Categories
Blog

The SAP FCPA Enforcement Action-Part 3: The Comeback

This week we are taking a deep dive into the SAP Foreign Corrupt Practices Act (FCPA) enforcement action. In it, SAP agreed to pay the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) approximately $222 million in penalties and disgorgement. SAP also entered into a three-year Deferred Prosecution Agreement (DPA) with the DOJ. Given the multi-year (2014-2022) length of the various bribery and corruption schemes and worldwide geographic scope, the amounts paid in bribes and benefits garnered by SAP from their corruption; one might charitably wonder how SAP was able to reap such a positive outcome of only a fine and penalty totaling $222 million. We will explore that question today.

Extensive Cooperation

The starting point for this analysis is the DOJ DPA. The first key point to note is there was no self-disclosure by SAP. As the DPA noted, SAP only began to cooperate after investigative reports were made public in 2017 in South Africa about SAP’s bribery and corruption program. However from this point forward SAP moved to extensively cooperate. The DAP noted SAP “immediately beginning to cooperate after South African investigative reports made public allegations of the South Africa-related misconduct in 2017 and providing regular, prompt, and detailed updates to the Fraud Section and the Office regarding factual information obtained through its own internal investigation, which allowed the government to preserve and obtain evidence as part of its independent investigation…”

This cooperation included producing relevant documents and other information to the Fraud Section “from multiple foreign countries expeditiously, while navigating foreign data privacy and related laws;” SAP “voluntarily making Company officers and employees available for interviews;”  and took “significant affirmative steps to facilitate interviews while addressing witness security concerns”; interestingly SAP was required to resolve potential deconfliction issues between the its own internal investigation and the investigation being conducted by the DOJ. The company promptly collected, analyzed, and organized “voluminous information, including complex financial information.” It translated “voluminous foreign language documents to facilitate and expedite review by the Fraud Section and the Office.” Most interestingly, the DPA repored that SAP imaged “the phones of relevant custodians at the beginning of the Company’s internal investigation, thus preserving relevant and highly probative business communications sent on mobile messaging applications.”

The Remediation

The DPA reported extensive remediation by SAP as well and the information provided in the DPA is instructive for every compliance professional. The DPA noted that SAP engaged in the following remedial steps.

  1. Conducted a root cause analysis of the underlying conduct then remediating those root causes through enhancement of its compliance program;
  2. Conducted a gap analysis of internal controls, remediating those found lacking;
  3. Undertook a “comprehensive risk assessment focusing on high-risk areas and controls around payment processes and enhancing its regular compliance risk assessment process”;
  4. SAP documented its use of a “comprehensive operational and compliance data” into its risk assessments;
  5. SAP eliminating “its third-party sales commission model globally, and prohibiting all sales commissions for public sector contracts in high-risk markets”;
  6. “Significantly increasing the budget, resources, and expertise devoted to compliance;”
  7. Restructuring its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership;
  8. Enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties;
  9. Enhancing its reporting, investigations and consequence management processes;
  10. Adjusting compensation incentives to align with compliance objectives and reduce corruption risk;
  11. Enhanced and expanding compliance monitoring and audit programs, planning, and resources, including developing a well-resourced team devoted to audits of third-party partners and suppliers;
  12. Expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally; and
  13. Disciplined “any and all” employees involved in the misconduct.

Obviously, SAP engaged in a wide range of remedial actions. It all started with a root cause analysis. Root Cause analysis was enshrined in the FCPA Resource Guide, 2nd edition as one of the Hallmarks of an Effective Compliance Program. It stated, “The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigation’s structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.”

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s compliance program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls on a go-forward basis. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches. This SAP did during its remediation phase.

