Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Day: September 27, 2023
As every compliance practitioner is well aware, third-parties still present the highest risk under the FCPA. The DOJ 2023 ECCP devotes an entire prong to third-party management. It begins with the following: A well-designed compliance program should apply risk-based due diligence to its third-party relationships. Although the degree of appropriate due diligence may vary based on the size and nature of the company or transaction, prosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors that are commonly used to conceal misconduct, such as the payment of bribes to foreign officials in international business transactions.
This set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance program must have a process for the full life cycle of third-party risk management. There are five steps in the life cycle of third-party management: 1) business justification; 2) questionnaire to third-party; 3) due diligence on third-party; 4) compliance terms and conditions, including payment terms; and 5) management and oversight of third parties after contract signing.
I continually give my mantra of compliance, which is “Document, Document, and Document”. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program.
Three key takeaways:
- Use the full five-step process for third-party management.
- Make sure you have Business Development involvement and buy-in.
- Operationalize all steps going forward by including business unit representatives.
For more information, check out The Compliance Handbook, 4th edition, here.
The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent OFAC enforcement action involving 3M.
3 3M, found itself in hot water after violating Iran sanctions, leading to a hefty fine of $9,618,477 from the Treasury Department and OFAC. This violation, involving a subsidiary selling goods to a German reseller who then sold them directly to Iran, including to a sanctioned entity.
Tom points out the significant failures in controls and monitoring within the company that led to the violation. He emphasizes the importance of end user statements and monitoring in compliance functions to prevent such violations. On the other hand, Matt acknowledges that while 3M made an effort to comply with the Iran nuclear deal, changes in the arrangement that were not properly communicated or approved led to a violation of the sanctions agreement. He also underscores the importance of monitoring and obtaining end user statements to ensure compliance with export control laws.
Join Tom Fox and Matt Kelly as they delve deeper into this topic in the latest episode of the Compliance into the Weeds podcast.
Key Highlights
· Sanctions Compliance and Ongoing Monitoring
· Challenges and Consequences of Sanctions Compliance
· Sanctions Settlement for Selling Goods to Iran
· Anticipated Impact of Recent Events on 3M
Resources
Matt in LinkedIn
Tom
I recently concluded a podcast series with Case IQ. Over this series, I visited with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. We tackled such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and will conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and more profitably. This blog post series will expand on these topics. In Part 3, we consider why and how having an effective triage for reports and investigations can drive a culture of speaking up in your organization.
Jakub Ficner has over 15 years of experience in the internal investigative space and is currently the Director of Partnership Development at Case IQ. He strongly advocates for the importance of the triage process and technology in organizational compliance. He is a passionate and determined team player with experience in prospecting and implementing complex global solutions in various industries. Experience working in cross-functional and multi-cultural teams in Canada, the United States, Germany, and India. His specialties include business strategy and development, international management, ethics and compliance, investigation management, and global implementation strategy.
Jakub emphasized the need for organizations to consider the assessment and triage process before receiving complaints or allegations. This proactive approach allows for increased response time and the ability to set realistic stakeholder expectations.
One of the key points highlighted by Jakub is the importance of setting service level agreements (SLAs) to determine response times based on the nature of the allegation. This concept, borrowed from customer service practices, ensures that employees who come forward with complaints or allegations are provided with a clear understanding of the expected timeline for response and communication. By setting these expectations, organizations can foster a culture of open communication and trust.
The triage process is particularly important for multinational companies that operate across different regions. With varying compliance programs and regulations in different countries, having a well-documented process becomes essential. It allows compliance departments to navigate the complexities of compliance programs and investigations, ensuring consistency and adherence to local laws.
Technology also plays a crucial role in establishing effective compliance processes. Jakub points out that many organizations still need efficient documentation and tracking processes. Implementing technology, such as a case management solution, can help establish accountability and defensibility. It allows for establishing clear procedures monitoring performance and provides documentation that can be used to assess the effectiveness of compliance programs.
There is an overriding need for organizations to build accountability and defensibility into their compliance processes. By having a documented triage process and utilizing technology, organizations can ensure that complaints and allegations are handled promptly and consistently. This fosters a culture of speaking up and provides employees with the confidence that their concerns will be taken seriously and addressed promptly.
However, it is important to recognize the tradeoffs in balancing different factors when implementing a triage process and technology in organizational compliance. While efficiency and speed are crucial, organizations must also consider the need for thorough investigations and the protection of employee rights. Striking the right balance requires careful consideration and ongoing evaluation of processes to ensure continuous improvement.
In conclusion, the triage process and technology are vital in promoting a speak-up culture and ensuring organizational compliance. By proactively assessing and triaging complaints and allegations, organizations can increase response time and set realistic expectations for stakeholders. Implementing technology, such as a case management solution, helps establish accountability and defensibility. However, it is important to consider the impact on employee rights and the need for thorough investigations when making decisions about the importance of the triage process and technology in organizational compliance.
Join us tomorrow when we discuss closing the loop by improving your compliance program through a culture of speaking up.
Listen to Jakub Ficner on Innovation in Compliance here.
Welcome to a special five-part podcast series on enhancing corporate culture through a great speak-up regime. This podcast series is sponsored by Case IQ. Over this series, Tom Fox will visit with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. They will tackle such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and, at the end of the day, more profitably. In Part 3, Tom Fox visits with Jakub Ficner on the importance of your triage protocol and investigative process to foster a culture of speaking up.
Jakub Ficner has over 15 years of experience in the internal investigative space and is currently the Director of Partnership Development at Case IQ. He strongly advocates for the importance of the triage process and technology in organizational compliance. Jakub emphasizes the need for a rigorous reporting, triage, and investigation process, even before receiving a complaint or allegation. He believes that effective means of documenting and tracking investigative processes are crucial for establishing accountability and defensibility in compliance processes. Drawing from his extensive experience, Jakub highlights the significance of having a documented process, especially for multinational companies with compliance officers in various regions. He recommends using technology, such as a case management solution, to ensure accountability, defensibility, and easy information retrieval. Join Tom Fox and Jakub Ficner on this episode as they delve deeper into these topics of triage and investigations.
Key Highlights:
- The importance of effective triage
- Improving Response Time and Setting Expectations
- Effective Compliance Documentation and Tracking
- Using Technology to Establish Accountability and Defensibility
Resources:
Jakub Ficner on LinkedIn
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Hemma Lomax.
GWIC is back to start the 2.0 era! We are very excited to be back, and to start out our new format and hear your views. One consistent thing about the GWIC community is how much you all accomplish and that happened with Lloydette. As you will hear, Lloydette has been offered an amazing government appointment. One of the downsides is that she needed to re-evaluate some of her public commitments. It made the most sense for her to step down from GWIC. During the hiatus, the inaugural Women in Compliance Summit took place, and it was a huge success. Hemma has also been a guest of the podcast (Episode 145), and an advocate of “Sending the Elevator Back Down, “ and was already helping behind the scenes.
We are thrilled to have Hemma as a co-host, and Ellen Hunt of Spark Compliance and Sarah Hadden of Corporate Compliance Insights as part of the GWIC team and supporting our larger discussions. All four of us will be in Chicago at the SCCE CEI the first week in October, and then the 4 of us will recap the conference for the October 10 episode and to officially kick off this semester.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.
Welcome to the latest edition to the Compliance Podcast Network: Into the Chair: Tales from Chief Compliance Officers details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to successfully navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Into the Chair: Tales from Chief Compliance Officers is a Comply podcast hosted by Tom Fox and is a production of the Compliance Podcast Network. In this episode, I visit with Mario Chilin the Chief Compliance Officer at EP Wealth Advisors.
Mario Chilin is a seasoned professional in the compliance field, boasting a robust background in the financial industry, with degrees from California State University and Pennsylvania State University, and a paralegal certificate from Cerritos College. His perspective on his career in compliance is overwhelmingly positive, having discovered a passion for the field while working at the Bank of Tokyo Mitsubishi. Despite the challenges he faces as a Chief Compliance Officer, such as limited resources and the growing threat of cybersecurity, Chilin remains dedicated to his profession. His experiences, from working in operations during the 2008 financial crisis to his current role at EP Wealth Advisors, have only fueled his belief that others who delve into compliance will find the same passion and excitement. Join Tom Fox and Mario Chilin as they delve deeper into this topic on the next episode of the Into the Chair podcast.
Key Highlights
· Unexpected Paths to a Successful Compliance Career
· Navigating the Regulatory Side of Finance
· Maximizing Resources and Cybersecurity: Compliance Officer Challenges
Resources
Mario Chilin on LinkedIn
Connect with Tom Fox