Day: November 1, 2021

Categories
Coffee and Regs

Cybersecurity Training, Talent and Diversity

Cybersecurity Training, Talent and Diversity

In this episode, Founder and CEO at CyberVista, Simone Petrella and CSS’s Director of Cyber IT Services, E.J. Yerzak discuss the importance of cybersecurity training, education, how to recruit talent and diversity in cyber and why compliance and cybersecurity are synonymous.
 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

Simone Petrella is CEO and Co-Founder of CyberVista. Previously, Simone was a Senior Associate at Booz Allen Hamilton where she helped build the firm’s cybersecurity practice in the commercial sector focusing on the creation of cyber fusion centers and the integration of cyber threat intelligence, security operations, and cyber defense operations into effective cyber security operations. For a decade she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, where she built out a threat capability and team with in depth subject matter expertise in all aspects of cyber threat intelligence, including intelligence support to both defensive and offensive operations. Her areas of specialty included predictive cyber intelligence based on an understanding of the threat adversary and developing service offerings to integrate intelligence into exercises to provide realistic cyber scenarios. Simone received her J.D. with honors from Catholic University’s Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy. She is a member of Women in International Security and is admitted to the New York Bar. A native of New Jersey, she has resided in Washington D.C. since 2000.
 
Categories
Compliance Kitchen

Facebook DOL Settlement


Facebook settles with the DOJ and the DOL over discriminatory hiring practices toward US applicants. Tune in to hear more as the Kitchen reviews this update.

Categories
The Ethics Experts

Episode 093 – Robert Shindell

In this episode of The Ethics Experts, Nick welcomes Robert Shindell, president & CEO of Intern Bridge, Inc, to the show.

Categories
The ESG Report

From Compliance to ESG with Mike Munro


 
Mike Munro has worked with global companies such as Dell Chemical, Baker Hughes, and Transocean, for more than 30 years. His last position before founding Global Compliance Management and Response (GCMR) was as Chief Compliance Officer at Odebrecht Engineering and Construction in Brazil. He joins Tom Fox on this week’s episode of the ESG Report to discuss GCMR, as well as moving from compliance to ESG.
 

 
ESG Is More Than Anti-Corruption
Mike believes that compliance is about more than just anti-corruption issues. “It was clear that the elements and the focus of compliance programs and efforts are really applicable to a much broader area,” he tells Tom. After his work at Odebrecht ended, he decided to establish his own company to “bring what all of us have learned over the years regarding compliance programs and their value and the things that they’re focused on, and make sure that they can also bring value to other areas. And so that brought me into ESG because clearly, that is an area that does need a lot of help, a lot of work.”
 
From Compliance to ESG
Tom asks Mike, “What are some of the skills you see that a compliance professional has, which really lends itself to either leading or being a part of the leadership team for a corporate ESG effort?” Mike responds that one such skill is the ability to work cross-functionally. “A company really has to bring in many different stakeholders within the company, make sure that all those stakeholders understand what the issues are, understand what they need to do, understand their role in compliance. And that is exactly what is needed in ESG,” he tells listeners. ESG covers many dimensions and requires people across the company to work together, so the compliance officer – who already has expertise in leading cross-functional teams – is well suited to take the lead. He and Tom discuss how compliance and ESG overlap and that ESG will evolve in the same way the compliance function did. “All of those things that happened with compliance programs early on,” Mike remarks, “where you started with a very basic program, and then you moved to training and then you moved to tracking and then you moved to running investigations. Those similar things need to happen with ESG.”
 
The Culture of Safety
Many companies are already doing good things – particularly in safety and environmental compliance – but they don’t have a formalized ESG program, so they do not track or communicate what they’re doing, which means that they don’t get credit for their efforts. An ESG program  ‘allows for more of the positive story to be told,” Mike comments. Tom remarks on the culture of safety in energy companies. Everyone knows why the safety rules are important, and they follow them religiously. He and Mike agree that this is the same direction compliance and ESG need to take. 
 
GCMR and the Future of ESG
GCMR has brought together a global team of experts who can address ESG issues with the local context. “We are just absolutely focused on making sure when we provide services to a client that we are first and foremost, stressing that local issues have to be understood,” Mike points out. Tom asks whether Mike believes regulators or stakeholders will drive the evolution of ESG. It will be the financiers, Mike responds. He comments on the push in the EU for sustainability elements to have the same financial standards and the implications for companies’ financial reporting. 
 
ESG in Acquisitions
GCMR has compiled a simple list of key ESG items. This is how they help companies quickly assess potential acquisitions. “Part of the value of ESG reporting is being able to tell the whole story, but I truly believe that sometimes people make this more complicated than it has to be,” Mike comments.
 
Resources
Mike Munro on LinkedIn
Global Compliance Management and Response
 

Categories
FCPA Compliance Report

Matt Silverman – Trade Compliance, Part 2

In this Episode of the FCPA Compliance Report, I conclude a special two-part series with Matt Silverman on trade compliance. Matt leads the VIAVI Global Trade team and provides strategic guidance to management on international regulatory requirements – including customs, export controls, embargoes, sanctions and antiboycott laws – enabling compliant movement and market access for VIAVI’s products, software, technology and services. Highlights of this podcast include:

1.         What are the key components of a best practices trade compliance program?

2.         It seems to me that trade compliance is even more important coming out of Covid 19 and into our ‘new normal’.

3.         What would you tell a young compliance professional about focusing on trade compliance?

4.         Where do you see trade compliance down the road in 2025 and beyond?

5.         Where does trade compliance fit into ESG?

Resources

Matt Silverman on LinkedIn

Articles

Navigating the Line Between US Export Controls and Anti-Discrimination Laws,

Export Compliance Manager, Issue 12, April 2021

 Ensuring Export Compliance in Activity-Based Working Spaces, Home Offices,

International Trade Blog, March 3, 2021

Navigating Export Compliance, CEP Magazine, March 2021  

What HR Needs to Know About Export Compliance and Deemed Exports, International Trade Blog, January 11, 2021

Championing Your Compliance Program, CEP Magazine, November 2020

Categories
Daily Compliance News

November 1, 2021 the What’s In a Name edition


In today’s edition of Daily Compliance News:

  • FTC to increase oversight of recalcitrant organizations.(WSJ)
  • The invidiousness of corruption. (Reuters)
  • How corruption ruined Lebanon. (NYT)
  • Does changing your corp name reduce risk? (NYT)
Categories
Blog

Monaco Speech: Part 1 – Individual Accountability

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on Compliance Into the Weeds where Matt Kelly and myself took a deep dive into her speech in a rare emergency podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
The key changes announced in the Monaco Speech were as follows: (1) “today I am directing the department to restore prior guidance making clear that to be eligible for any cooperation credit, companies must provide the department with all non-privileged information about individuals involved in or responsible for the misconduct at issue. To be clear, a company must identify all individuals involved in the misconduct, regardless of their position, status or seniority.” This portends a return to the strictures of the Yates Memo. (2) “The second change I am announcing today deals with the issue of a company’s prior misconduct and how that affects our decisions about the appropriate corporate resolution. (3) The final change I am announcing today deals with the use of corporate monitors.” This final change is a rejection of the strictures laid out in the Benczkowski Memo regarding the DOJ use of corporate monitorships.
Today, I am going to take up the first change, a reinstitution of the Yates Memo requirement that companies turn over information and evidence of any and all employees involved in the illegal conduct. In her speech, then DAG Sally Yates said the following, “Effective immediately, we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement ties directly into the first point of the Yates Memo, which has the title “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.” The Trump Administration DOJ had relaxed this requirement to those ‘substantially involved”. Monaco said some of the reasons for the change included:

  1. Such distinctions are confusing in practice and afford companies too much discretion in deciding who should and should not be disclosed to the government.
  2. Such a limitation also ignores the fact that individuals with a peripheral involvement in misconduct may nonetheless have important information to provide to agents and prosecutors.
  3. The department’s investigative team is often better situated than company counsel to determine the relevance and culpability of individuals involved in misconduct, even for individuals who may be deemed by a corporation to be less than substantially involved in misconduct.
  4. To aid this assessment, cooperating companies will now be required to provide the government with all non-privileged information about individual wrongdoing.

What this means in practice is that an internal investigation must focus on individuals from the start of an investigation, regardless of whether the investigation begins civilly or criminally. Moreover, once a case is underway, the inquiry into individual misconduct can and should proceed in tandem with the broader corporate investigation. Delays in the corporate case will no longer suffice as a reason to delay pursuit of the individuals involved. For the CCO or compliance practitioner, this means the entire focus of your investigative protocol must now change. Previously an investigation was to determine how conduct that might have violated the FCPA occurred and then focus on how to remedy it. The first step a CCO or compliance practitioner would take when sufficient evidence was developed would be to fix the problem so that it did not occur going forward. If there were compliance program or internal control weaknesses, they would be immediately fixed so that neither the original perpetrators could continue the conduct but also so others could not take advantage of any such structural weakness.
The reinstitution of this requirement by DAG Monaco demonstrates that the DOJ expects you to bring them information about all individuals who can be prosecuted going forward. Monaco’s remarks also demonstrate the DOJ expects you to turn over your own employees. This means DOJ want companies to give up senior executives involved in illegal conduct. As Yates said back in 2015 “We’re not going to be accepting a company’s cooperation when they just offer up the vice president in charge of going to jail.” One of the difficulties around the FCPA requirement for a criminal prosecution or intent. How do you determine intent in a manner where senior executives may never have been involved directly in a transaction? Does this mean insufficient tone at the top will somehow morph into intent for a FCPA prosecution? It appears that the DOJ is either no longer comfortable in companies and their counsel making this decision or wants to take over this assessment.
In addition to these prongs, I found point three from Monaco very interesting. The DOJ has been criticized by commentators and even the bench for the turning over of the internal investigation process to companies and their hired law firms. This prong 3 may be a way for the DOJ to respond to these critiques. It should be the DOJ which makes the assessment of potential culpability and potential enforcement, not internal investigators. It bears reiterating Monaco on this point, “The department’s investigative team is often better situated than company counsel to determine the relevance and culpability of individuals involved in misconduct, even for individuals who may be deemed by a corporation to be less than substantially involved in misconduct.”
Whatever the reason for the change, the Biden Administration is rejecting the light touch of the prior administration as led by former DAG Rod Rosenstein and later Brian Benczkowski. It appears this could be the first step to try and beef up FCPA individual enforcement and drive home the message that this administration is serious about the fight against international corruption. There were other developments from the Monaco Speech that I will take up in subsequent blogs this week.
Where I end up this week in this series, I do not yet know. Every time I read the speech, I see new angles for exploration. However, I promise that next up I will look at the rejection of the Benczkowski Memo’s default position that no monitorship would be used in FCPA enforcement actions or settlements.