Categories
Principled Podcast

Season 10 Episode 2 – The Importance of Humanizing Ethics and Compliance Programs

What you’ll learn on this podcast episode

Keeping the focus on the human element of ethics and compliance can help E&C programs move from “cop” to “coach.” But what does that look like in practice? In this episode of the Principled Podcast, host Susan Divers talks about the importance of humanizing ethics and compliance with Adam Balfour, the author of Ethics & Compliance for Humans. Listen in as the two discuss best practices that Adam has used over the course of his E&C career, managing regional and global ethics and compliance programs as well as leading areas of global risk management and privacy. 

Guest: Adam Balfour

Adam Balfour – Grayscale

Adam Balfour is on a mission to help make ethics and compliance more relatable and relevant for his fellow human beings. He likes to design ethics and compliance programs that employees can actually relate to, engage with and find useful. Originally from Scotland, Adam worked for a number of years as an attorney for two international law firms in New York before moving to Nashville, Tennessee to work for Bridgestone. He is an active member in the ethics and compliance community, a co-editor of the “Compliance and Ethics: Ideas & Answers” newsletter together with Joe Murphy, Jeff Kaplan, and Rebecca Walker, and CCEP certified. His first book, Ethics & Compliance for Humans, was published by CCI Press and is available now.    

Host: Susan Divers

Headshot_Susan_Divers_S7E18_Principled_Podcast

Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years’ accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Mrs. Divers’ background includes more than thirty years’ experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008.

She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. Mrs. Divers’ most recent publication is “Balancing Best Practices and Reality in Compliance,” published by Compliance Week in February 2015. In her spare time, she mentors veteran and university students and enjoys outdoor activities.

Categories
Blog

Assessing Organizational Culture

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 2, consider how to assess your culture with Viktor Cuijak.

Cuijak, a chartered accountant with a strong background in finance, audit, and risk consulting, currently serves as the Director of Customer Success and Services at Diligent. With a decade of experience in the Big Four and a focus on governance, risk, and compliance (GRC) objectives, Cuijak firmly believes in the importance of assessing and managing organizational culture as a risk factor. He views culture as a dynamic risk that can have significant consequences if not properly managed, and advocates for standardized and benchmarked culture assessments to provide valuable insights for risk management. Cuijak emphasizes the need for practical guidance on implementation, highlighting the significance of tone at the top and other artifacts such as policies, procedures, and feedback mechanisms in culture assessments. Crucial Role of Culture podcast.

Assessing and managing organizational culture as a risk factor is a crucial aspect of ensuring the success and sustainability of any organization. A compliance professional can begin by the using existing frameworks like COSO (Committee of Sponsoring Organizations of the Treadway Commission) for guidance in assessing and managing organizational culture. This framework provides principles and guidelines that help organizations understand the key factors that impact culture as a risk factor.

The tone at the top, policies, procedures, and feedback mechanisms were identified as key indicators of an organization’s culture. The tone at the top refers to the leadership’s actions and behaviors, which set the tone for the entire organization. Policies and procedures play a crucial role in shaping the desired culture, but it is not enough to simply have them in place. Actions, communications, and responses must align with the stated culture.

One of the key challenges is the nebulous and intangible nature of culture, which can make it difficult to assess and audit. However, Cuijak emphasized that culture can be thought of as just another risk that organizations need to manage. By asking the question, “What can go wrong?” organizations can identify potential risks and gaps in their culture and take steps to address them.

Standardized evaluation was also discussed as a valuable tool for assessing and benchmarking culture. It provides a common language and framework for managing risks associated with culture. By using evaluation tools, organizations can track their progress and identify areas for growth.

Cuijak also emphasized the importance of considering the impact of culture when making decisions. Culture is not just a checklist exercise, but rather a holistic approach that encompasses actions, communications, and responses. It is not enough to have policies and procedures in place; organizations must demonstrate their culture through their actions and communications.

While frameworks like COSO provide principles and guidance, they may not always provide the specific “how” in assessing and managing culture. This is where organizations need to tailor their approach and consider additional tools and techniques that align with their specific needs and goals.

