4. Is there a unified theory of corruption? Professor Joseph Pazsgai explores the question in a guest post on the FCPA Blog.
  5. Mike Volkov gives his five top compliance predictions for 2018 in the Crime, Corruption and Compliance Blog.
  6. Oh thank Heaven? Feds raid 7-11 looking for criminals (IE undocumented workers). See story by Alicia Caldwell in the WSJ.
  7. Is there a real (or perceived) bias in the monitorship process? Several experts are cited in GIR piece sub. req’d
  8. Shearman & Sterling releases its annual report, the Recent Trends and Patterns in the Enforcement of the FCPA.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In January, I bring together the entire year of compliance program best practices with 31 days to a more effective compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 11 & 12 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  11. Jay Rosen previews the Jay Rosen weekend report.
  12. We preview this week’s NFL playoffs.

 

Jan 9, 2018

A 360-degree view of compliance is an effort to incorporate your compliance identity into a holistic approach so that compliance is in touch with and visible to your employees at all times. It is about creating a distinctive brand philosophy of compliance which is centered on your consumers. In other words, it helps a compliance practitioner to anticipate all the aspects of your employees needs around compliance your employees, who are the customers of your compliance program. This is especially true when compliance is either perceived as something that comes out of the home office or is perceived as the Land of No, largely inhabited by Dr. No. A 360-degree view of compliance gives you the opportunity to build a new brand image for your compliance program.

Previously, I had thought of communications really as a two-way street upward and downward, inbound and outbound, and side to side communications. However, you might choose to phrase it, a 360-degree approach to compliance communications is something different. You simply can no longer as effectively communicate in just two ways. You now communicate in a more holistic manner, and in multiple ways. If you are just thinking about communications in the classic form you are missing something that is happening around you.

360-degrees of compliance communication is not just a classic form of communication but rather it is a communication in the concept of every interaction, whether they be planned interactions or whether they be into or accidental interactions. It is all a form of communication. This is particularly true if you are a compliance professional, a chief compliance officer or a compliant practitioner. The things you do, the way you act, and the way people see you are always communicating. It is not simply communicating to one another as often you may well be communicating to a group across siloed boundaries, to the constituencies with whom you had not even planned to initially communicate.

There are several concepts which should be included in your 360-degree view of compliance communications. Begin with an objective so you identify the purpose of your communication and the target of whom you are going to communicate to. Identify as clearly as you can the purpose and reason to ensure your message is aligned with your objectives. For instance, are you implementing a 360-degree view of communication to educate, inform, change perceptions or build trust and commitment?

Next, who is your audience? To communicate effectively you need to understand your audience. In any corporation, there are multiple audiences who are the key stakeholders in the 360-degree process. How much do they know? Some of the stakeholders include the Board of Directors, senior management, middle management, employee teams, committees, coaches, facilitators, customers, business partners, vendors, sales agents and representative, strategic alliances and business ventures. What are your distribution channels and how do you track your messaging? You should create a comprehensive spreadsheet to track the messages the intended audience and the delivery mechanism. Another key ingredient of the 360-degree approach is feedback. This is a key component of the 360-degree experience and educate each stakeholder on the benefits of feedback from the 360-degree approach.

Finally, you need to evaluate what you have done. You can monitor your communication activities by tracking attendance at the events, website statistics, open rate of emails, downloads of materials, video hits; in other words, the same techniques that your marketing folks would use to determine their messaging’s effectiveness. The objective is to build trust for the 360-degree process by determining if the goal achieved. You can utilize surveys or focus groups to assess the impact on your target audience. By focusing on your customer customers of compliance, I.E. your employees, it allows you to identify gaps and improve the communication process for your compliance program.

Using such a 360-degree approach to communication, allows a CCO to “see around corners” and can be one of the greatest strengths of a best practices compliance program. The reason is listening. Listening is a key leadership component and there are certainly many ways to listen. You can sit in your office and wait for a call or report on the hotline or you can go out into the field and find out what challenges employees are facing. From this you can work with them to craft a solution that works for the company and holds to the company’s ethical and compliance values.

