Categories
Daily Compliance News

Daily Compliance News: October 2, 2024 – The Where is Modern Slavery Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Where do you find modern slavery? At a McDonald’s in the UK. (BBC)
  • More on corruption in Kenya. (Reuters)
  • Creation of EU, AI Code of Practice. (Reuters)
  • Chevron purchase of Hess cleared but not Board seat. (NYT)

Categories
Great Women in Compliance

Great Women in Compliance: Vanessa Hans on The Power of Collective Action

In this episode of Great Women in Compliance, Hemma visits with Vanessa Hans, the Head of Private Sector at the Basel Institute on Governance in Switzerland, to discuss the Institute’s work. Tune in to learn more about the power of collective action in global anti-corruption work, the critical role of the private sector, and the importance of multilateral cooperation.

 Highlights include:

  • Vanessa’s global travels as a competitive endurance cyclist
  • The role of the Basel Institute of Governance in Global anti-corruption efforts
  • Ways in which the private sector can get involved in global collective action initiatives

 Biography:

Vanessa Hans is the Head of the Private Sector division of the Basel Institute on Governance.

She is an experienced international trade and development professional, skilled in anti-corruption compliance, corporate social responsibility, multi-stakeholder management and project management. Vanessa is also a competitive endurance athlete. She holds a Master of Science in Corporate Social Responsibility from the Nottingham University Business School and a Bachelor of Business Administration in International Business from HEC Montreal.

Resources:

B20 Collective Action Hub

NBIM indicators

  1. Engaging the private sector in Collective Action against corruption: a good example of Basel Institute of Governance’s (BIG) engagement with governments.
  2. Local certification through Collective Action: an innovative approach to anti-corruption compliance and due diligence: highlights the SME angle of our work.
  3. Measuring effectiveness of anti-corruption programmes: Indicators for company reporting: developed for Norges Bank Investment Management by BIG
  4. Guidance document for professional accountants which we co-develop with the International Federation of Accountants
  5. Case study on the humanitarianside and disaster response

Our research on Collective Action in the ASEAN region

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The 2024 ECCP Update on Data Access

The award winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the 2024 update to the Department of Justice’s guidelines for corporate compliance programs, focusing on data and data access.

Tom and Matt explore the significance of these updates and whether they stem from companies showing advancements in data analytics or the DOJ recognizing gaps in data access for compliance officers. The discussion highlights the challenges compliance officers face, especially with diverse ERP systems and data silos, and provides insights into how compliance officers can leverage these guidelines to advocate for better data access within their organizations. The episode also breaks down specific questions from the DOJ’s guidelines, offering practical advice on addressing obstacles to data, resources for data access, and data maintenance.

Key Highlights:

  • The Importance of Data Access in Compliance
  • Challenges in Data Access for Compliance Officers
  • DOJ’s Six Key Questions on Data Access
  • Addressing Data Access Impediments
  • Tools and Resources for Data Analytics
  • Communicating with the Board on Data Analytics

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Fostering a Culture of Speak Up

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we explore how the DOJ has placed significant emphasis on encouraging a culture where employees feel comfortable reporting misconduct.

Categories
Blog

2024 ECCP on Accessing Data

In the recently released 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP), the Department of Justice (DOJ) has brought new challenges and opportunities for compliance professionals. One of the most significant changes revolves around data access and the role data plays in an effective compliance program. In this blog post, we’ll explore the key takeaways from the updated guidance and what compliance professionals must do to meet these new expectations, especially when gaining and maintaining access to the right data. This is no longer just about best practices; it is now table stakes. Matt Kelly and I explored this question in this week’s Compliance into the Weeds edition.

Now More Than Ever

One of the most notable aspects of the DOJ’s 2024 update is its focus on data access for compliance professionals. The DOJ has made it clear that if you do not have sufficient access to data, you cannot adequately monitor compliance, detect issues, or remediate problems. Compliance officers are no longer given a pass when they say, “I didn’t have access to the data.”

How did we get here? Part of this shift can be attributed to companies that have demonstrated excellence in leveraging data to bolster their compliance programs. Through the heat of DOJ investigations, these businesses have proven that with the right data, compliance officers can detect misconduct more quickly and prevent violations altogether. At the same time, the DOJ recognizes that many companies still struggle to provide their compliance teams with the data they need to do their jobs effectively.

Data Access: From Best Practice to Table Stakes

In prior years, having a robust data analytics program for compliance was considered a gold standard. It was an aspirational goal that companies could work toward. However, as the DOJ has seen companies implement highly effective data programs, what was once a best practice is now table stakes. If your compliance program can’t access the right data in real-time or near-real-time, you’re not just behind the curve—you’re putting your organization at risk.

