Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Mark Maynor on Audio Branding

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visit with noted podcaster Mark Maynor to discuss his presentation at PodfestExpo on audio branding for podcasters. Some of the issues we tackle in this podcast are:

  • Why every podcaster needs audio branding.
  • Why is Mark Maynor so excited about the 10th-anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through the powerful mediums of audio and video. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

Podfest Expo 2024 is a production of Podfest Global, which sponsors this podcast series.

Podcast Production Music

Mark Maynor on LinkedIn

Categories
Blog

The SAP FCPA Enforcement Action-Part 1: Introduction

The year in Foreign Corrupt Practices Act (FCPA) enforcement started off with a bang on January 10 with the announcement of a resolution of the outstanding SAP enforcement action. The bribery schemes used by SAP were massive in scope and literally worldwide in geographic area. As usual, Harry Cassin at the FCPA Blog broke the story for the compliance profession. SAP SE agreed to pay the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) approximately $222 million in penalties and disgorgement. SAP also entered into a three-year deferred prosecution agreement (DPA) with the Department of Justice imposing a $118.8 million criminal penalty and an administrative forfeiture of $103.4 million. Cassin went on to the note that the DOJ “will credit up to $55.1 million of the criminal penalty against amounts that SAP pays to resolve an investigation by law enforcement authorities in South Africa for related conduct, and up to the full forfeiture amount against disgorgement that SAP pays to the SEC or South African authorities.”

The SEC Press Release noted that the illegal actions included bribery schemes in the following countries: South Africa, Malawi, Kenya, Tanzania, Ghana, Indonesia, and Azerbaijan. SAP was held liable by the SEC based up its ownership of American Depositary Shares (ADR) shares which are listed on the New York Stock Exchange and violating the FCPA by employing third-party intermediaries and consultants from at least December 2014 through January 2022 to pay bribes to government officials to obtain business with public sector customers in the seven countries mentioned above. The SEC total fine and penalty was nearly $100 million. This figure represents disgorgement to the SEC of “$85 million plus prejudgment interest of more than $13.4 million, totaling more than $98 million, which will be offset by up to $59 million paid by SAP to the South African government in connection with its parallel investigations into the same conduct.”

What They Said

In a DOJ Press Release, Acting Assistant Attorney General for the Criminal Division, Nicole M. Argentieri said, “SAP paid bribes to officials at state-owned enterprises in South Africa and Indonesia to obtain valuable government business. Today’s resolution—our second coordinated resolution with South African authorities in just over a year—marks an important moment in our ongoing fight against foreign bribery and corruption. We look forward to continuing to strengthen our relationship with South African authorities and others around the world. This case demonstrates not only the critical importance of coordinated international efforts to combat corruption, but also how our corporate enforcement policies incentivize companies to be good corporate citizens, by cooperating with our investigations and appropriately remediating, so that we can take strong action to address misconduct.”

U.S. Attorney Jessica D. Aber for the Eastern District of Virginia also noted, “SAP has accepted responsibility for corrupt practices that hurt honest businesses engaging in global commerce,” said. “We will continue to vigorously prosecute bribery cases to protect domestic companies that follow the law while participating in the international marketplace.”

Postal Inspector in Charge of Criminal Investigations Eric Shen noted,  “When the mails are used in furtherance of a fraud or corruption scheme, borders are not an obstacle for U.S. Postal Inspectors. Postal inspectors, with our FBI law enforcement partners and Justice Department prosecutors, followed the wide-spread trail of bribes and corruption from South Africa to Indonesia. This joint effort resulted in the defendant company paying a significant criminal penalty and agreeing to long-term remedial measures.”

Assistant Director in Charge of the FBI’s Los Angeles Field Office, Donald Always added “This successful resolution against SAP is another example of the power of relationships and persistence. The sustained diligence by the prosecution team and continuous collaboration with South African law enforcement, regulators, and prosecutors identified corrupt activity in multiple countries. The FBI will continue our nonstop efforts to identify, investigate, and prosecute companies willfully engaging in corrupt activities around the world.”

Finally, Charles E. Cain, Chief of the SEC Division of Enforcement’s FCPA Unit, said in the SEC Press Release, “Our order holds SAP accountable for misconduct that spanned seven jurisdictions and persisted for several years and serves as a stark reminder of the need for global companies to be attuned to both the risks of their business and the need to maintain adequate entity-level controls over all their subsidiaries.”

Order and Information

The SEC Order found that SAP violated the FCPA by employing third-party intermediaries and consultants from at least December 2014 through January 2022 to pay bribes to government officials to obtain business with public sector customers in the seven countries mentioned above.” Additionally, “SAP inaccurately recorded the bribes as legitimate business expenses in its books and records, despite the fact that certain of the third-party intermediaries could not show that they provided the services for which they had been contracted.” Finally,  “SAP failed to implement sufficient internal accounting controls over the third parties and lacked sufficient entity-level controls over its wholly owned subsidiaries.”

The DOJ Information found that between approximately 2015 and 2018, “SAP, through certain of its agents, engaged in a scheme to bribe Indonesian officials to obtain improper business advantages for SAP in connection with various contracts between and among SAP and Indonesian departments, agencies, and instrumentalities, including the Kementerian Kelautan dan Perikanan (the Indonesian Ministry of Maritime Affairs and Fisheries) and Balai Penyedia dan Pengelola Pembiayaan Telekomunikasi dan Informatika (an Indonesian state-owned and state-controlled Telecommunications and Information Accessibility Agency).”

Given SAP’s prior SAP enforcement history, its recidivist status FCPA status,  its culture of non-compliance (at the very least), a non-prosecution agreement (NPA) from 2021 with the DOJ’s National Security Division, as well as administrative agreements with the Departments of Commerce and the Treasury relating to export law violations; one might wonder  SAP was able to receive such a superior result. Over the next several blog posts, we will be exploring that issue as well a host of others for the compliance professional. I hope you will join me over the next few blog posts.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 15 – Monitoring and Improvement of Internal Controls

What happens when controls are continually overridden? Does that necessarily mean that companies are engaging in activities that violate the FCPA or some other law, such as Sarbanes-Oxley (SOX)? Cristina Revelo said she would start out with some basic questions, such as “How often would something be manually approved? How often are controls skipped? What are the levels of approvals that you have and what is your documentation? What are the reasons? And are you documenting how often a certain department is requiring those overrides?” While it could indicate that a company lacks a culture of compliance or that everything is an emergency, it might mean something else. It might mean that your internal controls need to be evaluated and then recalibrated. The Department of Justice calls this continuous monitoring leading to continuous improvement. Joe Oringel, co-founder of Visual Risk IQ, calls it continuous control monitoring.

However, many compliance professionals, and particularly lawyers, think once a control is in place, it’s set in stone, and it’s there forever. This derives from the unfortunate fact that, once again, many compliance professionals and most lawyers do not understand internal controls. Yet, internal controls, much like the rest of a compliance program, can and should be continually monitored and improved based on information about such things as the number of overrides. Such a review can be evidence of a management problem or a culture of non-compliance at the organization. However, it could be that perhaps the controls need to be adjusted.

Revelo emphasized that it is not simply identifying the issues but remedying them as well, “because that actually might look worse if you identify a lot of issues, but do not fix them. You are better off by remediating everything you are identifying.” From there, you can conduct a root cause analysis as to why there was failure in a control or violation of a compliance procedure. Revelo concluded, “You need to really do that in an in-depth manner and then remediate.”

Three key takeaways:

1. An internal control override is not necessarily a bad thing if proper procedure is followed.

2. Internal controls are not set in stone.

3. The key is to have a process for monitoring the controls and taking input, literally from each line of defense.

To obtain a free White Paper from our sponsor, Ethico, on key compliance issues from 2023, click here.

Categories
The Ethics Experts

Episode 170 – Wesley Bizzell

In this episode of The Ethics Experts, Nick welcomes Wesley Bizzell. Wesley Bizzell serves as Senior Assistant General Counsel, External Affairs, and Managing Director of Political Law and Ethics Programs for Altria Client Services LLC (“ALCS”), where he provides in-house legal counsel on matters relating to the political, legislative, lobbying, and ESG-related activities of Altria Group, Inc., its service companies, including ALCS, and its operating companies, including Philip Morris USA Inc. and U.S. Smokeless Tobacco Co. LLC, John Middleton Co., and Helix Innovations LLC.

Twitter: @wesleydbizzell
LinkedIn: https://www.linkedin.com/in/wesley-bizzell/

Categories
Career Can D0

AI, Career Planning, and The Future of Work with Mark Herschberg

Is your plan for a career path nothing more than a list of vague aspirations? What if you could create a concrete plan and gain the skills that will help you achieve the career success you’re hoping for? Mark Herschberg joins Mary Ann Faremouth in this episode of Career Can Do and shares his insights on how to navigate the new work world. Mark is an instructor at MIT and the author of the book “The Career Toolkit: Essential Skills for Success No One Taught You.” They discuss a common mistake in creating a career plan, how to adapt to the changing landscape of AI, and the importance of the ‘firm skills’ no one taught you.

Mark emphasizes the need for individuals to have a career plan rather than simply hoping for promotions or advancements. “So many people, when they ask themselves about their careers or others ask, might say, well, I’d like to be a VP, and I’m a director of whatever, or a senior… And that’s the plan. Their entire plan is, “I hope one day to get this promotion or get to that level.” That’s not a plan.” Mark also suggests discussing the plan with one’s company and being open to the idea that the plan may lead to transitioning to a different job in the future.

