Day: March 9, 2023

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Auditing Joint Ventures

JVs provide many FCPA risks that other types of business relationships do not bring. For instance, the JV may interact with foreign government officials or employees of a state-owned enterprise; then leverage those relationships for an improper benefit relating to contracts, regulatory licenses, permits or customs approvals. It is difficult to regulate a JVs interaction with foreign government officials when your partner is a state-owned enterprise, or where your company is relying on the local company for its local contacts and expertise for business development and/or regulatory knowledge and experience.

The risks are compounded when the U.S. company does not exercise control of the JV. This is further compounded by the fact there is no minimum threshold for a FCPA enforcement action against a U.S. company for the actions of a JV in which it holds an interest. If a company holds something less than majority rights, it must to urge, beg and plead for the majority partner to adhere to anti-corruption compliance standards and controls. Often, these requirements are established in the JV agreement but the success in securing such contract protections depends on the importance of the global company to the JV itself.

Another set of issues comes from the JV when it seeks to retain third-party agents and/or distributors. Depending on the amount of control, the U.S. company usually can impose its set of standards for conducting due diligence of third-party agents and distributors. These risks become more difficult when the JV partner brings a proposed third-party agent or distributor and vouches for the agent or distributor. If the JV partner is a state-owned enterprise, the issues become even more complicated as such a referral creates an obvious red flag for a government-sponsored referral.

Three key takeaways: 

  1. JVs present unique FCPA risks and must be managed accordingly.
  2. Your final report needs to consider the final viewer of the document, potentially the DOJ or SEC.
  3. Be sure to follow up on any red flags raised but not cleared and action items for remediation or additional scrutiny.
Categories
Life with GDPR

SARs Update

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, host the award-winning Life with GDPR. In this episode, Jonathan Armstrong shares that SARs remain a significant area of concern for businesses. He joins Tom to discuss a recent individual’s complaint with the Austrian DPA, in which the response was incomplete and the individual took their case to an Austrian Federal Administrative Court. Jonathan shares that this tactic is being used by those under regulatory and governmental investigation. Tom and Jonathan’s insight is invaluable for staying informed of the most up-to-date news on SARs.

 Key Highlights

·      Challenges of Filing Data Protection Complaints in Austria [00:057]

·      Legal Implications of Acquiring a Business Under Regulatory or Governmental Investigation [00:11:03]

·      Ending a Podcast[00:15:50]

 Notable Quotes

1.     “We know that SARS are onerous, and it may be that the GIST route might be a way of saving some of the effort involved, not in searching for data necessarily, but in the whole redaction task, which is substantial because obviously you have to redact records so as not to expose the data of other individuals in many cases.”

2.     “And the officer stream result also seems to be in accordance with guidance from other DPAs as well. So probably the right decisions in both cases but obviously still some complexity involved in dealing with hours.”

3.     “We’ve definitely seen [SARs] in the context of regulatory or other governmental investigation. There are the cases in the public domain, for example, which is a case, which involves Russian oligarchs battling it out in the UK courts after group a investigated group b.”

4.     “And as I say, we’ve used the gist route previously. We know that people have complained to the ICR to other regulators but so far, that hasn’t been anything that regulators criticized in the cases that we’ve been involved with.””

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Daily Compliance News

March 9, 2023 – The 4-Day Work Week Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Rio Tinto settles FCPA violations. (WSJ)
  • Is UK ‘Death Valley’ for tech start-ups? (FT)
  • Legislation was introduced to create a 4-day work week. (WaPo)
  • FTC is looking into Twitter privacy practices. (NYT)
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 1 – Incentives

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we will begin a multi-part review of this document by considering financial incentives.

