Author: admin

Categories
Daily Compliance News

Daily Compliance News: October 9, 2024 – The Sue The SEC Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

 

Categories
Blog

Deere’s FCPA Enforcement Action: Performing a Root Cause Analysis to Inform Remediation

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere and Company (Deere) has bribery schemes torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I want to take a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

Compliance Professionals all know the pressure to act swiftly when misconduct is discovered. It is often tempting to jump straight into remediation to address the problem, protect the company, and appease regulators. However, the case of Deere’s recent FCPA enforcement action reminds us that acting without first understanding the root cause of the misconduct can lead to superficial fixes that fail to prevent future violations.

In the Deere enforcement action, the company faced significant penalties due to bribes paid by subsidiaries of Wirtgen Group, which Deere acquired in 2017. Between 2011 and 2017, Wirtgen subsidiaries engaged in corrupt practices, paying bribes to government officials in several countries, including China and India. While Deere eventually addressed the misconduct post-acquisition, its failure to perform robust due diligence and root cause analysis before remediation exposed it to regulatory and reputational damage.

This case highlights the critical need for companies to conduct a thorough root cause analysis before embarking on remediation efforts. In this blog post, we will detail why a root cause analysis should always precede remediation, what the process entails, and how it can protect your company from future enforcement actions and compliance failures.

Understanding the True Nature of the Problem

The first and most obvious reason to conduct a root cause analysis before remediation is to ensure you address the correct problem. In the Deere case, the misconduct stemmed from bribery by Wirtgen subsidiaries, but the real issue wasn’t just the bribery itself—it was the company’s failure to identify and prevent this behavior in the first place. Simply punishing the employees involved or updating internal policies would have been insufficient without understanding why these bribes were paid.

Before designing an effective remediation plan, you must understand why the misconduct occurred. Was it due to weak internal controls? A culture that tolerated unethical behavior? Inadequate training? A failure to perform due diligence on third parties? Each of these potential causes requires a different remediation strategy. If you do not identify the true cause of the problem, your remediation efforts will be superficial and may not prevent future violations. Root cause analysis allows compliance officers to uncover the underlying reasons for misconduct, enabling them to design targeted solutions that address the actual problem—not just the symptoms.

Root Cause Analysis Helps Identify Systemic Issues

One of the biggest risks when dealing with FCPA violations or corporate misconduct is that the issue may not be isolated to one event or individual. Corruption or compliance failures are often systemic, indicating deeper issues within the company’s culture, policies, or risk management framework. If Deere had conducted a more thorough root cause analysis post-acquisition, it could have uncovered broader issues in Wirtgen’s compliance program and taken proactive steps to address those weaknesses company-wide.

Root cause analysis forces you to ask tough questions about your company’s broader compliance infrastructure. Are certain business units, regions, or third-party relationships more misconduct-prone? Are there patterns of behavior that suggest systemic problems? You can implement more effective, company-wide remediation efforts by identifying these systemic issues beyond addressing a single incident.

Regulators Expect a Root Cause Analysis

Regulators, including the DOJ and the Securities and Exchange Commission (SEC), expect companies to conduct thorough root-cause analyses when investigating FCPA violations. The DOJ’s 2024 ECCP explicitly states that prosecutors will consider whether a company has adequately identified and remediated the root causes of misconduct when determining penalties. Additionally, this was specifically called out in the SAP Deferred Prosecution Agreement (DPA) earlier this year, where the DOJ stated, “5. Conducted a root cause analysis of the underlying conduct then remediating those root causes through enhancement of its compliance program;”.

In the Deere enforcement action, part of the company’s challenge was showing regulators that it had addressed the bribes themselves and the underlying reasons that allowed the misconduct to occur. Companies that skip the root cause analysis and rush into remediation without clearly understanding what went wrong will likely face harsher penalties.

