Categories
Compliance Into the Weeds

Compliance into the Weeds: Episode 113-Corporate Governance Nightmare

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into the corporate governance nightmare of the horrific corporate conduct engaged in by Hacienda Healthcare in Arizona over the past few months. Our discussion provides insights into failures at the Board oversight level, corporate governance, CEO, senior management and CCO position.

Some of the highlights include:

  • What are the background facts of the matter?
  • How could the facility allow the rape of an incapacitated patient who is in a permanent vegetative state?
  • Why did the professional investigator brought into to investigate the crime resign so noisily?
  • Why was there such a complete total and utter failure by the Board on oversight?
  • What, if any, are the potential criminal charges which might be filed?
  • Where was compliance?

For additional reading see Matt’s blog post Governance Nightmare in Arizona on Radical Compliance.

Categories
Daily Compliance News

Daily Compliance News: March 5, 2019-the Shell in in trouble edition

MARCH 5, 2019 BY TOM FOX
In today’s edition of Daily Compliance News:

  • Uber’s GC is trying to clean up its mess. What about its culture? (New York Times)
  • Dutch authorities about to charge Shell with massive bribery scheme. (CNBC)
  • Wells Fargo Hires Strategic Enterprise Risk Chief. (Wall Street Journal)
  • Purdue Pharma preparing bankruptcy filing. (Wall Street Journal)
Categories
Daily Compliance News

Daily Compliance News: March 4, 2019-the WSJ edition

MARCH 4, 2019 BY TOM FOX

In today’s edition of Daily Compliance News:

Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 420, Andrew Beato

In this episode I visit with Andrew Beato from the law firm of Stein Mitchell Beato & Missner LLP. We discuss the firm’s recent False Claims Act settlement with Walgreen on behalf of firm client  Marc Baker. Walgreens agreed to pay $60 million to settle allegations that it knowingly overcharged government healthcare plans such as Medicaid for prescription drugs. With this settlement, Walgreens resolved allegations that the company defrauded the U.S. government and 39 states by submitting false and inflated prices for prescription drugs to increase its government reimbursements. The settlement is one of the largest of its kind against a retail pharmacy under the qui tam whistleblower provisions of the False Claims Act. Some of the highlights of the podcast include:

  • The practice at Stein Mitchell Beato & Missner LLP;
  • What are qui tam whistleblower protection under the FCA;
  • The allegations and resolution of the lawsuit against Walgreens.
  • Why are qui tam actions to powerful?
  • How do qui tam actions benefit the individual, the government and society as a whole?
  • How whistleblowers in such actions are in a private-public partnership to prevent government fraud, waste and abuse?

Resources
Stein Mitchell Beato & Missner LLP website
Andrew Beato LinkedIn profile
Case Name:     United States ex rel. Marc D. Baker v. Walgreen, Co., 12 Civ. 0300 (JPO) (S.D.N.Y.).

Categories
This Week in FCPA

This Week in FCPA-Episode 144 – Farewell to Sam edition

Tom returns from London to find Sam Rubenfeld announcing his departure from the WSJ Risk and Compliance Journal via Twitter. Tom and Jay are back together to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. Ethisphere’s 2019 World’s Most Ethical companies’ awards is announced. Matt Kelly in Radical Compliance. For the full list see Ethisphere’s announcement.
  2. Fresenius announces a pending FCPA resolution. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal Sam announces his departure from the Risk and Compliance Journal via Twitter.
  3. The UK Serious Fraud Office closes its investigation into GSK and Rolls Royce with no individuals prosecuted. How could this happen? Tabby Kinder reports on the reaction in the UK in the London Time Harry Cassin reports in the FCPA Blog.
  4. What new industries are under FCPA scrutiny? David Chaikin and Kurt Wolfe report in Law360. (sub req’d)
  5. Bio-Rad GC retains most of his whistleblower award. Jason Zuckerman on the legal angle in the National Law Review. (sub req’d) Bob Egelko gives the Bay Area perspective in the San Francisco Chronicle.
  6. What is the intersection of Supply Chain and security? Michael Mason, Robert Taylor, Stacy Hadeka and William Kirkwood report in Law360. (sub req’d)
  7. What are the dangers of a GC shirking their FCPA duties? Michele Gorman investigates in Law360. (sub req’d)
  8. What is the intersection of sports and compliance? Tom explores in two blog posts this week, Zion and Nike and Kraft and compliance. Tom and Matt Kelly take a deep dive into the Kraft imbroglio on Compliance into the Weeds.
  9. Proviti’s Jim DeLoach named recipient of the 2019 Bette Steed Leadership Award by the Greater Houston Business and Ethics Roundtable. Tom reports in the FCPA Compliance and Ethics Blog.
  10. Tom has a special 4-part podcast series this week, Live from London where he was interviewed Jonathan Armstrong. Check out the following: Part 1-customers emerging as corruption risks, Part 2-state of compliance in 2019; Part 3– the Cognizant Technology FCPA declination; and Part 4-regime change and compliance. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply and YouTube. The Compliance Podcast Network is now also on Spotify. It is soon to be on Corporate Compliance Insights.
  11. Navex Global is putting on a virtual master class– Ethics Beyond Compliance: Retaliation, Thursday, March 14, 2019 at 8:30 AM Pacific | 10:30 AM Central | 11:30 AM Eastern | 3:30 PM GMT. Registration and agenda are available here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Great Women in Compliance