Three Key Takeaways

  1. Remember the definition of 360-degrees of compliance communications. It is an effort that includes the compliance identity into a holistic approach so compliance is in touch and visible to your employees at all times.
  2. What is your objective? What are you trying to do with your 360-degrees of compliance communications and how are you using that mechanism to deliver the objectives of your compliance program.
  3. Evaluate. You need to evaluate three factors: (a) has the message been delivered; (b) has it been heard; and (c) is it being implemented.

 

This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to Convercent.com.

Dec 31, 2017

Jay and I take things in a different direction this week. We take the top five podcasts from 2017 and each of us, gives a highlight from that episode to highlight some of the key compliance issues from 2017, for our year end wrapup edition.

1. Episode 55-The Covfefe Edition, for the week ending June 2

 From Jay- Compliance is making its way into Boards of Directors. See article by Ben DiPietro in the WSJ Risk and Compliance Journal.

From Tom- Samuel Mebiame, sentenced to two years behind bars for paying bribes to help Och-Ziff with lucrative mining deals in Africa. See article by Sam Rubenfeld in WSJ Risk and Compliance Journal. Judge asks why no one else was criminally prosecuted. See article in Bloomberg.

2. Episode 53-The I Left My Heart in SF Edition, for the week ending May 19 

From Jay- Should compliance and ethics be wedded? New report by Institute of Business Ethics and the Ethics Institute considers the issues. See article in WSJ Risk and Compliance Journal.

From Tom- Astros lead the MLB with the best record in baseball. Will they regress to the mean?

3. Episode 52-The Firing the Investigators Edition, for the week ending May 12

 From Jay- ECI Report Finds Use of Corporate Monitors is on the Rise. For a copy of report, click here. For a webinar replay with Affiliated Monitors’ Eric Feldman and Nasdaq’s Michael Kallens click here.

From Tom- Why the judgment of CEOs and their actions really do matter. See James Stewart considers Barclays’ Jes Staley in his Common Sense column in the New York Times.   

4. Episode 54-The Rubber Match Edition, for the week ending May 26

From Jay-he recaps the SCCE San Francisco event he attended last week. See Jay’s recap in his article I Left My #SCCE Heart in San Francisco or I Love It When A Plan Comes Together!

From Tom-Was the individual enforcement against the MoneyGram CCO significant or much ado about nothing? See article by Dick Cassin in the FCPA Blog and by Sara Kropt in her Grand Jury Blog.

5.  Episode 77-The Home for the Holidays Edition, for the week ending November 17

 From Jay-

1a) Wal-Mart reserves $283MM to settle its outstanding FCPA matter. See article by Dick Cassin in the FCPA Blog. Henry Cutter reports in the WSJ Risk and Compliance Journal.

1b) The Everything Compliance gang put together an eBook of their reflections from the recent SCCE 2017 Compliance and Ethics Institute. It is available for download free on JDSupra. It is also available on the Affiliated Monitors site by clicking here.

From Tom- Tom visited with Marc Havener and Bryan Belknap about using movie clips to expand your compliance training classroom. See Tom’s blog post here

Dec 31, 2017

This entry provides a wrap up on written standards, with a discussion on policies on cybersecurity. Regarding policies on cybersecurity, it has become so critical for corporation that the CCO and many compliance practitioners are now required to deal this issue.

Cybersecurity policies are the newest area to fall into the lap of the compliance professional. Fortunately, the state of New York's Department of Financial Services has issued the first state level regulations on cyber security for financial institutions. They became effective March 1, 2017 and while they are designed to protect financial services industries and consumers, they have application to and provide guidance for, a wider variety of non-financial service companies and commercial enterprises. It mandates your overall cybersecurity policy should be designed to meet the goals to prevent, detect and remediate a cybersecurity event.

While the regulation is obviously geared towards financial services firms, there were several points that any non-financial services compliance practitioner should consider. The overall cybersecurity program should be designed to meet the three goals of any best practices compliance program: (a) preventing any cybersecurity breaches or failures; (b) detect cybersecurity events; (b) remediate through responding to identified or detected cybersecurity events to mitigate any negative effects, recovering from them and restore normal operations and services. An added requirement for cybersecurity will be notification of appropriate regulatory authorities.

