As Tom and Jay prepare for the December holiday season, they consider the DOJ/SEC’s strong affirmation that aggressive FCPA enforcement is here to stay, changes to the Yates Memo/plea for increased cooperation and some of the week’s other top compliance and ethics stories.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
NOVEMBER 30, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
In this episode I visit with Jonathan Armstrong on the topic of class action lawsuits involving data privacy and GDPR. Some of the highlights are:
For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
NOVEMBER 29, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive into the recent Vantage Drilling FCPA enforcement action. It is a highly unusual enforcement action with some very different facts from the standard FCPA case. It provides some new lessons learned for the compliance professional (and some old ones as well).
Some of the highlights from this podcast are:
For more see Matt’s blog post SEC Dings Vantage $5M on FCPA Issues and see Tom’s blog post, The Vantage Drilling FCPA Enforcement Action.
In today’s edition of Daily Compliance News:
NOVEMBER 27, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
In this podcast series, I am reporting on compliance through the prism of the city of Venice. One of the things that has fascinated me about Venice is how so little of the 21st century has impacted it. Take construction for example. All materials have to be brought to the city via boat, off-loaded and then lifted by hand or by a handmade machine to the upper stories of a building where the residences are located as no one lives on the ground floor. If the building is on the water, the ground floor is now underwater. If the building is not on the water, the ground floor is used for a commercial establishment. But unlike other large metropolitan areas, there is no room for cranes or other large mechanical lifting devices. I thought about this today when I saw workmen lifting up materials through a block and tackle pulley system which has been in use since antiquity. Not only were these guys doing it the old fashioned way, they were getting the job done.
I often write about the nuts and bolts of an effective compliance program but one of the most basic things that an effective compliance program must have is a compliance department present to ask the basic questions of compliance to and receive an answer from. First, and foremost, there must be the requisite number of resources dedicated to the compliance function. This means that a compliance department must be staffed with an appropriate number of compliance professionals to do the day-to-day basic work of compliance. Head count is always important in any corporation but there must be some minimum number of people in the compliance department to answer the phone or respond to email.
In other words, if someone calls, not only does a compliance person have to be there, someone has to pick up the phone. How many times has a compliance department been called on a Friday afternoon to find that no one is there to answer the phone? But if someone is there, they have to actually pick up the phone and provide an answer. Mike Volkov often inveigles against the compliance function being “The Land of No” starring CCO’s as Dr. No; but the situation I am discussing is where a compliance department does not or will not provide the basic answers to a person working out in the field.
Sometimes the most basic and the most obvious is overlooked. Using an old block and tackle pulley to haul up building materials by hand may seem quaint and old fashioned, and perhaps it is, but it still gets the job done. The same concepts are a part of a best practices compliance program; someone must be around the answer the phone when it rings on Friday afternoon and that person who is around must pick up the phone and provide some answers to the question(s) posed.
I continue with my Venice themed podcast series by focusing on the Arsenale. This is not a precursor to that famous north London football club, the Arsenal Gunners, but the district in Venice where one of the main commercial enterprises of the city took place, that being ship building and ship repair. At one point, the Arsenale employed almost 10% of the city’s workforce or 12,000 people. This was in the mid 1200s to the 1400s when Venice was at or near the height of its trading and financial power. The Arsenale developed the first production line for the building of ships, when, of course, it was all done by hand. The equipment developed to drag ships up on shore and repair was simply amazing. Appropriately, the Arsenale is now an Italian and NATO naval facility.
But I also picked up some interesting compliance insights in learning more about the Arsenale. On the incentive side there were several mechanisms the City of Venice used to help make the Arsenale work force more loyal and desirous to stay in their jobs, all for the betterment of themselves and their city. The first was job security. The Arsenalewas so busy for so many years that lay-offs were unheard of. Even if someone lost their job, through injury, mishap or worse; they received enough of compensation that they could live in the city. Finally, when a worker died, the company provided not only funeral expenses but would assist in taking care of the family through stipends or finding other work for family members.
The 2012 FCPA Guidance is clear that there should be incentives for not only following your own company’s internal Code of Conduct but also doing business the right way, i.e. not engaging in bribery and corruption. The incentives can be burned into the DNA of a company through the hiring and promotion processes. There should be a compliance component to all senior management hires and promotions up to those august ranks within a company. Your Human Resources function can be a great aid to your cause in driving the right type of behavior through the design and implementation of such structures.
