Author: admin
Management of Relationships – How has the company considered and analyzed the third party’s incentive model against compliance risks? How has the company monitored the third parties in question? How has the company trained the relationship managers about what the compliance risks are and how to manage them? How has the company incentivized compliance and ethical behavior by third parties?
If you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA violation. Now the DOJ has explicitly adopted this approach as a key determination of whether you have operationalized your compliance program. There are several different ways that you should manage your post-contract relationship.
Relationship Manager
There should be a Relationship Manager for every third party which the company does business with through the sales chain. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party. Some of the duties of the Relationship Manager may include:
- Point of contact with the Third Party for all compliance issues;
- Maintaining periodic contact with the Third Party;
- Meeting annually with the Third Party to review its satisfaction of all company compliance obligations;
- Submitting annual reports summarizing services provided by the Third Party;
- Assisting the company’s compliance function with any issues with respect to the Third Party.
The Relationship Manager can be the Business Sponsor who prepared the Business Rationale discussed on Day 17. By using the Business Sponsor as the Relationship Manager, your company will further operationalize compliance by continuing to have the business unit lead the front-line relationship, communications and contact with the third party. As noted compliance commentator Scott Moritz has said, “This puts the onus on each stakeholder.”
Compliance Professional
Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such a resource. A third party may not be large enough to have its own compliance staff so any company using third party representatives should provide a dedicated resource to third parties. This will not create a conflict of interest nor are other legal impediments to providing such services. They can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party.
Third Party Oversight Committee
A Third Party Oversight Committee further operationalizes compliance. It review all documents relating the full panoply of a third party’s relationship with a company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third party who might represent a company on the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in anti-corruption compliance, this is a manner to deliver additional management of that risk.
After the commercial relationship has begun the Third Party Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Third Party Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Third Party Oversight Committee should review all payments requested by the third party to assure such payment are within the company guidelines and are warranted by the contractual relationship with the third party. Lastly, the Third Party Oversight Committee should review any request to provide the third party any type of non-monetary compensation.
Audit
A key tool in operationalizing the relationship with a third party post-contract is auditing the relationship. You should secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as one to (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. As a base line, any audit of a third party include, at a minimum, a review of the following:
- the effectiveness of existing compliance programs and codes of conduct;
- the origin and legitimacy of any funds paid to Company;
- books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
- all disbursements made for or on behalf of Company; and
- all funds received from Company in connection with work performed for, or services or equipment provided to, Company.
If you want to engage in a deeper dive you might consider evaluation of some of the following areas:
- Review of contracts with third parties to confirm that the appropriate FCPA compliance terms and conditions are in place.
- Determine that actual due diligence took place on the third party.
- Review FCPA compliance training program; both the substance of the program and attendance records.
- Does the third party have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
- Does the third party have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
- Review employee expense reports for employees in high-risk positions or high-risk countries.
- Testing for gifts, travel and entertainment that were provided to, or for, foreign governmental officials.
- Review the overall structure of the third party’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party’s compliance program designed to identify risks and what has been the result of any so identified?
- Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party.
- With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances.
Three Key Takeaways
- Management of the third party relationship is the key step in determining the effectiveness of your compliance program in this risk area.
- By using non-compliance functions, such as the Business Sponsor or Relationship Manager you more fully operationalize your compliance program.
- Never forget to put a second set of eyes on all third party relationships.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-37H” float=”none”]Management of 3rd parties is where the rubber meets the road in operationalizing your compliance program.[/tweet_box]]]>
David vs. Goliath; Ethics & Compliance Lessons to be Learned from the Oscars” and Matt Kelly look at the control failures and other issues in his blog post on Radical Compliance, “And the Oscar for Control Failures Goes to…”
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
JRosen@affiliatedmonitors.com
[tweet_box design=”default” url=”http://wp.me/p6DnMo-35z” float=”none”]What were the compliance lessons from the Oscars flub?[/tweet_box]]]>
Tale of Sound & Fury: The 404(b) Debate”.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-34O” float=”none”]Congress has said it wants to raise the exemption on SOX 404(b) reporting. Does that really mean anything?[/tweet_box]]]>
In this episode, Matt Kelly and myself take a deep dive into the Department of Justice (DOJ) recent release, entitled “Evaluation of Corporate Compliance Programs” (Evaluation), which went up on the Fraud Section website on February 8.
The document is an 11-part list of questions which encapsulates the DOJ’s most current thinking on what constitutes a best practices compliance program. Within the list are some 46 different questions that a Chief Compliance Officer (CCO) or compliance practitioner can use to benchmark a compliance program. In short, it is an incredibly valuable and most significantly useful resource for every compliance practitioner.