Performing a root cause analysis is more than good practice; it has moved to a regulatory expectation. The more comprehensive your analysis, the more likely regulators (DOJ and SEC) are to view your remediation efforts as credible. A company that can demonstrate it understands the root cause of its compliance failures—and has taken meaningful steps to address those causes—is more likely to receive leniency during enforcement actions.

Preventing Recurrence: Moving Beyond Quick Fixes

One of the major pitfalls of jumping into remediation without a root cause analysis is the risk of implementing quick fixes that don’t address the root problem. For example, in the Deere case, if the company had updated its anti-corruption policy without addressing the broader cultural or systemic issues, it would have left the door open for future violations.

Root cause analysis ensures that your remediation efforts are comprehensive and designed to prevent future violations. Instead of focusing solely on policies or individuals, you’re addressing the broader systems and processes that allowed the misconduct to occur. This might involve rethinking your company’s approach to third-party due diligence, improving internal reporting mechanisms, or enhancing employee training programs to emphasize ethical behavior. A quick fix might resolve the immediate problem, but a comprehensive root cause analysis will prevent recurrence and protect your company long-term.

Improving Your Compliance Program Over Time

Root cause analysis is not a reactive tool; it is a mechanism to continuously improve your company’s compliance program. By regularly performing root cause analyses in response to compliance failures or near misses, you can identify trends, weaknesses, and gaps in your existing program. This allows you to make proactive adjustments and improvements, ensuring that your compliance program evolves to meet new risks and challenges.

Compliance is an ongoing process, and root cause analysis is key. By taking the time to understand why compliance failures happen, you can strengthen and improve your program over time. Don’t wait for a major enforcement action to identify weaknesses in your compliance program—use root cause analysis as a tool for continuous improvement.

Building a Culture of Accountability

Finally, one of the most important benefits of conducting a root cause analysis before remediation is that it fosters a culture of accountability. When employees see that the company is taking a thoughtful, thorough approach to addressing misconduct, they’re more likely to trust the compliance function and adhere to ethical standards.

In the Deere case, the company’s failure to identify and address the root causes of Wirtgen’s corrupt practices could have contributed to a culture where employees felt that bribery was tolerated or encouraged. By contrast, companies emphasizing accountability and transparency in their root cause analyses send a clear message: misconduct will be thoroughly investigated, and systemic issues will be addressed.

Building a strong culture of compliance starts with holding people—and processes—accountable. Root cause analysis helps you identify the individuals responsible for misconduct and the broader systems and structures that allowed it to happen. This accountability, in turn, strengthens your compliance culture and reinforces your company’s commitment to ethical behavior.

The Deere FCPA enforcement action powerfully reminds us of the importance of conducting a root cause analysis before proceeding with remediation. Companies need to understand why misconduct occurred before implementing superficial fixes. By taking the time to perform a thorough root cause analysis, compliance professionals can ensure that their remediation efforts are comprehensive, effective, and designed to prevent future violations.

Remember, root cause analysis isn’t just a best practice, as the DOJ has now noted several times in several places and through several different media; it is a regulatory expectation. It’s also a critical tool for improving your compliance program, building a culture of accountability, and protecting your company from future compliance failures. This means that before you rush to fix the problem, ensure you understand it first. Only then can you design a remediation plan that addresses the cause of misconduct and sets your company up for long-term success.

Categories
Daily Compliance News

Daily Compliance News: October 8, 2024 – The National Security Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • NYC Mayor Adams indictment has National Security issues. (Gothamist)
  • Victims of Allen Stanford fraud may get paid. (NYT)
  • Trial of Mike Madigan kicks off. (Chicago Tribune)
  • Trial of SFO staffers put on hold for settlement talks. (City AM)

Categories
Innovation in Compliance

Innovation in Compliance: Tina Grubisa on Creating a Culture of Governance with Athennian

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. This month’s sponsor of Innovation in Compliance is Athennian.

In this episode, Tom welcomes Tina Grubisa, Industry Consultant, Fund Operations at Athennian, to discuss how Athennian can help to drive a culture of governance at your organization.

In this episode, Tina Grubisa discusses her career transition from finance to a tech startup, ultimately landing at Athennian as a Fund Operations consultant. Athennian, a cloud-based entity management platform, is known for aiding private equity, law firms, and corporations in automating compliance tasks and enhancing corporate governance. The conversation covers Athennian’s value proposition in the market, focusing on its innovative use of AI to evolve from a system of record to one of engagement and intelligence. Tina highlights Athennian’s role in helping clients stay ahead of regulatory demands, such as the SEC’s private fund rule, and building a culture of governance within an ESG framework. Additionally, the platform’s user experience and customer feedback are integral to its ongoing innovation process. Tina also explores future trends in governance and compliance, emphasizing the increasing importance of transparency and the potential impact of AI by 2030.

Key Highlights:

  • Building a Culture of Governance
  • Corporate Trends and AI in Governance
  • Future of Workflow Platforms
  • Advice for GRC Professionals Going Forward

Resources:

Tina Grubisa on LinkedIn

Athennian

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
SBR - Authors' Podcast

SBR-Author’s Podcast: Inspiring Integrity with Steve Vincze

Welcome to the Sunday Book Review, the Author’s Podcast! Don’t miss out on this episode of SBR-Author’s Podcast, where Tom Fox sits down with Steve Vincze, a seasoned compliance practitioner in healthcare, celebrating the release of his book, ‘Inspiring Integrity.’ Vincze shares his extensive 25-year journey in health care and life science compliance, highlighting key positions and experiences that shaped his perspectives. Vincze discusses the motivation behind his book, notably a life-threatening experience during COVID-19 that inspired him to leave a legacy for his daughter and share insights with fellow practitioners. They explore the book’s intended audience of leaders and aspiring leaders, with Vincze emphasizing the importance of understanding and inspiring people beyond mere compliance with rules.

The conversation delves into Vincze’s writing process and how he structures his thoughts for effective communication. They explore major themes of the book, discussing the essence of compliance as ‘doing what’s right, not just what’s required,’ and the integral role of leadership. Vincze outlines his five-step process for creating an effective compliance program, stressing the connection between structure and business success. The conversation also touches on the evolving challenge of data privacy in compliance, particularly pressing in life sciences. Vincze shares details of upcoming book events and opportunities for listeners to connect and engage with his work on compliance, leadership, and integrity.

Key Highlights:

  • The inspiration Behind ‘Inspiring Integrity’
  • Target Audience for the Book
  • Core Message of Compliance
  • Compliance as a Leadership Issue
  • Five-Step Process for Compliance
  • The Role of Privacy in Compliance
  • Book Launch Details

Resources:

Check out Inspiring Integrity

Steve Vincze

Trestle Compliance

Connect with Steve on Linkedin

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: The Importance of Having a Hotline

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider the importance of an organization creating a hotline from the legal and regulatory perspectives.

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance: Shout Outs and Rants – Episode 142

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we take up a potpourri of topics. We have the quartet of Matt Kelly, Special Guest Susan Divers, Jonathan Marks, and Karen Moore; all hosted by Tom Fox.

  1. Tom Fox shouts out to Colorado District Judge Matthew Barrett for his sentencing of convicted election tamperor Tina Peters.
  2. Matt Kelly rants about Trump appointed US district judge Kathryn Mizelle who ruled the False Claims Act unconstitutional.
  3. Karen Moore sad because of the increased threat of violence during the Jewish High Holy Days.
  4. Jonathan Marks shouts out to the Philadelphia Phillies for making the NL playoffs and rants about TSA.
  5. Special Guest Susan Divers shouts out to Washington Commanders.

