Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Mike Hamilton on Giveaways to Start a Podcast Network

In this episode of the Podfest Expo 2024 Speaker Preview Podcasts series, I visited with noted podcaster Mike Hamilton to discuss his presentation on giveaways as a key to starting a podcast network at Podfest Expo. Some of the issues we tackle in this podcast are:

  • Giveaways are the key to starting a podcast network.
  • Why is Mike so excited about the 10th-anniversary event as a first-time attendee?
  • Why you should attend Podfest Expo 2024.

I’m hoping you’ll be able to join me at Podfest Expo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through the powerful mediums of audio and video. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

Podfest Expo 2024 is a production of Podfest Global, which sponsors this podcast series.

Rogue Media Network

Mike Hamilton on LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program – Day 16 – Tailored and Effective Compliance Training

One of the key goals of any compliance program is to train employees in awareness and understanding of the FCPA, your specific company compliance program, and to create and foster a culture of compliance. While it seems axiomatic that compliance training is the mainstay of any best practices compliance program, the conversation around training has evolved over the years.

The importance of determining the effectiveness of your compliance program has been enshrined by the DOJ. The 2023 Update confirmed that the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many CCOs and compliance professionals still struggle to determine. Both the simple guidelines suggested herein and the more robust assessment and results provide you with a start to fulfilling the precepts set out by the DOJ, as you will eventually need to demonstrate the effectiveness of your compliance training going forward.

Three key takeaways:

1. How and why have you tailored your compliance training and how do you determine its effectiveness?

2. Try an “espresso” shot of training

3. Present your training in both local languages and a variety of media.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

The SAP FCPA Enforcement Action-Part 2: The Box Score of Corruption

We continue our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement involving the German software company, SAP. The company agreed to pay the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) approximately $222 million in penalties and disgorgement. SAP also entered into a three-year deferred prosecution agreement (DPA) with the Department of Justice imposing a $118.8 million criminal penalty and an administrative forfeiture of $103.4 million. Today we look at SAP’s compliance program requirements for third parties, the Box Score of corruption, the corrupt agents and the bribery schemes used across the globe by SAP.

The Box Score

The breadth and scope of SAP’s illegal conduct was simply stunning, literally running across the globe. For those not keeping scoring at home, I put together a Box Score of the location/entity bribed, the amount of the bribe (where reported) and the benefit obtained by SAP. Once again, it was simply stunning.

Location and Entity Where Bribe Paid Amount of Bribe Revenue Generated
South Africa-Transnet $562,215 $4.4MM
South Africa-Transnet $1MM $6.58MM
South Africa- City of Johannesburg $120K $13.16MM
South Africa-Eskom $5.18MM $28.58MM
South Africa-Dept. Water and Sanitation (DWS) $527,460 $35.4MM
Malawi Not reported $1.1MM
Tanzania-Ports Authority

 

Not reported $828K
Ghana National Petroleum Corporation

 

$400K $1.20MM
Indonesian Ministry of Communication and Information Technology

 

$67,380 $268,135

 

Indonesian Ministry of Maritime Affairs and Fisheries

 

App. $5000 $80,500
Indonesia- PT Pertamina

 

Not reported $13K
Indonesia- Pemda DKI

 

Not reported $383K
Indonesia- PT Angkasa Pura I

 

Not reported $1.09MM
Indonesia- PT Angkasa Pura II

 

Not reported $2.53MM
Azerbaijan- State Oil Company

 

$3000 $1.6MM
Totals Reported in Settlement Docs-$7.8 Reported by DOJ-$103,369,765

SAP Policies and Procedures

SAP used third parties, monikered as Business Development Partners (“BDPs”), which were eligible to earn commissions for SAP sales on which they assisted. Moreover, as noted in the SEC Order, “SAP’s internal policies and procedures for working with third parties required employees to conduct due diligence to assess risk and ensure: (1) That a third party had no relations (as a family member) to the SAP customer or a potential customer, and (2) That the third party was not a government official, government employee, political party official or candidate, or officer or employee of any public international organization or an immediate family member of any of these. In addition, with respect to BDPs, all sales commission contracts had to be in writing and clearly define the services to be provided and the related business and payment terms.”

SAP’s internal controls went on to require its subsidiaries and employees were “to use a model agreement that included standard commission rates and to follow a standardized internal approval process, which required the involvement and approval of the local legal department or compliance officer, the subsidiary’s local managing director, and its local chief financial officer. In cases where a BDP agreement required non-standard terms, regional management had to provide additional approvals. The policy documents explicitly state that they were put into place to ensure that no relationship with a third party would be used to inappropriately influence a business decision or pay bribes to government officials.”