Great Women in Compliance-Springboarding Your Success with a Book with Deena King

Have you ever thought of publishing a book on compliance? Deena King is the author of Compliance in One Page and is currently the Director of Compliance at Texas Woman’s University. Today on the show, she’s discussing her book publishing process and what it’s like working at higher education, as well as sharing her best advice for writing a book and springboarding your success.
On writing about compliance
Deena was part of the team that designed the initial Brigham Young University compliance program. When she transferred to NV Energy in Las Vegas, she noticed that doing compliance at a university was similar to doing compliance at a utility and decided to document this pattern. This eventually became her book which she finished in 2015.
Challenges in publishing
No one really tells you how to write a book — so that was a challenge in itself — and because she was new to the compliance profession, Deena decided to self-publish. She learned tons about the many moving piece publishers take care of, from design to editing and beyond.
Her next challenge is self-publishing the second edition of her book, which she hopes will be out early in 2020.
Advice for aspiring compliance authors
If you see something no one is talking about and you feel you can add to the conversation, write about it. Start with articles in magazines to help you get your thoughts together and give you some direction. Then write an outline for your book and go for it!
Working at Texas Woman’s University (TWU)
Being an educated woman is a big, important value for her. So while TWU in itself is a great university (and the reason she decided to take the job), the cherry on top was that she was going to be working for a university whose primary goal is to educate women.
Soft Skills vs Knowledge
Knowing how to work with people is an absolute must in compliance, as you will be working with all kinds of people in many different areas. You can’t live without soft skills. But the legal and regulatory foundations are important too, because content matters.
Advice for springboarding yourself to success
When Brigham Young University was going to start their first compliance program, Deena knocked on her director’s office door, sat down, and said: “I think I’m really going to like this compliance thing. Can I be on this team? Can I help?”
If you’re willing to help people build something, somebody is bound to say, yes.  Just step forward and be proactive.
Learnings from the CIA
Deena used to work at the CIA  in a former life. The CIA would always use three — and oftentimes more — lines of defense when it comes to protecting data, and this is something she carries with her until today. She makes sure that when she’s protecting information, there are always multiple layers of defense.
Resources
Deena King| Compliance in One Page| The Ethics of Higher Education
Categories
Daily Compliance News

Daily Compliance News: March 1, 2019-Lion or Lamb? edition

MARCH 1, 2019 BY TOM FOX

In today’s edition of Daily Compliance News:

Categories
Blog

Day 24 of 30 Days to a Better Compliance Program, the Holy Grail

An Analysis of Firms’ Self-Reported Anticorruption Efforts”. In this academic paper, the authors looked at the issue of not simply profitability of companies, which had more robust anti-corruption compliance programs but also what was the direct effect on the companies’ return on equity (ROE) in countries which were perceived to have a high incidence of corruption. Not surprisingly, in countries in a low risk for corruption, there was not much difference in the sales growth for companies with robust anti-corruption compliance programs and those business which into the authors’ ‘cheap talk’ category. However when it came to growth in countries which had a high propensity of corruption, there was a dramatic difference. When quantitative types say, “The magnitudes of the estimated coefficients are economically interesting”; it is a HUGE deal. These findings are equally large and important for the CCO or compliance practitioner. The authors conclude by making several observations. First, companies which have more robust compliance programs are from countries which have more robust enforcement and monitoring. Second the more robust your compliance program is the lower your sales growth may be but the higher your overall return in a high risk country will be going forward. Finally even if a company sustains high sales grow in a high risk country; if it does not have a robust compliance program, the sales will drop off dramatically and may well lead to negative ROE. All of this information points to companies which are on the Ethisphere list of the World’s Most Ethical Companies and their financial performance. They have better than average financial performance because they are better run. The are on this list because they have robust finance internal controls which include compliance internal controls. To mix metaphors, robust internal controls around compliance do not slow you down but allow you to go faster and move more safely into high risk countries. So the next time some business type tries to say that following the law by having a robust FCPA anti-corruption compliance program in place; you can correct him. Spikes in sales in high-risk countries do not translate into sustained growth and without an effective compliance program in place; your company may actually lose money.

