Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Distributors as Business Venture Partners

Many compliance practitioners generally view distributors as a part of their third-party risk management program, with most of their attention on the pre-contract phase of the risk management process. Typically, most of the efforts are spent on due diligence with less on managing the relationship after the contract is signed. However, many facets of a corporate relationship with a distributor are closer to those of other business venture partners.

One of the issues in any compliance program is the compensation paid to a business venture partner as FCPA exposure arises when companies pay money – either directly or indirectly – to fund bribe payments. In the traditional intermediary scenario, the company funnels money to a business venture partner, who then passes on some or all of it to the bribe recipient. Often, the payment is disguised. Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2020 FCPA Resource Guide, 2nd edition and DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs, have provided insight into how the government interprets and enforces the FCPA. This information, in turn, allows companies to get smarter about FCPA compliance. With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations. Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.
Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus.
Three key takeaways: 

  1. The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out of range distributor discount.
  3. Tracking distributor discounts globally makes your company more efficient.
Categories
Innovation in Compliance

Third-Party Management: A risk-based approach – Part 4: Adam Bailey on Reporting

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 4, I visit with Adam Bailey to look at the role of the Board in risk, audit, compliance, and ESG and the reporting from executive teams and GRC practitioners to take risks and seize chances.

Bailey has worked to help organizations better manage their risk by providing insight and clarity to boards of directors. He strived to enable executive teams and GRC practitioners to assess and manage strategic risks, ultimately connecting boards, practitioners, and executives together to innovate and drive growth. With the complexity of third-party relationships continuing to grow, companies need to adopt a continuous improvement approach to contend with unforeseen risks. A corporate compliance function is not just something nice to have, but a must and a Board needs clear and relevant data to make the best decisions. Organizations need to use the necessary tools to ensure that Boards have the visibility to manage their third parties and make informed decisions.


Key Highlights

1. A compliance function must support leaders through its reporting work.
2. Companies can effectively manage third-party risk with a risk-based approach and robust processes.
3. Connecting Board, senior executives, and practitioners together to enable organizations to take risks and innovate is critical.

Notable Quotes

  1. “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”
  2. “Continuous blanket monitoring of all third parties with every risk asset you can think of is just not feasible and probably wouldn’t deliver the outcomes that we need.”
  3. “We know that change is constant, regulators are looking for risk management policies and practices which continually improve and evolve over time.”
  4. “We need robust processes and systems in place to make sure that when you create your third-party profile, it’s screened against sanctions lists, embargo watch lists, et cetera, to provide the rich data that’s there.”

Resources

Adam Bailey on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Presidential Leadership Lessons for the Business Executive

Leadership Lessons from the Presidents of the Republic of Texas: Mirabeau B. Lamar-Expansionist President

Presidential Leadership Lessons is a podcast hosted by Tom Fox. This continues a four-part series on leadership lessons not from US Presidents but from Presidents from the Republic of Texas, from 1836 to 1845. In this series, Tom is joined by Don Frazier, head of the Texas Center at Schreiner University in Kerrville TX to discuss the four Presidents who ledTexas when it was a country. In this third episode, Tom and Don discuss Mirabeau B. Lamar.

They delve into the life of Mirabeau B. Lamar and his political journey. Lamar was the second fully elected president of the Republic of Texas and was known for a battlefield promotion from private to colonel. During his presidency, Lamar carried out policies for the purpose of a stand-alone Texas and moved the capital from Houston to a more remote location, which is now Austin. Don also shares the origin story of the Wichita people, who were immigrants from the Kansas region. Additionally, as President, Lamar faced financial turmoil while in office due to the need to reconstitute an army and navy, as well as leasing boats to the Yucatan. Lastly, Don also speaks of the battle of Salado, where many Texans were killed.

Key Highlights

The Impact of Lone Star State Policies in Texas [04:39]

The Benefits of Moving the Texas Capital and Establishing the Texas State Library [08:59]

Origins and Cultural Impact of the Wichita People [13:15]

The Impact of Financial Mismanagement on the Lamar Administration in the Republic of Texas [17:49]

Trade Mission to Santa Fe [00:22:04]

Texas History: The Battle of Salado and the Dawson Massacre [00:25:52]

Notable Quotes

1.         He’s a pretty reckless dude on that day on the twentieth of April when they’re in that cavalry scrap with the Mexican cavalry, which was really the strong arm of the Mexican Army. You have to give him props for being tough but also with a tender heart, an interesting day.

2.         He’s an egghead with a keen sword and it makes sense. You know, 1 of the issues too that the Republic has is it’s an accidental republic. When they start looking for talent, they pretty much say, well, you’ll do because these are all place holders.

3.         All the other tribes in Texas came from someplace else, and people oftentimes don’t realize how dynamic and how mobile these different nations actually were, especially after contacting the introduction of things like the horse and the diseases that ravaged their societies.

4.         Lamar’s administration puts together a trade mission with military escort, but they don’t have a good map.

Resources:

Don Frazier, Director The Texas Center

The Texas Center at Schreiner University

Categories
Life with GDPR

DPO Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss the Data Protection Officer (DPO) role in light of GDPR – an important requirement outlined in Article 37. They discuss how the European Court of Justice views the role, how Germany had a DPO system in place before GDPR, and that DPOs should be supported by their employer and protected against any potential conflicts of interest. They touch on the shortage of suitable DPOs due to the price and resource requirements of the role, as well as the example of a data protection authority showing up to an organization and finding a person who had been recently trained. Tune in to discover more key insights about the role of the DPO as you stay knowledgeable on GDPR compliance with Life with GDPR.

Key Takeaways:

European Court of Justice and the GDPR System [00:05:46]

DPO Roles and Responsibilities [00:10:50]

Data Protection Authority Visit to an Organization [00:15:26]

Notable Quotes:

  1. “The Role of a DPO, in simple terms, is to sort of act as a sort of police officer to police the organization’s handling of data.”
  2. “If you look at GDPR article 37 5, it says that a data protection officer must be designated on the basis of professional qualities. In particular, expert knowledge of data protection law and practices, and there’s a number of duties in Article 39 they have to be able to perform.”
  3. “Regulators will expect to see competency. And it’s probably easier for a regulator to judge competency than it is to judge conflict of interest.”
  4. “I think it is definitely worthwhile putting resources in training and also currency.”

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
Daily Compliance News

March 23, 2023 – The No Chickens Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Don’t want no chickens. (Reuters)
  • End of Swiss exceptionalism. (Bloomberg)
  • Banks botching risk management. (WSJ)
  • Companies are looking at another year of shareholder sustainability proposals. (WSJ)
Categories
Blog

Reprioritizing Your Third-Party Risk Management Program -Reporting

Today’s business landscape is becoming increasingly complex and globally interconnected, with the average business now working with over 100 third-party vendors. While this presents a wealth of opportunities, it also brings a range of challenges for boards and GRC professionals alike when it comes to third-party risk management. I recently visited with Diligent’s Senior Vice President of Products, Adam Bailey on how to tackle these challenges and leverage third-party risk management to identify opportunities and equip boards to take risks, innovate and drive things forward. Here are the steps you need to follow to also get clarity, insight, innovation.:

  1. Understand the role of the board in oversight and provide clarity on third-party risk management.
  2. Board review Codes of Conduct.
  3. Continuous improvement view of risk management.
  4. Utilize real-time data to react to changing times.
  5. Ensure commitment to shared values and ethical cultures.

 1.Understand the role of the Board in oversight

Understanding the role of the Board in oversight and providing clarity on third-party risk management is an essential step in any risk management strategy. Obviously, the Caremark Doctrine is the leading authority which Boards must follow. But more than simply oversight to  meet a legal requirement, businesses should see the business opportunity by creating a business process which connects employees, compliance professionals, executives, and boards together in a seamless process. This connection enables a culture of continuous improvement that starts at board level and cascades down through the structures of the business. This allows two-way communication between boards and compliance professionals, so that boards can clearly communicate their risk management strategy and expectations. 

  1. Board review of Codes of Conduct

A key role for any Board is to review and refresh if needed your organization’s Code of Conduct on a regular basis. When it comes to third-party risk management this is needed to  ensure that the third parties are following the company’s established guidelines. A Board should understand the importance of third-party risk management and how to fulfill their role of oversight. There should be an enterprise-wide single source of data for every Board to ensure effective governance, risk and compliance. Boards should also be provided with dashboards to allow for continuous monitoring of third-party relationships and to provide real-time information and data to enable businesses to react to changing times. Ultimately, companies need to show that their Board is making a good faith effort to address risks by having due diligence processes in place and effective plans to monitor those processes.

  1. Continuous improvement view of risk management

A key role for any Board is to implement a continual improvement view of risk management. This shifts an organization’s focus from a one-time due diligence approach to ongoing, rigorous due diligence designed to identify risk areas and set benchmarks for improvement. This allows a Board to have a clear view of the risks involved and make informed decisions. A two-way dialogue is also important, with data flowing up to the board and actions cascading back down to the compliance team. 

  1. Utilize real-time data to react to changing times

There is probably no more important task for a Board in 2023 than responding to changing times. Obviously Covid-19 is still in front of mind, but the change political, geographic, economic and even climate changes are moving much more quickly now. For a Board to provide effective oversight, it must have access to real-time data to react to changing times. This is both from a regulatory perspective and a business/reputational perspective. All internal stakeholders should be connected with enterprise-wide single source of all nonfinancial data required for effective governance, risk, and compliance. The platform also provides real-time information and data so Boards can quickly react to changing times. Furthermore, the platform adds relevancy and context to the risk data which helps Boards make informed decisions based on the potential upside and downside of taking on certain risks.

  1. Ensure commitment to ethical values and ethical cultures

It really all does start at the top and Boards must ensure commitment to ethical values and ethical cultures. Boards should mandate that companies adopt a continual improvement view and embrace not just one and done due diligence, but ongoing monitoring and continuous improvement. Boards should mandate that organization enforce their commitment to ethical values, ethical cultures, and honest business practices. When it comes to third parties, Boards must understand the risk each third-party poses and to consider the business in question and the sort of inherent nature of the dealings with that third-party. Having a robust platform also provides real-time information and data throughout the relationship with the third-party, dashboards to monitor third-party information, and a single source of truth for all nonfinancial data. This allows for a two-way dialogue between GRC professionals and the board to ensure that the board has the clearest, most relevant, and most targeted information to inform better decisions.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Adam Bailey on the podcast series here.