Author: admin

Categories
Everything Compliance

Everything Compliance: Episode 142, The 2024 ECCP Episode

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we are joined by Susan Divers, Consultant at Ethena as our Special Guest and we take up the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP).

This week we have the quartet of Matt Kelly, Jonathan Marks, Special Guest Susan Divers and Karen Moore; all hosted by Tom Fox.

  1. Special Guest Susan Divers says the key to the 2024 is that it focuses on outputs rather than inputs or processes. She shouts out to Washington Commanders.
  1. Jonathan Marks considers continuous controls monitoring mandates in the 2024 ECCP. He shouts out to Philadelphia Phillies for making the NL Playoffs and rants about TSA.
  1. Karen Moore takes a deep dive into new information on whistleblowers, reporting functions and whistleblower protections in the 2024 ECCP. She is sad because of the increased threat of violence during the Jewish High Holy Days.
  1. Matt Kelly looks at the intersection of AI and compliance found in the 2024 ECCP. He rants about Trump appointed US district judge Kathryn Mizelle who ruled the False Claims Act unconstitutional.
  1. Tom Fox shouts out to Colorado District Judge Matthew Barrett for his sentencing of convicted election tamperor Tina Peters.

The members of the Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Categories
Daily Compliance News

Daily Compliance News: October 10, 2024 – The Pray for Florida Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Would the US be for sale under the 2nd Trump Administration? (The Guardian)
  • Halting slide in accounting ranks. (FT)
  • Will the US break up Google? (Reuters)
  • Former Glencore traders get the 2027 trial date. (Bloomberg)

Categories
Business Integrity Innovations

Business Integrity Innovations: Championing Integrity – Em Ekong on the Future of African Entrepreneurship

The Compliance Podcast Network (CPN) and the Center for International Private Enterprise (CIPE) bring you Business Integrity Innovations. This podcast is inspired by Ethics 1st, a multi-stakeholder initiative led by CIPE that creates pathways for accountable and sustainable investment in Africa. Companies can use Ethics 1st to standardize their business practices, develop sound corporate governance systems, and demonstrate their commitment to compliance and business ethics.

In this episode of the Ethics First podcast, hosts Tom Fox and Lola Adekanye welcome Em Ekong, who discusses her extensive experience in entrepreneurship with a focus on supporting minority communities and women’s entrepreneurship in the UK and Africa. Em shares insights from her work with the Aspen Network of Development Entrepreneurs (ANDE), emphasizing the importance of collaboration and partnerships to nurture entrepreneurial ecosystems. She highlights the crucial role of ANDE in helping small businesses in the Global South, who often face significant challenges, access finance, markets, and development support, particularly through overcoming systemic challenges like corruption.

Em shares her vision of a future where African businesses maintain standards that attract global investment, advocating for consistent messaging, collaboration, and championing ethics. Key highlights include her work on ethics initiatives with the Center of International Private Enterprise (CIPE) and successful convenings that provide platforms for honest dialogues about challenges. Lastly, the episode underscores the long-term effort required to change entrenched systems and the importance of maintaining momentum in pursuit of transparency and ethical practices.

Key Highlights:

  • Aspen Network of Development Entrepreneurs (ANDE) Overview
  • Challenges and Success Stories in African Entrepreneurship
  • Addressing Corruption and Standards in African Business

Resources:

Em Ekong on Linkedin

Aspen Network of Development Entrepreneurs (ANDE)

Categories
Rotary Voices of Kerrville

Rotary Voices of Kerrville: Rotary’s Fight Against Polio

Welcome to Rotary Voices of Kerrville, the podcast series that shines a spotlight on the Rotary Club of Kerrville, Texas—a club with a rich history of community service, leadership, and dedication. For nearly 100 years, the Rotary Club of Kerrville has been at the heart of initiatives that make a real difference, both locally and globally. Through this podcast, we’ll be exploring the club’s incredible projects, hearing from its inspiring members, and learning about the values that drive their commitment to “Service Above Self.”