Equally of interest are the references to data analytics and data driven compliance. SAP not only did so around its third-party program but also expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally. The SEC Order also noted that SAP had implemented data analytics to identify and review high- risk transactions and third-party controls. The SAP DPA follows the Albemarle FCPA settlement by noting that data analytics is now used by SAP to measure the compliance program’s effectiveness. This language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions access to all company data; this is the second time it has been called out in a settlement agreement in this manner. Additionally, it appears that by using data analytics, SAP was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation; thereby avoiding a monitor.

Next was the holdback/clawback actions engaged in by SAP. The DPA noted, SAP withheld bonuses totaling $109,141 during the course of its internal investigation from employees who engaged in suspected wrongdoing in connection with the conduct under investigation, or who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct and (b) knew of, or were willfully blind to, the misconduct, and further engaged in substantial litigation to defend its withholding from those employees, which qualified SAP for an additional fine reduction in the amount of the withheld bonuses under the DOJ’s Compensation Incentives and Clawbacks Pilot Program.

Finally, the DOJ related that SAP had enhanced and has committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfied the minimum elements set forth in Attachment C to DPA. Based upon all these factors, including SAP’s remediation and the state of its compliance program, and the Company’s agreement to report to the Fraud Section and the Office as set forth in Attachment D to this Agreement, the DOJ “determined that an independent compliance monitor was unnecessary.”

All-in-all a great result by and for SAP for which the company and its compliance team should take great credit in going forward.

Resources

SEC Order

DOJ DPA

Join us tomorrow where we consider fine and penalties.

Categories
The Hill Country Podcast

Hill Country Podcast – Mary Campana on Habitat for Humanity in Kerrville

Welcome to the award-winning The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth. In this podcast, Hill Country resident Tom Fox visits with the people and organizations that make this the most unique area of Texas. This week, Tom visits Mary Campana, Executive Director for Habitat for Humanity in Kerr County.

Mary Campana is the executive director of Habitat for Humanity for Kerr County, with a rich background in nonprofit work and a deep involvement in the organization’s affordable housing and financial education programs. Mary is passionate about providing affordable housing for individuals and families with low incomes, and she explains that Habitat for Humanity builds homes for those who make 60% or less of the median family income. She also mentions their plans to add workforce housing in Kerr County to address the need for affordable housing for workers. Mary emphasizes the sense of community that Habitat for Humanity creates, where homeowners feel a part of something larger than themselves and contribute to the community. Join Tom Fox and Mary Campana on this episode of the Hill Country Podcast to learn more about her work and perspective.

Key Highlights:

  • The story of Habitat for Humanity
  • The role of Jimmy Carter
  • Building Affordable Homes for Families in Need
  • Building Communities through Volunteer Construction
  • Empowering Homeowners Through Financial Education

 Resources:

Mary Campana on LinkedIn

Habitat for Humanity for Kerr County

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

Compliance Into The Weeds: The SAP Foreign Corrupt Practices Act Enforcement Action

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the recent Foreign Corrupt Practices Act (FCPA) enforcement action involving the ERP software giant SAP.

The recent $220 million fine imposed on German software giant SAP for violations of the FCPA underscores the critical role of internal audits in maintaining corporate compliance. Despite having a comprehensive FCPA compliance program, SAP’s lack of control over its subsidiaries led to bribery activities, a situation that Tom and Matt believe could have been prevented with a robust internal audit function. Fox emphasized the need for strong internal audits to identify and address issues within different parts of an organization. Similarly, Kelly underscored the importance of internal audits in identifying and rectifying control lapses. To delve deeper into this topic and understand the implications of the SAP case, join Tom Fox and Matt Kelly on this episode of Compliance into the Weeds. 