In conclusion, assessing and managing organizational culture as a risk factor is a complex but essential task for organizations. By using existing frameworks, evaluating key indicators, and considering the impact of culture on decision-making, organizations can identify potential risks, address gaps, and create a culture that supports their overall success and sustainability.

Join us tomorrow where we explore creating a strategy to manage culture risk.

Tune into Viktor Cuijak on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
Daily Compliance News

Daily Compliance News: September 19, 2023 – The $2111 Per Hour Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Is your lawyer worth $2K+ per hour?  (Reuters)
  • From a smoking break to a weed break? (NYT)
  • Boards looking more critically at CEO behavior. (FT)
  • US Treasury Sec wants to tackle Nigerian corruption. (Bloomberg)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 11 – Charitable Donation Enforcement Actions

When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and violates the FCPA. This was a feature of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the SEC in 2012, involving a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the DOJ as a criminal matter, against another U.S. entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.

Three key takeaways:

  1. Every compliance practitioner should study both the Lilly and Schering-Plough enforcement actions.
  2. What is the purpose of the charitable entity you are making a donation to?
  3. “Document, Document, and Document” your due diligence around donors.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Data Driven Compliance

Data Driven Compliance: Rachael Ormiston on Privacy as a Business Differentiator

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

We take things in a data privacy direction today as I visit with Rachael Ormiston, Head of Privacy at Osano, whose No Penalties Pledge sets them apart in the privacy industry, offering customers assurance that they won’t face fines for non-compliance. In conversations with Tom Fox, Rachael Ormiston discusses the importance of privacy as a business differentiator and the impact of GDPR. Trust is highlighted as crucial for building a positive customer experience. Osano has developed a privacy maturity model to help companies assess their progress and prioritize compliance. Their website offers valuable resources, catering to both experts and beginners in the field. Rachael emphasizes the increasing importance of data privacy and the need for companies to prioritize it at the executive level.

Highlights Include

·      Osano’s No Penalties Pledge

·      Privacy as a Business Differentiator

·      The Importance of Privacy Compliance

·      Data Privacy and Free Resources

Resources:

Osano

 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Navigating Digital Compliance: Managing Risks and Embracing Innovation

In a rapidly evolving digital landscape, managing compliance risks has become a critical priority for organizations. In a recent Innovation in Compliance podcast episode, I had the opportunity to interview Chris Lehman, CEO of Safeguard Cyber, a compliance and security company, to shed light on the importance of effective digital compliance and the challenges that arise with the shift in communication channels. This blog post explores the key insights from this conversation and offers practical advice on managing risk in the realm of digital compliance.

The manner in which communicate has undergone a dramatic transformation with the rise of smartphones and the increasing use of cloud-based applications and messaging platforms. Today, a staggering 45% of all business communication takes place outside of email, spanning channels like Slack, Microsoft Teams, WhatsApp, Telegram, Line, SMS, iMessage, and even social platforms such as LinkedIn. In addition to this tech side of the communication revolution, there is the generational change, from the way Baby Boomers communicated through GenXers to Millennials to GenZers. Moreover, corporations have not implemented the same level of controls for these new communication channels as they have for email, leaving potential vulnerabilities.

Lehman emphasizes the human factor as the most significant risk in compliance strategies. While technological advancements have enabled agility, innovation, and new ways of engagement, it is crucial to ensure compliance in these digital interactions. Safeguard Cyber highlights the need for organizations to prioritize compliance and good corporate governance, while still allowing employees to be agile and innovative.

To effectively manage risk in digital compliance, it is vital to treat it as a comprehensive risk management process. This involves understanding regulations, establishing robust policies, training employees, and leveraging technology to monitor and mitigate risks. It all starts with a risk assessment, which informs your risk management strategy. From there you must implement effective training and communications, then monitor and upgrade as needed. To do this you also need a tech solution which provides visibility into digital communication channels, enabling organizations to identify potential risks in real-time and take corrective action.