Your written policy should be based on a risk assessment, taking the following factors into consideration: “(a) information security; (b) data governance and classification; (c) asset inventory and device management; (d) access controls and identity management; (e) business continuity and disaster recovery planning and resources; (f) systems operations and availability concerns; (g) systems and network security; (h) systems and network monitoring; (i) systems and application development and quality assurance; (j) physical security and environmental controls; (k) customer data privacy; (l) vendor and Third Party Service Provider management; (m) risk assessment; and (n) incident response.”

There should be a corporate officer position which reports to the Board of Directors, who should report to the Board on the following topics: (1) the confidentiality and the integrity and security of the information systems; (2) the cybersecurity policies and procedures; (3) material cybersecurity risks; (4) overall effectiveness of the cybersecurity program; and (5) any material cybersecurity events. The cyber compliance team must all show proficiency in the discipline and keep abreast of cybersecurity developments.

For ongoing monitoring, there should be annual penetration testing and biennial vulnerability assessments. Finally, there must be annual risk assessments designed to test: (1) identified cybersecurity risks and threats; (2) criteria for the assessment of the confidentiality, integrity, security, availability and adequacy of existing controls in the context of identified risks; and (3) requirements describing how identified risks will be mitigated or accepted based on the risk assessment and how the cybersecurity program will address the risks.

If a company allows a third-party provider to have access to or hold its data, it must perform an evaluation of that third-party provider in the following areas: (1) identification and risk assessment of the third-party provider; (2) minimum cybersecurity practices required to be met by third-party provider in order for them to do business; (3) due diligence processes used to evaluate the adequacy of cybersecurity practices of third-party provider; and (4) periodic assessment of third-party provider based on the risk they present and the continued adequacy of their cybersecurity practices. There should also be effective training and ongoing monitoring requirements for employees of impacted third-party providers.

All of the above should sound quite familiar to any anti-corruption compliance professional. Yet this DFS regulation should also be studied as a roadmap for the inevitable cybersecurity and InfoSec compliance which is just down the road for non-financial services industries. The third-party providers are particularly critical as many major data breaches occurred through connected third parties. One need only think of the Target data breach to the looting of the Central Bank of Bangladesh through the New York Federal Reserve Bank.

Three Key Takeaways

  1. CCOs and compliance professionals need to be ready to take on cybersecurity policies and procedures.
  2. Cybersecurity policies and procedures should strive to prevent, detect and remediate cybersecurity events and failures.
  3. Do not forget the lesson from the Target data breach; you are only as secure as your weakest third-part link.

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 30, 2017

The next area for policies is extortion payments, which are completely exempted out of the FCPA. Extortion payments are made for any action which threatens or demands payment for life, liberty, or health. These should be exempted out from your facilitation payments and your compliance program through specific language. You need to do this for a variety of reasons. First and foremost, your employees must understand that the company will support them if they are in any way threatened with harm, with arrest, physical detention or their health/safety is threatened.  As a compliance professional, you need to make sure employees understand they need to do whatever they must to get themselves out of such a situation.

Some of the situations your employees might face are along the lines of the following:

  • Employees are stopped by police, military or paramilitary personnel, or militia (uniformed or not) at designated or other checkpoints or other places and a payment is demanded as a condition of passage of persons or property;
  • Employees are threatened with arrest or detainment; or
  • Employees are asked by persons claiming to be security personnel, immigration control, or health inspectors to pay for an allegedly required inoculation or other similar procedure.

I once had a situation where an employee was threatened with receiving a vaccination for yellow fever when they were departing a west African country. The employee paid some $85 to get out of that situation. I instructed him to submit it as a travel expense, writing out in a four sentence paragraph the event, attached to his expense report. The documentation proved that payment was not a facilitation payment. It was clearly an extortion payment.

The key though is that it be properly documented. But more than simply the documentation is that you must specifically list extortion payments in your books and records so you will in compliance with the books and records requirement of the FCPA to accurately record your expenses. You need to train your employees specifically on the actions to take both when they are put in the situation and what to do when they return to their office. In your policy state that if there is a threat to health safety or liberty, it is not a facilitation payment but an extortion payment. Make sure that they understand what their rights are and what their obligations are to report it when they come back to the corporate office or their office. Always remember, an extortion payment is not a FCPA violation.

