Categories
31 Days to More Effective Compliance Programs

Day 7 | Policies and Procedures

There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly a first line of defense when the government comes knocking. The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures against bribery and corruption; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and procedures in anti-corruption compliance.

The specific written policies and procedures required for a best practices compliance program are well known and long established. According to the 2012 FCPA Guidance, some of the risks companies should keep in mind include the nature and extent of transactions with foreign governments (including payments to foreign officials); use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectations for standards of conduct in your company. Procedures are the documents that implement these standards of conduct.
Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.
Three key takeaways:

  1. Written compliance policies and procedures, together the Code of Conduct, with form the backbone of your compliance program.
  2. The DOJ and SEC expect a well-thought out and articulated set of compliance policies and procedures and that they be adequately communicated throughout your organization.
  3. Institutional fairness for the application of policies and procedures demands consistent application across the globe.
Categories
Innovation in Compliance

Completing the Last Mile of Validation with Craig Carpenter


Like its namesake, which was the first piloted aircraft to break the sound barrier, X1 values innovation, and speed. The company is laser-focused on fixing problems in new, better and more cost-effective ways. Its software capability has evolved from search & productivity applications into the ability to collect social, media and web content for legal proceedings, as well as the ability to access and act on employee information in a scalable manner without disrupting productivity. CEO of X1, Craig Carpenter, joins Tom Fox on this week’s show to chat about how his company is making data accessible for its clients.

Distributed GRC Solution
Tom asks Craig to talk about X1’s distributed GRC solution. Craig responds that the name itself conveys that the software is wherever the data resides. Distributed GRC is a two-part product, he says. The first part is software that sits on an endpoint such as a laptop. The second part is a command and control layer that allows you to access your data sources and analyze what data is available as well as take action on it. Craig explains how X1 enables social media discovery in a forensically sound fashion. Data can be manipulated today, he comments. So being able to prove that your data is credible and that the chain of custody is accurate, is critical especially in the context of legal proceedings.
Quick Access
Tom comments that X1’s emphasis on speed equates to greater business productivity, efficiency, and profitability. The company was founded for this very reason, Craig agrees. Finding the right information in a timely fashion, and being able to act on it for your productivity purposes, is critical to business. 
CFIUS and Preventing Violations
The Department of Justice’s new guidelines require companies to go beyond policies and questionnaires to using technology to validate data. Craig says that X1’s solution is a last mile validation piece. He and Tom discuss how X1 helps its clients comply with CFIUS (The Committee on Foreign Investment in the US) regulations. “Our technology is very effective because we can not only get the server data and some of the structure data as well to ensure that that’s compliant,” Craig comments, “but stuff on laptops and desktops where people work is also compliant. That’s kind of the key hidden element that we’re really good at attacking.”
Resources
X1.com

Categories
Daily Compliance News

January 7, 2020, the Autocracy in the Corp World edition


In today’s edition of Daily Compliance News:

  • Too much partying – at McDonald’s? (WSJ)
  • Does office sharing destroy employee morale? (FT)
  • KPMG faces uphill climb to restore reputation in UK. (FT)
  • Is management by deeming on the return? (FT)