Brian and Tim are back to discuss ransoms of all shapes and sizes. First, they tackle OFAC’s new ransomware guidance and contemplate what it means for the risk faced by victims and others within the ransomware payment ecosystem. Next, Brian and Tim discuss recent OFAC settlements addressing Directive 4 and facilitation and, then, dive deep on the big announcement that DOJ resolved the criminal case against Huawei’s CFO with a DPA. Finally, in the Lightning Round, they share quick thoughts on the guilty plea entered by a cryptocurrency expert for conspiring to violate the North Korea sanctions.
Subscribe * Apple Podcasts * Spotify * Amazon Music * Google Podcasts * Stitcher
Questions? Contact us at podcasts@milchev.com.
EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts.
***Stay sanctions free.***
Day: October 6, 2021
The UK issues its first nonproliferation financing risks report. Listen in for more details.
Categories
Episode 086 – Alexander Hall
In this episode of The Ethics Experts, Gio welcomes Alexander Hall, founder of Dispute Defense and consulting board advisor at UNLV, to the show.
Welcome to the latest edition to the Compliance Podcast Network. In this podcast, I am joined by my co-host Carsten Tams, Ethical Business Architect and founder and CEO of Emagence LLC, a boutique consulting firm based in New York City, partners with corporate, academic and NGO clients to develop innovative and evidence-based strategies rooted in behavioral science for solving organizational challenges. Over this podcast series we will explore how Design Thinking can be used to improve your compliance program by increasing employee engagement. In this inaugural episode, Carsten and I will explore why the Design Thinking process can be such a powerful tool for the compliance professional. Highlights include:
1. What is the problem that Design Thinking can solve?
2. What is employee engagement?
3. Why is employee engagement so critical to compliance?
4. How can you design engagement into your compliance program?
Resources
Carsten Tams on LinkedIn
Design Thinking Meets Ethics and Compliance
Human-Centered Design: An Engaging Ethics & Compliance Program Serves Users’ Needs
The Co-Creation Imperative: If You Build It With Them, They Will Engage
Ready, Set, Go: Running A Design Sprint
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
Some people consider ethics and compliance officers as risk averse given our roles in organizations. However, so many people in our professional community have taken risks and evaluated opportunities for both their personal and professional lives. Today’s guest is one of those people.
Cristina Revelo started her career at KPMG, and then moved WalMart, and also relocated to Arkansas to take on this role. Today, she is Deputy Director, Corporate Monitoring and Compliance Services at Affiliated Monitors, Inc.
Cristina talks about her experiences when she joined WalMart, and in particular about going to Colombia and taking on an interim country lead role. She talks about opportunities that she took early on and challenges that she encountered, being less senior than some others and being a woman,
There were also times where she looked at an opportunity and decided it was not the right one, and how she said no, without burning bridges and remaining open to new opportunities.
We also get to hear how it is going at Affiliated Monitors as it is a relatively new role for Cristina, and also talk a bit about our experience at SCCE CEI. We hope you enjoy this last episode of the summer/fall GWIC series.
Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). Thank you to all those who have taken the time to rate the GWIC podcast and book, it’s much appreciated.
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into collapse (and perhaps rebirth) of Ozy Media and have our first round of culture failure bingo.
Some of the issues we consider are:
- What is an Ozy and why does its collapse matter to compliance?
- Who is Ozzie Osbourne and what does he have to do with Ozy?
- What is culture failure bingo and why is it on Compliance into the Weeds?
- Who were the bingo winning companies this week?
- Why all this matter to compliance?
Resources
Matt in Radical Compliance
Tom in the FCPA Compliance and Ethics Blog
There are four significant controls that I would suggest the compliance practitioner implement initially. They are: 1) DOA; 2) maintenance of the vendor master file; 3) contracts with third parties; and 4) movement of cash/currency.
Your DOA should reflect the impact of compliance risk including both transactions and geographic location so that a higher level of approval for matters involving third parties, for fund transfers and invoice payments to countries outside the U.S. would be required inside your company. While it is quite often true that a DOA is prepared without much thought given to compliance risks, once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or does not define authority in a way even the approvers could understand it. Therefore, it is incumbent that the DOA be integrated into a company’s accounts payable processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this, you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval beforethey are paid. If a DOA is properly prepared and enforced, it can be a powerful preventive tool for compliance.
The vendor master file can be one of the most powerful preventative control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.
Near and dear to my heart as a lawyer are contracts with third parties. These can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. I would caution that for contracts to provide effective internal controls, relevant terms of those contracts, including for instance the commission rate, reimbursement of business expenses, use of subagents, etc., should be made available to those who process and approve vendor invoices. If there are nonconforming service descriptions or commission rates present in a contract, the terms must be approved not only by the original approver but also by the person so delegated in the DOA. Unfortunately, contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.
The Hewlett-Packard (HP) FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. All situations where funds can be sent outside the U.S., including such methods accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans or advances, should all be reviewed from the compliance risk standpoint. This means you need to identify the ways in which a country manager or a sales manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.
To prevent these types of activities internal controls, need to be in place. This means all wire transfers outside the U.S. should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the U.S. should always require dual approvals. Lastly, wire transfer requests going outside the U.S. should be required to include a description of proper business purpose.
The bottom line is that internal controls are just good financial controls. The internal controls that detail requirements for third party representatives in the compliance context will help to detect fraud, which could well lead to bribery and corruption.