The members of the Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Categories
Blog

Deere’s FCPA Enforcement Action: Lessons on Corrupt Payments

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere has bribery schemes that were torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Yesterday, I laid out the broad strokes of the Deere enforcement action. Today, I want to take a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

As compliance professionals, we are all too familiar with the risks posed by bribery and corruption, especially in high-risk jurisdictions. The case involving Wirtgen Thailand’s bribery of government officials through direct cash payments and third-party agents is a stark reminder of how corrupt practices can infiltrate even well-established companies. Between 2018 and 2020, Wirtgen Thailand’s Managing Director and Finance Manager conspired to pay bribes to government officials in Thailand’s Department of Highways (DOH), Department of Rural Roads (DRR), and the Royal Thai Air Force (RTAF) to secure lucrative contracts, ultimately reaping illicit profits of $2.7 million.

This case offers valuable lessons for compliance professionals on the importance of monitoring, oversight, and due diligence—especially when dealing with third-party agents. In this blog post, I’ll summarize the key compliance lessons learned from the Wirtgen Thailand case and discuss actionable steps compliance officers can take to mitigate similar risks.

The Role of Leadership in Facilitating Bribery

One of the most glaring aspects of this case is the direct involvement of Wirtgen Thailand’s Managing Director. From instructing the Finance Manager to withdraw cash for bribes to coordinating payments with a third-party consultant, the Managing Director was a central figure in orchestrating the scheme. This demonstrates how misconduct at the leadership level can significantly increase the risk of non-compliance.

A key lesson for Compliance Professionals is that senior leadership buy-in is critical for an effective compliance program. When senior management is involved in unethical practices, it undermines the entire compliance framework. Compliance professionals must ensure that leaders are aware of the company’s anti-bribery policies and held accountable. This requires a top-down approach where ethics and compliance are ingrained in the corporate culture. Regular training for executives and a clear tone at the top are essential.

Cash Payments and Red Flags in Internal Communication

In this case, the Managing Director in Thailand explicitly instructed the Finance Manager to prepare envelopes filled with cash for government officials. The internal communication between the two, including text messages referencing “candy money” and specific instructions on how much to withdraw, left a clear paper trail of bribery.

The lesson for Compliance Professionals is that internal communications can provide early indicators of corrupt activities. Compliance officers should work closely with IT and HR departments to implement systems for monitoring suspicious communications, especially when they involve terms that could be euphemisms for illicit activities (e.g., “candy money”). It is also important to encourage employees to report any unusual communication patterns they observe through anonymous whistleblower channels.

Regular internal communications audits, especially in high-risk regions, can help detect bribery schemes early. Additionally, it is crucial to ensure that finance and accounting departments are well-trained on red flags, such as unusual cash withdrawals.

Third-Party Risks and Sham Commission Agreements

In this case, one of the most common methods of paying bribes was through a third-party consultant. Wirtgen Thailand signed sham commission agreements with a consultant who provided no legitimate services but acted as a conduit for bribes. These agreements facilitated payments of nearly $285,129 to government officials under the guise of commissions.

The lesson for Compliance Professionals in this area is that (once again) using third-party agents is one of the most significant risks in international business operations, particularly in jurisdictions where corruption is prevalent. Third-party consultants often act as intermediaries in bribery schemes, allowing companies to maintain plausible deniability. This makes third-party due diligence essential.

Compliance programs should include a thorough vetting process for third parties, including background checks, reputational risk assessments, and an analysis of the legitimacy of services provided. Red flags include vague service descriptions in contracts, unusually high commission fees, and the need for proper documentation.

But once again, appropriate vetting is not the end of the equation. It is crucial to establish ongoing monitoring of third-party relationships, including periodic reviews of commission payments and ensuring that the services provided match the fees being paid. This ongoing scrutiny can prevent third-party intermediaries from being used to facilitate bribery.

False Documentation and Fraudulent Reporting

Wirtgen Thailand’s Managing Director and Finance Manager created false documentation, including sham commission agreements and expense reports, to cover up their bribery scheme. They also submitted Applications for Approval of Commissions to other managers in Thailand to authorize these illicit payments.

