In this episode, I visit with Eric Feldman about planning out your post-acquisition merger strategy. Recent FCPA enforcement actions have stressed that an acquiring entity apply or ascertain that its Code of Conduct, policies and procedures regarding corruption are consistent with the acquired company’s policies and processes. If they are not consistent, the acquiring company should apply it’s Code of Conduct and anti-corruption policies and procedures to the newly acquired company within 18 months or “as quickly as is practicable”. Employees from the newly acquired entity must be trained on their new Code of Conduct and policy and procedure. There must also be a forensic audit to see if any FCPA issues pop up. This same language was brought forward into the 2020 FCPA Resource Guidance, 2nd edition.
If pre-acquisition due diligence is done correctly, it will identify risks associated with the target and a risk assessment of that company should follow as a part of your pre-acquisition due diligence along the line to your post-acquisition, to give you a roadmap of what areas of risk need to be addressed immediately. Some of the things you would specifically look for in an integration plan are around internal controls. Feldman noted, “Are you going to use the acquired entities internal controls or are you going to put your company’s internal controls regime in place? If so, how are you going to integrate them? How are you going to address any training and awareness gaps as it relates to ethics and compliance responsibilities of the employees, of the new company that are coming into your company? Do people understand the acquiring company’s anti-corruption posture and their ABC policies and procedures and all of that needs to be well documented into an integration plan.”
Near and dear to my heart is Document Document Document as it is very hard to demonstrate the pre and post-acquisition due diligence to an external entity like the DOJ without documentation. The real issue has to do with how you can demonstrate to a government regulator that you have done everything that you can do as a company to identify risk associated with corruption and misconduct. Moreover, if you do identify the misconduct, that you have taken the right steps to inform the government and make that disclosure.
Day: July 22, 2020
Episode 019–Charles Monk
On this episode of The Ethics Experts, we speak with Charles Monk about changing Air Force culture through innovative training.
Check out more episodes, and don’t forget to subscribe on your favorite podcast platform!
What is third-party risk expansion and why is it a risk in compliance? Historically, people talked about simply an entity outside of your organization as a third party. However, that definition is broadening, to mean really that entity with which your company works. Obviously, this can be a supplier or vendor, it can be a service provider, a customer, a joint-venture (JV) partner and/or an intercompany affiliate. A broader view could include intercompany affiliates as third parties, even though many people would see them as just being another entity inside of a business. As the definition of third parties expands, this only makes life more complicated for anyone trying to do third party risk assessments and then the tiering just creates an exponential change.
Previously, a tier one supplier was a direct counterparties to your organization, directly through the sales channel. Next a tier two was one that your company’s tier one counterparty is working through. This means for risk managers assessing the various risks now have to go deeper and deeper. One way to do so is through trying to understand the connection between tiers one, two, three, four and so on. The problem is there are many risks that companies do not manage this risk because they cannot identify which companies are taking risks, alleged on their behalf. One of the most difficult issues for compliance professionals and risk managers is trying to get their arms around how to handle this issue.
You should begin with mapping out and understanding the third-parties whose exposure needs to be assessed by your organization. Obviously, this includes both direct and indirect third-parties but in terms of the tiering, the best way for anyone to understand the risk is to have really good communication with their tier one third-parties to be able to discuss the risks to both businesses.
Three key takeaways:
- Has your third-party risk management program expanded with your third-parties?
- Why is transparency a key for third-party risk management?
- What is the financial health of your third-parties?
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
Six years ago, Mary met Scott while the two New Zealanders were working in the United Arab Emirates and Kuwait respectively for generator hire company, Aggreko. As the global Head of Compliance, Mary was Scott’s Compliance Officer and headed out to Kuwait to conduct Compliance training. Not only was Mary thrilled to meet a fellow Kiwi expat at the company, but she was very impressed by how welcoming Scott, then head of the Kuwait business, made her and went to extra effort to ensure that her business trip went smoothly.
Scott obviously took Compliance very seriously and a few years later, after both Kiwis had moved on from Aggreko, Scott reached out to Mary to let her know that in his new role as a Commercial Director, he would also be taking on the Compliance portfolio. We hear how Scott has transitioned from being solely in a business role and into a newly fledged Compliance professional.
Mary considered Scott to be an ideal GWIC guest because he was fully supportive of Compliance and entirely respectful of a woman running the function and additionally has been very vocal about singing the praises of capable women in Compliance and making introductions to connect women in the field to enlarge their networks. As a bonus, during this episode we get a chance to hear about leadership from someone who is truly a servant leader and breaks down hierarchical barriers to be fully inclusive from the top.
Join Mary and Scott as they re-live experiences in the Middle East and Scott shares his number one tip for men to best support female colleagues in the workplace.
Join the Great Women in Compliance community on LinkedIn here.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode Matt Kelly and Tom Fox take a look the recent domestic bribery and corruption enforcement action involving ComEd, a subsidiary of energy giant Exelon Corp. and the largest utility in the state of Illinois, agreeing to pay $200 million to settle federal corruption charges that also involve one of the state’s most powerful politicians.
Some of the highlights include:
- Compliance practitioners need to remember domestic bribery and corruption as well as international.
- The bribes were offering lucrative lobbying contracts and no-show jobs to associates of Illinois House Speaker Michael Madigan.
- How did compliance save the day for ComEd?
- What about the Board of ComEd and Exelon?
- Is there a real commitment from the top?
Resources
See Matt’s blog post, ComEd Pays $200 Million on Domestic Bribery on Radical Compliance.