Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 8 – Operationalizing Compliance Through Payroll

One of the areas articulated in the 2023 ECCP was around payments and payroll. For both the compliance professional and the corporate payroll function, there is a significant role to play in the operationalization of a corporate compliance program. The 2023 ECCP was replete with references to payment and its critical nature to any best practices compliance program. This includes references to payments to foreign officials, payments to third parties, and hiding bribes in payments to distributors. The 2023 ECCP begins with an admonition to stop wasting time on low-hanging fruit when there are much higher risks in your business operations.

The role of payroll in compliance is not often considered in operationalizing your compliance program, yet the monies to fund bribes must come from somewhere. Unfortunately, one of those places is out of payroll. All CCOs need to sit down with their head of payroll, have them explain the role of payroll, and then review the internal controls in place to see how they facilitate compliance goals. From that review, you can then determine how to use payroll to help operationalize your compliance program.

The DOJ has now provided its clearest statement on how it expects a company to actually comply going forward. Long gone are the days where the DOJ simply considered the inputs of a written program as sufficient to protect companies from compliance violations. Yet the mandate to operationalize a corporate compliance program drives home the concept that compliance is a business process that should be administered by the appropriate business unit with the requisite SME. When it comes to following the money, payroll is the most well-suited corporate discipline to provide this first level of oversight and control.

Three key takeaways:

  1. Payroll can be a key to preventing and detecting control
  2. The 2020 Update specified the tie between the corporate compliance function and the corporate payroll function.
  3. Offshore payments remain a key indicator of a red flag.
Categories
Corruption, Crime and Compliance

Deep Dive into HHS – OIG Compliance Program Guidance

In this week’s episode of Corruption, Crime, and Compliance, we usher in the New Year with a deep dive into something that happened in November of last year. As we begin 2024, it’s crucial to reflect on the substantial shifts in the healthcare industry’s compliance framework. The HHS Office of Inspector General’s Comprehensive Compliance Guidance, released late last year, has set a new standard for healthcare companies, reinforcing the importance of an independent compliance function and outlining a robust framework for effective compliance programs. Michael Volkov meticulously dissects the seven key elements of this groundbreaking guidance, emphasizing its relevance not just in healthcare but across the spectrum of compliance practices.

You’ll hear Michael discuss:

  • The HHS Office of Inspector General issued the Comprehensive Compliance Guidance (GCPG) in November 2023, a significant document for the healthcare industry, emphasizing the need for independent and robust compliance programs.
  • The guidance is structured around seven core elements: written policies and procedures, effective compliance leadership, training, open lines of communication, enforcing standards, risk assessment, and responsive corrective action for detected offenses.
  • The role of a Chief Compliance Officer is critical, and they should:
    • Report directly to the CEO or have independent access to the board.
    • Have sufficient stature within the entity equal to other leaders,
    • Demonstrate unimpeachable integrity, judgment, assertiveness and approachable demeanor, and
    • Have sufficient funding, resources, and staff to operate the program. 
  • Emphasizing the separation of legal and compliance functions, the GCPG recommends that compliance officers focus solely on compliance, avoiding roles in legal or financial departments.
  • The GCPG advises the establishment of a compliance committee, meeting quarterly, with responsibilities spanning legal regulation analysis, policy review, training effectiveness, and annual risk assessment.
  • The CEO should include a signed introduction in the code of conduct. The board should include a signed endorsement or similar written statement to support the compliance commitment, and entities should review their codes when a new CEO is hired.
  • Clear communication and board oversight are crucial, and they should be well-informed about compliance programs and ensure that the compliance officer has sufficient access to them.
  • How compliance officers and boards should respond when compliance concerns are reported or discovered and focus on the root causes of the misconduct to prevent recurrence.

 

KEY QUOTES

“The guidance directs that a compliance officer should report either to the CEO with direct and independent access to the board or to the board directly, demonstrating unimpeachable integrity, judgment, assertiveness, and an approachable demeanor.”

 

“Entities should also develop incentives to encourage compliance, which include ways in which there can be additional compensation, significant recognition, or other forms of encouragement, balancing the scales between compliance and business goals.”

 

“There should never be a statement made that requests or requires that employees first bring concerns to their manager or supervisor before contacting the compliance officer.”

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Riskology

Riskology by Infortal Episode 17: Geopolitical Risk at The Board Level

How can companies effectively manage geopolitical risk and integrate it into their business strategies? In this episode of Riskology, Dr. Andrea Bonime-Blanc joins the discussion to explore the importance of understanding the international geopolitical risk landscape. From the role of the board and management in risk governance to the need for practical translation of theoretical discussions, Dr. Bonime-Blanc provides valuable insights on navigating the turbulent and changing geopolitical landscape. Tune in to gain a deeper understanding of how geopolitical risk can impact your business and how to turn risk into opportunity.

Infortal Worldwide is a global risk management and investigation firm that specializes in helping businesses navigate complex risk landscapes. The company’s focus extends to various areas, including economics, politics, and geopolitical risk. By delving into these interconnected realms, Infortal Worldwide aims to provide clients with comprehensive insights that empower them to make informed decisions, especially in critical areas such as mergers and acquisitions, private equity investments, and other strategic moves.