Just as the fathers of Venice viewed the workers of the Arsenale as critical to the well-being of their city, senior managers need to understand the same about their work force. The City of Venice long ago showed how such incentives could help it maintain a commercial advantage. Fortunately the DOJ and SEC still understand those valuable lessons and continue to talk about them as well.
Today our compliance insight comes not from the old Venice but from the new and ever-changing Venice, its street vendors. It is about using their ‘invisible hand’ to inform your risk assessments.
One of the first things I noticed in Venice was the large number of selfie-sticks and their use by (obviously) tourists. But the thing that struck me was the street vendors who previously sold all manner of knock-off and counterfeit purses, wallets and otherwise fake leather goods had now moved exclusively to market these selfie-sticks. Clearly these street vendors were responding to a market need and have moved quickly to fill this niche.
While the economics, inventory, bureaucracy, market-responsiveness of such businesses may be a bit more nimble than the more traditional US entity doing business overseas it does bring up a very good lesson for the compliance practitioner. A risk assessment is a tool for a variety of purposes. Certainly moving into a new geographic area is an important reason to perform a risk assessment. However, it can also be used for a new product offering, such as a selfie-stick.
What about continued quality control of your new product? If you are in the food product industry this will mean continued inspections of your products to assure they meet government standards. Make sure that you have a hiring process in place to weed out the wives, sons or daughters of any food service inspectors. Of course, do not hire such inspectors for jobs directly either, especially if they do not have to show up or perform any duties to get paid by your company.
If you are not going to manufacture your selfie-stick equivalent in the country where these new products will be sold, how will you import them? Who will be interfacing with the foreign government on tax issues for importing of products? Will they be there permanently or on a temporary basis? All questions that have gotten US companies into FCPA trouble when they paid bribes to answer, assuage or grease some or all of the answers.
It turns out the compliance practitioner can learn quite a bit from the selfie-stick; not all of it is simple self-indulgence. Your compliance program must respond to your business initiatives. To do so, you also need to have a seat that the big boy table where such initiatives are discussed. But that is another lesson from Venice for a different day. Until then, ciao.
If there is one thing that is ubiquitous throughout this city it is the Gondolier, the Venetian Gondola boatman. You are never far from hearing their cry of “Gondola, Gondola” to attract tourists for a fabled and romantic gondola ride. One thing I notice about the Gondolierthat in addition to having a stout pairs of lungs, they are almost all in very good physical condition. They have to be piloting this very old craft by hand in and around the crowded waters of Venice.
I thought about this as a metaphor for improving your compliance program. As a CCO or compliance practitioner, the more you can get out of the office, into the field and meet the troops the more fit your compliance program will be. Any best practices compliance program should have input from the geographies, cultures, business units and corporate functions within the company. It is well understood that a compliance procedure that works well in the US may not work in Indonesia.
Compliance is about people and that means it is about relationships. But perhaps more importantly, is the development of personal relationships. If you meet with your international sales team, my corporate experience is that they will appreciate that you took the effort to travel to train them or meet with them. They are also more likely to tell you things in persons than they would via email or over the phone. One of the criticisms of anonymous hotlines and other internal reporting mechanisms is this lack of the personal experience that can lead to mis-trust if not distrust. Getting out into the field and meeting folks can go a long way to overcome this frailty of human nature.
Finally, by getting out of the office and working directly with other company personnel, you can set expectations appropriately. This is true for the compliance practitioner whether you are dealing with third party vendors in the Supply Chain, agents and other foreign business representatives, your employee base, senior management or the Board of Directors. You must set the expectation that if something occurs that materially impacts these expectations. By properly managing the expectations of the company’s compliance group with the relationships that you have established in the company, you will make the doing of compliance less stressful for all involved.
My observation that Gondolierstend to be physically fit ties directly to the job they have to do, propelling a gondola. Yet as a CCO or compliance practitioner you can get out of the office and make your compliance program more robust and get it in better shape.
This episode concludes my podcast series on how the city of Venice informs your compliance program. Today we consider the internal reporting system the Republic of Venice employed and how it continues to inform your best practices compliance program.
The symbol of Venice is the Lion of St. Mark. The use of this symbol led to the maxim ‘straight from the lion’s mouth’. This adage came about because the Republic of Venice had its own internal reporting system where citizens could report misconduct. A citizen could write down his concern on paper and literally put the message into the mouth of statues of lion heads placed around the City. This system was originally set up to be anonymous but later changed to require that a citizen had to write his name down when submitting a message.
So, once again, using Venice as inspiration for a compliance topic, I would like to review some best practices regarding a best practices internal reporting system.
Get the word out.Allocate a portion of your time and budget to promoting the corporate hotline through multiple channels. Deliver in-person presentations where possible. Do not think of the promotional initiative as a one-time effort. It is important to remind employees regularly, through in-person communications, via e-mail, or through intranets, newsletters, and so on, that this resource is available to them.
Train all your employees. Getting employees to use the system is one half of the challenge; ensuring they use it properly is the other half. This is where training becomes essential. Make sure people understand what types of activities or observations are appropriate for reporting and which are not. Company leaders also need to understand the role the hotline plays in the organizational culture, and the importance of their visible support for this compliance initiative.
Take a look at the data. Use the data derived from or through the hotline to identify unexpected trends or issues. Isolate the data by location and department to identify micro-trends that could indicate problems within a subset of your corporate culture. Analyzing the data can help you stay a step ahead of emerging issues.
Response is critical to fairness in the system. Seeing a hotline system in action in this way can go a long way toward dispelling employee fears of being ostracized or experiencing retaliation because if they see that their concerns are heard clearly and addressed fairly, they will learn to view the hotline as a valuable conduit. If your compliance group responds promptly and appropriately to hotline complaints, you can ensure robust participation and ongoing success.
As podcast series on compliance lessons from Venice draws to an end, I am reminded how much the western world has to thank the Republic of Venice. From the forms of republican democracy that the US Founding Fathers drew from to helping to establish a world-wide trade and banking system which still reverberates today. But, if you look closer, ancient Venice had many good government techniques which also still inform the modern world. Straight from the lion’s mouth to your company’s internal reporting system is just one of them.
The FCPA Compliance Report is the longest running podcast in compliance. In this episode I have back noted data protection expert Brad Davis. Our topic is data protection and Davis’ advocacy of social engineering as the first line of defense for every corporation from hackers, phisher and all manner of nefarious actors who will endeavor to hack into you corporate site.
In this podcast we discuss:
Check out Brad Davis and the EverSolve website by clicking here.
In this episode, Jonathan Armstrong and I record our first emergency podcast on Life with GDPR. It relates to documents obtained by the UK Parliamentary Digital, Culture, Media and Sports Committee through its subpoena of an American executive of the US company Six4Three. This exec just happened to be in London with Facebook documents his company had obtained in unrelated litigation between Six4Three and Facebook. We present the Facebook Files and some of the highlights are:
For more information on the background facts, see article by Andrew Liptak in Verge.
The DCMS Committee will live stream its hearing on Tuesday, November 27. You can check it out here.
In today’s edition of Daily Compliance News:
As Tom and Jay move from eating way to much to watching some great college football on this Thanksgiving holiday weekend, they look at some of the week’s top compliance and ethics stories.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
In today’s edition of Daily Compliance News:
In today’s edition of Daily Compliance News:
In today’s edition of Daily Compliance News:
NOVEMBER 20, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
In today’s edition of Daily Compliance News:
As Tom and Jay mourn the death of cultural icon Stan Lee, they consider that story and look at some of the week’s top compliance and ethics stories.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
NOVEMBER 16, 2018 BY TOM FOX
In today’s edition of Daily Compliance News:
Welcome to the only roundtable podcast in compliance. This week’s episode was is dedicated to considering one article which recently appeared in the New York Times, entitled, “Trump Administration Spares Corporate Wrongdoers Billions in Penalties”. Each panelist considers the piece and its underlying principals from their own perspective.
For additional reading see the following from Cordery Compliance:
http://www.corderycompliance.com/client-alert-rolls-royce-case-sends-a-strong-signal/
http://www.corderycompliance.com/new-sfo-director-assumes-office-2-2/
http://www.corderycompliance.com/brexit-and-compliance-2/
http://www.corderycompliance.com/client-alert-skansen-linked-executives-jailed-for-bribery-in-uk/
The members of the Everything Compliance panelist are:
The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
NOVEMBER 15, 2018 BY TOM FOX
In today’s edition of Daily Compliance News: