Day: February 23, 2023

Categories
EMBARGOED!

EMBARGOED! Episode 59: 2022: The Year Sanctions Came of Age in Germany?

This week, host Tim O’Toole and our guest Roland Stein of the Blomstein law firm in Berlin review trade-related developments in Germany in 2022, particularly with regard to sanctions against Russia.

Roadmap:

  • German export controls and sanctions
  • German enforcement agency
  • History of German enforcement pre-Russia
  • IT prohibition
  • Legal services prohibition
  • Price caps
  • Germany’s Sanctions Enforcement Act II
  • Germany’s draft strategy paper on China

Subscribe * Apple Podcasts Spotify *  Amazon Music  * Google Podcasts * Stitcher

Questions? Contact us at podcasts@milchev.com.

EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts.

***Stay sanctions free.***

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – COSO Objective IV: Information and Communication

As with the other components of the COSO Cube, the objective of Information and Communication is not to be taken in a vacuum. Indeed, one of the more interesting aspects of this objective is that it runs vertically and horizontally.

Principle 13: Use of relevant and quality information.
Principle 14: Communicate internally.
Principle 15: Communicate externally.

There must be communications up and down from the Board and within an organization to disseminate the appropriate compliance-related information. The CCO or compliance practitioner should also evaluate the communication lines to third parties for this principle. As noted, this communication can flow both ways with compliance obligations to third parties and information in the form of compliance issues back from third parties.

Internal communication is how you establish communications with your sales organization and your sales operations. How do you establish communications with the legal organization? How do you establish information with the post-sales organizations? Even with the auditors, your internal auditors, your external auditors, and the board, to give the Audit Committee of the Board comfort that the company has put in place the right levels of controls.

Three key takeaways:

  1. Consider the use of relevant and quality information.
  2. You need to document your internal communications so auditors can review the audit trail.
  3. This objective relates to your third-party compliance program.
Categories
Everything Compliance

Episode 113 – The Replika AI Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Karen Woody, and Matt Kelly who discuss a potpourri of issues. We conclude with our fan fav Shout Outs and Rants section.

1. Matt Kelly looks at ChatGPT and raises several questions for the compliance professional. He rants about Facebook and its layoffs and performance reviews.

2. Jonathan Armstrong comes in smoking on the Replika AI imbroglio in Italy and discusses his collection of comments by users of the service. He shouts out to the British Navy for the Altmark Incident in 1940, the last recorded English naval battle fought with cutlasses.

3. Tom Fox shouts out  Valentine’s Day and all those hopeless romantics out there.

4. Karen Woody looks at the new rules promulgated by the SEC on insider trading. She shouts out to the Netflix show Cunk on Earth.

5. Jay Rosen looks at the First Energy corruption scandal and the current trial of former Ohio House speaker Larry Householder. He shouts out to Stevie Van Zandt donating a do rag to California Representative Jamie Raskin to wear during his cancer treatment.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

February 23, 2023 – The Self-Disclosure Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • US states seek to block ESG investing rules. (Reuters)
  • Judge allows Wexner subpoena by mail in Epstein lawsuit. (FT)
  • Ohio speaker alleged to have used bribes money to pay for physical assaults. (Ohio Capital Journal)
  • US attorneys want more self-disclosure. (Bloomberg)
Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 3

In this conclusion of a three-part blog post series, we are considering how to create an effective compliance program through the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

The 7th step involves having an on-premise application for data analytics. This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools. You should consider a platform designed to be hosted and managed as a service, meaning that companies can utilize the platform without having to move large amounts of data around each month.

Under steps 8 & 9, you should run your data through a variety of libraries and test but a key is doing so without compromising their data privacy. Using data analytics to identify anomalous payments that may be indicative of corruption or fraudulent activities. This will help your organization to meet the DOJ’s expectations for an effective compliance program. It helps improve business processes, increase transparency, and reduce the risk of improper payments. Additionally, such a data analytics platform can be used to benchmark an individual company’s compliance program by identifying attributes of an improper payment.

Finally under Step 10, your organization should use a tool which also supports data visualization and dashboards that help companies analyze their compliance data in real time by quickly identifying any irregularities or anomalies that could be indicative of corruption or fraudulent activity. Your system should also provides support for automated reporting, allowing companies to easily generate reports on their compliance program. This can help companies identify areas of improvement, as well as any potential issues that should be addressed. Such visibility can extend up to the Board of Directors level which will enhance your reporting up the organization and facilitate the Board’s requirement for oversight under the Caremark Doctrine.

This approach can be used to facilitate risk assessments, helping companies to ensure that their compliance programs are up to the standards set by the DOJ. Through ongoing monitoring, it can be  used to track activities and progress in compliance over time, providing companies with a better understanding of their compliance processes, ensuring an effective way to demonstrate your compliance program is up to the standards set by the DOJ.

Data driven compliance decisions are essential for companies to meet the expectations of the DOJ This includes having access to relevant sources of data, conducting monitoring at the start and throughout the lifespan of a relationship, having an on-premise application, and self-disclosing any potential violations to the DOJ. A data analytics platform that can help companies meet these expectations, as it will provide advanced analytics and compliance monitoring that allow companies to quickly identify areas of risk and anomalies in their data. Additionally, the platform can be used to collaborate with other companies to gain insights into attributes of an improper payments to prevent fraud or even simple over-payment of vendor invoices.

Perhaps there is no better example of a data driven approach to compliance in meeting the DOJ expectations than in the 2022 ABB, Foreign Corruption Practices Act enforcement action. In it, ABB had notified the DOJ it wanted to meet and had scheduled a meeting but before ABB could come in and self-disclose, the story of ABB corruption in South Africa broke in the local news. However the DOJ credited ABB for detecting the violations and notifying the DOJ it was coming in. This went a long way towards the excellent result ABB was able to achieve in its resolution with the DOJ.

Listen to Vince Walden on Data Driven Compliance