In today’s edition of Daily Compliance News:
Author: admin
One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.
It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following through on intentions as set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement, by using the following:
- Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
- Design an execution plan. The KISS method (Keep it Simple Sir) is the best to move forward. This would suggest that for each compliance goal, there should be a simple and straight forward plan to ensure that the goal in question is being addressed.
- Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a report requirement on how the task assigned is being achieved.
- Schedule the next review of the plan. There should be a regular review of the process. It allows any problems which may arise to be detected and corrected more quickly than if meetings are held at a less frequent basis.
Continuous monitoring is a key step but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program.
Three key takeaways:
- Innovation can come through a new way to think about and use data going forward.
- Have a plan in place to use the information garnered in your monitoring incorporated back into your compliance program.
- Always remember that Document Document Document is critical if the regulators come knocking.
In today’s edition of Sunday Book Review:
- Last Hero Life Henry Aaron by Howard Bryant
- I Had a Hammer by Henry Aaron and Lonnie Wheeler
- One for the Record: The Inside Story of Hank Aaron’s Chase for the Home Run Record by George Plimpton
- A Summer Up North by Jerry Polling
In today’s edition of Daily Compliance News:
- Howard Bryant (ESPN)
- Claire Smith. (TheUndefeated)
- Tom Verducci. (com)
- Tim Kurkjian. (ESPN)
The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward.
This scenario was driven home by the SEC in a 2015 FCPA enforcement action involving Mead Johnson Nutrition Company. In this enforcement action, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately, the first investigation, performed in 2011, did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.
Internal reporting. The 2020 FCPA Resource Guide has as clear and concise a statement about hotlines as any other requirement found in Hallmarks of an Effective Compliance Program. It states: “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.”
Triaging claims. Given the number of ways that information about violations or potential violations can be communicated to the government regulators, having a robust triage system is an important way that a company can determine what resources to bring to bear on a compliance problem.
Jonathan Marks has articulated a five-stage triage process which allows for not only an early assessment of any allegations but also a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, consider what will be the types of evidence to review going forward. Finally, before selecting a triage solution, understand what tools are available, including both forensic and human, to complete the investigation.
Finally, after you ascertain you have an effective reporting mechanism through your hotline and demonstrate you have a robust and properly scoped investigation protocol, you must use the information you receive to remediate any issues which may arise. It is not enough merely to show that a hotline exists, you must present the data it produces.
Three key takeaways:
- The DOJ and SEC put special emphasis on internal reporting lines.
- Test your hotline on a regular basis to make sure it is working.
- Have an investigation protocol in place before the call comes in so you will be ready to go and not required to scramble to create a protocol.
As we move from the worst and most corrupt President of all time to the Biden Administration and Jay and Rebecca celebrate their daughters ascension to womanhood, Tom and Jay are back to look at some of the top compliance articles and stories which caught their eye this week.
- What does the FinCEN enforcement action against Capital One mean for compliance? Jaclyn Jaeger in Compliance Week. (sub req’d) Matt Kelly explores on Radical Compliance. Tom and Matt take a deep dive on Compliance into the Weeds.
- The OFAC year in review. Mike Volkov takes a deep dive in Corruption Crime and Compliance.
- The Boeing Fraud enforcement action? Tom take a deep dive in the FCPA Compliance and Ethics Blog. Dylan Tokar in the WSJ Risk and Compliance Journal.
- Poaching now legal? Paul Weiss lawyers on NYU’s Compliance and Enforcement Blog.
- Wells Fargo ex-GC spanked. Jaclyn Jaeger in Compliance Week. (sub req’d)
- UAE to fight money-laundering. Jon Rausch (returns) in Dipping Through Geomotries.
- More Caremark claims coming? Kevin LaCroix in the D&O Diary.
- Are you an introverted compliance professional? Now may be the time for you. Dick Cassin explores on the FCPA Blog.
- A new month is here and a new guest on The Compliance Life. Gwen Hassan- Director of Compliance at CNH Industrial. In this month’s third episode, Gwen explains why every compliance professional needs to stay culturally curious. Check out the episode here.
- This month, on 31 Days to a More Effective Compliance Program, I look back over 2020 and set out some of the key enhancements you need to do for your compliance program in 2021. Day 16 | 3Rd Party Risk Management Process; Day 17 | Managing Your 3rd parties; Day 18 | Levels of Due Diligence; Day 19 | The Investigation Protocol; Day 20 | Responding to Investigative Findings; Day 21 | Continuous Improvement; Day 22 | Internal Reporting. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel.
- Join K2 Integrity on January 27 to hear Olivia Allison and Joanne Taylor discuss the latest E
U regulatory developments in whistleblowing programs and investigations. Information and Registration here. - Compliance Week is accepting nominations for its Excellence in Compliance Award. Submit your nominee here.
Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
The 2020 Update was very clear about the need for continuous improvement in any compliance program. It stated quite succinctly, “One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the applicable industry standards. Accordingly, prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale.”
Continuous improvement through continuous monitoring or other similar techniques will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based upon new and updated best practices specified by regulators. A compliance program is in many ways a continuously evolving organism, just as your company is. You need to build in a way to keep pace with both market and regulatory changes to have a truly effective anti-corruption compliance program.
Three key takeaways:
- Your compliance program should be continually evolving.
- Monitoring and auditing are different, yet complimentary tools for continuous improvement.
- Culture assessment and monitoring are also now required as well.
When it comes to scams and frauds, it’s not just individuals at risk, but also companies. In Episode 2 of Digging Deeper, Chris Morgan Jones interviews Jordan Arnold about corporate scams, and they even discuss cracking the case of a stolen Dali.
How can individuals and organizations recognize scams before they fall victim to them? K2 Integrity offers the following guidance to individuals and entities alike.
Top Tips to Avoid the Scammers:
- Before it happens – online sharing. In today’s world, a digital footprint can be invaluable for criminals. From social media to publicly available information, criminals are able to make scams increasingly personalized. By practicing safe online sharing practices, organizations and individuals can have a first line of defense against scammers.
- Keep your information close. Scammers often aren’t who they say they are – they can call, text or email as a friend or family member. If you’re not expecting a request, don’t share personal information or financial information, no matter how real it may feel.
- Don’t pay for anything upfront. Whether it is debt relief or the trip of a lifetime, scammers will explain away why you need to put a down an initial payment. Even if it sounds amazing, do not wire, pay cash, write a check or pay via peer to peer services
- If it seems too good to be true, it probably is. When you’re approached by a dream offer, make sure you do your homework and don’t let your guard down. For example:
- When was the email domain created? If it was recently – even three months ago – it’s probably a hoax.
- Did you reach out to the verified company, not just the individual? To check whether a call or an email is real, contact the company the person is with – even considering reaching out to their PR firm or external representation.
Digging Deeper, an investigative podcast series by K2 Integrity, helps shine a light on the investigations industry as few can: via the real-world, exceptional practitioners who, day in and day out, conduct this work across sectors and around the globe. Listen in to each episode where guests explore unique cases and share what they uncovered along the way to crack the code for clients. Learn more by clicking here, or subscribe on Apple Podcasts, SoundCloud, Spotify or Stitcher.