The Corrupt Agents

In the corruption involving the South African entity Transnet, the SEC Order noted that “SA Intermediary 1 ever being present at meetings with Transnet, nor does SA Intermediary 1 appear to have a credible IT background or experience.” Regarding another corruption agent call SA Intermediary 2, it stated, “SAP South Africa paid approximately $1 million in commission fees to SA Intermediary 2, a South African 3D printing firm despite the fact that it provided no tangible services to SAP. SAP South Africa and its employees knew about the red flags relating to SA Intermediary 2’s ownership. The former director of SA Intermediary 2 admitted that the entity had “no expertise” or skills to provide meaningful services on the Transnet deal and also said he had no knowledge of SA Intermediary 2 providing any services. During an SAP-initiated audit of SA Intermediary 2, the third party failed to provide evidence of any services performed.” Indeed the DOJ Information noted that in a 2017 review by SAP in 2017, “revealed that Intermediary 2 had no financial statements (audited or unaudited), had not filed any returns for employee tax purposes, and found no signs of activity at Intermediary 2’s claimed business address.

When it came to Eskom, the SEC Order noted, “SA Intermediary 3, a purported IT consultant on the Eskom project. SA Intermediary 3, however, never performed any services. Instead, SAP South Africa’s Managing Director instructed SAP South Africa employees to perform the consulting work in SA Intermediary 3’s stead and still paid the entity a total of $1.6 million. Notably, officials at Eskom approved these payments despite SA Intermediary 3’s absence on the project. SAP also retained SA Intermediary 2 to perform vague services on Eskom contracts dated March, 2016 and November 2016 that, as a 3D printing company, SA Intermediary 2 was unqualified to perform. Regardless, SAP South Africa paid SA Intermediary 2 a total of $5.18 million in consulting fees.”

The Bribery Schemes

The thing which struck me about the bribery schemes was that they were so pedestrian, yet they permeated SAP from 2014-2022. Yet there very pedestrian nature serves not only as a warning for companies and compliance professionals but also as a road map for compliance program monitoring, improvement and remediation. From the very start of the corruption in South Africa, SAP employees began to avoid, evade and violation SAP internal compliance requirements.

  1. South Africa

In South Africa, in addition to the bribery schemes noted in the section above, where payments were made for non-existence work or services billed by the corrupt agents, “bank records indicate that shortly after the deal closed, SA Intermediary 1 paid $562,215, characterized as “loans,” to an individual known to be involved in making bribe payments.” In SAP’s contract with the City of Johannesburg, the SEC Order noted, “In addition to these cash payments, SAP South Africa paid for trips to New York for government officials in May and September 2015, including the officials’ meals and golf outings on the trips.” The DOJ Information reported that these payments were recorded in SAP books and records as ‘sales commission payments.’ Finally, in the contract involving the DWS, the SEC Order stated, “The local business partners were paid at a 14.9% commission rate, the maximum allowed under SAP policy without approval from the Board. SAP South Africa employees engaged both BDPs at the highest commission percentage allowed, staying under the 15% commission rate so as to avoid the need to obtain higher level approvals, and authorized the payment despite the local partners’ failure to meet deliverables relating to the DWS transactions.” The DOJ Information further noted that the bribe payment was routed through a second corrupt agent, in an attempt to conceal the criminal nature of the bribe.

2. Indonesia

The SEC Order noted that in “Indonesia, Intermediary 1 used fake training invoices to issue payments that created slush funds to pay bribes. Employees at Indonesia Intermediary 1 created shell companies to generate these false expenses. Some of the false invoices generated kickback payments to employees at the Indonesia Intermediary 1, some paid for customer excursions, and others generated cash payments to government officials at state-owned entities.” Next, “Indonesia Intermediary 1 employees, paid for shopping excursions and dining for a BP3TI official and his wife during a June 2018 trip to New York City, in route to attending the 2018 SAP Sapphire Conference in Orlando, Florida.” Additionally travel expenses, gifts, meals and entertainment was paid for by the Indonesian Intermediaries.

3. Azerbaijan

Lastly, in Azerbaijan, a mid-level SAP employee provided improper gifts in December 2021 and January 2022 to multiple SOCAR officials in an effort to close the deal. The SEC Order stated, “Several SOCAR officials received gifts totaling approximately $3,000, well above SAP’s gift limit of $30. Text messages indicate that the employee was rewarding senior officials who supported, and were directly responsible for, approving the pending sale. The employee also prepared a fake Act of Acceptance between SOCAR and an SAP Azerbaijan partner, which she submitted to the SAP contract booking team on February 4, 2022. SOCAR signed the real Act of Acceptance on May 12, 2022. Evidence indicates that the employee was attempting to claim a commission on the deal before her pending promotion to SAP Azerbaijan Managing Director became effective, after which she would not be eligible to earn additional compensation from the sale.”

Once again, the thing that struck me about all these schemes is there is really nothing new, innovative or particularly novel about any of these bribery schemes. It speaks to the basic blocking and tackling which every compliance program needs to engage in at due diligence and then throughout the life cycle of the third-party relationship.