In this inaugural episode, host Tom Fox visits with Kristy Vandenberg about her leadership in Rotary’s fight against the international scourge of polio.

The discussion focuses on the Rotary Club of Kerrville’s part in the Rotary International’s fight to help eradicate polio from the globe. Kristy underlines the significance of vaccines in preventing viral diseases, noting that many people might not be aware of their continued relevance due to the effectiveness of the vaccines. We discuss our concerns about the virus, suggesting a broader need for awareness as it remains a pressing issue globally. The Pints, Pumpkins, and Pies event is at the Dietrich Center, on October 24, 2024, from 5-7 PM. It aims to address these ongoing considerations and educate people on the subject.

Highlights Include:

  • Introduction and Contact Information
  • Event Details and Venue
  • Public Awareness and Vaccines
  • Participating in the Fight

Resources:

Rotary Club of Kerrville

Rotary District 5840

Rotary International

For more information on Pints, Pumpkins and Pies, email Kristy Vandenberg at KerrvilleRotary@gmail.com

Categories
Blog

Deere FCPA Enforcement Action: Lessons on Pre-Acquisition Due Diligence in M&A

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere has bribery schemes that were torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I continue a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

John Deere, a global leader in agricultural machinery manufacturing, became the focus of an FCPA enforcement action due to its acquisition of a foreign entity with significant operations in countries with high corruption risks. The acquired company had little in the way of a formal compliance program and had been engaging in questionable business practices, including bribing foreign officials to secure contracts.

Post-acquisition, these corrupt practices continued for a period, undetected by Deere’s compliance team. When the issues finally surfaced, the result was a significant FCPA investigation, costly penalties, and a tarnished reputation.

The core issue in this case? Inadequate pre-acquisition due diligence.

One of the central themes from the Deere case is the critical need for rigorous pre-acquisition due diligence in M&A. As a compliance professional, it’s your role to ensure that your organization is not inheriting illegal practices or corruption risks when acquiring a new entity. The risks of overlooking this step can be immense—both in terms of regulatory enforcement and damage to your organization’s reputation.

Let’s examine the key lessons from the Deere case and explore how compliance professionals can apply them to their M&A strategies.

  1. Conduct a Thorough Corruption Risk Assessment

The Deere case underscores the importance of assessing a target company’s corruption risk profile. This means understanding the countries where the target operates and the inherent risks associated with those jurisdictions. Countries with a high Corruption Perceptions Index (CPI) score are more likely to expose your organization to FCPA risks.

Before any acquisition, a detailed analysis of the target’s business activities in these regions must be conducted. Ask yourself:

  • How much business is done with government entities?
  • Are third-party intermediaries involved in securing contracts?
  • What are the target company’s existing compliance policies?

In Deere’s case, the acquired company operated in high-risk jurisdictions without adequate controls. A robust pre-acquisition risk assessment could have flagged this issue, allowing Deere to either walk away from the deal or insist on corrective actions before proceeding.

  1. Evaluate the Target’s Compliance Program and Culture

Another key lesson from the Deere enforcement is the need to evaluate a company’s business operations, corporate culture, and compliance program—or lack thereof. A target company may have all the right words on paper, but those policies are meaningless if the culture does not support ethical business practices.

In the Deere case, the acquired company had minimal compliance structures. This should have raised immediate red flags for Deere’s compliance team, but the issue needed to be addressed or given more weight during the due diligence process.

As a compliance professional, you must:

  • Review existing policies and procedures to assess their adequacy.
  • Interview key personnel to understand how those policies are implemented and followed.
  • Examine the company’s culture to see if ethical business practices are truly embedded in day-to-day operations.

A proactive approach would have helped Deere spot these weaknesses before the acquisition, allowing them to implement a more effective compliance integration strategy.

  1. Look for Red Flags in the Target’s Financial and Operational Data

Financial data can often reveal hidden compliance risks. In the Deere case, irregularities in how contracts were won, especially in high-risk countries, should have raised concerns. Yet, these issues were only caught after the acquisition.

