Author: admin

Categories
31 Days to More Effective Compliance Programs

Day 31 | Levels of due diligence


Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward. The question becomes how you use the information you obtained in the business justification and the questionnaire to determine an appropriate level of due diligence for the next step in the five-step process of third-party management. A three-step approach of varying levels of due diligence is the appropriate analysis to take going forward.
A three-step approach was discussed in Opinion Release 10-02, in which the DOJ discussed the due diligence that the requesting entity performed. This Opinion Release sets out a clear break which every compliance practitioner should use in considering an appropriate level of due diligence to engage with your third-party risk management process or when considering the level of due diligence required on a potential business venture partner. A very good description of the three levels of due diligence was presented by Candice Tal, Founder and CEO of Infortal Worldwide, in an article entitled “Deep Level Due Diligence: What You Need to Know
Three key takeaways:

  1. A Level I due diligence should only be used where there is a low risk of corruption.
  2. A Level II due diligence is sufficient in a high-risk jurisdiction if there are no red flags to be cleared.
  3. Level III due diligence is deep dive, boots on the ground investigation.

 

Categories
Daily Compliance News

January 31, 2020, the Some Deterrence is Better than No Deterrence edition


In today’s edition of the Daily Compliance News:

  • Did you help Carlos Ghosn escape Japan? If so, they want you. (NYT)
  • Trump Administrated gutted Chemical Safety and Hazard Investigation Board. Can it do its job? (Houston Chronicle)
  • Why there must be deterrence in white collar criminal enforcement. (FT)
  • Astros fan catalogued every Astros cheat (via bat-banging). (WSJ)
Categories
This Week in FCPA

Episode 190 – the What’s $4 Billion Between Friends edition

Reports are that Airbus will settle corruption allegations for nearly $4bn in England. What other bombshells are out there? Jay and Tom are back to consider some of the top compliance articles and stories which caught our eye this week. Stay tuned for our fearless Super Bowl predictions.

  1. Airbus to settle corruption charges for nearly $4bn.
  2. Ericsson executives acted in ‘bad faith’. Dick Cassin reports.
  3. What are 5 takeaways from the Luanda Leaks? Allison Taylor explains.
  4. Should we worry about the Trump Administration gutting the FCPA? Matthew Stephenson opines.
  5. How can you use external resources to bolster your compliance program? Jay continues his series.
  6. The SEC provides some pointers on cyber-security. Matt Kelly explores.
  7. Why is sponsorship important in compliance? Mary Shirley explains.
  8. What role did corrupt play in the coronavirus? Gretta Fenner and Monica Guy explore.
  9. A more comprehensive look at the SFO’s thoughts on compliance programs.
  10. On the Compliance Podcast Network, Tom concludes his 31 Days to a More Effective Compliance Program series and announces he is extending it out for the year. This week saw the following offerings: Day 27 considers pre-acquisition due diligence in M&A ; Day 28 looks at requirements in post-acquisition integration; Day 29 looks at root case analysis; Day 30 details how to use a root cause analysis to remediate; Day 31 concludes with a look at the 3 levels of due diligence. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
31 Days to More Effective Compliance Programs

Day 30 | Using a root cause analysis for remediation


We previously considered the Prong in the Evaluation that was not present in the Ten Hallmarks of an Effective Compliance Program; that being root cause analysis. The requirement was first raised in the 2017 Evaluation. It was then carried forward as a requirement in the FCPA Corporate Enforcement Policy, later in 2017. It was discussed again in the 2019 Guidance.
You should begin with the question of who should perform the remediation; should it be an investigator or an investigative team which were a part of the root cause analysis? Jonathan Marks, believes the key is both “independence and objectivity.” It may be that an investigator or investigative team is a subject matter expert and “therefore more qualified to get that particular recourse”. Yet to perform the remediation, the key is to integrate the information developed from the root cause analysis into the solution.
Marks further noted that the company may also have deficiencies in internal controls. More importantly, the failure to remediate gaps in internal controls “provides the opportunity for additional errors or misconduct to occur, and thus could damage the company’s credibility with regulators” by allowing the same or similar conduct to reoccur. Finally, with both the 2019 Guidance and FCPA Corporate Enforcement Policy, the DOJ has added its voice to prior SEC statements that regulators “will focus on what steps the company took upon learning of the misconduct, whether the company immediately stopped the misconduct, and what new and more effective internal controls or procedures the company has adopted or plans to adopt to prevent a recurrence.
Three key takeaways:

  1. The key is objectivity and independence.
  2. The critical element is how did you use the information you developed in the root cause analysis?
  3. The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach, using data that already exists in the organization.
Categories
Trekking Through Compliance