Join us tomorrow where we consider the comeback made by SAP after the investigation began.

Categories
Innovation in Compliance

Innovation in Compliance – Steve Vincze on Building Trust: Overcoming Challenges as an Outsider

Innovation comes in many forms, and compliance professionals need to not only be ready for it but also embrace it. My guest in this episode is Steve Vincze, founder of Trestle Compliance.

Steve Vincze is a seasoned professional with a rich background as an in-house corporate commercial compliance lawyer, specializing in building trust and implementing compliance programs in businesses. His perspective on the subject is rooted in the belief that developing a human connection is key to building trust and implementing successful compliance programs. Drawing from his experience, including being recruited by Tap Pharmaceuticals to implement their first compliance program, he emphasizes the importance of modeling the behavior he wants from others and creating an environment where people feel comfortable sharing. He views compliance programs as tools to empower individuals rather than restrict them, and he strives to change the perception of compliance by demonstrating that it can be a tool for confidence and success. Join Tom Fox and Steve Vincze on this episode of the Innovation in Compliance podcast to learn more about his unique approach.

Key Highlights:

  • Establishing Trust through Human Connection
  • Experienced Professionals Providing Comprehensive Consulting Solutions
  • Expert Compliance Program Implementation Services
  • The Impact of Artificial Intelligence on Data Security

 Resources:

Steve Vincze on LinkedIn

Trestle Compliance

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
All Things Investigations

All Things Investigations – Kevin Carroll on the DC Court of Appeals Immunity Argument

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast All Things Investigations. In this podcast, I joined by HughesHubbardReed partner Kevin Carroll as we continue to review the various indictments against former President Trump. In this episode we look at the oral argument in the DC Court of Appeals immunity defense appeal.

Kevin Carroll, a professional in the field of investigation and law, brings his expertise to the podcast “All Things Investigation” with Tom Fox. Carroll’s perspective on the topic of Trump’s immunity claims and military officers’ constitutional oath is shaped by his deep understanding of the various Trump lawsuits and his military background. He believes that military officers have a strong commitment to upholding their constitutional oath, distinguishing them from oppressive organizations like the  SS or the Soviet KGB. Carroll also expresses concern about the potential harm caused by the irresponsible behavior of former President Trump and his lawyers. Join Tom Fox and Kevin Carroll on this episode of the All Things Investigation podcast for more insights into these topics.

Key Highlights

  • Trump’s Absolute Immunity Claims and Criticisms
  • The Significance of the Constitutional Oath
  • Ongoing Lawsuits and National Security Proceedings

Resources:

Hughes Hubbard & Reed website

Kevin Carroll on LinkedIn

Categories
Everything Compliance - Shout Outs and Rants

Episode 127 – Shout Outs and Rants – The Awesome Edition

Welcome to Everything Compliance—Shout Outs and Rants. Today we have the quintet of Tom Fox, Jay Rosen, Jonathan Marks, Jonathan Armstrong, and Matt Kelly.

1. Matt Kelly rants about the SEC getting hacked around the Bitcoin ETF announcement and reminds everyone to use two-factor authentication.

2. Tom Fox shouts out to the University of Michigan for winning the College Football National Championship.

3. Jonathan Armstrong shouts out to Jay Rosen, who is in transition and would be a great addition to any compliance product or service BD team.

4. Jay Rosen shouts out to Robert Kraft and the New England Patriots for paying departing coach Bill Belichick his full 2024 salary.

5. Jonathan Marks rants about the Philadelphia Eagles.

The members of the Everything Compliance are:

Jay Rosen – Jay is Vice President, Business Development, Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

Karen Woody – one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

Jonathan Armstrong – is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

Jonathan Marks can be reached at jtmarks@gmail.com.

The host, producer, and ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Data Driven Compliance

Data Driven Compliance: The Journeys of Albemarle and ABB to Data – Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I co-hosted with Vince Walden, CEO of KonaAI, to visit with our guests Andrew McBride, Chief Risk Officer at Albemarle, and Tapan Debnath, Head of Integrity, Regulatory Affairs, & Data Privacy—Process Automation at ABB, on their respective companies’ journeys to data-driven compliance.

We consider the importance of integrating due diligence systems with business conduct and anticipate 2024 to be a breakthrough year for data-driven compliance. McBride, recognized by the Department of Justice for his work in data-driven compliance, believes in the critical role of data in identifying and responding to risks, testing the effectiveness of compliance programs, and reporting to internal stakeholders. Debnath stressed the need for visibility and alignment with senior business stakeholders during investigations and the use of data analytics platforms to measure integrity and key performance indicators. Join Tom Fox, Vince Walden, Andrew McBride, and Tapan Debnath on this episode of the Data Driven Compliance podcast as they delve deeper into the challenges and importance of data-driven ethics and compliance programs.