Compliance officers can now point to this updated guidance and tell senior management: “This isn’t optional anymore.” You need the resources, tools, and support to access and analyze data effectively. The DOJ’s guidance clarifies that if your company faces an investigation, the inability to access relevant data won’t just be an inconvenience; it will be seen as a compliance failure.

The Six Key Questions: A Roadmap for Data Access

The 2024 ECCP includes six specific questions related to data access, which serve as a roadmap for what compliance officers need to ask within their organizations. While a DOJ prosecutor may not ask all six in any given case, companies should be prepared to answer them all. We will break down how compliance professionals should approach each of these questions.

Does Compliance Have Sufficient Access to Data?

The first question asks whether compliance and control personnel have direct or indirect access to relevant data sources for timely and effective monitoring or testing. In other words, can the compliance team get the information they need when they need it?

This can be a major hurdle for many companies, especially those with complex IT ecosystems. If you’ve gone through multiple mergers and acquisitions, chances are you’re dealing with a variety of legacy systems that don’t “talk” to each other. Compliance officers might find themselves chasing down data from various silos across different business units, which can delay their ability to spot red flags.

What You Should Do

  • Map out your data sources. Know where all relevant data resides, from ERP systems to HR software and procurement platforms.
  • Identify bottlenecks. If your compliance team encounters roadblocks when accessing data, document those challenges and bring them to senior management.
  • Collaborate with IT. Ensure that IT systems are integrated and compliance has the tools to pull and analyze data without delay.

Are There Impediments to Accessing Data?

The second question focuses on barriers preventing compliance from accessing data. These barriers could be structural, such as outdated or incompatible systems, or they could be cultural, such as senior management not prioritizing compliance’s data needs.

What You Should Do

  • Address structural and cultural issues: If your company uses disparate systems, work with IT to create a data lake or central repository for key compliance data. Culturally, ensure that leadership understands the importance of compliance’s access to data and empowers the team accordingly.

Does Compliance Have the Tools to Analyze Data?

Once you can access the data, do you have the tools to analyze it effectively? This question goes beyond simply having access to the data—it’s about whether you have the analytics capabilities to make sense of it.

What You Should Do

  • Invest in the right tools. Data access means nothing if you can’t analyze the information. Invest in data analytics platforms, allowing your compliance team to automate risk assessments, flag potential issues, and generate real-time reports.
  • Train your team. Ensure that compliance personnel are trained on how to use these tools effectively. Analytics without insight is just noise.

Is Data Maintained Properly?

The fourth question concerns data maintenance. Is data stored securely, and is it accurate and reliable? The DOJ wants to ensure that companies don’t just pull data from disparate sources without validating its accuracy.

What You Should Do

  • Validate your data. Work with IT to ensure that data is accurate and up-to-date. Compliance teams need to know that the information they are using is reliable.
  • Establish data governance protocols. Set clear guidelines for data maintenance, including how data should be stored, accessed, and updated.

Is the Company Leveraging Data Analytics to Improve Compliance?

This question is at the heart of the DOJ’s updated guidance. It asks whether companies are using data analytics to create efficiencies in compliance operations and to measure the effectiveness of their compliance programs.

What You Should Do

  • Integrate data analytics into your compliance program. Use data to identify risk patterns, monitor employee behavior, and assess the effectiveness of your compliance efforts.
  • Review your analytics strategy regularly to ensure that you’re continually improving how you use data analytics to enhance your compliance program.
  1. How Precise is Your Data?

Finally, the DOJ asks about the precision of your data. This question goes beyond accuracy—it’s about whether you’re getting the right data at the right level of detail.

What You Should Do

  • Refine your data collection efforts. Ensure you collect precise, relevant data that aligns with your compliance needs. Broad, imprecise data won’t help you detect or prevent misconduct.

Communicating the Importance of Data Access to Senior Management

One of the most important takeaways from the 2024 ECCP update is that compliance officers now have a concrete basis to advocate for better data access. This is no longer about wish lists or best practices—it’s a regulatory expectation. Compliance officers must have honest conversations with senior management and the board about the company’s current data capabilities and where improvements are needed.

Companies often invest in technology when a problem arises, only to pull back once the issue is resolved. This cycle leaves compliance teams under-resourced and needing help to keep pace with evolving risks. The 2024 ECCP gives compliance officers the leverage to push for sustained investments in data access and analytics.

The DOJ’s 2024 update to the Evaluation of Corporate Compliance Programs underscores the critical importance of data access and analytics for modern compliance programs. It is no longer enough to have policies in place; compliance officers need the right data at the right time and the tools to analyze it effectively. The questions posed by the DOJ should serve as a guide for structuring your data access strategy and ensuring that your compliance program is up to the task.

By taking proactive steps to improve data access and analytics, compliance professionals can meet regulatory expectations and build stronger, more resilient programs that can detect and prevent misconduct before it escalates into a serious issue.