Categories
Coffee and Regs

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

Categories
Compliance Kitchen

Huawei


Huawei’s CFO admits to misleading a global financial institution.  The Kitchen takes a closer look at a recently published DPO between the CFO and the DOJ.

Categories
Daily Compliance News

October 4, 2021, the FB Whistleblower edition


In today’s edition of Daily Compliance News:

  • Frances Haugen is FB whistleblower. (WSJ)
  • NWSL hires Covington to investigate itself. (WSJ)
  • Ozy folds. (NYT)
  • The United vaccine tale. (NPR)
Categories
The Ethics Experts

Episode 085 – Ludovic Roptus

In this episode of The Ethics Experts, Nick welcomes Ludovic Roptus, compliance & ethics officer, to the show.

Categories
The ESG Report

Mythbusting ESG and FAQs Part 1 with Greg Hotaling and Marye Cherry


*This episode originally aired on the Coffee and Regs podcast and is cross-posted here with permission.*
Greg Hotaling is a Regulatory Content Manager at Compliance Solutions Strategies (CSS), specializing in global regulatory matters relevant to the financial industry. Marye Cherry is the EU Regulatory Counsel and Head of ESG at CSS. She is an expert in transparency and regulatory reporting issues in the financial services industry, including ESG. In this episode of a special two-part series, Greg and Marye demystify the complicated world of ESG including the latest regulatory developments, the complexity of ESG data, and what ESG actually means for investment managers.
 

 
About ESG
ESG, green initiative, and sustainability are often used interchangeably; according to Marye, they all refer to the underlying principles of planet, people, and profit. She tells Greg that ESG is about “doing business in a way that exhibits concern for the long-term health of the planet and for the people who are impacted but still being able to do that profitably.” In the financial sector, ESG “refers to the integration of economic, social, and governance factors in the investment process.” It’s also called sustainable finance, Marye says. 
 
What Investment Managers Should Know
In the past, ESG in the financial sector was mostly based on voluntary frameworks and standards, but in recent years, regulation has become the norm. “ESG will be most relevant in terms of the regulations that are coming or that already exist,” Marye advises investment managers. The EU is the most advanced region in this regard: they have already established several regulations including the Action Plan on Sustainable Finance, and several new regulations are upcoming. Regulation is where the action is in the ESG space, Marye points out. 
 
Save the Date
Greg asks about important dates investment managers should keep in mind. The Sustainable Finance Disclosure Regulation (SFDR) is the upcoming regulation asset managers should focus on, Marye replies, and there are two dates to watch. The first date, March 10th 2021, was the initial implementation of SFDR. EU asset managers needed to classify their financial products under the articles of the SFDR and start to amend their documentation to disclose that classification. “The SFDR went into effect however, before the detailed technical standards were available to the market,” Marye says, and the pandemic further delayed the release of those standards. The standards as well as taxonomy linked disclosures will be released soon in the same document, so listeners should look out for that. The effective implementation date will be July 1, 2022. 
 
Resources
Greg Hotaling on LinkedIn
Marye Cherry on LinkedIn | Twitter
 
 

Categories
FCPA Compliance Report

Tom Fox on Best Seller TV – The Compliance Handbook, 2nd edition


Ed. Note-I was recently interviewed on Best Seller TV about my book, The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, Second Edition. This video of the interview appears with the permission of Best Seller TV.

On this episode of Best Seller T,V Tom Fox, author of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, Second Edition, addresses what best practices can be put in place for companies to run more efficiently and generate more profits. Fox, who began working in the compliance industry in 2007, was a lawyer by trade, but felt compelled to switch careers because he saw an opportunity to help make a difference and help corporations be more efficient. Fox says the United Nations estimates that $3 trillion are lost annually to corruption. He saw the opportunity to help corporations build first-class best practice compliance programs by complying with the law and run the business side a lot smoother.

Compliance is setting up systems, processes, and procedures that comply with a law and/or regulation. With laws constantly changing, Fox wrote the second edition of the book to instruct readers on the latest compliance laws that might affect them on a regular basis. Since his first edition in 2018, there has been a 40 percent change in laws, especially after the SEC and the Department of Justice made significant changes to the Foreign Corrupt Practices Act. The pandemic also helped exacerbate many more changes.

The book is for a wide variety of readers, starting with compliance professionals, laying out a blueprint on how to build world-class compliance programs or enhance currently existing programs. The book is also for c-suite and senior executives to help educate them on the benefits of compliance and how to stay out of trouble. The compliance industry has evolved significantly in the last decade or so. Fox adds that right now, the industry is more data-driven and, “When you have data, you can actually improve business efficiency.” He continues to say that the backbone of compliance is internal controls, which are financial controls, but are not often called that. If you look at them from a compliance perspective and tweak them enough to have both controls, you can make enough headroom in making a company run more efficiently, leading to greater profitability.

Categories
Blog

Internal Controls in Compliance: Part 1-What are Internal Controls?

What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. The starting point is the FCPA itself, which states the following:
Section 13(b)(2)(B) of the Exchange Act (15 U.S.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—
(i) transactions are executed in accordance with management’s general or specific authorization;
(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and
(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any
differences ….
The DOJ and SEC, in the  FCPA Resource Guide, 2nd edition, stated:
Internal controls over financial reporting are the processes used by compa­nies to provide reasonable assurances regarding the reliabil­ity of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organi­zation regarding integrity and ethics; risk assessments; con­trol activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.
…the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.
Perhaps the best definition I have ever heard came from Jonathan Marks, Partner at Baker Tilly, who defined an internal control as
Internal controls expert Joe Howell, former Executive Vice President (EVP) at Workiva, Inc., has said that internal controls are systematic measures, such as reviews, checks and balances, methods and procedures, instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Howell adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets.
The COSO, in its 2013 publication entitled “Internal Controls – Integrated Framework”, defined internal controls as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” More specifically, internal controls are, according to COSO:

  • Geared to the achievement of objectives in one or more categories – operations, reporting, and compliance
  • A process consisting of ongoing tasks and activities – a means to an end, not an end in itself
  • Effected by people – not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to affect internal control
  • Able to provide reasonable assurance – but not absolute assurance, to an entity’s senior management and board of directors
  • Adaptable to the entity structure – flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process

The Integrated Framework goes on to note, “This definition is intentionally broad. It captures important concepts that are fundamental to how organizations design, implement, and conduct internal control, providing a basis for application across organizations that operate in different entity structures, industries, and geographic regions.”
Why are internal controls important in your compliance program? Two FCPA enforcement actions demonstrate the reason. The first came in late 2013 when the DOJ obtained a criminal plea from Weatherford International. There were three areas where Weatherford failed to institute appropriate internal controls. First, around third parties and business transactions, limits of authority and documentation requirements. Second, on effectively evaluating business transactions, including acquisitions and JVs, for corruption risks and to investigate those risks when detected. Finally, in the area of gifts, travel and entertainment expenses, they were not adequately vetted to ensure that they were reasonable, bona fide, and properly documented.
The second case involved the SEC 2017 FCPA enforcement action with Halliburton. In this matter, Halliburton’s internal controls were circumvented and over-ridden which led to a FCPA violation without evidence of a bribe being paid. It was a civil FCPA enforcement action. It demonstrated that internal controls must be shown to be effect under the FCPA and without such a showing there can be a large financial penalty paid by a violator.
The whole concept of internal controls is that companies need to focus on where the risks are, whether they be compliance risks or other, and they need to allocate their limited resources to putting controls in place that address those risks, and in the compliance world, of course, your two big risks are the assets or resources of a company. Not just cash but inventory, fixed assets etc., being used to pay a bribe, and then the second big element would be diversion of company assets, such as unauthorized sales discounts or receivables and write offs, which are used to pay a bribe.
As an exercise, I suggest that you map your existing internal controls to the Ten Hallmarks of an Effective Compliance Program or some other well-known anti-corruption regime to see where control gaps may exist. This will help you to determine whether adequate compliance internal controls are present. From there you can move to see if they are working in practice or “functioning.” Internal controls will only become more important in FCPA enforcement. In this chapter, you will learn how to get ahead of the curve.