Unfortunately, there is often a tension that can arise between compliance teams and line of business teams. Rather than being seen as a hindrance, compliance teams should strive to be enablers and strategic partners. By providing visibility into the tools and applications employees use, compliance teams can facilitate decision-making on freedom and flexibility while maintaining compliance standards.

The regulators, such as the Securities and Exchange Commission (SEC), Commodities Futures Trading Commission (CFTC) and the Department of Justice (DOJ) have all take notice and have all emphasized the importance of compliance and good corporate governance in these new communication channels. This summer alone, SEC recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the CFTC ordered four financial institutions to pay a total of $260 million for recordkeeping and supervision failures for widespread use of unapproved communication methods. All of this means that companies must identify and assess their risks, implement risk management strategies, and ensure that policies and procedures are not only in place but also effectively trained and followed.

Fortunately, technologies now exist that allow organizations to achieve compliance without becoming overly burdensome through their monitoring function. Safeguard Cyber’s tech solution, for instance, monitors digital communication channels, such as email, messaging platforms, and social media, while ensuring employee privacy through an opt-in system. By leveraging natural language understanding technology, sensitive information can be flagged, and compliance can be maintained seamlessly.

As we move forward, the goal for organizations is to break down the walls between line of business and compliance teams. Technology will play a pivotal role in providing visibility into various communication channels and applications, helping employees stay within boundaries without intentionally breaking rules. Increased regulatory oversight is expected in the future, making it even more crucial for organizations to prioritize digital compliance.

In the modern business landscape, effective digital compliance and good corporate governance are paramount. Managing compliance risks in the realm of digital communication requires organizations to treat it as a risk management process, leveraging technology and establishing robust policies. By embracing technology solutions like Safeguard Cyber, organizations can monitor communication channels, flag potential risks, and ensure compliance without stifling innovation and agility. As we navigate this ever-evolving digital world, prioritizing digital compliance will be a key differentiator for organizations seeking long-term success.

Categories
Corruption, Crime and Compliance

Corficolombiana DOJ and SEC FCPA Settlements

When operations span across borders, navigating local regulations and ethical standards becomes even more crucial. As evidenced by Corficolombiana’s case, neglecting these measures can lead to hefty legal ramifications and significant economic repercussions. In this episode of Corruption, Crime and Compliance, Michael Volkov unravels the Corficolombiana and Group Aval scandal, shedding light on the importance of implementing and maintaining robust ethics and compliance programs for global companies.

You’ll hear Michael talk about:

  • Corfico is a subsidiary of the Colombian financial behemoth, Grupo Aval. The two entities agreed to substantial settlements with both the DOJ and SEC, stemming from allegations of a bribery scheme in Colombia.  
  • It emerged that Corfico had conspired with Odebrecht, a Brazilian construction firm, to pay around $23 million in bribes to influential Colombian government officials to clinch the project. The DOJ’s settlement with Odebrecht throws more light on the matter.
  • Corfico’s forthcoming cooperation with both DOJ and Colombian authorities demonstrated their intent to amend their ways.
  • Corfico embarked on extensive remedial measures, which the DOJ acknowledged and appreciated. This included a comprehensive root cause analysis and subsequent enhancements to their corporate governance and controls. 
  • Corfico also revamped its compliance program, introducing improved reporting, investigation, and disciplinary procedures and revisited its anti-corruption compliance program.
  • The DOJ extended a 30% fine reduction to Corfico, a significant reprieve. What stood out, however, was the decision against appointing an independent compliance monitor in this case. 
  • Such international scandals accentuate the risks that large projects in foreign lands pose. Drawing parallels with the ABB case, it’s clear that ethics and compliance are non-negotiables for global firms.

