Author: admin

Categories
31 Days to More Effective Compliance Programs

Designing a process for continuous monitoring


Most CCOs and compliance practitioners understand the need for continuous monitoring. Whether it be as a part of your overall monitoring of third-parties, employees, or to test the overall effectiveness of internal controls and compliance, continuous monitoring is clearly a part of a best practices compliance program. Further, while most compliance practitioners are aware of the tools which can be applied for continuous monitoring, they may not be as aware of how to engage in the process. Put another way, how do you develop a methodology for building a continuous controls monitoring process that yields sustainable, repeatable results?
Joe Oringel, co-founder and principal at Visual Risk IQ uses a five-step process. The steps are: 1) brainstorm, 2) acquire and map data, 3) write queries, 4) analyze and report, and 5) refine and sustain. If you can establish your extraction and mapping rules, using common data models within your organization, you can use them to generate risk and performance checks going forward. Finally, through thoughtful use of continuous monitoring parameters, you can create metrics that you can internally benchmark your compliance regime against over time to show to any regulators who might come knocking.
 Three key takeaways: 

  1. Create a process to monitor your controls.
  2. Use a compliance SME to work with your internal controls specialist to develop queries from the compliance perspective.
  3. Finally, do not forget the feedback loop nature of the process by integrating your results going forward.
Categories
Why a Duck

COVID-19 and Compliance: Part 1-Business Ethics Matters Even More Now


In this five-part series, Mike Volkov and Tom Fox consider COVID-19 from a variety of angles and perspectives; from the Board of Directors, the CCO, the ethical company, new laws and regulations, crisis management and leadership. In this first episode, we consider the why compliance and ethics are even more important during coronavirus health crisis and what it may all mean going forward. Highlights from the podcast include:

  1. Businesses must lead from the top.
  2. Ethical decision making must be the guidepost for all decisions.
  3. Who are all the stakeholders which need to be considered?
  4. There are a variety of stakeholders which must be considered but health and safety should be the Number 1 consideration.
  5. Should employees be the No. 1 consideration?
  6. How will Gen Z view your company’s actions?

Resources
Mike Volkov-Ethical Business Decisions in the COVID-19 Crisis
Tom FoxCompany Responses

Categories
FCPA Compliance Report

Karen Woody on Profit Disgorgement at the Supreme Court


In the Episode, I visit with Karen Woody, Assistant Professor of Law. Her areas of expertise include, Securities Law, Financial Regulation and White-Collar Crime. We visit about the recent Supreme Court argument in the Lui case and how it might (or might not) impact the SEC’s ability to seek profit disgorgement for fraudsters.
Some of the highlights include:

  • What is profit disgorgement? Is it different from restitution?
  • How has the SEC used this doctrine in the past?
  • How did the Kokesh decision open the way for the Lui appeal?
  • How does the Lui case attack this doctrine?
  • What question was before the Supreme Court?
  • What were the parties arguments?
  • From the Court’s questioning, what can be gleaned?
  • Will the Court really allow convicted fraudsters to keep their ill-gotten gains by doing away with profit disgorgement?
Categories
Daily Compliance News

April 6, 2020-the Relieved of Command edition


In today’s edition of Daily Compliance News:

  • White House lawyer nominated to be CAREs IG. (WaPlo)
  • Roosevelt Captain respectfully asked for help, was fired for his efforts. (WSJ)
  • Zoom CEO admits ‘I really messed up’ over security flaws. (WSJ)
  • Veneto leads the way in Italy. (FT)
Categories
The Affiliated Monitors Expert Podcast

On The Affiliated Monitors Expert Podcast-Don Stern on Working with Monitors

This podcast series features Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. on working with monitors. At the end of this series you will have a much broader appreciation on the benefits of an independent monitor, how monitors work and how the different types of monitorships can benefit a wide variety of businesses, transactions and business relationships.
This series includes:
Fears and Concerns in Working with Monitors
There can be a wide variety of concerns for those considering or being required to work with a monitor, both from the corporate perspective and individual employees. From the corporate perspective, the concerns can include the costs of a monitorship and that impact on the bottom line; opening up books the books to an outsider and interference with business operations. These are acerbated by a fear the monitor does not understand the business of the organization or even how business in done in the real world.

Impact Monitors Can Have for an Organization
Interestingly many of the benefits of a company in working with a monitor come from answering the employees fears and concerns. Many employees are intimidated by attorneys and some even fell guilty about themselves and their work even though they have done nothing wrong. Often employees do not feel like them can trust the company, particularly if the company does not employ the Fair Process Doctrine or institutional justice as a core value of the organization.

How Monitors Do Their Jobs
Stern explained that there are variety of tasks and roles a monitor uses when engaging in an independent monitorship. A monitor should understand type of approaches they will take to make an organization more compliant, starting with understanding the work plan. Many times, the monitor must push the organization along by getting buy-in and building consensus. Finally, there should be an awareness of helping the company being compliant in the future.

Regulators Using Monitors
At its most basic level, an independent monitor is a way for the government to extend its reach. Both in terms of lengthening out the time that you have true government oversight and in terms through many of the techniques we discussed earlier:  focus group meetings, review documents, talking senior and middle management. It is a very cost-effective way for federal, state and even local governments to extend out their reach. This cost-effectiveness is driven home by that fact that the cost is not borne by the governmental entity or the regulators. The cost is borne by the entity involved.