Key Highlights:

  • The bribery schemes and geographic scope
  • What is culture?
  • Third parties and corruption risks
  • The fine and penalty
  • The comeback
  • Lessons learned for the compliance professional

Resources:

Matt on Radical Compliance

Tom 

Tom on the FCPA Compliance and Ethics Blog

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Daily Compliance News

Daily Compliance News: January 17, 2024 – The Corruption is a National Security Issue Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • JPMorgan will pay $18 million for whistleblower protection violations. (WSJ)
  • Why is corruption a national security issue?  (The Diplomat)
  • Kirkland now faces the music for the corrupt ex-bankruptcy judge.  (Reuters)
  • Anti-corruption advocate sworn in as Guatemalan President.  (Bloomberg)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program – Day 17 – Podcasts for Compliance Training and Corporate Culture

One of the biggest benefits of podcasting is that it allows a compliance function to connect with their audience on a more personal level. Unlike traditional forms of advertising, which often come across as impersonal and sales-driven, podcasts enable businesses to build a loyal following by offering valuable and engaging content. This can include interviews with industry experts, behind-the-scenes glimpses of the business, and informative discussions on relevant topics.

Now take these same concepts of audience engagement and apply them internally to an organization. What do you potentially have? A mechanism to engage your employees, to engender trust, and to improve your overall corporate culture. Do you think this is a crazy way to improve culture? Think again about all the advantages podcasting has in place already.

A major US consumer product company started a podcast and had corporate executives on it. Who were the biggest fans of the podcast? It turned out it was the company employees, many of whom had never met their corporate executives. This allowed the executives to be humanized in a way no number of town hall meetings or other similar corporate events could ever achieve.

Since you are only limited by your imagination in compliance, why not use some of that imagination to be creative in your compliance training and communications?

Three key takeaways:

1. Using podcast storytelling to tell longer, more involved stories about compliance.

2. You can use compliance department-branded podcasts to have ongoing communications about compliance.

3. A Daily Compliance News show will drive engagement.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Great Women in Compliance

Great Women in Compliance – Marlene Olsavsky and Kim White on Working with Stakeholders

Welcome to the Great Women in Compliance Podcast. Today Lisa Fine and Ellen Hunt visited Marlene Olsavsky and Kim White.

Kim White and Marlene Olsavsky are both seasoned professionals with extensive experience in the ethics, compliance, and business leadership fields. Kim, with over 20 years of experience in the ethics and compliance field, believes in promoting collaboration, compliance, and diversity through proactive communication and building strong relationships with business leaders. She emphasizes the importance of understanding the strategies and goals of business leaders and involving all parts of the team in driving them forward. Marlene, with 27 years of experience at Marlene Olsavsky’s Global Leadership, views compliance as essential for the success of a business. She emphasizes the importance of education, ownership, and accountability in promoting compliance within the organization and believes in setting expectations with leaders across the organization and acting on compliance issues with a sense of urgency and trust. Join Lisa Fine and Ellen Hunt as they delve deeper into these perspectives with Kim White and Marlene Olsavsky on this episode of Great Women in Compliance.

Key Highlights:

  • Kimberly White’s Leadership in Ethics and Compliance
  • Marlene Olsavsky’s Global Leadership at Pearson
  • The Crucial Partnership for Organizational Success
  • The Crucial Partnership Between Compliance and Business
  • Real-World Examples: A Tactical Approach to Compliance
  • Creating an Inclusive and Equitable Workplace
  • Embracing Growth Through Lifelong Learning

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Michael Neeley on a Spiraling Podcast Growth Through Giveaways

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visited with noted podcaster Michael Neeley to discuss his presentation at PodfestExpo on spiraling podcast growth through giveaways. Some of the issues we tackle in this podcast are:

  • Initiating a growth spiral with giveaways.
  • After missing last year’s event, Michael is excited to return to Podfest Expo.
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at Podfest Expo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through the powerful mediums of audio and video. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

Podfest Expo 2024 is a production of Podfest Global, which sponsors this podcast series.

Michael Neeley website

Michael Neeley on LinkedIn

Categories
Blog

Podcasting for Compliance Training and Corporate Culture

If there is one truism from the practice of law that translates to the practice of compliance, it is that you are only limited by your own imagination. This holds true in the 360-degree realm of communication in compliance, as communications obviously comes in many forms. Many compliance practitioners will well remember the 2012 Morgan Stanley declination. In this first declination made public, the Department of Justice recognized Morgan Stanley for emailing out 35 compliance reminders to Garth Peterson over seven years. Think about the power of 360-degrees of communications in the context of compliance reminders. Now imagine the power of short ethics and compliance video training clips going out over the same period of time and the effect it would have both on your employees and the regulators.

Podcast Storytelling

Why not tell the story of compliance through a podcast? I call it podcast storytelling and it can be a powerful tool. Each podcast series is 5-part series and constitutes one story arc. The podcasts are about 10–15 minutes in length. The podcast storytelling series can be a variety of interviews led by a noted podcast host such as the Voice of Compliance, yourself as the CCO, or by anyone from your organization. It can be an interview with one or more people, or it can be a solo podcast.

While there would be a fully integrated story line, each podcast and accompanying text is stand-alone compliance training and communications that could be used by anyone at your organization. The podcasts could be pushed out internally as well as via your organization’s social media channels. There is a full panoply of podcast sites available, such as iTunes, Spotify, IHeartRadio, Google Pods, and Amazon. From each podcast, you can create multiple short audio clips or other forms of social media sharing materials with key quotes and lessons learned that can be created as podcast cover art.

A series such as this allows your organization not only to tell a story more effectively but also to reach a much larger audience than in any other format—live, audio-video or in-person. Yet there is another reason why you should consider this type of approach for compliance training and communications. It will provide you with the equivalent of market research and feedback. The numbers of listeners and downloads will give you a reliable source of data that you can use in other communications and trainings.

Compliance Department Branded Podcasts

Want another option? How about a fully-produced, branded podcast series for your internal compliance function. It could be two 25–30-minute episodes per month, with the guest selected by your compliance team. This format allows your corporate compliance function to tell the story of its greatest asset, its people, through interviews. Cannot get out of the country to travel? Still working remotely? Your branded podcasts give you a way to reach your employees as we continue to struggle through the Covid-19 variants. You can use the branded podcast to tell the story of compliance successes in your organization. You can include other departments to share their successes, too. As with the podcast storytelling series, it would be done in a collaborative manner working with your communications team.

Compliance News of the Day

Want to make some short and snappy compliance communications? How about “Compliance News of the Day”? Have a daily curated news show of 3–4 compliance stories with a short summary of each story and how they relate to a compliance perspective to your organization. Make it fun so your employees want to check in daily. When the DOJ comes knocking and asks how often you send out compliance communications, you can point to your Compliance News of the Day as a great starting point.

As a compliance practitioner, you should strive to bring more storytelling into your compliance messaging, training, and communications. If you put the employee in the shoes of the person they’re watching, they will remember it, because they will see how it applies to their lives. Such training and communication experiences will last much longer than if you drone over a written policy or show a PowerPoint. Marc Havener has called this “expanding your classroom.” Ronnie Feldman calls this bringing memorable storytelling to your compliance communications and training.

 Using Podcasts to Improve Corporate Culture

One of the biggest benefits of podcasting is that it allows a compliance function to connect with their audience on a more personal level. Unlike traditional forms of advertising, which often come across as impersonal and sales-driven, podcasts enable businesses to build a loyal following by offering valuable and engaging content. This can include interviews with industry experts, behind-the-scenes glimpses of the business, and informative discussions on relevant topics.

Now take these same concepts of audience engagement and apply them internally to an organization. What do you potentially have? A mechanism to engage your employees, to engender trust and improve your overall corporate culture. Do you think this is a crazy way to improve culture? Think again about all the advantages podcasting has in place already.

A major US consumer product company started a podcast and had corporate executives on it. Who were the biggest fans of the podcast? It turned out it was the company employees, many of whom had never met their corporate executives. This allowed the executives to be humanized in a way no number of town hall meetings or other similar corporate events could ever achieve.

Since you are only limited by your imagination in compliance, why not use some of that imagination to be creative in your compliance training and communications.