In this 5-part podcast series I visit with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program, released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In this concluding Episode, we bring together our final thoughts through a consideration of the question “What does it all mean for your compliance practice?” While the 2019 Guidance was written by prosecutors for their use for companies which are under a Foreign Corrupt Practices Act (FCPA) investigation, Feldman views it as “treasure trove of opportunity” because of that very reason. The 2019 Guidance provides details into “how prosecutors are going to be thinking and perhaps, more importantly, how they are being directed to think about an organization’s ethics and compliance obligations and, finally, whether companies under investigation are going to receive credit for it at the end of the day.”
Day: April 28, 2020
In this 5-part podcast series I visit with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program, released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 4, we consider the question “Does your compliance program work in practice?” This final category considers your compliance program in both a retrospective and current review. It considers the effectiveness of your program at the time of the incident(s) in question and then asks if your compliance program has changed based on the lifecycle of risk assessment program, implementation evaluation, and other inputs. Additionally, Feldman noted that for the “first time I have ever seen in any DOJ guidance, it says that the existence of misconduct does not by itself means that a compliance program did not work or was ineffective.”
In this 5-part podcast series I visit with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program, released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 3, we consider the question “Is it being effectively implemented?” We look at commitment by top management, autonomy and resources for the CCO and compliance function and incentives and disciplinary measures taken by an organization.
In this 5-part podcast series I visit with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program, released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward. In Episode 2, we consider the question “Is your program well designed?” We look at risk assessments, policies and procedures, training and communications, Confidential Reporting Structure and Investigative Process, third-party management and mergers and acquisitions.
In this 5-part podcast series I visit with Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, (the “2019 Guidance”), which was released in April 2019. Over the next five podcasts we will explore what the 2019 Guidance changes are from the Evaluation of Corporate Compliance Program (2017 Guidance), released in February 2017, the structure and emphasis of the 2019 Guidance and what it means for the compliance practitioner going forward.
In this first episode, we begin with some of Feldman’s observations. The 2019 Guidance asks three fundamental questions prosecutor should ask; all other questions are divided into these categories: (1) “Is the corporation’s compliance program well designed”; (2) “Is the program being applied earnestly and in good faith?” In other words, is the program being implemented effectively? Is it real? and (3) “Does the corporation’s compliance program work” in practice? Feldman expanded on these three basic questions, noting in the first question, the query is “whether it’s well designed and there is no a rigid formula.”
The 2012 FCPA Guidance specified, “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”
Continuous improvement through continuous monitoring will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based upon new and updated best practices specified by regulators. A compliance program is a continuously evolving organism, just as your company is continually improving its business processes. The 2012 FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.”
Three key takeaways:
- Ongoing monitoring is not limited to financial monitoring, a holistic approach would look at other indicia of corruption.
- Where there is compliance smoke, there is most usually a compliance fire.
- Continuous improvement can be achieved in a variety of efficient, cost-effective ways.
Tom Fox chats with Russ Berland about how his certification in privacy has facilitated him in his role as CCO.
Another Form Of Risk Management
A number of Russ’ clients needed to address privacy issues; however, the available resources were mostly European. He gained the Certified Information Privacy Professional certification so that he could meet the market need. Russ says that he looks at privacy as another form of risk management. We need to create a framework to comply with privacy laws, as well as investigate any potential violation.
Russ comments that privacy laws in the US are not as comprehensive as the EU’s GDPR. Privacy is generally seen as consumer protection in the US, while it is considered a human right in the EU.
Meeting State Standards
Tom comments that there is no national privacy law in the US at this point. He asks Russ how Aventiv thinks through crafting a privacy policy that might potentially have to satisfy 50 different state privacy laws. At present, Russ says, nine states have created privacy laws. Aventiv’s strategy is to meet the most stringent standards, and make that the national standard. Usually if you meet California’s standards, you can comply with the other states. Russ is pleased with Aventiv’s willingness to embrace compliance as a driver of their company culture.
Resources
IAPP.org
Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. As the Voice of Compliance, I wanted to start a podcast which will help to bring both clarity and sanity to the compliance practitioner and compliance profession during this worldwide health and healthcare crisis. In this episode, I am joined by Jeffrey Hayzlett, founder of the C-Suite Network and CEO of the Hero Club. He talks about five key strategies your company should employ during this time of the Coronavirus health crisis.
This podcast is sponsored by SAI Global. To learn how you can protect your business operations and workforce during these uncertain times, visit saiglobal.com/risk for free resources, expert guidance, and industry-leading technology.
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos & Guiliana Boniha on the hottest topic in Brazil: Me Too and sexual/moral harassment. In today’s episode, I visit with Luiz Salles and we discuss two key factors in compliance investigations in Brazil and the impacts of these factors on antitrust compliance.
- Why must a company take “Brazilian Factors” into account for an investigation?
- Why is an interdisciplinary approach needed for investigations in Brazil?
- As the world’s 5th largest country does an internal investigation need to take local culture into account? Why?
- What is the nexus between anti-corruption investigations and anti-trust violations in Brazil?
- Where can listeners go for more information?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
John Myers is the founder and CEO of Chorus Consulting. He has been an e-discovery and digital forensic professional for almost 30 years, assisting clients with data identification, preservation and analysis. He chats with Tom Fox about his company’s innovative approach to data forensics and information governance.
Innovation Begins Here
Tom is intrigued with Chorus Consulting’s tagline, “Innovation Begins Here.” He asks John to explain the significance of the tagline. John responds that it “represents our approach to our client projects and the way we approach our investigations… We’re really continuously working to find better ways to exceed our clients’ expectations, thus we’re innovating.”
Data Security and Information Governance
Most companies don’t truly know to what depth or breadth their data is secure, John posits. Chorus Consulting helps its clients understand the “what, why, and who” of their data, as well as their internal security measures. John says they help clients discover and correct potential security issues because it’s critical to know whether these internal measures are actually protecting them as well as their data. Tom comments that this data security risk assessment can prove to regulators that a company has assessed their data and has put a risk management strategy in place based upon that assessment.
John views information governance as an evolving discipline. “Information governance really provides the framework for clients to make good decisions about what information they’re keeping, how long they’re keeping it, and who and what should have access to it,” he says. He explains how his company helps his clients in this area. He also shares five practical steps to mitigate information risk.
Proactive Approach to Data Forensics
Tom asks, “You advocate utilizing forensic services in a proactive as opposed to a simply reactive basis. Can you talk us through how we would help a client do that?” John responds that they deploy real-time monitoring methodologies and technologies to ensure that corporate intellectual property or knowledge doesn’t leak out of the organization when an employee leaves. At the same time, they help their clients ensure that new employees do not bring data that they shouldn’t have into the organization.
Resources
John Myers on LinkedIn
ChorusConsulting.net