Attorneys Using Monitors
Using an independent monitor in a pro-active manner which demonstrates how serious the company is about compliance. It can also be a way to demonstrate any illegal conduct may simply have been an outlier and does not reflect the values, culture and the way the company generally does business. This can provide quite a positive story to present to prosecutors, particularly under the new FCPA Corporate Enforcement Policy.

For more information on Affiliated Monitors, visit their website at www.affiliatedmonitors.com.

Categories
Sunday Book Review

April 5, 2020, the Music to Brighten Your Day edition


In today’s edition of Sunday Book Review:

Categories
Daily Compliance News

April 4, 2020-the Don’t Cry for CEOs edition


In today’s edition of Daily Compliance News:

  • Apparent new rule in US Navy-tell the truth and you’ll be fired. (NPR)
  • Why supply chain financing is new risk. (WSJ)
  • Don’t Cry for CEOs? (WSJ)
  • Will PE use bailout funds to take over companies hit by coronavirus impact? (NYT)
Categories
31 Days to More Effective Compliance Programs

Internal audit and continuous improvement


Next, we consider how the internal audit (IA) function can be used to facilitate more effective continuous improvement. According to the Institute of Internal Auditors’ own definition, internal audit is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Some of the key compliance activities of IA are to maintain its independence; to conduct auditing activity of awareness and adherence to policies, procedures, internal controls and corporate governance, including those relating to legal, compliance and ethics risks; to ensure there is follow up of recommendations made in IA reports, including those relating to compliance and ethics risks, including to track and report on management follow up; assist and collaborate on internal investigations, including having IA provide audit expertise in dealing with internal controls and financial data; assist in both design and auditing of internal controls and follow up as required. Clearly this is a function which is and should be integrated into compliance.
For its part, the compliance function can leverage IA resources and professionals on audit techniques and analysis of internal controls and such integration extends the corporate compliance influence through the company’s IA network. Finally, it allows the corporate compliance function to be made aware of relevant concerns uncovered during audits, so compliance is more fully able to participate in recommendations and follow up.
Three key takeaways:

  1. Internal audit can be used to provide continuous improvement to and for compliance.
  2. Internal audit can also fill a gatekeeper role in your compliance regime.
  3. Compliance should leverage IA resources and professionals, on audit techniques and analysis of internal controls.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-Introduction and Key 2022 Enforcement Actions Involving 3rd Parties

Over the month of April, I will consider the risk management of third-parties in an operationalized compliance program. As every compliance practitioner is aware, third-parties still present the highest risk under the FCPA. You must assess whether the company has a business rationale for needing the third party in the transaction, and the risks posed by third-parties, including their reputations and relationships, if any, with foreign government officials. You should ensure that contract terms with third parties specifically describe the services to be performed, the third party is actually performing the work, and that its compensation is commensurate with the work being provided in that industry and geographical region.   Finally you must engage in ongoing monitoring of the third-party relationships, through updated due diligence, training, audits, and/or annual compliance certifications by the third party.

In this introduction, I visit with Alexander Cotoia, a Regulatory and Compliance Attorney at the Volkov Law Group to consider how recent FCPA enforcement actions point towards the use cases for a robust third-party risk management system. In 2022, the overwhelming majority of FCPA related enforcement actions involved third parties and required organizations to reprioritize third party risk management. In this episode, we consider case studies involving ABB Limited, GOL Airlines and Oracle which all demonstrated the importance of understanding bribery and corruption schemes, making voluntary disclosures, and reassessing third party risk management.

3 Key Takeaways

1. How can organizations reprioritize third-party risk management as a core compliance function?

2. What strategies can organizations use to avoid FCPA violations and maximize cooperation credit?

3.How can organizations effectively assess the risks posed by potential business partners?

Check out The Compliance Handbook, 3rd edition here

Categories
This Week in FCPA

Episode 199, week ending April 3, 2020 – the (mostly) Non-Coronavirus edition


Searching for non-coronavirus related stories, self-distancing Tom and Jay are back to consider some of the top compliance articles and stories which caught their eye this week.

  1. What were the FCPA enforcement highlights from Q1? Harry Cassin reports in the FCPA Blog.
  2. Instilling trust in uncertain times. Bob Conlin in Navex Global’s Ethics and Compliance Matters
  3. Can 2008 be used as a guide for Boards in this economic downturn? Mark Gerstein and Christopher Drewery in the Harvard Law School Forum on Corporate Goverance.
  4. Why must you be ever vigilent about fraud during an economic downturn. Jonathan Marks on Board and Fraud.
  5. Managing digital disruption, part 2. Jim DeLoach in CCI.
  6. Morrisons skates massive data breach liability in UK. Cordery Compliance Client Alert.
  7. Trump evisceration of EPA puts companies in ethical dililemma. Jaclyn Jaeger in Compliance Week.
  8. Marriott has data breach of 5.2MM guests. Aaron Nicodemus in Compliance Week.
  9. A whistleblower award goes to a compliance professional. Matt Kelly in Radical Compliance.
  10. On the Compliance Podcast Network, Tom concludes a month of looking at the role of innovation in compliance And opens a month of exploring continuous improvement, all on 31 Days to a More Effective Compliance Program. This week saw the following offerings: Monday-Innovation in Compliance Leadership; Tuesday-What Does Innovation in Compliance Look Like?; Wednesday-Continuous Improvement in Compliance; Thursday-the Compliance Audit; Friday-Internal Audit and Continuous Improvement. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here. This month’s sponsor is Affiliated Monitors, Inc.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.