Picard-Episode 1, Remembrance


Welcome to a special series of Trekking Through Compliance, the podcast series inspired by my review of Star Trek, the Original Series. In this special series I am joined by another uber Star Trek maven, Megan Dougherty. In this series we will review the new television show Picard which is currently streaming on CBS.
SPOILER ALERT-Although we will review each episode after it appears, we will discuss each episode in depth.
Episode 1, Remembrance begins with former Admiral Jean-Luc Picard  in retirement tending to his vineyards on his family’s ancestral home in in La Barre, France. Picard has resigned his commission from Starfleet in protest of their failure to save the lives of Romulan citizens after the Romulan sun went supernova. Star Fleet made this decision, in no small part, because of an attack on the Confederated Martian Colonies and the Utopia Planitia Shipyards by synthetics. These attacks led to Star Fleet banning their existence.
In Greater Boston, Dahj is enjoying an evening with her boyfriend, when Romulan assassins transport into her apartment. They kill him, but before they can kill her, something activates in Dahj and she kills the assassins. She then has visions of Picard and seeks him out after seeing him being interviewed on the Federation News Network. Dahj finds sanctuary in La Barre but runs away after only night’s stay out of fear of bringing harm to Picard. Picard goes to the Starfleet Archives in San Francisco and discovers a painting Data made thirty years previous entitled “Daughter”, bearing a female figure resembling Dahj. Dahj tracks Picard down and reunites with him, but it proves to be a brief reunion. Romulan assassins beam to their location and kill her.
Picard then goes to the Daystrom Institute in Okinawa and meets with Dr. Agnes Jurati, who reveals Dahj may be Data’s daughter through an experimental procedure known as fractal neuronic cloning. This entails creating an android with an organic body but inserting a positronic brain. More significantly for the storyline, this process results in twins being created. The episode ends in a Romulan reclamation site where a Romulan named Narek meets with Soji Asher, Dahj’s twin. Most stunningly, the reclamation site is a partially constructed Borg Cube. 
Highlights include: 

  1. Patrick Stewart is now 79. Can you have a senior action hero?
  2. Picard retired from Star Fleet because “it was no longer Star Fleet. What happened?
  3. Is the Prime Directive simply the “1st Suggestion”?
  4. What are the ethics around AI creation, or as Picard calls them ‘synthetics’?
  5. Even in the 23rd Century, organizational culture is critical.
Categories
Daily Compliance News

January 30, 2020, the How Bad Can it Get edition


In today’s edition of the Daily Compliance News:

  • Can each email be a separate FCPA violation? (Law360) (sub req’d)
  • Boeing burning through $1bn every four weeks. (FT)
  • More in UK on auditor/consultancy conflict. (FT)
  • BA first western airline to suspend flights to China. (WSJ)
Categories
Great Women in Compliance

Gwen Romack on Creating a Multi-Faceted Dream Team


Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.In episode 48, Lisa Fine speaks with Gwen Romack, who is the Senior Director of Legal and Regulatory Compliance at VMWare. They visit about creating multi-faceted ‘Dream Teams’ for a corporate compliance function.
Almost every compliance practitioner is asked at least once “what do you mean by compliance?”  And, the answer is often very different, depending on many factors – public or private sector, non-profit, geography…just to name a few.  It’s also hard to build a compliance team to address the different parts of each program.  Prior to that her current position of Senior Director of Legal and Regulatory Compliance at VMWare where she has been for the past four years, Gwen spent twenty years at HP, growing her career first outside of compliance and then in the area of ethics and compliance, building a public sector program.  Gwen has built many different programs, and Lisa and Gwen start to build one version of a “dream team.”
Gwen is a senior compliance leader, and she is not an attorney, and has looked at various work areas.  Her perspective on how attorneys and non-attorneys work together to build a team to look at four pillars of compliance that she categorizes as awareness, process controls, inspection, and mitigation. As a woman in compliance, as well as a non-attorney, Gwen also discusses her experiences with imposter syndrome, which impacts so many people, of all genders and that sometimes one type of imposter syndrome replaces another, and how to move past it altogether. Building anything should have architects, contractors, and inspectors, and we hope you enjoy thinking about your work and the role you and your colleagues play on your dream team.
Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

Day 29 | What is a root cause analysis?


Well known fraud investigator Jonathan Marks, defined a root cause analysis as “a research based approach to identifying the bottom line reason of a problem or an issue; with the root cause, not the proximate cause the root cause representing the source of the problem.” He contrasted this definition with that of a risk assessment which he said “is something performed on a proactive basis based on various facts. A root cause analysis analyzes a problem that (hopefully) was previously identified through a risk assessment.” He went on to note a, “Root cause analysis is a tool to help identify not only what and how an event occurred, but also why it happened. When we are able to determine why an event or failure occurred, we can then recommend workable corrective measures that deter future events of the type observed.”
Marks also contrasted a root cause analysis with an investigation. He noted, “in an investigation we are try to either prove or disprove an allegation.” This means that in a compliance investigation you may be trying to prove or disprove that certain transactions could form the basis of a corrupt payment or bribe by garnering evidence to either support or refute specific allegations. You do not assess blame and that is the point where a root cause should follow to determine how the compliance failure occurred or was allowed to occur
Three key takeaways:

  1. A root cause analysis is now required if you have a reportable compliance failure.
  2. There is no one process for performing a root cause analysis. You should select the one which works for you and follow it.
  3. To properly perform a root cause analysis, you need trained professionals who really understand what they’re doing.

 

Categories
Compliance Into the Weeds

The 2020 Edelman Trust Barometer


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode Matt indulges me as we take a deep dive into 2020 Edelman Trust Barometer and its implications for the CCO and corporate compliance function.
Some of the highlights include:

  • Why is trust down so much in developed countries while going up in under-developed countries?
  • Why is the trust gap widening between the well-educated and others?
  • While respondents tend to trust their employers, why is business in general seen as untrustworthy?
  • What does the growing gap in executive pay portend for employee trust?
  • What are the implications for the compliance discipline and CCO?

Resources
Download the Edelman Trust Barometer here.
Read Matt’s blog post, Edelman Trust Report Gets Grim

Categories
Daily Compliance News

January 29, 2020, the What’s a Billion Between Friends edition


In today’s edition of the Daily Compliance News:

  • Airbus to settle corruption allegations for nearly $4bn? (Bloomberg)
  • Chair of Chemistry at Harvard arrested for working with Chinese. (Washington Post)
  • Britain chooses Huawei over Trump. (NYT)
  • The coronavirus outbreak as a business risk. (Houston Chronicle)