Author: admin

Categories
Blog

Leadership’s Conduct at the Top

The 2022 Monaco Memo emphasized the basic point that the key to every company is culture. The bottom line is that corporate culture matters and corporate culture that fails to hold individuals accountable, or fails to invest in compliance—or worse, that thumbs its nose at compliance—leads to bad results.

From the enforcement perspective, the DOJ will be assessing companies for the ethical cultures. From the compliance perspective, the ethical tone of a company and accountability all starts at the top and, most specifically, senior management. The 2020 FCPA Resource Guide, 2nd edition, stated, “Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.” To assist companies in understanding this requirement the 2023 ECCP sets out the following inquiries.

Conduct at the TopHow have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How have they modelled proper behavior to subordinates? Have managers tolerated greater compliance risks in pursuit of new business or greater revenues? Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?

These requirements are more than simply the ubiquitous “tone-at-the-top,” as they focus on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values and finally, how is such conduct monitored in an organization?

This means you must document corporate decisions where a compliance solution was proposed but rejected. In other words, is there a business justification for moving forward with the action. If this action occurs, how was the compliance risk managed going forward? Similarly, compliance techniques used should be documented to demonstrate that your compliance function has met the requirements of the final question.

Senior management must share these same values through operationalizing compliance going forward. Lynn Paine, in her seminal article, Managing for Organizational Integrity, laid out five factors, which can be used as guideposts to not only to set the right tone from senior management on doing business ethically and in compliance, but it can also lay the groundwork for senior management to model appropriate behavior and then have it monitored by the company going forward.

1. The guiding values of a company must make sense and be clearly communicated by senior management in a variety of settings, to the entire company workforce.

2. The company’s leader must be personally committed and willing to act on the values. This means that management must not simply ‘overlook’ the transgressions of top producers.

3. A company’s systems and structures must support its guiding principles and these internal systems and structures cannot be over-ridden by senior management without both justification and Board approval.

4. A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions. Sometimes a company must turn down business if there are too many red flags present or by engaging in such behavior the company’s value and ethics will be violated.

5. Managers must be empowered to make ethically sound decisions on a day-to-day basis. This means senior management must fully support and back-up such decisions.

I once had a Chief Executive Officer (CEO), observe the following, “You want me to be the ambassador for compliance.” I immediately said yes, that is exactly what I need you to do. A CEO, as an “Ambassador of Compliance”, can fully model the conduct that senior management engage in going forward. Another area a CEO can forcefully engage an entire company is through a powerful video message about doing business the right way and in compliance. A great example was a CenterPoint Energy video put out in 2015 after the Volkswagen (VW) emissions-testing scandal became public. The video featured Scott Prochazka, former CenterPoint Energy President and CEO. He used the VW scandal to proactively address culture and values at the company and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with an additional resource, entitled Manager’s Toolkit—What does Integrity mean to you? that managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, the cost for the video was quite reasonable as it was produced internally.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 9 – Continuous Monitoring and Continuous Improvement

Continuous monitoring and continuous improvement are two of the most important phrases for any compliance program. These twin concepts were further enshrined in the 2023 Update to the Evaluation of Corporate Compliance Programs (2023 ECCP). In 2023, all companies’ risks changed as we moved from Working From Home to Return To Office and, now, a hybrid model. In addition to this straight-forward change in risk due to working locations, new risks in the form of geopolitical, supply chain, and export control, as well as increased risk due to social media, continue to impact compliance programs.  Your compliance program must be ready to respond to whatever those risks might be going forward.

Continuous improvement runs the gamut in a best practices compliance program, from risk assessments to policies and procedures to periodic testing and review.