 

KEY QUOTES

“The DOJ credited Corfico’s cooperation, citing its production of facts obtained through the company’s internal investigation, making numerous detailed factual presentations that distilled certain key factual information producing documents that the government may not have been able to get access to because of foreign data privacy laws providing sworn testimony from Columbia.” – Michael Volkov

 

“Corfico promptly engaged in extensive remedial measures, including, among other things, conducting a root cause analysis of the bribery scheme identified during the internal investigation. Promptly took the actions to enhance its corporate governance and controls and joint venture entities as well as improved its oversight of noncontrolled joint ventures and investments, overhauled its compliance program… As a result of this, the DOJ awarded Corfico a 30% reduction off the bottom of the applicable guidelines fine range.” – Michael Volkov

 

“It’s always good to look at the underlying conduct, and imagine: If you’re working in a company, with your compliance program, would you have been able to detect this? How would your compliance program have prevented this from occurring?” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Adventures in Compliance

Adventures in Compliance – Compliance Lessons from The Adventure of the Beryl Coronet

The story begins with a respected banker, Alexander Holder, who comes to Sherlock Holmes for help. Holder tells Holmes that he was entrusted by a client with a precious artifact, the Beryl Coronet, which is studded with valuable jewels. Holder, fearing the artifact might get stolen, took it home and locked it in his safe.

The following morning, Holder finds the coronet damaged, and three beryls are missing. Holder immediately suspects his son Arthur, as he was found with the artifact in the middle of the night in a frantic state. Although he claims innocence, Arthur refuses to provide any alibi. Holder, devastated and confused, seeks Holmes’ help in solving the mystery.

After examining the scene, Holmes infers that the intruder was an amateur. He notices footprints that lead to and from a garden window. Holmes suspects Arthur’s cousin, Mary, after discovering that she had been out walking late that night and received a sizable payment from a mysterious source.

Holmes eventually identifies the true culprit as Sir George Burnwell, a man of questionable character who had been romantically involved with Mary. Mary had been paying Burnwell to keep quiet about their relationship, using money she received from pawning her own jewelry.

Holmes manages to recover the stolen jewels from a pawnbroker. It is revealed that Arthur was indeed innocent and had taken the blame to protect Mary, whom he loved. The story concludes with Holder expressing relief at the solution, but also sorrow that Mary had been led astray by Burnwell.

Compliance Lessons 

Due Diligence: The plot revolves around a precious beryl coronet that is partially stolen. The owner, Mr. Holder, fails to exercise due diligence in securing the coronet, leading to the theft. This highlights the importance of thorough risk assessment and due diligence in compliance, particularly regarding asset security.

Confidentiality: The coronet is a state secret. Its value is immense, and it is given to Holder to be used as a security against a loan. This underscores the importance of safeguarding sensitive or proprietary information and the responsibility individuals and organizations have in maintaining confidentiality.

Insider Threat: The theft is carried out by a trusted individual within the household. This reflects real-world scenarios where individuals within an organization pose significant risks. It’s crucial to establish systems that can detect and prevent insider threats.

Crisis Preparation: Holder makes an immediate decision to approach Sherlock Holmes when the theft is discovered. This can be related to the crisis training that should be followed when a breach or issue is detected within an organization, including notifying the relevant authorities or consulting professionals to handle the situation. You should game out and plan your cyber breach responses.

Trust and Transparency: The conclusion of the story reveals a complex web of familial relationships and a severe lack of trust and transparency within the Holder household. This emphasizes the significance of fostering a culture of openness, trust, and transparency within an organization. Honest communication and transparency can prevent misunderstandings and miscommunication that might lead to non-compliance issues.

Unintended Consequences: The impulsiveness and rash decisions of characters in the story lead to unintended consequences, such as Arthur’s unjust imprisonment. This is a reminder that organizations must think through the potential outcomes of their actions, especially with regards to compliance and regulatory matters, to avoid unexpected negative impacts.

Resource

The New Annotated Sherlock Holmes

Categories
Blog

What is Corporate Culture?

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 1, we ask what is culture with our special guest Yvette Hollingsworth-Clark.