During pre-acquisition due diligence, compliance teams should partner with the finance and audit departments to:

  • Review contracts and agreements with a special focus on deals involving government entities or third parties.
  • Analyze payment patterns for signs of improper payments, such as unusually high commissions or payments to offshore accounts.
  • Investigate any prior audits or investigations related to compliance or financial irregularities.

These financial indicators are often the first signs of deeper corruption issues and should be fully explored before moving forward with any acquisition.

  1. Engage Third-Party Experts When Necessary

In many cases, particularly when acquiring companies in high-risk jurisdictions, it is wise to engage third-party experts to conduct a thorough FCPA-focused due diligence. These experts can bring an external perspective and often have access to local intelligence that may not be readily available to an internal compliance team.

Had Deere engaged such experts during its pre-acquisition process, they may have been able to identify the corrupt practices that eventually led to the FCPA enforcement action.

Engaging external resources is an investment in mitigating future risks. While it may increase upfront costs, the long-term savings in avoiding penalties, legal costs, and reputational damage far outweigh the initial expense.

  1. Ensure Post-Acquisition Integration is Swift and Effective

Even if certain risks are identified during the pre-acquisition phase, the true test comes during post-acquisition integration. In the Deere case, there was a failure to implement effective compliance controls post-acquisition quickly, allowing the corrupt practices to continue unchecked for a period.

Compliance professionals must ensure that:

  • Compliance policies are integrated quickly into the acquired entity’s operations.
  • Training is provided to the acquired company’s employees on FCPA and anti-corruption best practices.
  • Ongoing monitoring ensures that any potential risks identified during due diligence are mitigated.

The Deere FCPA enforcement action is a cautionary tale for all compliance professionals engaged in M&A activity. Pre-acquisition due diligence is not just a box-ticking exercise but a critical function that can help prevent serious legal and financial consequences for your organization. By conducting thorough corruption risk assessments, evaluating compliance programs and culture, scrutinizing financial data, engaging third-party experts when necessary, and ensuring effective post-acquisition integration, compliance professionals can help their organizations navigate the complexities of M&A in today’s global business environment.

The lessons from Deere reminds us that robust due diligence is the first line of defense in preventing FCPA violations and safeguarding a company’s reputation. Do not wait until after the acquisition to address these issues, as it may be too late.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Exploring Compliance Data Access and Testing Challenges

The award winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the study, 2024 Benchmarking Study: Testing & Monitoring and Data & Systems, jointly conducted by Radical Compliance and Rethink Compliance.

The study raises critical concerns about the access and effectiveness of data testing in compliance programs. While many compliance officers engage in some level of testing, there is a significant gap in comprehensive testing and access to necessary data across enterprises. Only a small percentage tracks key performance indicators (KPIs) at granular levels, such as individual or department, which are essential for understanding program effectiveness. The discussion also highlights the importance of access to data from different departments, like HR and Finance, to improve compliance monitoring and alignment with DOJ guidelines. The episode concludes with a call for continued research, emphasizing the interconnectedness of data access, comprehensive testing, and compliance success.

Key Highlights:

  • Overview of the Compliance Study
  • Key Findings and Statistics
  • Challenges in Compliance Testing
  • Importance of Multiple KPIs
  • Access to Data Issues

Resources:

Matt in Radical Compliance

2024 Benchmarking Study: Testing & Monitoring and Data & Systems

Rethink Compliance

 

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Encouraging and Incentivizing Reporting

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

A reporting mechanism is only as effective as the culture that surrounds it. Compliance professionals must work to foster an environment where reporting is encouraged and valued.

Categories
Great Women in Compliance

Great Women in Compliance: Katharine Manning – Trauma-Informed Leadership at Work

In this episode of Great Women in Compliance, Hemma visits with Katharine Manning, author of The Empathetic Workplace: Five Steps to a Compassionate, Calm, and Confident Response to Trauma on the Job, to discuss the role of trauma-informed leadership in our workplaces.

Tune in to hear stories of transformative approaches to culture and learn specific actionable techniques for empathy-driven leadership.

