Day: February 27, 2023

Categories
Principled Podcast

LRN Principled Podcast: S9-E4: Actionable Ideas for your Corporate Ethics & Compliance Week

What you’ll learn on this podcast episode

Engagement is a hot topic in the ethics and compliance space—it impacts training, communications, and overall program effectiveness. But driving engagement gets tricky when you have a global presence or employee populations with different working conditions and technologies. How can E&C professionals foster engagement in a way that resonates with everyone—and even makes it fun? In this episode of LRN’s Principled Podcast, host Dave Hansen talks with Kerry Ferwerda, the ethics and compliance manager for Europe at NSG Group, about how to plan a successful corporate ethics and compliance week. Listen in as the two discuss ideas and best practices around event content, communication, and participation.   

Guest: Kerry Ferwerda

Principled_Podcast_Kerry-Ferwerda_Guest

Kerry Ferwerda is the ethics and compliance manager for Europe at NSG Group, one of the world’s largest manufacturers of glass and glazing products for architectural and automotive. it is also a leading supplier of technical glass products within its Creative Technology division. NSG has principal operations around the world with sales in over 100 countries.

A passionate advocate for doing business the right way, Kerry has worked within ethics and compliance for the past 10 years. During this time, Kerry has led E&C education initiatives across the group, operating across the business lines to develop and implement education programs that deliver value and embed a strong company culture.

Prior to joining ethics and compliance, Kerry worked within the group’s Automotive Glass Replacement business unit for 12 years, gaining a wealth of experience in roles across multiple departments and functional disciplines—including Finance, Operations, Supply Chain, IS, and Customer Service.

Kerry holds a BSc (Hons) in Information Technology for Business from Aston University, Birmingham, UK.

Host: Dave Hansen

Principled_Podcast_Dave-Hansen_Host

Dave Hansen is the global advocacy marketing director at LRN, an organization focused on ethics and compliance solutions that help people around the world do the right thing. His team drives LRN’s customer obsession by building community, deepening customer engagement, and finding meaningful opportunities for collaboration. Dave is passionate about learning, having spent most of his career within higher education or training. He loves sharing customer stories and best practices in the name of continuous improvement. Dave is a proud dad, coffee enthusiast, drummer, and scuba diver. In his spare time, he enjoys cooking and reading!

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Assessing Compliance Internal Controls

One of the specific requirements in the 2020 Update is around internal controls and, more specifically, control testing. It stated:
Control Testing – Has the company reviewed and audited its compliance program relating to the misconduct?  More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake?  How are the results reported and action items tracked?  

Fortunately, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 Internal Controls Framework considers assessing compliance with internal controls. In “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls,” COSO laid out its views on assessing the effectiveness of internal controls. It noted that an effective system of internal controls provides “reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting, and compliance.” Moreover, such a structured protocol can only meet two over-arching requirements. First, each of the five components is present and functioning. Second, the five components operate in an integrated fashion with each other. One of the most critical components of the COSO Framework is that it sets internal control standards against those you can audit to assess the strength of your compliance with internal controls.

Three key takeaways:

  1. An effective system of internal controls provides reasonable assurance of achieving the company’s objectives relating to operations, reporting, and compliance.
  2. There are two over-arching requirements for effective internal controls. First, each of the five components is present and functional. Second are the five components operating together in an integrated approach.
  3. For an anti-corruption compliance program, you can use the Hallmarks of an Effective Compliance Program as your guide to testing against.
Categories
Corruption, Crime and Compliance

Susan Divers on LRN’s 2023 Ethics and Compliance Program Effectiveness Report

LRN’s 2023 Ethics and Compliance Program Effectiveness Report provides valuable insights into the state of ethics and compliance programs in companies around the world, highlighting the importance of commitment, investment, and promotion of corporate ethics and compliance, especially during times of economic and geopolitical turbulence. Michael Volkov welcomes Susan Divers of LRN to discuss the implications of recent court decisions and DOJ regulations on corporate compliance programs. She also explores how these developments have increased the responsibility of senior management and boards, as well as the importance of data collection and analysis in order to ensure that a company is effectively managing its risks. 

Susan Divers is a well-known lawyer and expert in the field of ethics and compliance. She currently serves as the Director of Thought Leadership at LRN, a leading ethics and compliance training and advisory firm. Prior to joining LRN, she was the Senior Advisor for Global Compliance at Baker Hughes, a GE Company. She has also worked as an Assistant Chief Counsel in the Division of Enforcement at the U.S. Securities and Exchange Commission, and as a litigator at several major law firms. Susan has extensive experience in designing and implementing effective ethics and compliance programs for organizations of all sizes and industries. She is a frequent speaker and author on topics related to ethics and compliance, and is widely respected as a thought leader in the field.

 

Key ideas you’ll hear Michael and Susan discuss:

  • Strengthening ethical culture during the pandemic. According to LRN, 82% of respondents reported that their ethical cultures had strengthened as a result of the challenges faced during the pandemic. This is the third year in a row that the survey has asked this question and received positive responses, indicating that the trend is not a fluke.
  • Values-based leadership. The report highlights the importance of values-based leadership and programs in meeting challenges effectively. Almost the same percentage of respondents reported that their companies operated based on values as opposed to a rules-based compliance program, emphasizing the critical role a company’s values play in shaping its ethics and compliance culture.
  • Trade compliance. Trade compliance is an area of concern, with only 25% of respondents enhancing their trade control compliance and training. Due to increased export and sanctions regulations, this area poses a significant risk, especially in light of the Russia sanctions.
  • Inadequate internal systems, staff shortages, budget constraints, and employee disengagement are common challenges faced by ethics and compliance professionals.
  • The importance of data analytics. As the report points out, data analytics is essential for measuring ethics and compliance programs’ effectiveness and addressing areas of concern. Data analytics can provide insights on how a program is actually doing today, not yesterday, and can point towards hotspot thoughts that need to be addressed. A good internal system is necessary for good data analytics.
  • The importance of investing in appropriate training and risk controls to stay up-to-date with the latest regulations. The regulatory environment is constantly evolving, and new risks are emerging all the time. Investing in appropriate training and risk controls enables organizations to identify and mitigate risks proactively, reducing the likelihood of a compliance breach or other negative event.
  • Training is essential, and the emphasis is on scenarios-based training that is tailored to a person’s role. Shorter modules, the use of videos, and technology that allows for the customization of training are best practices.

 

KEY QUOTES

“If you don’t have a good internal system, you’re not going to be able to get good data analytics which tell you how your program is actually doing today, not yesterday, and which point towards hot spots or areas of concern that you really need to address.” – Susan Divers

 

“It’s not just about checking a box and having a policy, it’s about living the values and creating an environment where people feel comfortable raising issues.” – Susan Divers

 

“The single most important thing for a compliance program is leadership and culture.” – Susan Divers

 

“You need to be proactive and anticipate where things might go wrong.” – Susan Divers

 

Resources

Susan Divers on LinkedIn 

Email: susan.divers@lrn.com 

LRN 2023 PEI Report

Categories
All Things Investigations

All Things Investigations: Episode 22 – Mike Huneke and Laura Perkins on Changes to Corporate Enforcement Policy

Welcome to the Hughes Hubbard Anticorruption and Internal investigation Practice Group’s podcast, where host Tom Fox and Hughes Hubbard Anticorruption and Internal Investigation Practices Group members delve into the legal issues surrounding white-collar and other investigations, both domestically and internationally.  Laura Perkins and Mike Huneke join Tom on this episode to discuss the changes to the Department of Justice’s Corporate Enforcement Policy.

Laura Perkins is the Co-Chair of the Anti-Corruption & Internal Investigations practice group and Co-Managing Partner of the Washington, DC, office at Hughes Hubbard & Reed. Prior to joining the firm, Laura worked for nearly ten years at the Criminal Division of the U.S. Department of Justice, where she served as Assistant Chief of the FCPA Unit and oversaw some of the largest individual and corporate FCPA cases in the U.S. Laura now advises corporations, boards of directors, and senior executives on high-stakes government and internal investigations, crisis management, white-collar criminal defense, and cross-border compliance counseling. She has particular expertise in FCPA/anti-corruption, healthcare fraud, financial fraud, and money laundering cases.