Key Highlights:

  • Using data analytics to assess program effectiveness
  • Proactive risk management through continuous monitoring
  • Leveraging due diligence for proactive risk management
  • Data transparency and collaboration for compliance success
  • Transitioning from external dependencies to internal capabilities

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: January 16, 2024 – The Crown Jewel Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Crypto firm Genesis Trading was fined $8 million for compliance failures.  (WSJ)
  • Is the Chinese military as corrupt as the Russian army? (Business Insider)
  • Ackman threatens a law suit against Business Insider. (FT)
  • The Russian war reigned over Ukrainian oligarchs. (NYT)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Tailored and Effective Compliance Training

One of the key goals of any compliance program is to train employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. While it seems axiomatic that compliance training is a mainstay of any best practices compliance program, the conversation around training has evolved over the years. The 2020 FCPA Resource Guide, 2nd edition, started the conversation stating:

Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.

Beginning in the fall of 2016, through the announcement of the FCPA Enforcement Pilot Program, the DOJ began to talk about whether you have determined the effectiveness of your training. This conversation continued with the 2017 Evaluation where it asked, “How has the company measured the effectiveness of the training?” This point has bedeviled many compliance professionals yet is now a key metric for the government in evaluating compliance training. It evolved further in the 2023 ECCP with the mandate that training must be “truly effective”. Finally, the training must be presented in a language in which the employees understand, which means in a local language, if the training is outside the US or other non-English-speaking countries.

Also raised in the 2017 Evaluation was the focus of your training programs, where the DOJ inquired into whether your training was “tailored” for the audience. This added two requirements. The first was to assess your employees for risk to determine the type of training you might need to deliver by risk ranking your employees. Obviously, the sales force would be the highest risk but there may be others who are deserving of high-risk training as well. From this risk ranking, you were required to develop tailored training for the risks those employees will face.

The 2023 ECCP spelled this out in greater detail. It stated, “Prosecutors should assess … periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners. Prosecutors should also assess whether the company has relayed information in a manner tailored to the audience’s size, sophistication, or subject matter expertise. … for instance, give employees practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise. Other companies have invested in shorter, more targeted training sessions to enable employees to timely identify and raise issues to appropriate compliance, internal audit, or other risk management functions. Prosecutors should also assess whether the training adequately covers prior compliance incidents and how the company measures the effectiveness of its training curriculum.”

Under Training and Communication, the following questions were posed by the DOJ:

Risk-Based Training—What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees, including training that addresses risks in the area where the misconduct occurred? Have supervisory employees received different or supplementary training? What analysis has the company undertaken to determine who should be trained and on what subjects?

Form/Content/Effectiveness of Training––Has the training been offered in the form and language appropriate for the audience? Is the training provided online or in-person (or both), and what is the company’s rationale for its choice? Has the training addressed lessons learned from prior compliance incidents? Whether online or in-person, is there a process by which employees can ask questions arising out of the trainings? How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated the extent to which the training has an impact on employee behavior or operations?

I would suggest that you start at the beginning with an evaluation of your compliance training and move outward. This means starting with attendance, which many companies tend to overlook. You should determine that all senior management and Board members have attended compliance training. You should review the documentation and confirm attendance. Make your department or group leaders accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.

Some other metrics you should consider in the post-training evaluation phase include an increase in hotline use; are there more calls into the compliance department requesting assistance or even asking questions about compliance? Is there a decrease in compliance violations or other acts of non-compliance?

Consider using surveys to provide feedback on not simply compliance training but to determine effectiveness of a much wider variety of areas for your compliance program. These surveys can provide critical information on the state of your compliance program and provide substantive feedback for further inclusion back into your compliance program. Testing your program and using that information in a feedback loop is another key component of a best practices compliance program.

What are “espresso shots” of training to help facilitate effective training? Tina Rampino, Associate Managing Director, at K2 Integrity suggests keeping your compliance training segments concise as “shorter, bite-size learning is a trend in training programs.” This means that instead of offering half-day and full-day sessions, break programs into shorter segments of 20 minutes or less, which are easier for participants to absorb—and schedule. Jessica Czeczuga, a Principal Instructional Designer, suggested training effectiveness through micro-learning and metrics; including the adoption of micro-learning techniques for content delivery, the utilization of interruptive training methods for behavior disruption and tailoring targeted training for at-risk employees.

The importance of determining effectiveness of your compliance program has been enshrined by the DOJ. The 2023 Update confirmed that the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many CCOs and compliance professionals still struggle to determine. Both the simple guidelines suggested herein, the more robust assessment and results provide you with a start to fulfill the precepts set out by the DOJ, as you will eventually need to demonstrate the effectiveness of your compliance training going forward.