Unfortunately, the lesson from Compliance Professionals is that fraudulent documentation is a common tactic used to conceal bribery and other forms of corruption. Compliance programs should include regular audits and reviews of documentation related to third-party payments, contracts, and expense reports. Any inconsistencies, missing information, or vague descriptions should be flagged for further investigation.

Furthermore, employees responsible for approving third-party payments or commissions should be trained to spot red flags and have clear guidelines on what constitutes a legitimate business expense versus a suspicious transaction. Compliance teams must also ensure that finance departments are fully integrated into the anti-bribery framework and are regularly monitored for compliance with anti-corruption policies.

Impact of Bribery on Business Outcomes

From 2018 to 2020, Wirtgen Thailand obtained $4.67 million in business from bribery, reaping illicit profits of approximately $2.7 million. While these figures may seem like a short-term business win, the long-term consequences—including legal penalties, reputational damage, and loss of shareholder trust—far outweigh any financial gains.

Compliance Professionals understand this final lesson but only sometimes articulate so the business folks understand the invidiousness of bribery and corruption. While bribery might provide a short-term competitive edge, the long-term damage to a company’s reputation and bottom line can be catastrophic. Compliance officers must work to foster a corporate culture that prioritizes ethical behavior over quick wins. This includes educating employees on the long-term risks of bribery, such as criminal penalties under anti-corruption laws, hefty fines, and the possibility of debarment from future government contracts. It is important to consistently communicate that ethical conduct is the right thing to do and the most sustainable business strategy.

The Wirtgen Thailand bribery case serves as a cautionary tale for compliance professionals. It underscores the importance of robust third-party due diligence, the need for strong leadership oversight, and the critical role that compliance programs play in preventing bribery and corruption. By learning from the failures in this case, compliance officers can better protect their companies from similar risks and reinforce a culture of integrity and ethical behavior across the organization.

Categories
Corruption, Crime and Compliance

Four Sanctions Cases That Everyone Should Know

How prepared is your organization to handle the evolving landscape of sanctions compliance?

In this episode of Corruption, Crime and Compliance, Michael Volkov dives into critical sanctions compliance cases and their implications for global companies. He discusses four significant cases that underscore the necessity of robust compliance programs, particularly in light of increased DOJ enforcement actions. Through these examples, he breaks down the consequences of third-party liability, supply chain risks, and the dangers of inadequate compliance measures, offering valuable insights into how companies can proactively avoid similar pitfalls.

Cases discussed:

  • British American Tobacco (BAT): The company faced a staggering $629 million settlement for circumventing North Korean trade sanctions. This case illustrates how corporate prosecutions are evolving to resemble Foreign Corrupt Practices Act (FCPA) cases, emphasizing the growing scrutiny on multinational corporations.
  • Epsilon Electronics: This case clarifies the liabilities companies face when third-party distributors divert products to prohibited countries, such as Iran. Even if the company had no direct involvement in the diversion, it still bears responsibility, underscoring the importance of diligent monitoring of distribution channels.
  • ELF Cosmetics: The company received a $1 million fine for importing goods containing materials sourced from North Korea. This case underscores the critical importance of conducting thorough supply chain due diligence to ensure compliance with international sanctions.
  • Murad LLC: This case focuses on post-acquisition compliance failures, demonstrating the urgent need for thorough pre- and post-acquisition audits. These audits are essential to uncover potential sanctions violations and ensure that newly acquired companies adhere to compliance standards.

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Links to the four cases: British American Tobacco | Epsilon Electronics | Elf Cosmetics | Murad LLC

A Framework for OFAC Compliance Commitments (May 2019)

Categories
Compliance Tip of the Day

Compliance Tip of the Day: DOJ Whistleblower Financial Incentive Program

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider the remarks by Principal Deputy Assistant Attorney General Nicole M. Argentieri on the DOJ Corporate Whistleblower Incentive Program and her review of its early results.