Highlights Include:

  • Katharine’s experience as a victim rights advocate
  • The conundrum of corporate communications during social unrest or tragic events
  • The LASER technique for trauma-informed interactions at work

Biography:

Katharine Manning is the President of Blackbird, which provides training and consultation on empathy at work. She is the author of The Empathetic Workplace: Five Steps to a Compassionate, Calm, and Confident Response to Trauma on the Job, and teaches at American University and in the Master’s in Trauma-Informed Leadership Program at Dominican University. Her work has been featured in the Harvard Business Review, Fast Company, Newsweek, CNBC, Business Insider, Thrive Global, and CEOWorld. She has worked on issues of trauma and victimization for more than 25 years, including 15 years at the Justice Department, where she was a Senior Attorney Advisor consulting on victim issues in cases like the Boston Marathon bombing and the Pulse Nightclub shooting.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Daily Compliance News

Daily Compliance News: October 9, 2024 – The Sue The SEC Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

 

Categories
Blog

Deere’s FCPA Enforcement Action: Performing a Root Cause Analysis to Inform Remediation

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere and Company (Deere) has bribery schemes torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I want to take a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

Compliance Professionals all know the pressure to act swiftly when misconduct is discovered. It is often tempting to jump straight into remediation to address the problem, protect the company, and appease regulators. However, the case of Deere’s recent FCPA enforcement action reminds us that acting without first understanding the root cause of the misconduct can lead to superficial fixes that fail to prevent future violations.

In the Deere enforcement action, the company faced significant penalties due to bribes paid by subsidiaries of Wirtgen Group, which Deere acquired in 2017. Between 2011 and 2017, Wirtgen subsidiaries engaged in corrupt practices, paying bribes to government officials in several countries, including China and India. While Deere eventually addressed the misconduct post-acquisition, its failure to perform robust due diligence and root cause analysis before remediation exposed it to regulatory and reputational damage.

This case highlights the critical need for companies to conduct a thorough root cause analysis before embarking on remediation efforts. In this blog post, we will detail why a root cause analysis should always precede remediation, what the process entails, and how it can protect your company from future enforcement actions and compliance failures.

Understanding the True Nature of the Problem

The first and most obvious reason to conduct a root cause analysis before remediation is to ensure you address the correct problem. In the Deere case, the misconduct stemmed from bribery by Wirtgen subsidiaries, but the real issue wasn’t just the bribery itself—it was the company’s failure to identify and prevent this behavior in the first place. Simply punishing the employees involved or updating internal policies would have been insufficient without understanding why these bribes were paid.

Before designing an effective remediation plan, you must understand why the misconduct occurred. Was it due to weak internal controls? A culture that tolerated unethical behavior? Inadequate training? A failure to perform due diligence on third parties? Each of these potential causes requires a different remediation strategy. If you do not identify the true cause of the problem, your remediation efforts will be superficial and may not prevent future violations. Root cause analysis allows compliance officers to uncover the underlying reasons for misconduct, enabling them to design targeted solutions that address the actual problem—not just the symptoms.

Root Cause Analysis Helps Identify Systemic Issues

One of the biggest risks when dealing with FCPA violations or corporate misconduct is that the issue may not be isolated to one event or individual. Corruption or compliance failures are often systemic, indicating deeper issues within the company’s culture, policies, or risk management framework. If Deere had conducted a more thorough root cause analysis post-acquisition, it could have uncovered broader issues in Wirtgen’s compliance program and taken proactive steps to address those weaknesses company-wide.

Root cause analysis forces you to ask tough questions about your company’s broader compliance infrastructure. Are certain business units, regions, or third-party relationships more misconduct-prone? Are there patterns of behavior that suggest systemic problems? You can implement more effective, company-wide remediation efforts by identifying these systemic issues beyond addressing a single incident.

Regulators Expect a Root Cause Analysis

Regulators, including the DOJ and the Securities and Exchange Commission (SEC), expect companies to conduct thorough root-cause analyses when investigating FCPA violations. The DOJ’s 2024 ECCP explicitly states that prosecutors will consider whether a company has adequately identified and remediated the root causes of misconduct when determining penalties. Additionally, this was specifically called out in the SAP Deferred Prosecution Agreement (DPA) earlier this year, where the DOJ stated, “5. Conducted a root cause analysis of the underlying conduct then remediating those root causes through enhancement of its compliance program;”.

In the Deere enforcement action, part of the company’s challenge was showing regulators that it had addressed the bribes themselves and the underlying reasons that allowed the misconduct to occur. Companies that skip the root cause analysis and rush into remediation without clearly understanding what went wrong will likely face harsher penalties.

Performing a root cause analysis is more than good practice; it has moved to a regulatory expectation. The more comprehensive your analysis, the more likely regulators (DOJ and SEC) are to view your remediation efforts as credible. A company that can demonstrate it understands the root cause of its compliance failures—and has taken meaningful steps to address those causes—is more likely to receive leniency during enforcement actions.

Preventing Recurrence: Moving Beyond Quick Fixes

One of the major pitfalls of jumping into remediation without a root cause analysis is the risk of implementing quick fixes that don’t address the root problem. For example, in the Deere case, if the company had updated its anti-corruption policy without addressing the broader cultural or systemic issues, it would have left the door open for future violations.

Root cause analysis ensures that your remediation efforts are comprehensive and designed to prevent future violations. Instead of focusing solely on policies or individuals, you’re addressing the broader systems and processes that allowed the misconduct to occur. This might involve rethinking your company’s approach to third-party due diligence, improving internal reporting mechanisms, or enhancing employee training programs to emphasize ethical behavior. A quick fix might resolve the immediate problem, but a comprehensive root cause analysis will prevent recurrence and protect your company long-term.

Improving Your Compliance Program Over Time

Root cause analysis is not a reactive tool; it is a mechanism to continuously improve your company’s compliance program. By regularly performing root cause analyses in response to compliance failures or near misses, you can identify trends, weaknesses, and gaps in your existing program. This allows you to make proactive adjustments and improvements, ensuring that your compliance program evolves to meet new risks and challenges.

Compliance is an ongoing process, and root cause analysis is key. By taking the time to understand why compliance failures happen, you can strengthen and improve your program over time. Don’t wait for a major enforcement action to identify weaknesses in your compliance program—use root cause analysis as a tool for continuous improvement.

Building a Culture of Accountability

Finally, one of the most important benefits of conducting a root cause analysis before remediation is that it fosters a culture of accountability. When employees see that the company is taking a thoughtful, thorough approach to addressing misconduct, they’re more likely to trust the compliance function and adhere to ethical standards.

In the Deere case, the company’s failure to identify and address the root causes of Wirtgen’s corrupt practices could have contributed to a culture where employees felt that bribery was tolerated or encouraged. By contrast, companies emphasizing accountability and transparency in their root cause analyses send a clear message: misconduct will be thoroughly investigated, and systemic issues will be addressed.

Building a strong culture of compliance starts with holding people—and processes—accountable. Root cause analysis helps you identify the individuals responsible for misconduct and the broader systems and structures that allowed it to happen. This accountability, in turn, strengthens your compliance culture and reinforces your company’s commitment to ethical behavior.

The Deere FCPA enforcement action powerfully reminds us of the importance of conducting a root cause analysis before proceeding with remediation. Companies need to understand why misconduct occurred before implementing superficial fixes. By taking the time to perform a thorough root cause analysis, compliance professionals can ensure that their remediation efforts are comprehensive, effective, and designed to prevent future violations.

Remember, root cause analysis isn’t just a best practice, as the DOJ has now noted several times in several places and through several different media; it is a regulatory expectation. It’s also a critical tool for improving your compliance program, building a culture of accountability, and protecting your company from future compliance failures. This means that before you rush to fix the problem, ensure you understand it first. Only then can you design a remediation plan that addresses the cause of misconduct and sets your company up for long-term success.