This section begins with a new introduction which makes clear the seriousness in which the Department of Justice (DOJ) views incentives, both financial and other types of incentives. The ECCP states, “The design and implementation of compensation schemes play an important role in fostering a compliance culture. Prosecutors may consider whether a company has incentivized compliance by designing compensation systems that defer or escrow certain compensation tied to conduct consistent with company values and policies. Some companies have also enforced contract provisions that permit the company to recoup previously awarded compensation if the recipient of such compensation is found to have engaged in or to be otherwise responsible for corporate wrongdoing. Finally, prosecutors may consider whether provisions for recoupment or reduction of compensation due to compliance violations or misconduct are maintained and enforced in accordance with company policy and applicable laws. Compensation structures that clearly and effectively impose financial penalties for misconduct can deter risky behavior and foster a culture of compliance.”

However, the DOJ reiterated that “providing positive incentives, such as promotions, rewards, and bonuses for improving and developing a compliance program or demonstrating ethical leadership, can drive compliance. Prosecutors should examine whether a company has made working on compliance a means of career advancement, offered opportunities for managers and employees to serve as a compliance “champion”, or made compliance a significant metric for management bonuses. In evaluating whether the compensation and consequence management schemes are indicative of a positive compliance culture.”

Neither of these concepts for incentives are new. Financial incentives were a part of the original 10 Hallmarks of an Effective Compliance Program, as delineated in the 2012 edition of the FCPA Resource Guide. It was brought forward in the 2020 2nd edition. Promotions, rewards and bonuses were also discussed in both of those documents as well as other DOJ pronouncements and formulations over the years. However, this is the first time the DOJ has specifically spelled out the role of the ‘compliance champion’ as both an indicia of a best practices compliance program as well as a mechanism to demonstrate a ‘positive compliance culture.’

The ECCP also added a new section on financial incentives which directs prosecutors to specifically evaluate how a company designs and applies financial incentives. It states:

Incentive System – Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethicsconsiderations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?

Rephrasing these questions, a compliance professional might consider them in the following manner:

  1. How does the company incentivize compliance and ethical behavior?
  2. Has the company considered the implications of its incentives and rewards on compliance?
  3. Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?
  4. Have there been specific examples of actions taken (g., promotions or awards denied) as a result ofcompliance and ethics considerations?

These four questions basically breakdown into the following continuum: (1) Assessment, (2) Analysis, (3) Implementation; and (4) Monitoring.

Incentive program assessment. Here you need to review your corporate incentive program for all employees, most particularly the discretionary bonus program but also your non-financial incentives such as promotion. Is your bonus program only related to individual sales, division sales or other similar metric or overall company performance? You can begin with some questions suggested by the ECCP: What role does the compliance function have in designing and awarding financial incentives at senior levels of the organization? Has the company evaluated whether commercial targets are achievable if the business operates within a compliant and ethical manner?

If you do not have any component for doing business ethically and in compliance, your entire compliance program is probably falling short at this point. You should also see if this is a query for promotion and not simply does an employee.

Incentive program analysis. Here you need to see what perverse incentives may exist in your organization. Obviously if meeting your target numbers is the sole criteria, your program is once again falling short. On the promotion front, you need to analyze patterns of promotion to (1) see if any employees with ethical or compliance program violations have been promoted; and (2) also determine if employees are promoted simply for NOT have any ethical violations. This would lead to a review of whether or not promoted employees have been actively participated in improving or maintaining a culture of compliance. How does the company incentivize compliance and ethical behavior? What percentage of executive compensation is structured to encourage enduring ethical business objectives?

Incentive program implementation. After implementation of the incentive program, it must be monitored. The ECCP suggests an inquiry into the following area: Has the company considered the impact of its financial rewards and other incentives on compliance? Additionally, what role, if any, did the corporate compliance function have in advising on the bonus program or participating in setting the bonus and promotion structures?

Incentive program monitoring. Here there needs to be ongoing monitoring of the incentive program, including has the company ensured effective management of the incentive program? The ECCP suggests a review of how much compensation has in fact been impacted (either positively or negatively) on account of compliance-related activities?

Join me tomorrow where I take a deep dive into discipline or the new formulation, “consequence management.”