Three Key Takeaways

  1. Extortion payments are not illegal under the FCPA?
  2. Was the action an extortion or some other type of situation?
  3. Document Document Documents your extortion payments both the financial component and a description of the underlying events.

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Nov 15, 2017

Welcome to Episode 5 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we focus on typical concepts (or probably myths) of ways a Compliance professional might become a more valuable member of the management team rather than becoming most hated person in the organization.

Tom: To start with, Tim, probably we should explain to our listeners why we called our today’s episode ‘You Really Like Me’?

Tim Khasanov-Batirov:  We call today’s episode “You Really Like Me!” remembering Sally Field’s gushing acceptance speech at Oscar ceremony. The funny thing is that sometimes even in-house Compliance people have a strong wish to exclaim after her something like: “I haven't had an orthodox career, and I've wanted more than anything to have your respect. The first time I didn't feel it, but this time I feel it—and I can't deny the fact that you like me, right now, you like me!"      

Tom: OK, Tim, let’s see if this is possible in reality or would remain just a dream of Compliance officers globally.

Myth #1 There is a chance that Compliance officer could avoid being named the most hated person in the organization.  Tim, do you agree with this statement?

Tim Khasanov-Batirov: Let’s try. I think we have some pros here:  

Argument #1.

A Compliance professional can avoid being the most hated person if personnel along with top management understand the role of Compliance function in the organization. Unless a Compliance professional delivers a clear message about risks he or she manages and value they bring, they are dependent on subjective views of other team members. We have depicted this situation in the attached release of Compliance Man illustrated series.    

Argument #2.

You might think about setting KPIs based on respective regulatory requirements referring for instance to 10 Hallmarks of the Effective Compliance Program or the Evalution of Corporate Compliance Programs. This will allow you to set criteria, which could be used for unbiased and verifiable evaluation of your efforts.  

Tom:  I think, Tim that there are some cons here as well:

Argument #1

As we know, there is no way people will like a Compliance officer all the time. Subject to particular situation or position, the Compliance professional’s managers might change their minds. So we should not have illusion of being most loved person constantly.

  

Argument #2

There is a big risk if Compliance person becomes too friendly with the employees and becomes co-opted by the business folks. This could lead to losing impartiality. Therefore, there is a very thin line between being business-oriented ethics professional and attempts just to ‘get likes’ from management.   

Tim: Tom, I agree with you.

Tom: Let’s go, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. In real life, Compliance officer de-facto is not able to become a member of managerial team (or just “team” so to say) being isolated from it by virtue of his “business prevention” mission. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

Argument #1.

In my view, Compliance department in many cases is called a “Business prevention unit” not because of being very strict and picky. It is because of not fully understanding the business processes involved. As soon as compliance officer starts to hear other team members, he will be able to suggest solutions, which are compliant, and business oriented in the same time.      

Argument #2.

It is about priorities. Management team should clearly see that Compliance officer is focusing on real regulatory risks and priorities rather than creating a useless bureaucracy regarding minor issues, which in many cases could be easily resolved.    

What are your views, Tom?

Tom: I have some pros to support the concept that in reality Compliance officer is not just another member of the business team.

Argument #1.

We have a special mission to assess business from external, in majority of cases regulatory prospective. Thus, many things, which at first glance might look as being good for business, could pose regulatory risk in the future. Thus, Compliance person is in charge of demonstrating a high-level or strategic view rather than solely looking at momentary business advantages.

Argument #2.

Compliance is a relatively new job in comparison to well established corporate functions such as  a  Legal Department or even Internal Audit. So even just by mere fact of being a “newcomer” the Compliance Officer differs from almost all members of the management team which represent “traditional” occupations.  

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • Compliance officer should be a business-oriented person with good understanding of business processes along with clear views on how to structure them in line with regulatory expectations.
Nov 1, 2017

Welcome to Day One of 360-degrees of communication in compliance. This month you will learn about techniques that the CCO can use to provide you not only a well-rounded role as a CCO but also facilitate a much more holistic approach to compliance in your organization. Best of all the techniques, discussed are largely available to you at little to no cost. There are things that you can do both in your method of running the CCO positions and innovations that you can bring to the compliance function in your organization. 

A 360-degree view of compliance is an effort to incorporate your compliance identity into a holistic approach so that compliance is in touch with and visible to your employees at all times. It is about creating a distinctive brand philosophy of compliance which is centered on your consumers. In other words, the customers of your compliance program; I.E., your employees it helps to anticipate all the aspects of your employees needs around compliance especially when compliance is either perceived as new perceived as something that comes out of the home office or is perceived as the Land of No. It gives you the opportunity to build a new brand image for your compliance program. 

Social media is a big part of a 360-degree view so there will be a focus on the use of social media in compliance and how it can facilitate your compliance program through your compliance messaging. I will discuss some specific techniques of social media tactics that have been successfully used by companies. We will consider the culture of compliance and the clash of different cultures that an organization may have, particularly through mergers and acquisitions but also internally, through organic growth and how a 360-degree view can help overcome this. Storytelling and compliance is another mechanism which is facilitated through a 360-degree. 

Other issues to be considered include how can a 360-degree view of communication facilitate your role as a leader in your company and in your compliance program? What are the techniques which can provide a holistic approach to your compliance function? What is the two-way street approach wedded to the benefit of 360-degrees of compliance and communication? Communication is much more powerful when it is a two-way street. Such a view also allows you to information from your customer base, once again your employees back up to your compliance program and incorporate that feedback loop directly into your compliance program going forward. 

There are several concepts which should be included in your 360-degree view of communications in compliance. Begin with an objective so you identify the purpose of your communication and the target of whom you are going to communicate to. Identify as clearly as you can the purpose and reason to ensure your message is aligned with your objectives. For instance, are you implementing a 360-degree view of communication to educate, inform, change perceptions or build trust and commitment? 

Next,  who is your audience? To communicate effectively you need to understand your audience. In any corporation, there are multiple audiences who are the key stakeholders in the 360-degree process. How much do they know? Some of the stakeholders include the Board of Directors, senior management, middle management, employee teams, committees, coaches, facilitators, customers, business partners, vendors, sales agents and representative, strategic alliances and business ventures. What are your distribution channels and how do you track your messaging? You should create a comprehensive spreadsheet to track the messages the intended audience and the delivery mechanism. Another key ingredient of the 360-degree approach is feedback. This is a key component of the 360-degree experience and educate each stakeholder on the benefits of feedback from the 360-degree approach. 

Finally, you need to evaluate what you have done. You can monitor your communication activities by tracking attendance at the events, website statistics, open rate of emails, downloads of materials, video hits; in other words, the same techniques that your marketing folks would use to determine their messaging’s effectiveness. The objective is to build trust for the 360-degree process by determining if the goal achieved. You can utilize surveys or focus groups to assess the impact on your target audience. By focusing on your customer customers of compliance, I.E. your employees, it allows you to identify gaps and improve the communication process for your compliance program. 

Three Key Takeaways 

  1. Remember the definition of 360-degrees of compliance communications. It is an effort that includes the compliance identity into a holistic approach so compliance is in touch and visible to your employees at all times.
  2. What is your objective? What are you trying to do with your 360-degrees view of compliance communications and how are you using that mechanism to deliver the objective your compliance program desires.
  3. Evaluate. You need to evaluate has the message been delivered has it been heard and is it being implemented. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Oct 12, 2017

Your company has just made its largest acquisition ever and your Chief Executive Officer (CEO) says that he wants you to have a compliance post-acquisition integration plan on his desk in one week. Where do you begin? Of course, you think about the 2012 FCPA Guidance but remember that it did not have the time lines established in the recent enforcement actions involving Johnson & Johnson (J&J), Pfizer and Data Systems & Solutions LLC.

While there are time frames listed in these Deferred Prosecution Agreements (DPAs) are a guide of timeframes; many compliance professionals struggle with is how to perform these post-acquisition compliance integrations. An article from the Harvard Business Review, entitled “Two Routes to Resilience”, Clark Gilbert, Matthew Eyring and Richard Foster wrote about business transformation which speak directly to the compliance practitioner to help create post-acquisition integration game plan.