Mark discusses the concerns surrounding AI and its potential to automate tasks and replace jobs. He offers a different perspective on how you can stay relevant in your career. “You want to be very strategic. Understand how those tasks will evolve, what will go away, what will stay, and what new tasks will come in.” Mark advises people to evaluate which tasks are high-value and hard to automate, as well as low-value tasks that can be automated. By focusing on high-value tasks and understanding the evolving nature of your role, you can adapt and position yourself for long-term career success.

Your career development plan shouldn’t be created in a vacuum. Mark emphasizes the importance of discussing career plans with employers and managers. He believes employers should work together with employees to find mutually beneficial solutions. As an employer, he shares some of the discussions he’s had with employees who want to transition to different roles or even different companies. By fostering open communication and understanding, employers can create a supportive environment that encourages growth and development.

Resources:

Mark Herschberg on LinkedIn | The Career Toolkit

Faremouth.com

Categories
Corruption, Crime and Compliance

Natalie Druckman from Certa on AI – Enhanced Third – Party Risk Management

How do you manage risk when the vulnerabilities are outside your organization’s in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckmann, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.

  • Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers’ credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities. 
  • Unlike the US, EU companies don’t benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG’s importance is on par with cyber security.
  • Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.
  • AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.
  • Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don’t need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and be able to quickly adapt to change.
  • Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.
  • Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.
  • Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.

KEY QUOTE:

“I think there is a very strong drive here for companies and stakeholders, not just to do the right thing… but doing the good thing as well.” – Natalie Druckman

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Natalie Druckman on LinkedIn

Certa

Email Natalie: nat@certa.ai

Categories
Blog

Monitoring and Improvement of Internal Controls

What happens when controls are continually overridden? Does that necessarily mean that companies are engaging in activities that violate the FCPA or some other law such as Sarbanes-Oxley (SOX). Cristina Revelo said she would start out with some basic questions, such as “How often would something be manually approved? How often are controls skipped, what are the level of approvals that you have and what is your documentation? What are the reasons, and are you documenting how often a certain department is requiring those overrides?” While it could indicate that a company lacks a culture of compliance or that everything is an emergency, it might mean something else. It might mean that your internal controls need to be evaluated and then recalibrated. The Department of Justice calls this continuous monitoring leading to continuous improvement. Joe Oringel, co-founder of Visual Risk IQ, calls it continuous controls monitoring.

However, many compliance professionals, and particularly lawyers, think once a control is in place, it’s set in stone, and it’s there forever. This derives from the unfortunate fact that once again many compliance professionals and most lawyers do not understand internal controls. Yet, internal controls, much like the rest of a compliance program can and should be continually monitored and continually improved based on the information about such things as the number of overrides. Such a review can be evidence of a management problem or a culture of non-compliance at the organization. However, it could be that perhaps the controls need to be adjusted.

How do you assess and then update your internal controls? Companies should also think about updating and reviewing their controls at least annually. In this manner, they can identify any violations of their internal controls. It also allows a deep dive into any specific areas of control failures. Another approach would be more robust controls through greater monitoring of your controls. For example, you could review your controls quarterly to allow you to spot any trends that are moving in the wrong direction. You can even start out by having your compliance function perform a self-review of its controls and test exemplar transactions. This is not a full-blown audit but simply desktop testing to make sure controls are being properly followed. Once again, simply because there is a control override or excessive use of a compensating control does not mean something is illegal. It may mean that the control is not working as it was designed.

Revelo said it could be an instance of “too short an approval time period and employees need a little bit longer because depending on their industry or how business works. This also helps to both identify frustrations from employees where there is a control, but every time it needs to be executed, it is impossible for me to do, or it’s impossible for me to comply with it a hundred percent.” These quarterly reviews can then be collated into an annual report for review and assessment and the report can form the basis of an annual report to the Compliance Committee of the Board of Directors or even the full Board.

The key is to have a process for monitoring the controls and taking input, literally from each line of defense. If a control is overridden too often, you need to change it. If a control is ineffective, you can use that information to craft a new internal control. Internal controls are not static, but dynamic and, with proper oversight, you can set up internal controls and literally improve them with appropriate documentation. (Hint-Document, Document, and Document.)

Revelo emphasized that it is not simply identifying the issues but remedying them as well “because that actually might look worse if you identify a lot of issues, but do not fix them. You are better off by remediating everything you are identifying.” From there you can conduct a root cause in that analysis as to why there was failure in a control or violation of a compliance procedure. Revelo concluded, “you need to really do that in an in-depth manner and then remediate.”