The FCPA world is littered with enforcement actions against companies for the most basic compliance failures – those around gifts, travel, and entertainment (GTE). Many compliance professionals struggle with issues from GTE: Violations can arise out of anything, from discrepancies between outbound and inbound reporting to simply relying too heavily on the manual process of maintaining spreadsheets.
As your company is considering RTW sometime in fall 2021, you know you will need to remind everyone about why GTE is so critical to compliance. How do you add in an analysis of more efficient business travel, time use, and even whether you need to travel for meetings?
Key points discussed in the episode:
✔️The Gifts, Travel, and Entertainment (GTE) Policy is foundational to a company’s values. GTE touches so many other pieces in a compliance program – COI, anti-corruption, anti-fraud, government contracting, donations/corporate giving, marketing in the healthcare space, etc. Small numbers are essential, and telling the truth about GTE reimbursement is critical to an ethical culture.
✔️Each company has different GTE rules in place – first, you have to take stock of what rules apply to your company and your sales force.
✔️ Look at who you do business with? If your customers are all state governments, that makes it easy – no gifts or entertainment, ever—however, companies operating in several markets may have varying customers. Be aware of what your customers can and cannot accept re: GTE.
✔️ In your organization, build a policy that speaks to your specific obligations. Make it clear that every single gift or entertainment expense must be documented and submitted, and nothing is off-books.
✔️ Include as many examples as possible in your policy – call out specific things that are not allowed (aka DO NOT GIVE ANYONE A FERRARI OR A HOUSE IN THE HAMPTONS…OR A CONGRESSIONAL SEAT).
✔️ Make things much more concrete and give people an idea of what’s appropriate and not appropriate. It is essential to call out cash and cash equivalents to explain better why It is NEVER okay to give cash or equivalents as GTE.
✔️ Train the heck out of the policy – both the broad workforce and the finance team that will be reviewing the invoices and the sales team that will be incurring the expenses. Walk them through expectations and what to watch out for as red flags.
✔️ Use checklists – give the team reviewing invoices a list of what to look for (good and bad) and have them do it (formally or informally) for each invoice.
—————————————————————————-
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation.
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.
Author: admin
*This episode is sponsored by Ethisphere.
Managing Director of Ethisphere, Doug Allen and Erica Salmon Byrne, EVP of Governance and Compliance, join Tom Fox on this week’s episode to talk about the World’s Most Ethical Companies award put on by Ethisphere every year.
Origins
Ethisphere was created to advance the standards of ethical practices. Doug says that their three tenets are “to define what’s good in terms of how businesses do business with integrity; …to measure and improve in all facets of integrity and then curating and convening organizations of like cultures and nature…” WMEC is the “purest manifestation of all these key tenets,” he continues, as it was established 16 years ago to “celebrate and recognize organizations that were doing business the right way.” The application process is rigorous, but it helps companies measure and assess their performance as well as give them a roadmap on how to improve. Erica comments that it “pulls the practical out of the theoretical… We spend a lot of our time taking those very broad strokes of guidance that we see from the regulators… and saying ‘What does this look like in practice?’”
How WMEC Has Evolved
The main survey applicants have to fill out for WMEC has become more expansive, as it is updated yearly. Doug and Erica tell Tom about some topics that were added as the survey evolved, including questions about supply chain compliance, human rights, culture and stakeholder engagement. Being a WMEC awardee is a powerful tool: companies who keep their purpose and ethos at the forefront outperform their competitors, Erica says.
Applying for WMEC
Applications for WMEC open in early August. Doug describes the timeline for the review process and when they announce the awardees. Tom comments that applying for WMEC is more important than winning. “Just by engaging with the application process itself,” Doug remarks, “you get a very clear and detailed description of where trends are going…” Tom adds that it can also be seen as a gap analysis. Erica agrees and walks through the application and review process. Survey scores, validating documents, and Ethisphere’s independent reputation analysis are all used to determine the ultimate winners, she explains. Tom asks who should apply. Doug responds, “This is a process we developed intentionally to be applicable to organizations around the world of any sector and industry, …of just about any size as well.” Erica re-emphasizes the benefits of applying even if you don’t think you are ready. The feedback you receive from your application, as well as the access to great resources, is worth so much, she points out.
Resources
WorldsMostEthicalCompanies.com
MWEApplications@ethisphere.com
Application Process
Application Guide
Methodology
Why Apply
2022 Interest Form
Erica Salmon Byrne on LinkedIn
Doug Allen on LinkedIn
In this episode, the Kitchen takes a look at a settlement between the BIS and a California company, Dynatex International, over allegations of Export Administration Regulations violations.
Yven Heine is the Managing Director of StoneTurn. A risk professional with over 20 years of experience, he has worked as US CPA in all three lines of defense. He joins Tom Fox on this episode of the ESG Report to discuss a new German law on supply chain that has significant implications for ESG.
Germany’s New Supply Chain Law
Any company with over 3000 employees that is based in or has a branch in Germany is subject to the new Supply Chain Act, Yven tells Tom. The law defines supply chain as all steps required to manufacture products and provide services. As of January 1, 2023, companies and their suppliers will be legally obligated by law to observe human rights and environmental due diligence along the supply chain or be fined up to 2% of their annual revenue. This is why companies need to prepare for this law from now, he says.
ESG in the EU
Tom asks Yven what he thinks about the state of ESG in the EU. Yven responds that companies are slowly starting to establish ESG reporting and define risks for inclusion in their risk assessment process. It’s important to establish an ESG risk management system from now to safeguard your company and to ensure that you’re protecting human rights and the environment in your business operations, he emphasizes. This system should include your direct and indirect suppliers. He sees the new Supply Chain Act as a significant step towards human rights protection which has global impact. It effectively mandates that companies must ensure human rights and environmental protection wherever they do business, even in China or Bangladesh. He and Tom discuss ESG reporting by corporations in the EU. The financial services sector must now take ESG factors into account when making investment decisions.