The authors, reviewed the situation where an entity must transform itself, leading to a transformation the authors call “establishing a ‘capabilities exchange’- a new organizational process that allows the two efforts to share resources without interfering with each other’s operations.” That is what a compliance practitioner must accomplish through a post-acquisition integration in the compliance context.

Anyone who has gone through a large merger or acquisition knows how terrifying it can be for the individual employee. Many people, particularly at the acquired company will be fearful of losing their jobs. This fear, mis-placed or well-founded, can lead to many difficulties in the integration process. The creation of a Compliance Capabilities Exchange process which allows “the two organizations to live together and share strengths” and will coordinate “the two transformational efforts so that each gets what it needs and is protected from [unwanted] interference by the other.” There are five steps in this process.

  1. Establish Compliance Leadership. While this may be the “simplest step but also the one most open to abuse.” The process should be run by just a few top people, which I believe are the Chief Executive Officer, Chief Financial Officer and Chief Compliance Officer of the acquiring company and a similar counter-part from the acquired company.
  2. Identify the compliance resources the two organizations can or need to share. Hopefully the acquiring organization will have some idea of the state of the compliance program before the deal is closed. It may be that there is some or all of a minimum best practices compliance program in place. If so, attention needs to turn to what can continue and how will need to be integrated.
  3. Create Compliance Capability Exchange Teams. In many “synergy efforts, everyone is expected to think about ways resources might be shared.” In Compliance Capability Exchanges, the responsibility should be “carefully confined to a series of teams.” Senior leadership should create compliance teams by assigning a small number of people from both entities with the responsibility of allocating resources used in the integration project.
  4. Protect Boundaries. This one is tricky as employees from the former target may not want to move forward with the integration; for fear of losing their jobs or some other reason. There may be internal disputes as to which group may handle an issue going forward. This area is tricky because it is important not to alienate new employees who might have good ideas on the integration or how to move forward. Once again, the Leadership Team must step in and referee disputes decisively if required.
  5. Scale up and promote the new compliance program. It is important to celebrate and promote the new entity to both the acquiring company, others in the company and even external stakeholders. It is important that markets and others in the same or similar industry see this evolution and growth. Take the time to publicize the integrated compliance function with the internal customer; IE., company employees. This would include all other compliance stakeholders, including third party representatives, both on the sales and supply chain side of the house and even customers. Finally, be sure to inform your management, Board of Directors and regulators, such as the Department of Justice (DOJ), as appropriate.

Whatever compendium of steps you utilize for post-acquisition integration, they should be taken as soon as practicable.  The earlier you can deploy these steps the better off your company will be at the end of the day. In an Ernst & Young white paper, entitled “Increased Oversight of M&A: An Expanding Role for Audit Committees”, it stated “Failed M&A can destroy a company's market value, destabilize its financial position and credit ratings, impair its strategic position, weaken the organization and damage the company's reputation”. This is particularly true for failed M&A compliance. One need only consider the Latin Node FCPA enforcement actions where the acquiring company had to write off its entire investment.

Three Key Takeaways

  1. Planning is critical in the post-acquisition phase.
  2. Build upon what you learned in pre-acquisition due diligence.
  3. You literally need to be ready to hit the ground running when a transaction closes. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 10, 2017

Today I want to look at what you should do with the information that you obtain in your pre-acquisition compliance due diligence. Jay Martin, Chief Compliance Officer (CCO) at BakerHughes, a GE company. suggests an approach that reviews key risk factors to move forward. Martin has laid out 15 key risk factors of targets under a FCPA analysis, which he believes should prompt a purchaser to conduct extra careful, heightened due diligence or even reconsider moving forward with an acquisition under extreme circumstances.

  1. A presence in a high risk country, for example, a country with a Transparency International CPI rating of 5 or less;
  2. Participation in an industry that has been the subject of recent anti-bribery or FCPA investigations, for example, in the oil and energy, telecommunications, or pharmaceuticals sectors;
  3. Significant use of third-party agents, for example, sales representatives, consultants, distributors, subcontractors, or logistics personnel (customs, visas, freight forwarders, etc.)
  4. Significant contracts with a foreign government, state-owned or state-controlled entities;
  5. Substantial revenue from a foreign government, state-owned or state-controlled entity;
  6. Substantial projected revenue growth in the foreign country;
  7. High amount or frequency of claimed discounts, rebates, or refunds in the foreign country;
  8. A substantial system of regulatory approval, for example, for licenses and permits, in the country;
  9. A history of prior government corruption investigations or prosecutions;
  10. Poor or no anti-bribery or FCPA training;
  11. A weak corporate compliance program and culture, from legal, sales and finance perspectives at the parent level or in foreign country operations;
  12. Significant issues in past compliance audits, for example, excessive undocumented entertainment of government officials;
  13. The degree of competition in the foreign country;
  14. Weak internal controls at the parent or in foreign country operations; and
  15. In-country managers who appear indifferent or uncommitted to U.S. laws, the FCPA, and/or anti-bribery laws. 

In evaluating answers to the above inquiries or those you might develop on your own, you may also wish to consider some type of risk rating for the responses, to better determine is the amount of risk that your company is willing to accept to do so you will need to both assess risk and subsequently evaluate that risk. Risks should initially be identified and then plotted on a heat map to determine their priority. The most significant risks with the greatest likelihood of occurring are deemed the priority risks, which become the focus of the post-acquisition remediation plan going forward. A risk-rating guide similar to the following can be used.

LIKELIHOOD

Likelihood Rating

Assessment

Evaluation Criteria

1

Almost Certain

High likely, this event is expected to occur

2

Likely

Strong possibility that an event will occur and there is sufficient historical incidence to support it

3

Possible

Event may occur at some point, typically there is a history to support it

4

Unlikely

Not expected but there’s a slight possibility that it may occur

5

Rare

Highly unlikely, but may occur in unique circumstances

‘Likelihood’ factors to consider: The existence of compliance internal controls, written policies and procedures designed to mitigate risk, leadership capable to recognize and prevent a compliance breakdown; Compliance failures or near misses; and/or Training and awareness programs. Product of ‘likelihood’ and significance ratings reflects the significance of a particular risk universe. It is not a measure of compliance effectiveness or to compare efforts, controls or programs against peer groups.

The key to such an approach is the action steps prescribed by their analysis. This is another way of saying that the pre-acquisition risk assessment informs the post-acquisition remedial actions to the target’s compliance program. This is the method set forth in the 2012 FCPA Guidance. I believe that the DOJ wants to see a reasoned approach with regards to the actions a company takes in the mergers and acquisitions arena. The model is a reasoned approach and can provide the articulation needed to explain which steps were taken.

It is also important that after the due diligence is completed, and if the transaction moves forward, the acquiring company should attempt to protect itself through the most robust contract provisions that it can obtain, these would include indemnification against possible FCPA violations, including both payment of all investigative costs and any assessed penalties. An acquiring company should also include repsentations and warranties in the final sales agreement for the entire target company that its participation in transactions is permitted under the local law where the transaction took place; that there is an absence of government owners in company; and that the target company has made no corrupt payments to foreign officials. Lastly, there must be a representation that all the books and records presented to the acquiring company for review were complete and accurate.

To emphasize all of the above, the DOJ stated in the Pfizer Deferred Prosecution Agreement (DPA), in the mergers and acquisition context, that a company is to ensure that, when practicable and appropriate on the basis of a FCPA risk assessment, new business entities are only acquired after thorough risk-based FCPA and anti-corruption due diligence is conducted by a suitable combination of legal, accounting, and compliance personnel. When such anti-corruption due diligence is appropriate but not practicable prior to acquisition for reasons beyond a company’s control, or due to any applicable law, rule, or regulation, an acquiring company should continue to conduct anti-corruption due diligence subsequent to the acquisition and report to the DOJ any corrupt payments or falsified books and records.

Three Key Takeaways

  1. Create a list of key risk factors in your protocol.
  2. Create a forced risk ranking, but remember it is simply that, a forced risk ranking.
  3. Your pre-acquisition team should include a suitable combination of legal, accounting, and compliance personnel.

 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

1 2 3 Next »