Three key takeaways:

1. How have your company’s risks changed over the past year, and how will they change in 2024?

2. What is your process for continuous monitoring and improvement?

3. What sources of information do you use that come from outside your organization?

Categories
Daily Compliance News

Daily Compliance News: January 9, 2024 – The National Champion Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Elon Musk says he never failed a drug test.  (WSJ)
  • Boeing is facing more fallout over the 737 MAX.  (WaPo)
  • China ABC campaign to go after ‘ants and flies. (CNN)
  • Singapore completes a corruption probe.  (Bloomberg)
Categories
Innovation in Compliance

Innovation in Compliance – Caroline Shleifer: Revolutionizing Regulatory Intelligence with Technology

Innovation comes in many forms, and compliance professionals need to not only be ready for it but also embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Caroline Shleifer, founder and CEO of RegAsk. Caroline Shleifer is a seasoned professional with a rich background in healthcare, law, and regulatory affairs, boasting a PharmD PhD and a health law degree. Her perspective on “emerging technologies enhancing regulatory intelligence and compliance” is shaped by her extensive experience in the EU, US, and Asia and her role as the founder of RegAsk, a company that leverages technology to address compliance challenges. She believes that technologies such as AI, machine learning, blockchain, and data analytics are revolutionizing regulatory monitoring, enabling faster and more accurate interpretation of regulatory information, and fostering a more proactive approach to compliance. Her goal with RegAsk is to digitize and streamline the regulatory intelligence process, reducing the risk of non-compliance and fostering innovation. Join Tom Fox and Caroline Shleifer as they delve deeper into this topic on this episode of Innovation in Compliance.

Key Highlights:

• Proactive Compliance through Regulatory Intelligence Automation

• Streamlining Regulatory Compliance with AI

• Leveraging Data Analytics for Proactive Compliance

• Revolutionizing Compliance with Emerging Technologies

Resources:

Caroline Shleifer on LinkedIn

RegAsk

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Heather Shannon on Podcasting about Taboo Topics

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visit with Heather Shannon, a certified sex therapist, to discuss her panel presentation at PodfestExpo, podcasting on taboo topics. Some of the issues we tackle in this podcast are:

  • How to podcast on taboo topics.
  • Why is Heather so excited about the 10th anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

PodfestExpo 2024 is a production of Podfest Global, which sponsors this podcast series.

Ask a Sex Therapist podcast

Heather Shannon LinkedIn

Categories
Blog

Compliance Program Use of Data Analytics

Matt Galvin, Counsel, Compliance & Data Analytics at the DOJ and one of the experts leading the DOJ’s data analytics initiative, highlighted in another talk, the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning. The DOJ expects companies to adopt a similar data-driven approach to compliance. In her speech, Argentieri speech where she stated, “just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

This means that  while due diligence and background checks are essential, the real risk of fraud occurs during the actual business transactions with third parties. Companies need to go beyond initial checks and continuously monitor high-risk vendors, contract terms, and other relevant data sources. By mapping risks to data sources and implementing effective tests, companies can identify and prioritize risky transactions. The increasing accessibility and cost-effectiveness of data analytics have made it a viable option for companies of all sizes. It can help companies demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency. The importance of continuous data analysis in compliance programs was highlighted by the Bank of America CFPB enforcement action.

However, implementing a data-driven compliance program comes with its own set of challenges. There is still confusion among the compliance community regarding what data analytics entails and how it should be applied. Data-analytics should be seen as a process-oriented approach rather than treating it as a one-time project. Data analytics should be integrated into the compliance program as a continuous business process, similar to third-party due diligence.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of the use of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained.

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

The Argentieri speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.

The DOJ’s increasing use of data analytics for proactive enforcement has far-reaching implications. Companies must recognize the importance of adopting a data-driven approach to compliance and invest in the necessary resources and technology. By doing so, they can not only meet the DOJ’s expectations but also improve the effectiveness of their compliance programs and mitigate the risk of fraud.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 8 – Operationalizing Compliance Through Payroll

One of the areas articulated in the 2023 ECCP was around payments and payroll. For both the compliance professional and the corporate payroll function, there is a significant role to play in the operationalization of a corporate compliance program. The 2023 ECCP was replete with references to payment and its critical nature to any best practices compliance program. This includes references to payments to foreign officials, payments to third parties, and hiding bribes in payments to distributors. The 2023 ECCP begins with an admonition to stop wasting time on low-hanging fruit when there are much higher risks in your business operations.

The role of payroll in compliance is not often considered in operationalizing your compliance program, yet the monies to fund bribes must come from somewhere. Unfortunately, one of those places is out of payroll. All CCOs need to sit down with their head of payroll, have them explain the role of payroll, and then review the internal controls in place to see how they facilitate compliance goals. From that review, you can then determine how to use payroll to help operationalize your compliance program.

The DOJ has now provided its clearest statement on how it expects a company to actually comply going forward. Long gone are the days where the DOJ simply considered the inputs of a written program as sufficient to protect companies from compliance violations. Yet the mandate to operationalize a corporate compliance program drives home the concept that compliance is a business process that should be administered by the appropriate business unit with the requisite SME. When it comes to following the money, payroll is the most well-suited corporate discipline to provide this first level of oversight and control.

Three key takeaways:

  1. Payroll can be a key to preventing and detecting control
  2. The 2020 Update specified the tie between the corporate compliance function and the corporate payroll function.
  3. Offshore payments remain a key indicator of a red flag.
Categories
Corruption, Crime and Compliance

Deep Dive into HHS – OIG Compliance Program Guidance

In this week’s episode of Corruption, Crime, and Compliance, we usher in the New Year with a deep dive into something that happened in November of last year. As we begin 2024, it’s crucial to reflect on the substantial shifts in the healthcare industry’s compliance framework. The HHS Office of Inspector General’s Comprehensive Compliance Guidance, released late last year, has set a new standard for healthcare companies, reinforcing the importance of an independent compliance function and outlining a robust framework for effective compliance programs. Michael Volkov meticulously dissects the seven key elements of this groundbreaking guidance, emphasizing its relevance not just in healthcare but across the spectrum of compliance practices.

You’ll hear Michael discuss:

  • The HHS Office of Inspector General issued the Comprehensive Compliance Guidance (GCPG) in November 2023, a significant document for the healthcare industry, emphasizing the need for independent and robust compliance programs.
  • The guidance is structured around seven core elements: written policies and procedures, effective compliance leadership, training, open lines of communication, enforcing standards, risk assessment, and responsive corrective action for detected offenses.
  • The role of a Chief Compliance Officer is critical, and they should:
    • Report directly to the CEO or have independent access to the board.
    • Have sufficient stature within the entity equal to other leaders,
    • Demonstrate unimpeachable integrity, judgment, assertiveness and approachable demeanor, and
    • Have sufficient funding, resources, and staff to operate the program. 
  • Emphasizing the separation of legal and compliance functions, the GCPG recommends that compliance officers focus solely on compliance, avoiding roles in legal or financial departments.
  • The GCPG advises the establishment of a compliance committee, meeting quarterly, with responsibilities spanning legal regulation analysis, policy review, training effectiveness, and annual risk assessment.
  • The CEO should include a signed introduction in the code of conduct. The board should include a signed endorsement or similar written statement to support the compliance commitment, and entities should review their codes when a new CEO is hired.
  • Clear communication and board oversight are crucial, and they should be well-informed about compliance programs and ensure that the compliance officer has sufficient access to them.
  • How compliance officers and boards should respond when compliance concerns are reported or discovered and focus on the root causes of the misconduct to prevent recurrence.

 

KEY QUOTES

“The guidance directs that a compliance officer should report either to the CEO with direct and independent access to the board or to the board directly, demonstrating unimpeachable integrity, judgment, assertiveness, and an approachable demeanor.”

 

“Entities should also develop incentives to encourage compliance, which include ways in which there can be additional compensation, significant recognition, or other forms of encouragement, balancing the scales between compliance and business goals.”

 

“There should never be a statement made that requests or requires that employees first bring concerns to their manager or supervisor before contacting the compliance officer.”

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Riskology

Riskology by Infortal Episode 17: Geopolitical Risk at The Board Level

How can companies effectively manage geopolitical risk and integrate it into their business strategies? In this episode of Riskology, Dr. Andrea Bonime-Blanc joins the discussion to explore the importance of understanding the international geopolitical risk landscape. From the role of the board and management in risk governance to the need for practical translation of theoretical discussions, Dr. Bonime-Blanc provides valuable insights on navigating the turbulent and changing geopolitical landscape. Tune in to gain a deeper understanding of how geopolitical risk can impact your business and how to turn risk into opportunity.

Infortal Worldwide is a global risk management and investigation firm that specializes in helping businesses navigate complex risk landscapes. The company’s focus extends to various areas, including economics, politics, and geopolitical risk. By delving into these interconnected realms, Infortal Worldwide aims to provide clients with comprehensive insights that empower them to make informed decisions, especially in critical areas such as mergers and acquisitions, private equity investments, and other strategic moves.

You’ll hear Chris, Ian, and Andrea discuss:

  • Geopolitical tectonic shifts: The world is experiencing significant changes in geopolitical dynamics, such as the rivalry between China and the US, Russia’s invasion of Ukraine, and the focus on the Middle East.
  • Impact of generative AI: The development of generative AI technology poses risks, particularly in the hands of criminals, terrorists, and rogue nations who can use it asymmetrically to cause harm.
  • Integration of geopolitical risk into business strategy: Companies need to move beyond theoretical discussions and actively integrate geopolitical risk into their risk management frameworks and business strategies.
  • Cultural differences in approaching geopolitical risk: European-based multinationals tend to be more sensitized to geopolitical risks due to stricter regulations, while US-based multinationals often have a laissez-faire attitude and prioritize market-friendly approaches.
  • National security and corporate compliance: The Department of Justice recognizes that companies play a role in national security and is increasing its focus on enforcing corporate compliance through the National Security Division.
  • Role of general counsel in managing geopolitical risk: In smaller businesses without a general counsel, the CEO, CFO, or COO should take responsibility for understanding and addressing geopolitical risks, seeking external expertise when needed.
  • Link between geopolitical risk and opportunity: Understanding geopolitical risks allows companies to identify opportunities for value creation, better supply chains, and selecting partners and customers in different markets.
  • Evolving compliance programs: Compliance programs need to adapt to address the complex geopolitical risks of today, with dynamic assessments that consider changing global conditions rather than static annual analyses.

 

KEY QUOTES:

“There’s a little bit of that hubris and a little bit of that ultra-market-friendly attitude that has succeeded. And we don’t have privacy laws federally in this country, and there’s a reason for that: the business lobby and other interests have made sure that we don’t go there.” – Andrea Bonime-Blanc

“The danger of national security issues, IP theft, and intelligence gathering has always been there because we’re an open market economy and anyone and their brother can come here, and if they happen to be a spy or a plant from another government, we don’t find out, maybe ever.” – Andrea Bonime-Blanc

“Good risk management translates into good opportunity management and opportunity value creation.” – Andrea Bonime-Blanc

 

Resources:

Infortal Worldwide

Email 

Dr. Ian Oxnevad on LinkedIn

Chris Mason on LinkedIn

Dr Andrea Bonime-Blanc on LinkedIn

GEC Risk Advisory

 

Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Isar Meitis on Using AI in Your Podcast Production Process

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visit Isar Meitis, an expert on using AI in podcast production, to discuss his presentation at PodfestExpo. Some of the issues we tackle in this podcast are:

  • How to only do the fun part of podcasting and let AI do all the rest
  • Why is Isar so excited about the 10th anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

PodfestExpo 2024 is a production of Podfest Global, which sponsors this podcast series.

Isar Meitis on LinkedIn

Multipai.ai