You’ll hear Chris, Ian, and Andrea discuss:

  • Geopolitical tectonic shifts: The world is experiencing significant changes in geopolitical dynamics, such as the rivalry between China and the US, Russia’s invasion of Ukraine, and the focus on the Middle East.
  • Impact of generative AI: The development of generative AI technology poses risks, particularly in the hands of criminals, terrorists, and rogue nations who can use it asymmetrically to cause harm.
  • Integration of geopolitical risk into business strategy: Companies need to move beyond theoretical discussions and actively integrate geopolitical risk into their risk management frameworks and business strategies.
  • Cultural differences in approaching geopolitical risk: European-based multinationals tend to be more sensitized to geopolitical risks due to stricter regulations, while US-based multinationals often have a laissez-faire attitude and prioritize market-friendly approaches.
  • National security and corporate compliance: The Department of Justice recognizes that companies play a role in national security and is increasing its focus on enforcing corporate compliance through the National Security Division.
  • Role of general counsel in managing geopolitical risk: In smaller businesses without a general counsel, the CEO, CFO, or COO should take responsibility for understanding and addressing geopolitical risks, seeking external expertise when needed.
  • Link between geopolitical risk and opportunity: Understanding geopolitical risks allows companies to identify opportunities for value creation, better supply chains, and selecting partners and customers in different markets.
  • Evolving compliance programs: Compliance programs need to adapt to address the complex geopolitical risks of today, with dynamic assessments that consider changing global conditions rather than static annual analyses.

 

KEY QUOTES:

“There’s a little bit of that hubris and a little bit of that ultra-market-friendly attitude that has succeeded. And we don’t have privacy laws federally in this country, and there’s a reason for that: the business lobby and other interests have made sure that we don’t go there.” – Andrea Bonime-Blanc

“The danger of national security issues, IP theft, and intelligence gathering has always been there because we’re an open market economy and anyone and their brother can come here, and if they happen to be a spy or a plant from another government, we don’t find out, maybe ever.” – Andrea Bonime-Blanc

“Good risk management translates into good opportunity management and opportunity value creation.” – Andrea Bonime-Blanc

 

Resources:

Infortal Worldwide

Email 

Dr. Ian Oxnevad on LinkedIn

Chris Mason on LinkedIn

Dr Andrea Bonime-Blanc on LinkedIn

GEC Risk Advisory

 

Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Isar Meitis on Using AI in Your Podcast Production Process

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visit Isar Meitis, an expert on using AI in podcast production, to discuss his presentation at PodfestExpo. Some of the issues we tackle in this podcast are:

  • How to only do the fun part of podcasting and let AI do all the rest
  • Why is Isar so excited about the 10th anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

PodfestExpo 2024 is a production of Podfest Global, which sponsors this podcast series.

Isar Meitis on LinkedIn

Multipai.ai

Categories
FCPA Compliance Report

FCPA Compliance Report – Frank Orlowski on Navigating Challenges in Operating in Emerging Markets

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Frank Orlowski.

Frank Orlowski is a seasoned professional with a wealth of experience in managing emerging markets in the pharmaceutical industry, having spent over 25 years at Pfizer Pharmaceuticals. His extensive knowledge, particularly in South America, Middle East Asia, and Eastern Europe, where he faced difficulties in compliance, controls, and adhering to US accounting regulations, has shaped his perspective on managing emerging markets. Orlowski emphasizes the importance of understanding different cultures, regulations, and geopolitical issues when working in these markets. After retiring from Pfizer, he founded the Ation Advisory Group, where he leverages his expertise to assist companies in commercializing products in the life science industry. Join Tom Fox and Frank Orlowski on this episode of the FCPA Compliance Report podcast to gain more insights into managing emerging markets in the pharmaceutical industry.

Key Highlight:

  • Frank Orlowski’s Global Financial Expertise
  • Navigating Unique Obstacles in Emerging Markets
  • Navigating Cultural Differences in Emerging Market Compliance
  • Creative Employee Rewards and Engagement Strategies
  • Enhancing Healthcare Through Medtech Innovations
  • The Integrated Legal Division at Pfizer

Resources:

Frank Orlowski on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: January 8, 2024 – The Unwarranted Embarrassment Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Fat when de-risking leads to more risks, or at least newer risks. (WSJ)
  • The state of Florida can now import drugs from Canada. (WaPo)
  • Africa’s richest man accuses Nigeria’s anti-corruption watchdog of seeking to cause “unwarranted embarrassment.”. (FT)
  • Musk’s drug use concerns executives. (Bloomberg)
Categories
Adventures in Compliance

The Memoirs of Sherlock Holmes – The Final Problem

Welcome to a review of all the Sherlock Holmes stories that are collected in the work “The Memoirs of Sherlock Holmes.” They appeared in Strand Magazine from December 1892 to December 1893. Over the past 12 episodes, I have reviewed each story and mined them for leadership, compliance, and ethical lessons.  In this, we begin a two-part series looking at the last story from The Memoirs of Sherlock Holmes.