 

Mike Huneke is a Hughes Hubbard & Reed partner specializing in Anti-Corruption & Internal Investigations. His work involves advising clients on navigating complex international anti-corruption investigations, implementing compliance risk assessments and program enhancements, and conducting due diligence on third parties. He has received several awards, including Lexology’s Client Choice Award for Investigations-USA in 2022 and recognition from Global Investigations Review for his work representing Airbus in resolving bribery and corruption allegations.

 

Key ideas you’ll hear in this episode:

  • The Department of Justice’s corporate enforcement policy has been expanded to a broader range of white-collar crimes. Prosecutors can use it to evaluate possible criminal violations against a company when investigating potential criminal violations. It’s also an unofficial guide for companies to position themselves to avoid prosecution or mitigate consequences.
  • The new policy offers a 75% discount for self-reporting, a significant change, and an additional incentive for companies to self-report.
  • The discounts offered can stack up quickly, and the range of penalties for non-compliance can be large so the discount can make a marked difference in the amount of criminal penalty under the sentencing guidelines.
  • There may still be apprehension about self-reporting, as there is uncertainty about the actual penalties and the reputational harm that can result from a public criminal resolution.
  • The definition of extraordinary cooperation is subjective and largely depends on the speed and fulsomeness of the material going from the company to the department.
  • Proactive cooperation, being efficient in conducting an internal investigation, and being the one to come to the department with a good rhythm and cadence are all ways to stay on the good side of extraordinary cooperation.
  • The decision to self-disclose still depends on whether the company thinks the issue will come out or not and the pros and cons of self-disclosure need to be weighed in a case-specific analysis.
  • The more guidance that comes out in speeches, policy memos, or resolutions and declinations, the better companies will be able to evaluate the value of self-disclosure.

 

KEY QUOTES:

“One of the major [changes to the Corporate Enforcement Policy is] increasing the maximum potential fine reduction a company can get for self-reporting. It’s a further effort by the Department to incentivize self-reporting.” – Laura Perkins

 

“I think [the updated Corporate Enforcement Policy] does provide a clear incentive for companies to continually maintain a good compliance program and controls that can detect these violations.” – Laura Perkins

 

“I think the more that the government can show examples of the application of this increased benefit for exceptionally cooperating recidivists and ABB is a great example of that.” – Mike Huneke

 

“[The Corporate Enforcement Policy is] also the unofficial guide for companies and how they can position themselves best in the event of a problem to avoid prosecution either or to mitigate the consequences.” – Mike Huneke

 

Resources:

Hughes Hubbard & Reed website

Laura Perkins on LinkedIn

Mike Huneke on LinkedIn

Categories
FCPA Compliance Report

Mary Inman on Top FCA Recoveries and Issues from 2022

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by with Mary Inman, a partner at Constantine Cannon. We discuss the recently released US Fraud statistics and preventative measures with Inman. Inman explains that the US Department of Justice put out statistics on the False Claims Act for 2022, with healthcare dominating the recovered funds. Inman discusses how whistleblowers can still launch cases, even if the government does not join in, and encourage listeners to report fraud to their respective insurance departments if it later results in higher premiums for their organizations.

Key Topics:

·      The Increase of Managed Care Plans in Medicare [00:04:16]

·       The Power of Whistleblowing and the Impact of Joining Government Cases [00:08:19]

·      Medicare and Medicaid Fraud in California and Florida [00:12:21]

·       Impact of Insurance Fraud on Premiums [00:16:44]

·      The False Claims Act and the Escobar Decision [00:26:09]

Notable Quotes

1.      “And they were basically paying kickbacks to their they know who the physicians are, who are the largest prescribers of their drugs. And they were paying kickbacks to encourage them to basically discourage them from prescribing their competitors’ products and to direct it to them.”

