Categories
This Week in FCPA

This Week in FCPA-Episode 212 – the Happy July 4th edition


As President Trump allows Russia to pay bounties for the Taliban to kill American soldiers, self-isolating (again) Jay and Tom have a special Thursday July 4th edition to look at top compliance articles and stories which caught their eye this week.

  1.  The Novartis FCPA settlement. Tom has a 5 part series Part 1-IntroductionPart 2-the Bribery Schemes,Part 3-Internal ControlsPart 4-Fines, Penalties and Recidivism; Part 5-Data Analytics. Matt Kelly with Radical Compliance. Mike Volkov has a 3 part series on Corruption Crime and Compliance. Matt and Tom take a deep dive on Compliance into the Weeds. After all this Novatris pays another $678MM for corruption inside the US, see DOJ Press Release.
  2. Why you need a plan for distributors under the FCPA. Bill Steinman opines in the FCPA Blog.
  3. Alexion settles FCPA enforcement action. Dick Cassin breaks the story in the FCPA Blog.
  4. Banks facing increased compliance risks. Mengqi Sun in the WSJ Risk and Compliance Journal.
  5. The DOJ 2020 Update to the Evaluation of Corporate Compliance Programs with a new emphasis on middle management. Dylan Tokar and Jack Hegal in the WSJ Risk and Compliance Journal.
  6. How badly did EY botch the Wirecard audit? Michael Rapaport guest posts on Francine McKenna’s The Dig.
  7. CCPA went live on July 1. Were you ready? Jessica Wilburn on Navex Global’s Ethics Matters.
  8. What is the role of compliance in the future of work? Neta Meidav in CCI.
  9. On Compliance and Coronavirus, I was joined this week by Ryan Schonfeld to discuss IT and physical security in the era of Coronavirus; Cindy Flynn on employment law issues and Bill Sanderson business change in the era of Covid-19.
  10. On the Compliance Podcast Network, Tom concluded his one month look at the role of HR in compliance on 31 Days to a More Effective Compliance Program and started a new month of looking at 3rdThis week saw the following offerings: Monday-the parameters of attorney/client privilege; Tuesday-Miranda warnings in internal investigations. On July 1, the new month brought the new topic of 3rd party risk management. Wednesday-the 3rdParty risk management process; Thursday-the business rationale. The month of July is being sponsored by Affiliated Monitors. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
31 Days to More Effective Compliance Programs

The business rationale


The 2020 Update stated, “Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction, and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials.” This standard articulates one of the most basic tools to operationalize your compliance program and should form the basis of your third-party risk management process. Indeed this is viewed as an internal control with the 2020 Update going on to pose the following question, “How does the company ensure there is an appropriate business rationale for the use of third parties?”
Another way to think about this issue is by considering the competence of a foreign business partner to provide services to your organization. Such considerations include a review of the qualifications of the third-party candidate for SME, the resources to perform the services for which they are being considered and the third-party’s expected activities for your company. More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third-party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third-party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
Remember, the purpose of the business rationale is to document the satisfactoriness of the business case to retain a third-party. The business rationale should be included in the compliance review file assembled on every third-party at the time of initial certification and again if the third-party relationship is renewed. This means “Document, Document, and Document”.
Three key takeaways:

  1. You should always have a business reason for using a third-party which is articulated by the business folks, not compliance.
  2. A Relationship Manager is the key going forward in operationalizing your compliance program through the life of the third-party relationship with your company.
  3. Always remember to “Document, Document, and Document”.
Categories
Innovation in Compliance

Navigating an Increasingly Complex Sanctions Landscape: How to Prepare for What’s on the Horizon

Welcome to this special podcast series “In Conversation with K2 Intelligence FIN: Navigating an Increasingly Complex Sanctions Landscape”. This series is sponsored by K2 Intelligence, LLC. This week I have visited with Adam Frey, Managing Director, and Eric Lorber, Vice President at K2 Intelligence Financial Integrity Network (FIN).

Over the week, we have reviewed the current sanctions landscape, discussed how to build a sanctions compliance program, walked listeners through what happens when you discover a sanctions breach or potential breach, considered new sanctions exposure. Today, Adam Frey and I conclude with Episode 5 by taking a look in that veiled land of the future by considering issues on the horizon and how to prepare for it.

Resources
For more information on K2 Intelligence FIN’s Sanctions Risk Advisory Services, click here.
For more information on Navigating the Sanctions Minefield: What Every Global Business Should Know, click here.