Yvette currently holds the position of Chief Compliance Officer for State Street Corporation  and is on the Board of Directors at Diligent. With a robust background in risk management, Yvette has cultivated a deep understanding of the significance and measurement of corporate culture. She asserts that corporate culture should not be solely managed by the compliance function, but rather owned by the C-suite and executed in various forms. Yvette stressed the need for specific metrics to monitor and promote desired cultural values, such as integrity, and believes that culture can be measured through metrics such as the number of risk decisions overruled, challenged, or implemented correctly. She also highlighted the importance of considering stakeholders such as customers, clients, and third parties when assessing corporate culture.

Yvette emphasized that culture is not solely the responsibility of the compliance function but is owned by the C-suite and executed in various ways throughout the organization. CEOs have a significant role to play in driving corporate culture. They must lead by example, set expectations, and hold managers accountable for adhering to the desired cultural attributes.

One key aspect is the importance of tone from the top. Employees observe the behavior of their senior leaders and often mimic their actions. CEOs need to be conscious of the examples they set, both verbally and through their behavior. Fairness is also crucial in setting the culture of a company. Every decision made by senior leaders, regardless of their position, should demonstrate fairness and align with the desired culture.

The Board of Directors also plays a significant role in shaping and overseeing corporate culture. They need to understand how management defines culture and how ethical issues are managed within the organization. Yvette advises boards to think about the framework of culture more broadly, considering factors such as the company’s reputation to customers and other stakeholders, as well as the employee experience. It is essential to demonstrate how the organization is executing against the cultural attributes that are deemed positive for the company.

Assessing corporate culture is a complex task that requires a balance between art and science. While there are specific metrics that can be used to measure culture, such as risk decisions, policy violations, and disciplinary actions, it is important to anchor the assessment to the specific aspects of culture that are relevant to the organization. Yvette suggests using a suite of metrics that focus on risk excellence and positive indicators of culture, such as employee training, customer treatment, and incident handling.

One must always remember that assessing culture is not a one-size-fits-all approach. It requires organizations to be specific about what their data can answer and what it cannot. A culture assessment is still more of an art than a science, but it is crucial to have a clear understanding of the indicators that align with the organization’s desired culture.

In conclusion, corporate culture is of utmost importance in the financial services industry. It is not only the responsibility of the compliance function but is owned by the C-suite and executed throughout the organization. CEOs must lead by example and set expectations, while the board plays a significant role in shaping and overseeing culture. Assessing culture requires a balance between art and science, with organizations using specific metrics that align with their desired cultural attributes. By prioritizing and measuring culture, financial services organizations can create an environment that promotes ethical behavior, risk excellence, and positive outcomes for all stakeholders.

Join us tomorrow where we explore assessing organizational culture.

Tune into Yvette Hollingsworth-Clark on the Diligent-sponsored podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Written Standards: Day 10 – Policies and Procedures on Gifts and Business Entertainment

If one were to reflect upon the providing of gifts and business entertainment to foreign governmental officials, one might reasonably conclude that after 40 years of the FCPA, companies might follow its prescriptions regarding gifts and business entertainment. However, there have been some notable FCPA enforcement actions in this area.
The 2012 FCPA Guidance clearly stated the FCPA does not ban gifts and entertainment. Indeed, it specified, “A small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other. Some hallmarks of appropriate gift-giving are when the gift is given openly and transparently, properly recorded in the giver’s books and records, provided only to reflect esteem or gratitude, and permitted under local law. Items of nominal value, such as cab fare, reasonable meals and entertainment expenses, or company promotional items, are unlikely to improperly influence an official, and, as a result, are not, without more, items that have resulted in enforcement action by DOJ or SEC.”
These guidelines must be coupled with active training of all personnel, not only on a company’s compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and business entertainment. Lastly, it is imperative that all such gifts and business entertainment be properly recorded, as required by the books and records component of the FCPA.
And, as always, do not forget the gut check test.

Three key takeaways:

  1. Gifts and business entertainment continue to plague companies for compliance violations.
  2. The key is not the amount but of having a policy and procedure and following it.
  3. Always remember to record gifts and business entertainment expenses correctly.

For more information, check out The Compliance Handbook, 4th edition, here.