Categories
31 Days to More Effective Compliance Programs

Day 26 – Compliance Function in an Organization

The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, the 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.” The Monaco Memo and 2023 changes to the Corporate Enforcement Policy have made this all the more critical going forward.

This Hallmark was significantly expanded in the FCPA Corporate Enforcement Policy and 2020 Update. In the FCPA Corporate Enforcement Policy, the DOJ listed the following as factors relating to a corporate compliance function that it would consider as indicia of an effective compliance and ethics program: 1) the resources the company has dedicated to compliance; 2) the quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; 3) the authority and independence of the compliance function and the availability of compliance expertise to the board; 4) the compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and 5) the reporting structure of any compliance personnel employed or contracted by the company.

The 2020 Update, Monaco Memo, and 2023 update to the Corporate Enforcement Policy all demonstrate the continued evolution in the thinking of the DOJ around the corporate compliance function. Their articulated inquiries can only strengthen a corporate compliance function specifically; and the compliance profession more generally. The more the DOJ talks about the independence of the compliance function, coupled with resources being made available and authority concomitant with the corporate compliance function, the more corporations will see it is directly in their interest to provide the resources, authority, and gravitas to compliance position in their organizations.

Three key takeaways:

  1. How is compliance treated in the budget process?
  2. Has your compliance function had any decisions overridden by senior management?
  3. Beware of compliance outsourcing, as any such contractor must have access to company documents and personnel.
Categories
Innovation in Compliance

Operationalizing Compliance: Part 4 – Effectiveness, Redux with Alex Klingelberger

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 4, I am joined by Alex Klingelberger, CEO at Broadcat, where we deeply dive into effectiveness.

Highlights from this episode include:

  • Compliance training must stay away from the patronizing training material.
  • The DOJ pronouncements on clawbacks put pressure on senior management.
  • Bilateral communication is a critical component of a best practices compliance program.
  • Compliance engagement is more than between your compliance function and employees. It is when employees engage each other about compliance topics as well.

For more information, go to TheBroadcat.com.

Categories
Everything Compliance

Everything Compliance – Episode 110, The Bayeux Tapestry Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quintet of Jay Rosen, Jonathan Armstrong, Jonathan Marks, Tom Fox, and Matt Kelly, who discuss a potpourri of issues. We conclude with our fan-fav Shout Outs and Rants section.

  1. Matt Kelly at the SEC enforcement action against McDonald’s for giving disgraced former President Steve Easterbrook a severance package without explaining its reasons. He rants about the Department of Justice CCO certification requirement for Danske Bank.
  1. Jonathan Marks reviews the Fraud Pentagon and explains the additions of arrogance and convenience to the Fraud Pentagon. He Rants about the recent FAA failure, which crippled the US airline industry.
  1. Tom Fox has his first dual shout-out. His first shout-out is to US District Judge Middleton for sanctioning Donald Trump and his lawyer, jointly and severally, for $938,000 and the recently deceased musician David Crosby.
  1. Jonathan Armstrong looks at the NIS II Directive. He rants about the Tory proposed law against publicizing small boats that would make showing or even talking about the Bayeux Tapestry illegal.
  1. Jay Rosen looks at when and how is a compliance program ‘good enough.’ He shouts out to the NFL for the playoffs and for getting us the best four teams in the final four.

The members of Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

January 26, 2023 – The Offices Search Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • PwC, Boston Consulting Group offices search in Dos Santos corruption investigation. (ICIJ)
  • Corp execs now have a duty of oversight in Delaware. (Reuters)
  • 4 top pods on women and working. (FT)
  • British gambler fined for AML failures. (WSJ)
Categories
Blog

Operationalizing Compliance: Part 4-Effectiveness, Redux

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 4, I am joined by Alex Klingelberger, where we take a deep dive into effectiveness.

We began with a question about data and data analytics. I asked Klingelberger what might a CEO question a Chief Compliance Officer (CCO) about when the CCO brings data about the compliance program. He explained that it is not simply data but “data, plus.” He would further inquire into such areas as, “How did you collect the data? Who are the people that are involved in the data? What did you ask them? What was the data that you have collected and how it going to prove to both regulators and the business folks how to use it.”

He provided the example of annual compliance training program, where the effectiveness is measured with a “single yes or no question that says, did all the constituents certify that they had completed the annual compliance training program; so that you ended up with a score of 100% completion.” Alex said his first question would be, “what is that worth to us?” This is because the data “simply conveys a unidirectional, transmission of information to the people in the business and you have not necessarily improved the quality of those individuals understanding of their business.”

We also discussed the danger of “patronizing communications”. This is a type of communication which is oversimplified to the point where any person, not just a person who’s working in that business would implicitly understand what is right and what is wrong and therefore know the answer they are supposed to get. Something like “Is bribery bad?” is not something you need to train employees on. What employees need is something more useful which addresses given situations, about what bribery looks like and provides a pattern recognition for employees to avoid it.”

That you are really looking for in effectiveness is engagement. Klingelberger noted it is “instrumental that engagement to form the basis for better bilateral communicating between compliance folks and business folks on the frontline. But it is more than communications up and down, from compliance to employee and back. It is using training and communications to facilitate discussions between employees, their managers, their mentors and others about specific situations; how we should be acting and what things that we should and should not be doing in the course of business.” He believes such discussions are the essence of compliance communications and training.

We turned to the user experience as delivering compliance information in topic focused or risk-based bite-sized pieces, on a more periodic and frequent basis is a better way to deliver compliance training. This can facilitate your employees engaging with not only compliance, but it also engagement with managers and fellow employees so that the communication or training fosters an ongoing conversation on a variety of topics; outside of interactions with the compliance function. “This is the outcome you should desire with your communications or training. Something that is going to engage employees, be thought-provoking or thoughtful; yet if they have a question, they can either raise their hand and contact the compliance function or compliance can direct them to a resource within the company such as on a website or FAQs.”

We concluded by tying back to where we began, with some thoughts on data and effectiveness. Klingelberger considers that effectiveness also informs how compliance should be collecting data and providing it to business leaders. He believes, to the extent possible, your compliance function should “use the same systems and software that your business uses to collect data, to collect your compliance data.” He provided some examples; “if you’re a sales shop, a HubSpot shop, if you primarily work on Excel, maybe those are the systems that you should be using to collect your compliance data rather than a completely separate standalone program that both you and your employees only see once a year and generates limited output.” The key is to “make it easier for your business leader through the data that you are providing them by using data which is familiar to them.”

Join us as we conclude with Part 5 where we discuss how to avoid being overwhelmed.

For more information go to TheBroadcat.com