Categories
Daily Compliance News

July 2, 2020-the Novartis Pays More edition


In today’s edition of Daily Compliance News:

  • Will Congress finally toughen up AML legislation? (Washington Examiner)
  • Novartis settles follow on civil litigation. (WSJ)
  • Business Roundtable endorses police reform. (WaPo)
  • Corruption in the Vatican, I’m shocked. (Reuters)
Categories
Innovation in Compliance

Navigating an Increasingly Complex Sanctions Landscape: New Exposures for Corporations and Shipping

Welcome to the podcast series: In Conversation with K2 Intelligence FIN: Navigating an Increasingly Complex Sanctions Landscape. This series is sponsored by K2 Intelligence FIN. This week I will visit with  Adam Frey, Managing Director at Intelligence FIN and Eric Lorber, Vice President at Intelligence FIN.

Over the week, we will review the current sanctions landscape, discuss how to build a sanctions compliance program, walk listeners through what happens when you discover a sanctions breach or potential breach, consider new sanctions exposure and conclude with a look in that veiled land of the future by considering issues on the horizon. In this Episode 4, I am joined by Eric Lorber regarding new sanctions risk exposures for commercial corporations and in the shipping space.

Join us tomorrow for our concluding Episode 5 with Adam Frey as we peer down the road and consider some issues on the horizon for sanctions compliance.
Resources
For more information on K2 Intelligence FIN’s Sanctions Risk Advisory Services, click here.
For more information on Navigating the Sanctions Minefield: What Every Global Business Should Know, click here.

Categories
ComplianceLIVE

Episode 24: The Benchmark Reporting Sales Show

Amanda welcomes back Jenni and Michelle to discuss ComplianceLine’s brand new benchmark report and ride the struggle bus as they try to pronounce “anonymity” incorrectly 36 times before getting it right.

Check out more episodes and full episode videos at ComplianceLine.com, and don’t forget to subscribe on your favorite podcast platform!

Categories
Compliance and Coronavirus

Bill Sanders on the Business Change Brought About by Covid-19


Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. In this episode, I visit with Bill Sanders on issues the speed of business change brought on by Covid-19. These issues include how Sanders sees Covid-19 accelerating business change and the 3 things which a person or company can do to prepare for the future of work. We conclude with a discussion of what I see as an upsurge in M&A in Q3 & Q4 and the advice Sanders is you giving out now to prepare companies for this change.
For more information on Bill Sanders and Roebling Strauss, check out their website here.
For a copy of From Hierarchy to High Performance, click here.Bill Sanders on the Business Change Brought About by Covid-19

Categories
The Walden Pond

Trusted Conversations: Rethinking How Whistleblower Hotlines are Delivered in Organizations with Sylvain Mansotte


Sylvain Mansotte is the co-founder and CEO of Whispli, and this week’s guest. Whispli is a Boston-based company focused on innovating how corporate whistleblower programs are delivered. Sylvain joins Vince Walden to discuss what makes Whispli different from traditional hotlines, the importance of trust and anonymity, and how their programs work.

Traditional whistleblowing hotlines are bureaucratic and anxiety-inducing. In most cases, the lack of anonymity causes employees to hesitate in reporting misconduct, and some do not report it at all for fear of losing their jobs or suffering harsh consequences. Sylvain estimates that companies will miss 90% of reports because of a lack of anonymity in whistleblowing programs. Whispli is an innovative alternative to the traditional compliance hotlines, that promises complete anonymity with secure two-way communication channels. 
Trust is the ultimate human currency and the foundation of all relationships. Whispli offers a level playing field for employees and higher-level workers to have conversations about difficult topics in a safe environment. It builds trust, which makes employees more inclined to speak up and report misconduct. Whispli allows users to change their avatar for each conversation to further maintain anonymity, and the system delivers all reports to their respective departments. Whispli is primarily a written communication channel, but if employees wish to call in, there is a hotline available in the program. They have also developed a mobile app, whose features include real-time voice modification.
Resources
Sylvain Mansotte on LinkedIn
Whispli.com

Categories
Life with GDPR

Duty of Data Processor to Report Data Breach


In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Swedish Data Protection Authority recently imposed a fine of 200,000 Swedish kronor (approximately €18,700 or $21,320) on the Swedish National Government Service Centre (“the NGSC”) for failing to notify both the Data Protection Authority and others about a personal data breach in sufficient time.  Some of the highlights are:

  1. What were the issues and interests involved in this case?
  2. What are the requirements for a reporting of a data breach under GDPR?
  3. What are the differences in duties of the Data Processor and Data Controller?
  4. What are the implications going forward?
  5. What is this decision’s precedential value?
  6. Is the decision Kafkaesque in its reasoning?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.