Categories
The Compliance Life

Susan Divers – Move to Thought Leadership at LRN

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Susan Divers, currently Director of Thought Leadership at LRN.

In this concluding episode, Susan discusses her failed retirement from AECOM and how LRN found her. She took from AECOM an interest in what works in an effective compliance and ethics program. She discussed the values that LRN espouses for compliance and ethics programs and how that dovetails with her experiences as a CECO. She discussed company’s which put their values into action during the pandemic. We concluded with Susan looking down the road at the role of the CCO and corporate compliance function and the intersection of compliance and ESG.

Resources

 Susan Divers LinkedIn Profile

LRN

Categories
Compliance Week Conference Podcast

Lisa Fine on Adapting Compliance Programs to the “New Normal” of the Hybrid/Remote Work Environment

In this episode of the Compliance Week 2022 Preview Podcasts series, Lisa will discuss some of my presentation at Compliance Week 2022 “On Adapting Compliance Programs to the “New Normal” of the Hybrid/Remote Work Environment”. Some of the issues she will discuss in this podcast and her presentation are:

·      Discuss how the way of doing business has changed, both internally and externally, for global organizations and hear how compliance professionals are adapting their programs to account for the changes

·      Benchmark best practices in employee training and outreach programs within a hybrid work environment

·      Assess risks and hear lessons learned in conducting virtual investigations

In this first full compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. and many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners and gain insights into the agency’s areas of enforcement and walk away with guidance on how to remain compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency and more.
  • Bring actionable takeaways back to your program from various session types including ESG, Human Trafficking, Board obligations and many others for you to listen, learn and share.
  • The goal of Compliance Week is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount off the registration price. Enter discount code discount code TFLAW $200 OFF.

Categories
The ESG Compliance Podcast

ESG Supply Chain Compliance with Travis Miller and Jared Connors


Assent Compliance’s Travis Miller and Jared Connors join us as they discuss their work in conflict minerals supply chains, how ESG compliance plays a role, what companies should do to interpret data and increase efficiency and recovery, and the future of risk management.
▶️ ESG Supply Chain Compliance with Travis Miller and Jared Connors:
Key points discussed in the episode:
✔️ Companies are starting to realize the significance of making a commitment to ESG through responsible sourcing.
✔️ Outsourcing usually occurs in the most regulated, most dangerous, and least profitable businesses.
✔️ Business continuity planning is crucial in risk management, more flexible disaster response, and efficient operations. Aside from environmental and social, risk is also a financial concern.
✔️ The most important letter of ESG is P – product, people, and policies. Middle-aged workers are the most vulnerable and highly targeted in inhumane business practices and violations.
✔️ Dig deeper into organizations and understand their commitments to mitigate and prepare for risk.
✔️ Non-financial risks are pressuring investor disclosures.
✔️ ESG is reorienting the global market and the world. Large-scale environmental and social scandals ruin reputation and business.
✔️ Educating the supply chain contributes to overall company efficiency and risk management.
✔️ Compliance toolkits should be utilized even outside the company. The legal space has become the ideal practice ground for compliance.
✔️ Companies should be proactive in detecting supply chain issues internally.
✔️ Translate technical speak to an executive language to gain interest from the C-level suite.
✔️ Assess supply chain maturity.
✔️Companies are now compelled to make a change due to their global influence. Consumers’ cries for environmental and social accountability are now heard – all thanks to social media.
Jared Connors is a senior subject matter expert on Corporate Social Responsibility at Assent Compliance, the worlds’ leader in supply chain data management.
His expertise involves achieving ESG goals by understanding and mitigating potential supply chain risk, the transition from CSR to ESG, how companies can take a holistic approach to ESG, and ESG-related regulations, such as those pertaining to human trafficking and slavery, conflict minerals, and anti-bribery, anti-corruption.
Travis Miller is General Counsel at Assent Compliance. He manages Assent’s worldwide legal activities, advises the Board of Directors on legal matters, and oversees corporate compliance, governance initiatives, and other commercial transactions. Before coming to Assent, he served in various high-level counsel positions with companies such as Microchip Technology, Foresite Group, and St. Jude Medical.
Resources
Assent Compliance on Twitter
Assent Compliance on LinkedIn
Jared on Linkedin
Travis Miller on Linkedin
—————————————————————————-
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
Innovation in Compliance

What’s The Use Case with Blane Warrene


 
Blane Warrene is the Vice President of Product Management at Smarsh, an organization that helps companies manage risk in their electronic communications. Tom Fox welcomes him to this week’s show to talk about a variety of topics surrounding compliance around mobile and hybrid work environments. 
 

 
Compliance Challenges in The Hybrid Work Environment
There are three key factors that are compliance challenges in the hybrid work environment: the risk that comes with using company devices, bringing your own devices to handle company data, and consumer applications. Blane stresses that implementing policy is vital because policy is the frame in which the organization operates. However, Blane also remarks that a layer of processing technology has to be embedded within policy in order to completely tackle the issues that cause compliance challenges. 
 
Finding The Right Balance
Many companies and clients struggle with finding the right balance among apps, smartphones and global work tools. The key to achieving this balance is to first find out what the client or customer wants to enable. “The right first question is what problem are you trying to either solve, or what do you need to enable for your business,” Blane tells Tom. Take compliance out of the equation and simply focus on what the customer wants to achieve with their company. When you approach it that way, you often get a clearer answer that leads to the use case. 
 
Capturing Communication
Tom asks Blane what Smarsh recommends to capture or archive communications such as email or text. Blane explains that social media communication is what you want to plan for because each of the sources that you go to, has a different way to get the data. Smarsh makes it easier for someone who wants to capture a wide set of data. “What we do recommend is that it comes in on a regular frequency such as real time or daily, and they certainly have the ability with retention rules to not keep everything forever which is not productive,” Blane says. Certain pieces of data can only be kept for a finite period of time, but doing this ensures that the client doesn’t have a blind spot on the things they know they’re using. 
 
What Tools Should You Allow
Companies sometimes determine what tools they should allow based on where they are in the world. The tools are also based on what they as companies are trying to solve, how they communicate and what models they support. “That discussion helps us, basically enable us, to say to them ‘Here is the way you solve these use cases and ultimately you want them in a single pane of glass’,” Blane expresses. He adds that from a compliance perspective, you want to know that you can retain that data even if you get it in different ways. Data should be able to be viewed in a common context and not across separate silos.
 
Resources
Blane Warrene | Twitter 
Smarsh
 

Categories
Daily Compliance News

April 26, 2022 the Trump Ordered to Comply Edition


In today’s edition of Daily Compliance News:

  • Toll Holdings agrees to sanctions violations. (WSJ)
  • NY state judge holds Trump in contempt. (NYT)
  • Using blockchain to help fight corruption. (YaHooNews)
  • Musk buys twitter. (Bloomberg)
Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part IV

Last week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. Today we consider the lessons learned.
Rapid Expansion
Similar to what we saw in the WPP enforcement action, Stericycle engaged in rapid expansion in a series of foreign jurisdiction. In this case it was Latin America. Stericycle does not seem to have made the same mistakes as WPP in holding back part of the overall acquisition payout to the owners in the locales where they purchased entities and thereby incentivizing corruption to meet sales goals. Under Stericycle, there was nothing about this same type of incentive plan used by WPP. However, Stericycle did appear to keep the former owners on as the executives in these new foreign subsidiaries without taking into account how those former owners may have done business or the risk model it entailed.
Which brings us to pre-acquisition due diligence, which is not simply looking at the financial issues involved but also considering the potential purchase from the compliance perspective. How did the companies which were purchased to form the foreign subsidiaries in Latin America do business before they were purchased? Did Stericycle review those companies from the compliance standpoint?
Moreover, and as Candice Tal, founder of Infortal, continually reminds us, due diligence is more than simply a site investigation or a couple of interviews. It should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other lawsuits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publicly.” Clearly, Stericycle did not engage in this level of due diligence in either the acquisitions of the entities which became Stericycle subsidiaries in Latin America, nor in their key personnel. Employees up and down the chain of an organization do not simply wake up one day and decide to engage in bribery and corruption and create a full set of records so the effectiveness of your bribery-based business process can be evaluated. 
Impact of the FCPA Corporate Enforcement Policy
The Stericycle enforcement action once again demonstrates how the FCPA Corporate Enforcement Policy can benefit even the most corrupt organization and allow a significant reduction of the overall fine and penalty under the US Sentencing Guidelines. According to the DPA, Stericycle received a 25% discount off the bottom of the applicable Sentencing Guidelines fine range for its cooperation during the pendency of the investigation and the extensive remediation.
I have previously estimated Stericycle saved between $25 million to $30 million from their final criminal fine. That is certainly a significant amount and one every Chief Compliance Officer (CCO) needs to have ready to submit to your CEO to demonstrate the power of committing time and resources to both internal investigations and remediation during the pendency of the investigation.
Impact from the Lisa Monaco Doctrine
a. The Monitor
The is first FCPA enforcement action to show the full impact of the change in DOJ enforcement priorities after the Lisa Monaco speech of October 2021, in a variety of ways. The first is the imposition of a monitor. It was required under both the DPA and the Order. Interestingly, even though the company was long aware of its compliance and ethical failures and even though it had been investigating this matter since at least 2016; the company could not seem to get its collective act together enough to fully implement and test the new compliance regime set out in the DPA. The DPA stated, “despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years, as described more fully below and in Attachment D, is necessary to prevent the recurrence of misconduct.” [Emphasis supplied] Clearly the DOJ (and SEC) did not trust that the company would follow through with its resolution documents obligations and was “necessary to prevent the recurrence of misconduct.”
b. Culture
One part of the Monaco speech which drew much criticism from the White-Collar defense bar and others were her remarks around culture and that the DOJ would start assessing corporate culture in the context of other fines, penalties and regulatory enforcement actions from outside the FCPA context. Many articulated fears that conduct completely unrelated to a FCPA enforcement action could form the basis of a FCPA enforcement action. Those fears were alleviated in the Stericycle DPA which stated, “the Company has some history of prior civil and regulatory settlements, but no prior criminal history”. At least at this point, no unrelated civil or regulatory actions were assessed in the context of a FCPA enforcement action.
There was and continues to be much to consider and learn from the Stericycle FCPA enforcement action. I am sure we will be revisiting it in the future.