Key Takeaways

  1. Demonstrating ROI is the Holy Grail of compliance-use it.
  2. Compliance helps drives sales in high risk countries.
  3. Long term sales and profitability drop off when bribes are paid in high countries.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.]]>

Categories
Blog

Day 22 of 30 Days to a Better Compliance Program, the Regional Compliance Committee

The Regional Compliance Committee operationalizes compliance into the Company’s Regional operations where the business operates. This approach follows the Department of Justice mandate, articulated in the Department’s FCPA Pilot Program for companies to move the doing of compliance down into the business of the organization. The make-up of the Regional Compliance Committee, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization, which allows a fuller, richer and more holistic approach to compliance advice. It adds a dimension not often seen or even discussed in the compliance profession. The accountability and oversight down to the Regional level and the compliance monitoring, reviewing, assessing and recommending that is deemed to be necessary will provide additional endorsements up through the organization that it is actually doing compliance. The Regional Compliance Committee can provide a unique structure to perform these functions. Key Takeaways

  1. A regional compliance committee can work to drive more efficient and more robust compliance into the region.
  2. All regional leaders should be on the committee.
  3. The regional compliance committee should liaise with other compliance committees.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Regional Compliance Committee is uniquely suited to drive compliance down into the fabric and DNA of an organization.  ]]>

Categories
Blog

Day 21 of One Month to More Effective Internal Controls-Revenue Recognition, Internal Controls and Compliance

Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, we are now less than six months away from a new Revenue Recognition (“new rev rec”) standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. I visited with Joe Howell, Executive Vice President (EVP) at Workiva Inc. and asked him if he could walk me through some of the key changes and how it might impact compliance going forward. FASB recognized that its revenue recognition requirements around U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new rev rec standard. The implementation will be a massive undertaking. According to Howell, “The accounting standard itself is 700 pages long, and in the US accounting literature it replaces over 200 other pieces of accounting guidance on revenue.” The official name is “Revenue from Contracts with Customers” and Howell noted there are “lot of surprises, and the things that is true for almost everybody is that they are going to be facing some level of change in the way they account and report revenue. They will most certainly have to change the way they disclose things related to their revenue. There are, included in the revenue standards, over six pages worth of new disclosure requirements.” One of the key differences in this new rev rec standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. Howell thinks this will put pressure on auditors “to get comfortable with what the company provided them and which they incorporated into their decision- making process in forming an opinion. For disclosure control this is something quite different, because the auditor’s typically not relying on those.” This will create risks for auditors adjusting to the new rev rec standard because as they learn more about the new standard and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it. The reason this is important to the compliance profession and the compliance practitioner is internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation, that companies must inform the SEC about the accounting policies that they are changing, and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. Howell believes “The SEC is making it perfectly clear that this is a real compliance issue.” Moreover, the SEC has indicated that these disclosures are central to the new rev rec standard. Howell said, “typically, if a company has some sort of failure in their disclosures for an accounting standard, they’re treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting.” While disclosure of internal controls might not typically bring Section 404 scrutiny, under the new rev rec standard, they may now do so. Howell articulated that usually when performing a financial audit, an auditor would not rely on a disclosure control in the past. However under the new rev rec standard, if there is a change during the year in how an auditor views a disclosure control, it could require them “to go back and either figure out if the audit work that they did is tainted and they need to go back and do that work in the form of a substantive testing, or they need to go back to see if there were mitigating controls that were in place that still allowed them to rely on the internal control processes to get comfortable with what the company provided them and which they incorporated into their decision making process in forming an opinion. For disclosure control this is something quite different, because the auditor’s typically not relying on those.” Of course, this is overlaid on the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of any materiality standard. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls. Yet there are other tie-ins into compliance which the compliance practitioner needs to understand and prepare for going forward. The prior rev rec standard was rules based. As a lawyer, that was an approach I was quite comfortable with both from a learning stand point and communicating to business folks. But now the standard is much more judgment based and when a standard is more judgment based, there can be more room for manipulation. Howell explained the response by compliance is “making sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgements that managers must make as they report their revenue under the new standard; and that those judgements themselves are properly documented.” This final point demonstrates the convergence and overlap between the compliance profession, compliance programs and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. Now they can also be used to gather the information which will be presented to auditors under the new rev rec standard. Many professional are focused on the new rev rec from the auditing and implementation perspective. However, if you are a Chief Compliance Officer (CCO), you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.

Three Key Takeaways

  1. An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.
  2. There are two over-arching requirements for effective internal controls. First, each of the five components are present and function. Second, are the five components operating together in an integrated approach.
  3. For an anti-corruption compliance program you can use the Tem Hallmarks of an Effective Compliance Program as your guide to test against.

For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The new FASB rev rec standard has significant implications for the compliance practitioner going forward.]]>