Into The Future
Tom asks, “Do you see ESG evolving or changing in the EU?” Yven responds it is evolving and because of this new law, companies have to act sooner rather than later.
Resources
StoneTurn
Yven Heine on LinkedIn
In this Episode of the FCPA Compliance Report, I am joined by Professor Karen Woody to look at the current state of the SEC in the Biden Administration. Highlights of this podcast include:
A. SEC-Early Impressions
- SEC debate in the public arena between the commissioners.
- Early impressions of SEC Chair Gensler.
- What are some of the top priorities you have seen so far from the SEC?
- Has new enforcement life been breathed into the SEC?
B. Specific Topics
- Where will SEC enforcement go on SPACs? Will Lordstown Motors be a harbinger or simply just another accounting fraud?
- Non-bribery FCPA enforcement under books and records/internal control provisions. Does Tandy Leather continue this trend?
- What, if any role will SEC have in crypto regulation as a commodity? Or is it a financial instrument of some type?
- What other areas you are watching from the SEC for either guidance or enforcement?
C. Into the Future
- How, if any has the Coronavirus health crisis changed the SEC’s approach?
- When might we see the SEC under Gensler start to hit its stride?
In today’s edition of Daily Compliance News:
- Embrace stress. (WSJ)
- Where celebrity culture is corruption. (FT)
- Good work if you can get it. (South China Morning Post)
- The Top 25 (most corrupt countries in the world) (YaHoo! Finance)
In today’s edition of Sunday Book Review:
- The Cause: The American Revolution and its Discontents by Joseph Ellis
- Power and Liberty: Constitutionalism in the American Revolution by Gordon Wood
- Shutdown: How Covid Shook the World’s Economy by Adam Tooze
- Renewal: From Crisis to Transformation in Our Lives, Work and Politics by Ann-Marie Slaughter
In today’s edition of Daily Compliance News:
- T-Mobile apologizes. (WSJ)
- KPMG tells employees report inhouse, not to the press. (City A.M.)
- Benefits surcharge for employment. (WSJ)
- What is ‘hedonistic altruism’? (NYT)
Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, we are now less than six months away from a new Revenue Recognition (“new rev rec”) standard, which may significantly impact the compliance profession, compliance programs, and compliance practitioners. I visited with Joe Howell, Executive Vice President (EVP) at Workiva Inc., and asked him if he could walk me through some key changes and how they might impact compliance. FASB recognized that its revenue recognition requirements around the U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new rev rec standard. The implementation will be a massive undertaking. According to Howell, “The accounting standard is 700 pages long, and in the US accounting literature, it replaces over 200 other pieces of accounting guidance on revenue.” The official name is “Revenue from Contracts with Customers,” and Howell noted there are a “lot of surprises, and the thing that is true for almost everybody is that they are going to be facing some level of change in the way they account and report revenue. They will most certainly have to change how they disclose their revenue-related things. Included in the revenue standards are over six pages worth of new disclosure requirements.” One of the key differences in this new rev rec standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. Howell thinks this will pressure auditors “to get comfortable with what the company provided them and which they incorporated into their decision-making process in forming an opinion. This is quite different for disclosure control because the auditor’s typically not relying on those.” This will create risks for auditors adjusting to the new rev rec standard because as they learn more about it and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it. This is important to the compliance profession and the compliance practitioner because internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement it. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation that companies must inform the SEC about the accounting policies that they are changing and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. Howell believes “The SEC is making it clear that this is a real compliance issue.” Moreover, the SEC has indicated that these disclosures are central to the new rev rec standard. Howell said, “typically, if a company has some sort of failure in their disclosures for an accounting standard, they’re treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting.” While disclosure of internal controls might not typically bring Section 404 scrutiny, they may now do so under the new rev rec standard. Howell articulated that when performing a financial audit, an auditor would usually not rely on a disclosure control in the past. However, under the new rev rec standard, if there is a change during the year in how an auditor views a disclosure control, it could require them “to go back and either figure out if the audit work that they did is tainted and they need to go back and do that work in the form of substantive testing, or they need to go back to see if there were mitigating controls that were in place that still allowed them to rely on the internal control processes to get comfortable with what the company provided them and which they incorporated into their decision-making process in forming an opinion. This is quite different for disclosure control because the auditor’s typically not relying on those.” Of course, this is overlaid with the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of materiality standards. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls. Yet there are other tie-ins into compliance that the compliance practitioner needs to understand and prepare for going forward. The prior rev rec standard was rules-based. As a lawyer, that was an approach I was quite comfortable with both from a learning standpoint and communicating with business folks. But now, the standard is much more judgment-based, and when a standard is more judgment based, there can be more room for manipulation. Howell explained the response by compliance is “making sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgments that managers must make as they report their revenue under the new standard; and that those judgments themselves are properly documented.” This final point demonstrates the convergence and overlap between the compliance profession, compliance programs, and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. They can also be used to gather the information that will be presented to auditors under the new rev rec standard. Many professionals are focused on the new rev rec from the auditing and implementation perspective. However, suppose you are a Chief Compliance Officer (CCO). In that case, you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.
Three Key Takeaways
- An effective internal controls system provides reasonable assurance of the entity’s objectives relating to operations, reporting, and compliance.
- There are two over-arching requirements for effective internal controls. First, each of the five components is present and functional. Second are the five components operating together in an integrated approach.
- You can use the Tem Hallmarks of an Effective Compliance Program for an anti-corruption compliance program as your guide to testing against.
For more information on improving your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The new FASB rev rec standard has significant implications for the compliance practitioner going forward.]]>