The Evaluation, most generally, follows the DOJ and Securities and Exchange Commission’s (SEC) seminal Ten Hallmarks of an Effective Compliance Program, released in the 2012 FCPA Guidance. If there is one over-riding theme in the Evaluation, it is the DOJ’s emphasis on doing compliance as the questions posed are designed to test how far down your compliance program is incorporated into the fabric of your organization. The Evaluation is not simply a restatement of the Ten Hallmarks, as it clearly incorporates the DOJ’s evolution in what constitutes a best practices compliance program, and it certainly builds upon the information put forward in the DOJ’s FCPA Pilot Program regarding effective compliance programs, most particularly found in Prong 3 Remediation.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-33Q” float=”none”]What does the DOJ Evaluation mean for compliance programs?[/tweet_box]]]>
For the Cordery Compliance client alert on Privacy Shield, see here
- Jay Rosen considers what companies the intersection of business and politics under the Trump administration, the Tech sector response to the Muslim refugee ban and the more general business response to the first few weeks of the Trump administation.
For Jay’s post see, Where Do Politics End and Ethics & Compliance Begin?
- Matt Kelly opens with a discussion of the management process practices of the Trump administration in issuing Executive Orders and lays down some markers around compliance and regulatory issues under the new administration.
For Matt Kelly’s posts see the following:
Compliance in the Trump Era: More Markers Placed
Five Questions for SEC Nominee Jay Clayton
Yes Government Ethics is Happening
Dodd-Frank Reform Starts Coming into View
For Tom Fox’s posts on these topics see the following:
The Trump Administration-Kaos is Bad for Business
The Trump Administration-Part II, Failures in Leadership and Management
The Trump Administration-Part III-Preparing for a Catastrophe
The Trump Administration-Part IV-the Business Response
The members of the Everything Compliance panel include:
- Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at rosen@ulgroup.com.
- Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
- Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.com
- Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
[tweet_box design=”default” url=”http://wp.me/p6DnMo-336″ float=”none”]What compliance and business lessons arise from the first 3 weeks of the Trump administration?[/tweet_box]]]>
Microsoft Cybersecurity Tool May Prompt Compliance” as a starting point to consider the Big Brother implications, two-step security features, AI issues and all of this ties directly into the corporate compliance function.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-33j” float=”none”]Microsoft’s Secure Score paves the way for better and more efficient compliance.[/tweet_box]]]>
Show Notes for Episode 38, for the week ending February 3, the M&M edition:
- January a month for the FCPA record books. See article in the FCPA Blog.
- Are hunting trips a FCPA violation? How about in Sweden? See article in by Tom Fox in Compliance Week.
- VW update-what the former CEO knew and when did he know it and CCO ‘departs’. What does it all mean? See Tom Fox articles in Compliance Week on the former CEO and the departure of the CCO.
- New Tom Fox series on One Month to a Better Board, FCPA Compliance Report.
- Everything Compliance-Episode 6 is out. It is dedicated exclusively to Rolls-Royce.
- Jay Rosen Weekend Report preview.
- Super Bowl predictions.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-31q” float=”none”]What were the week’s top FCPA, compliance and ethics stories? Check out This Week in FCPA to find out. [/tweet_box]]]>
Show Notes for Episode 37, week ending January 27, the Jeff Sessions’ edition
- Brazilian Judge killed in plane crash. See article by Dick Cassin in the FCPA Blog.
- Two individuals charged in Och-Ziff matter. See article by Richard Cassin in the FCPA Blog.
- Trump announces White House Compliance Team. See White House Press Release.
- Jeff Sessions will continue robust FCPA enforcement. See Questions for the Record submitted January 17, 2017 from Senator Whitehouse in the nomination of Jeff Sessions to be Attorney General.
- $7MM whistleblower award by SEC to three persons and Whistleblower conference in NYC. See article in FCPA Blog and Tom Fox article on the Whistleblower Conference.
- China leads countries for 2016 FCPA cases and China announces 2 invoice requirement. See Tom Fox article in Compliance Week and Eric Carlson article in the FCPA Blog.
- Anything of value in FCPA cases. See Tom Fox article in Compliance Week.
- Jay Rosen Weekend Report on continued lessons from the Rolls-Royce global anti-corruption enforcement action in LinkedIn.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-30m” float=”none”]Check out the top comings and goings in FCPA and compliance for the week ending January 27th.[/tweet_box]]]>
Categories
This Week in FCPA-Episode 35
th edition:
- Hernandez and Beech FCPA guilty pleas. Hernandez Criminal Information, Beech Criminal Information.
- VW guilty plea in emissions-testing scandal. Link to article in New York Times.
- VW executive Oliver Schmidt arrested in US. See article on FCPA Compliance and Ethics Blog.
- Zimmer Bio-Met in follow-up FCPA enforcement action. See article on FCPA Blog.
- Mondelez FCPA enforcement action. See SEC Cease and Desist Order and article on FCPA Compliance and Ethics Blog.
- Supreme Court to take up 5 year statute of limitations for profit disgorgement under Securities Act, which applies to FCPA enforcement actions brought by SEC. Article in Law360.
- NFL Playoff update on Patriots, Cowboys and Texans.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-2XB” float=”none”]What were the FCPA matters, issues and lessons from the week ending January 13, 2017? Check out This Week in FCPA.[/tweet_box]]]>