2.     “What happened here is that Mallinckrodt improperly calculated their rebate by claiming that the drug they developed in 1990 was a new drug in 2013. And so that allowed them to greatly decrease the amount of the rebate they would have owed to the Medicaid program.”

3.    “It’s another kind of false billing scenario. It was notable to me that we had 2 big settlements.”

4.     “The whistleblower had accused the Association of shifting costs that it shouldn’t have reimbursed onto the Florida Medicaid program.

 Resources:

Mary Inman on Linkedin

Constantine Cannon

Tom Fox on LinkedIn

Categories
Blog

Cookies, Compliance and GDPR

Are you feeling overwhelmed by GDPR enforcement and data privacy regulations? Are you concerned about the implications of big tech companies, such as Facebook and Instagram, on the data privacy of your customers? The recent fines imposed on Meta, formerly known as Facebook, of €210,000,000 for Facebook and €180,000,000 for Instagram has created a ripple of concern across the globe. I recently had the opportunity to visit with Jonathan Armstrong, partner at Cordery Compliance to explore the implications of this ruling and provide practical steps that organizations can take to ensure they are abiding by GDPR compliance. Be prepared to take a deep dive into the world of Cookie and Online Behavioral Advertising, and learn how to protect your customer data.

Armstrong outline the three steps you need to follow to also get compliance and transparency:

  1. Be transparent about how you handle personal data.
  2. Look at your legal basis for processing data.
  3. Look at any argument based on necessity carefully.

Be transparent about how you handle personal data.

Step 1 for GDPR compliance is to be transparent about how you handle personal data. In order to do this, organizations need to understand what data is being processed, where it is being stored, and how it is being used. Transparency is a core element of GDPR and companies need to ensure that they are providing clear information about their data processing activities to customers and other users of their services. Organizations need to look at the data flows to and from their services, as well as any third parties they are working with, in order to be fully transparent about what personal data they are collecting and how they are using it.

Companies should also look at the legal basis for processing data to ensure that it is compliant with GDPR. Furthermore, organizations should be careful to make sure that any arguments they make based on necessity are supported with evidence to prove that their use of data is necessary. Finally, companies should be aware of the potential risks of online advertising, particularly with big tech companies like Facebook and Instagram, and be cautious when booking online advertising campaigns.

Look at your legal basis for processing data.

Step 2 is to review the legal basis for processing data. To do so, you will need to go through your data processing activities and determine what the legal basis is for each of them. This can be done through a data inventory, which is a list of all the data you are collecting and using. This will help you to identify if you are processing data based on consent, contractual obligation, or some other legal basis.

Once you have identified the legal basis, you will need to make sure that the basis is GDPR compliant. This means that you must ensure that the legal basis is legitimate, freely given, and specific. You must also make sure that you are transparent with individuals about how their data is being used, that they have the right to access and control their data, and that you are providing adequate security for the data. Finally, you must ensure that you have the right processes in place to ensure that any data you are processing is done so in accordance with GDPR.

Look at any argument based on necessity carefully.

When looking at any argument based on necessity, it is important to look at it carefully in order to determine if it meets the requirements of GDPR. Necessity is defined in GDPR as the process of processing personal data necessary for the performance of a contract, or necessary for compliance with a legal obligation, or necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

When analyzing an argument based on necessity, it is important to take into account the specifics of the situation, and to ensure that the data processing is indeed necessary for the purpose it is being used for. Additionally, it is important to consider the rights of the data subject, and to ensure that any processing of their data does not override their fundamental rights and freedoms. If the argument is found to be valid and necessary, it is important to ensure that the data is processed in a transparent and secure manner, in accordance with the GDPR requirements.

For more information, check the podcast I did with Jonathan on this topic on Life with GDPR. Check out Cordery Compliance here.

Categories
Daily Compliance News

February 27, 2023 – The Maximum Pain Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Indonesia wants its share of the bribery fine. (FT)
  • FATF suspends Russia. (WSJ)
  • New levels of sanctions against Russia. (WSJ)
  • Roger Ng begs for mercy. (Reuters)