CONVERGE is in its 5th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of driving ethics to the center of your business. In today’s episode I visit with Guendeline Donde, Director of Research at the Institute of Business Ethics. We visit about her panel at Converge20 on Small budget, big impact: Scrappy compliance with limited resources.
Many organizations seek to make the move from a traditional legal program to that which marries user experience, behavioral science and technology – how difficult could it be? Guen will share practical advice from the Institute of Business Ethics’ Toolkit, developed in collaboration with subject matter experts from a variety of industries. For more registration and information on Converge20, click here.
Day: September 14, 2020
On this episode of The Ethics Experts, Gio speaks with Dr. Christopher Marquis about B-Corps, generational purpose, and how ethics and compliance can lead this movement.
Check out more episodes, and don’t forget to subscribe on your favorite podcast platform!
One of the questions GSK faced during the bribery and corruption investigation of its Chinese operations was how an allegedly massive bribery and corruption scheme occurred? Where were the appropriate internal controls? You might think that a company as large as GSK and one that had gone through the ringer of a prior DOJ investigation resulting in charges for off-label marketing and an attendant Corporate Integrity Agreement (CIA) might have such controls in place.
It would be reasonable to expect that internal controls over gifts would be designed to ensure that all gifts satisfy the required criteria, as defined and interpreted in company policies. It should fall to compliance to finalize and approve a definition of permissible and non-permissible gifts, travel and entertainment and internal controls will follow from such definition or criteria set by the company. These criteria would include the amount of the spend, localized down into increased risk such the higher risk recognized in China. Within this context, there are four general internal controls to consider. 1) Is the correct level of person approving the payment/reimbursement?; 2) Are there specific controls (and signoffs) that the gift had proper business purpose?; 3) Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls?; and 4) If controls are not followed, is that failure detected?
Obviously, the use of third parties can be a powerful and effective way for a business to achieve its strategic goals. This may be one of the key reasons why third parties are still one of the leading indicia of bribery and corruption. Every compliance program should regularly review its third-party service providers and evaluate internal policies and procedures to ensure compliance.
Three key takeaways:
- GSK continues to be an example of the lack of internal controls for third-parties in an effective compliance program.
- General areas of review for compliance internal controls.
- Third parties are still the highest risk of corruption related issues.
Welcome to a special five-part podcast series, sponsored by Exiger, on topics From Third-Party Risk Management to Supply Chain Risk Management: Exiger on the Evolution in Supplier Compliance in COVID. Exiger was founded to fight financial crime, fraud and terrorist financing by introducing technology-enabled solutions to the market’s biggest supply chain, risk, investigation, litigation, and compliance challenges. A global authority on risk and compliance, Exiger serves the world’s largest banks, Fortune 1000 companies and government agencies and regulators. Over this series, we will put a spotlight on Financial Institutions with Tara Loftus and Samar Pratt; focus on corporations with Aaron Narva and George ‘Ren’ McEachern; consider Federal Government and Supply Chains with Carrie Wibben and Vishnu Anantatmula; review the pillars of good compliance with Brandon Daniels and Carrie Wibben; and end with a review of third-party risk management solutions with Erika Peters and Skyler Chi.
In this Part 1, we put a spotlight in financial institutions. In this exploration I am joined by Tara Loftus, a Managing Director, who is a part of the Financial Crime Compliance Advisory practice focusing on anti-money laundering (AML) and anti-bribery & corruption (ABC) and Samar Pratt Managing Director who is also in the firm’s Financial Crime Compliance Advisory practice, specializing in audit and assurance.
Join us tomorrow where we consider areas where corporations have challenges on third parties and Supply Chain risk.
For more information on Exiger, click here.
For more information on Samar Pratt, click here.
For more information on Tara Loftus, click here.
In this episode, I take a deep dive into the first cyber-security enforcement action brought by the state of New York, Department of Financial Services. It was against First American Title. In this exploration I am joined by Jordan Arnold, the Chief Innovation Officer at K2 Intelligence FIN. He is the founder and Global Chair of K2 Intelligence’s Private Client Services practice, which provides privacy and security services to ultra and high net worth families and clients in the entertainment, music, and sports industries and Surjeet Mahant, Managing Director in K2 Intelligence FIN’s Financial Crimes Risk and Compliance practice, where he leads cyber risk services. With over 20 years of experience in cybersecurity and privacy risk solutions for large institutions, Surjeet assists clients in developing the tools and strategies needed to protect the confidentiality of their data, the availability of their systems, and the integrity of their operations.
Some of the highlights include:
- Overview of the enforcement action;
- What are the broader consequences for the industry; significance of regulation/action; need for proactive actions;
- What is the DFS and why is it regulating an insurance company around cyber?
- Why has cyber become a part of the broader compliance conversation?
- What specific steps can entities take to mitigate a violation or breach of data?
- What can entities expect in the future from regulators in the cyber space?
For more information on K2 Intelligence FIN, click here.