The intriguing concept of applying Sherlock Holmes’ methods to the work of compliance professionals is the focus of our discussion today. Tom Fox, a seasoned compliance professional, believes that the principles embodied by the iconic detective, such as ethical behavior, problem-solving abilities, continuous learning, and persistence, can greatly enhance the effectiveness of compliance professionals. Fox’s perspective is shaped by his extensive experience in the field, where he has seen the value of attention to detail, deductive reasoning, thorough research, collaboration, risk assessment, and discretion. Join Tom Fox in this episode of the Adventures in Compliance podcast as he delves deeper into how the methods of Sherlock Holmes can be applied to uphold ethical and legal standards in the world of compliance.

Key Highlights:

  • The Story
  • Reichenbach Falls Showdown
  • Lessons for Compliance Professionals

Resources:

The New Annotated Sherlock Holmes

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

New DOJ M&A Safe Harbor Policy

We continue our review of DOJ initiatives from 2023 and what they may portend for the compliance professional in 2024 and beyond. In October 2023, Deputy Attorney General Lisa Monaco announced a new policy regarding M&A. It is a Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company. Under the policy, the acquiring party will receive a presumption of criminal declination if it promptly and voluntarily discloses criminal misconduct, cooperates with any ensuing investigation, and engages in appropriate remediation, restitution and disgorgement.

The Safe Harbor policy is a clear continuation of the DOJ’s push for corporate voluntary self-disclosure. Monaco outlined efforts by DOJ to increase the benefits to companies that voluntary disclose corporate misconduct rather than those companies that decide not to disclose misconduct. The key for the acquirer company to  obtain the “carrot” DOJ is dangling and poses questions as to the “stick” the DOJ might wield if a self-disclosure does not achieve safe harbor, or more broadly, if an acquirer fails to identify criminal misconduct in the acquisition process, either pre or post-closing. This new Mergers & Acquisitions Safe Harbor Policy clearly demonstrates the DOJ’s interest is to avoid discouraging companies with strong compliance programs from acquiring companies with ineffective compliance programs and/or a history of misconduct.  To the contrary, DOJ is seeking to incentivize an acquiring company to timely disclose misconduct uncovered during the M&A process.

The Key Policy Takeaways are as follows:

  • The acquiring company must disclose criminal misconduct within six months of the transaction closing date.
  • The acquiring company has one year from the closing date to fully remediate the misconduct, including remediation, restitution and disgorgement, where appropriate.
  • Both deadlines are subject to reasonableness and may be extended by prosecutors due to deal complexity and other factors.
  • Misconduct that threatens national security or involves ongoing imminent harm must be immediately disclosed.
  • Misconduct disclosed under the policy will not factor into present or future recidivist analysis for the acquiring company.
  • The acquiring company’s eligibility for a criminal declination will not be impacted by the presence of aggravating factors at the acquired company.
  • The target company can also qualify for self-disclosure benefits, potentially including a declination, if there are no aggravating factors at the target company.
  • The policy does not impact civil merger enforcement.
  • The policy does not apply to misconduct that is otherwise required to be disclosed, already public or otherwise known to the DOJ.

Under this new Mergers & Acquisitions Safe Harbor, which applies across the Department of Justice, companies that promptly and voluntarily disclose criminal misconduct with the Safe Harbor period, and then cooperate with the resulting investigation, engage in timely and appropriate remediation and pay applicable restitution and disgorgement, will receive a presumption of a declination. Once again, the key deadlines are as follows:

  • Companies must disclose misconduct discovered (whether pre-or post-acquisition) at the acquired entity within six (6) months from the date of closing.
  • Companies will then have one year from the date of closing to fully remediate the misconduct.

The 6 month and one-year deadlines are subject to modification depending on the specific circumstances and complexity of the transaction.  The acquired company can also qualify under the Mergers & Acquisition Safe Harbor Policy for voluntary self-disclosure benefits.  Interestingly, DOJ clarified that any misconduct disclosed under the Safe Harbor Policy will not implicate or be counted in any future potential recidivist analysis.

As with most new DOJ policy initiatives, these concepts have been around for some time. As far back as 2008, the DOJ in Opinion Release 08-02 laid out safe harbor concepts in mergers and acquisitions. This Opinion Release was followed by the FCPA Resource Guide, 1st edition, released in 2012 which brought these concepts forward. However, many defense counsel decried the lack of certainty in both of these initiatives. Now under this new Mergers & Acquisition Safe Harbor Policy, the benefits are laid out in black and white.

The DOJ has made clear that under this new Mergers & Acquisition Safe Harbor Policy organizations that do not perform effective due diligence or self-disclose misconduct at an acquired entity will be subject to full successor liability. DOJ’s objective is clear — they do not want to penalize companies with strong compliance programs from acquiring companies with weak compliance programs when they conduct proper due diligence and discover and self-disclose misconduct. With this new policy, the DOJ is encouraging companies to conduct robust pre-acquisition due diligence and post-acquisition integration. Compliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction.