Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 25 – Responding to Investigative Findings

There is nothing like an internal whistleblower report about a compliance violation, the finding of such an issue, or (even worse) a subpoena from the DOJ or notice letter from the SEC to trigger the attention of the Board of Directors and senior management to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage, followed immediately by the proclamation, “We are an ethical company.” However, it may well be the time for a very serious reality check.

You may find yourself in a position where you will have to have some very frank discussions about what to expect in terms of costs and time outlays. While much of these discussions will focus on the investigative process and those costs, these discussions will allow you to initiate the talk about remediation going forward and begin to explain why money must be budgeted for the remediation process.

Finally, there should be a solid line of communication between the people who are doing the investigation and the people who are leading the remediation. Otherwise, you can only begin your remediation in the most general terms and you will not be able to deal with specific gaps in your compliance program or risks that need to be managed. Such an approach can also be a recipe for disaster. First and foremost, the DOJ will not give you credit and you may lose the types of benefits articulated in the FCPA Corporate Enforcement Policy. Moreover, the executive attention will have dissipated and you will have lost your momentum to clean things up through a thorough remediation.

Three key takeaways:

1. A serious FCPA allegation gets the attention of the Board and senior management. Use this time to move the compliance program forward.

2. Be aware of how your investigation can impact and even inform your remediation efforts.

3. Be prepared to deal with the dreaded “where else” question.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Daily Compliance News

Daily Compliance News: January 25, 2024 – The Big Brother Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Menendez says search warrants are unconstitutional.  (Roll Call)
  • Wayne LaPierre claims he’s too sick to go to trial. (Business Insider)
  • More bad news for Boeing. (WaPo)
  • Big Brother arrives at the workplace. (BBC)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Life with GDPR

Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at a breach of a big law.

In the wake of a recent spearphishing attack and data breach at a UK law firm, the legal community is abuzz with discussions on the responsibility of lawyers to prevent such attacks. Tom Fox, known for his critical perspective on big law firms, highlights the mistakes made by the firm in question, emphasizing the increasing concern over cyber-attacks targeting law firms and the need for timely reporting to regulatory authorities. Jonathan Armstrong, on the other hand, underscores the importance of proactive cybersecurity measures and timely reporting, commending the firm for taking immediate action but criticizing the delay in reporting the breach. Both Fox and Armstrong bring their unique perspectives shaped by their experiences in the field. Join them on this episode of the Life with GDPR podcast as they delve deeper into this topic.

Key Takeaways:

  • A spearphishing Attack Leads to Data Breach
  • Cybersecurity Measures for Law Firms
  • The Power of Dedicated Data Protection Training

 Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here.

Also, check out the GDPR Navigator, one of the top resources for GDPR compliance, by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
It's art

It’s art, let’s talk about it – C. S. (Steve) Talley on Capturing the Beauty of the Night

The Museum of Western Art is dedicated to excellence in the collection, preservation, and promotion of Western Heritage and the education and cultural enrichment of our diverse audiences. The museum serves as a bridge between the past and the present, ensuring that the legacy of the American West will be preserved for the future. Western Art is as engaging and important as ever. In this podcast series, Museum Executive Direct Darrell Beauchamp visits with the artists who work in this western heritage to talk about their work, the legacy of Western art, and why talking about it is so important today. In this episode, Darrell visits with New Mexico artist CS (Steve) Talley.

CS (Steve) Talley is a self-taught artist with over 34 years of experience, specializing in western nocturne paintings. His passion for astronomy and love for landscapes inspired him to start painting nocturnes, particularly after being captivated by a painting featuring illuminated adobe buildings in a nighttime scene by artist Will Sparks. Talley’s journey into the art world began later in life, after pursuing a degree in astronomy and physics and developing an interest in the history of the American West through his involvement in mountain men reenactments. His nocturne paintings, which make up a significant portion of his yearly sales, beautifully capture the beauty of the night. Join Darrell Beauchamp and CS (Steve) Talley on this episode of “It’s art, let’s talk about it” to delve deeper into Talley’s unique artistic journey and his stunning nocturne paintings.

Highlights Include:

  • Discovering Artistic Passion at 34
  • The Catalyst of Artistic Growth
  • Plains Indians-inspired self-taught artist
  • From Programming to Painting: Steve Talley’s Journey
  • Nocturnal Landscapes with Illuminated Adobe Buildings
  • Artistic Perspectives in Galleries
  • A painter’s paradise in Taos, New Mexico

Resources:

Museum of Western Art

Darrell Beauchamp on LinkedIn

C.S. Talley Fine Art

Categories
Pawtastic Friends - The Paw Talk

Pawtastic Friends – The Paw Talk – Shea, Osso and Jake

Welcome to Pawtastic Friends: The Paw Talk. In this podcast, host Tom Fox will visit with Michael and Melissa Novelli, co-founders of Pawtastic Friends, as well as those who work with them at Pawtastic Friends. Michael and Melissa are dedicated to helping shelter and rescue dogs in the Las Vegas area become more adaptable through enrichment training and activities such as yoga and aquatics training, as well as obedience and agility. This podcast is sure to tug on your heartstrings; just listen to how sweet this one dog is! Tune in now to hear more from Michael and Melissa Novelli as they discuss their passion for helping pups in need. Get ready for an exciting episode of Pawtastic Friends: The Paw Talk!

Michael Novelli and Melissa Novelli are the co-hosts of the award-winning podcast “The Paw Talk,” which focuses on dog care and responsible ownership. Michael’s perspective on dog care emphasizes the importance of respect and consideration towards dogs, advocating for responsible behavior such as asking for permission before petting a dog and avoiding actions that could lead to bites. His hands-on experience with dog training and passion for dog adoption have shaped this perspective. Melissa’s perspective is centered on providing enrichment and training for dogs to improve their quality of life. Her background in enrichment training and nosework for dogs, as well as her experience with dog adoption and fostering, have informed her views. Join Tom Fox, Michael Novelli, and Melissa Novelli on this episode of The Paw Talk podcast as they delve deeper into the topic of dog care and responsible ownership.

  •  Shea
  • Osso
  • Jake

Quotes:

“She’ll give somebody unconditional love for a long time,” – Melissa Novelli

“Big dogs need love, too. Yes. Big dogs love to give love. Let me just tell you, I’m a big dog fan.” – Tom Fox

Resources:

Pawtastic Friends

Donate to Pawtastic Friends

Vote for Pawtastic Friends at Wreaths of Hope

Pawtastic Friends on Instagram

Pawtastic Friends on Facebook

Categories
Blog

Responding to Investigative Findings

There is nothing like an internal whistleblower report about a compliance violation, the finding of such an issue, or (even worse) a subpoena from the DOJ or notice letter from the SEC to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However, it may well be the time for a very serious reality check.

You may find yourself in the position that you will have to have some very frank discussions about what to expect in terms of costs and time outlays. While much of these discussions will focus on the investigative process and those costs, these discussions will allow you to initiate the talk about remediation going forward and begin to explain why money must be budgeted for the remediation process.

One of the things rarely considered is how the investigation triggers the remediation process and what the relationship is between the two. When issues arise warranting an investigation that would rise to the Board of Directors level and potentially require disclosure to the government, there is usually a flurry of attention and activity. Everyone wants to know what is going on.  Russ Berland, Senior Counsel Data Protection Law at Johnson & Johnson Consumer Health has noted, “for that short moment in time, you have everyone’s full attention.” Yet it can still be “a tricky place, because you get your fifteen minutes to really get everyone’s full attention, and from then on, you’re fighting with everybody else for their attention, like the normal things in business life.”

You need to explain the costs to the Board and senior management. As Berland said, you need to be upfront and candid in firmly stating, “To get to this place, this is what it’s going to cost.” Moreover, you need to be able to show how some companies paid very large amounts, not just in the eventual fine and penalty but also in other costs; such as shareholder lawsuits, claims and other post-resolution costs. Berland went on to say, “We want to show you how people have lost money by having to write big checks, because they didn’t take these allegations seriously. They actually saved money, because they didn’t have to write as big a check, because they took these allegations very seriously.” The bottom line is that your ROI here is going to be very high if you put the resources into remediation and do it well. This is easier with the information that was provided by the DOJ in the FCPA Corporate Enforcement Policy as it demonstrated how much discount a company can receive below the minimum range of the U.S. Sentencing Guidelines for remediation.

One of the most difficult parts is that the investigation is often done in a way in which the investigators want to maintain as tight a control over the information and privilege as they possibly can. The remediation requires output from the investigation to understand where the risk points and gaps are, both in the compliance program and the internal controls. There is a tension there and it needs to be structured in a way that information can be shared with those who are designing the remediation without fear of compromising the investigation.

Dan Chapman, former CCO at Parker Drilling and Cameron International and Founder of Presyse Consulting, also believes that costs must be adequately discussed to set proper expectations. These include both direct and, even more importantly, indirect costs to the company. Chapman noted, “the biggest cost to a company during an investigation is the diversion of management resources” and, as he further explained, “everything stops to focus on the investigation.” This indirect cost comes largely through the time commitment of senior management because “if senior management has to commit 20% of their time, that is 20% of their time that is not going towards revenue generating, shareholder value-protecting activities.”

Yet, how can you communicate this point to somebody who has not gone through a full-blown internal investigation then coupled with a federal investigation with the DOJ and Federal Bureau of Investigation involved? Understanding that the all-encompassing nature of such an event is difficult to articulate, Chapman goes through some of his past experiences as touch points. “One example would be, during my first week on the job at previous employer, the company had a worldwide conference for all of the senior managers from around the world,” he said. “At that meeting, I asked all the senior, C-level executives, ‘Over the last few years, have you spent 5% of your time on the matter?’ They raised their hands. Then, I kept escalating it: 10%, 15%, and the hands didn’t go down until about 20%. Then I explained to them, and to the audience, ‘If you got 5%, 10% or 15% more from your senior management, where would this company be? What would it be worth? What bonuses would you have gotten?’ I think this point resonated with all of them, but there was still no great way for them or for anyone to quantify these costs. How do you quantify the absence of non-compliance? How do you quantify what could have been? How do you quantify the opportunity costs of management’s time?”

You can explain the upside of compliance and do that in a manner that juxtaposes the cost. Chapman said you could mention things such as, “If you have clear policies and people know what to do, think how much easier your life would be. Instead of having to make calls and figure it out on your own every single time, you had a clear plan of action dictated by a policy.” The same types of arguments come into play in areas generally considered the purview of HR, i.e., recruiting and retention.

About recruiting Chapman posed the following for consideration, “Where do your new hires, especially recent college graduates, get their information about your company? They get it from the internet. If your company has been in trouble for bribery, what is one of the first things they see when they Google your company’s name? At the very top of their search results will be a news article about the wrongdoings or penalties. Now, how likely is a recent graduate to take his first job with a company that pays bribes, and, if he or she is willing, is that really the type of person you want to hire?” He also points out the negative impact of non-compliance on the retention of current employees by asking, “Ask yourself, is a good employee more or less likely to consider other job opportunities before or after she learns that her company pays bribes or may ask her to pay bribes?”

Yet even more than these types of points about employees in the organization, Chapman believes it is important to make it personal at the highest level of the organization; to make it as personal to your audience as possible. He suggests asking the Board and senior management “How would you feel about being involved in bribery? Rather than being something that’s only involving the company, your name and your reputation will be associated with it. How do you feel about being there?”

Obviously, the investigation will be critical for you to help understand what remediation your compliance program will need going forward. As Berland said, “Somebody found a way to get around your system. Maybe they colluded to overcome the internal controls. Maybe there was a group that simply wasn’t well trained, didn’t understand, or there was a group that was extremely well trained, and decided to do it anyway. But somehow, there are issues in the overall system of the executive tone, the governance, the compliance program, the internal controls, all at a meta level, which failed.”

You cannot find gaps in your compliance system until you stress test it. Viewed in this light, your compliance failures can be viewed as the ultimate stress test. Berland noted, “Well, guess what, you just got handed a stress test, and this is where the system broke down. Now you know there’s a gap. Well, absent the investigation, as painful and difficult as that is, that gap would have just been sitting there.” The investigation will raise information to you about the failures of your compliance program that you may not have known existed previously.

While there will be a desire by some folks to not give out any information about the investigation until it is completed and there is a final report, you must resist this at all costs. If the results of the investigation are not made available to you as the CCO or the compliance professional charged with remediating the compliance program, any such remediation will be extremely difficult, because “you’re just going off suppositions and guesses.”

He advocates there be a solid line of communication between the people who are doing the investigation and the people who are leading the remediation. Otherwise, you can only begin your remediation in the most general terms and you will not be able to deal with specific gaps in your compliance program or risks that need to be managed. Such an approach can also be a recipe for disaster. First, and foremost, the DOJ will not give you credit and you may lose the types of benefits articulated in the FCPA Corporate Enforcement Policy. Moreover, the executive attention will have dissipated and you will have lost your momentum to clean things up through a thorough remediation.