Author: admin

Categories
Innovation in Compliance

Innovation in Compliance – Igor Volovich on Moving Towards Data – Driven, Risk – Based Compliance

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Igor Volovich, the Vice President of Compliance Strategy at Qmulos. This podcast is sponsored by Qmulos.

Igor Volovich brings a unique perspective to the table regarding the importance of executive accountability and proactive risk governance in cybersecurity. Volovich emphasizes the crucial role that executives play in ensuring compliance, controls, and security posture decisions, and criticizes the current model of firing and hiring Chief Information Security Officers as ineffective. He believes that risk governance should be a holistic business function, rather than separate departments handling different types of risks, and encourages boards of directors to question and challenge reports on compliance and risk posture. Drawing from his extensive experience and deep understanding of the field, Volovich advocates for a real-time convergence of compliance, security, and risk management. Join Tom Fox and Igor Volovich on this episode of the Innovation in Compliance podcast to delve deeper into these insights.

Key Highlights:

  • Maintaining Compliance Integrity through Executive Accountability
  • Misrepresentation of Compliance in Penn State
  • Moving Towards Data-Driven, Risk-Based Compliance
  • Data-Driven Risk Management for True Compliance
  • Incentivized Whistleblowing and Cybersecurity Accountability
  • Elevating Risk Governance for Effective Cybersecurity
  • Real-Time Compliance and Data-Driven Automation

Resources:

Igor Volovich on LinkedIn

Qmulos

 

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
SBR - Authors' Podcast

SBR Authors Podcast: Matt Silverman on The Champions Network

Welcome to the Sunday Book Review, the Authors Podcast! Don’t miss out on this episode of SBR-Author’s Podcast, where Tom sits down with Matt Silverman on his book The Champions Network.

Matt Silverman is a seasoned expert and leading authority in implementing successful champion networks for organizational compliance and ethics, with years of experience in developing and building these networks. Silverstein believes the key to a successful champions’ network lies in active engagement and input from the champions, emphasizing the importance of continuous improvement and feedback.

Matt suggests a targeted approach, focusing on specific compliance areas. He advises structuring the network by identifying risks, setting up a pilot program, obtaining leadership approval, defining the scope, and clearly outlining the responsibilities of both the champions and the network leader. His experiences in successfully implementing these networks in multiple organizations have shaped this perspective, and his passion for the champions network model is evident in his work. Join Tom Fox and Matt Silverman on this episode of the SBR-Author’s Podcast podcast to delve deeper into this topic.

Key Highlights Include:

  • Gaining Leadership Support for Champions Network
  • Building a Strong Compliance and Ethics Culture
  • Establishing a Risk-Based Champions Network
  • Selecting Enthusiastic and Motivated Champions
  • Engaging and Influential Champions Training Program
  • The Value of Champions Networks in Compliance

Resources:

Matt Silverman on Linkedin

The Champions Network

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: November 28, 2023 – The Hung Out to Dry Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Tesla really doesn’t want unions in Sweden. (FT)
  • UK defendants say bribes were approved by the UK government. (Bloomberg)
  • CZ wants to go home. (Forbes)
  • Palm oil corruption in Honduras (The Guardian)
Categories
Blog

Assessing Communication Compliance: Ephemeral Messaging and Retention

I recently had the opportunity to visit with Alex Cotoia, Regulatory Manager, and Daniela Melendez, an Associate at The Volkov Law Group, on the importance of addressing electronic communications preservation and management in this new age of rapid technological change. They joined penned an article for the Volkov Law Group’s site, Corruption, Crime and Compliance entitled, “Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data.”

Ephemeral messaging, a method of communication that automatically erases content after a short period of time, is becoming increasingly popular in both personal and business settings. Platforms like Snapchat and Instagram offer features that allow messages to disappear, providing a sense of privacy and security. However, the use of ephemeral messaging in business comes with its own set of challenges and legal implications. Additionally, as both Cotoia and Melendez noted “companies have to devote significant resources and attention to information technology and security, electronic communications and business-generated data, and to overall information security and governance.”

The pointed to a recent case involving Google, where the companies document retention policy for ephemeral messaging was 24 hours, yet a Court Order required such messages be preserved. The Court found Google failed to preserve its chat data, despite a preservation order that directed Google to preserve chat records by changing the default settings for the chat system.  The Court found that Google did not effectively emphasize the importance of those obligations to its employees.

The episode highlighted the concerns raised by the Department of Justice (DOJ) regarding the use of ephemeral messaging for illegal activities, leading to more enforcement actions. This poses challenges for investigations, particularly in the corporate sector. They related that at a “fundamental level, the case underscores the criticality of applying document preservation policies to all media used by an organization’s employees to conduct company business. This echoes guidance provided by the U.S Department of Justice in the context of recent updates to its guidelines concerning the “Evaluation of Corporate Compliance Programs.”  The most recent iteration of those guidelines calls on companies to thoroughly understand the various communication channels—including ephemeral messaging applications—utilized by a company’s employees to conduct business.”

The Google case is as an example of the legal liabilities and sanctions that can result from failing to preserve relevant evidence. In this case, Google was sanctioned by a district judge for failing to preserve employee chat evidence relevant to an antitrust litigation. The employees did not follow the company’s policies regarding document preservation, leading to legal consequences.

The implications of the Google case extend beyond commercial litigation and preservation of evidence. The DOJ’s focus on ephemeral messaging applications in their guidelines for evaluating corporate compliance programs sends a clear message to organizations that they need to adopt or refine their data preservation policies in relation to employee communication.

One of the key considerations for companies is to assess their risk profile and determine whether ephemeral messaging applications are appropriate for conducting business. High-risk industries, such as those prone to corruption, should prohibit the use of these applications due to the potential for concealing illegal activities. On the other hand, companies with lower risk profiles may be more lenient in allowing employees to use ephemeral messaging applications for legitimate business purposes.

The DOJ guidelines also emphasize the need for companies to proactively manage authorized communication channels, monitor and preserve all business-related electronic data, and develop specific policies for employee obligations regarding personal devices and document retention. This requires companies to account for all communication channels, maintain data consistently, and constantly monitor content for any evidence of illegal activity.

The Google case serves as a wake-up call for companies accustomed to more lax preservation policies. It highlights the importance of enforcing existing policies and providing comprehensive training to employees on document preservation. Failure to do so can result in legal consequences and sanctions.

Cotoia and Melendez also reported that they observed “an uptick” in inquiries from clients regarding ephemeral messaging policies and the need for guidance in this area. Companies are seeking advice on how to navigate the challenges and legal implications associated with ephemeral messaging in business.

The use of ephemeral messaging in business presents challenges and legal implications that organizations need to address. It is crucial for companies to refine their data preservation policies, consider the appropriateness of ephemeral messaging for their business, and proactively manage authorized communication channels. By doing so, companies can mitigate the risks associated with ephemeral messaging and ensure compliance with legal requirements.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Culture – Day 15 – The ROI of a Culture of Speak Up

We are now at a place where there is sufficient data, academic research, and actual use cases from corporations and businesses that demonstrate good ethics and compliance programs are not simply good for business but when properly used, they lead to greater profitability.

For 15 years, Ethisphere has been collecting data around its World’s Most Ethical Company awards. Companies that receive this designation have been found to outperform their peers on various stock indices. Ethisphere calls this the “Ethics Premium.” Ethisphere Executive Vice President (EVP) Erica Salmon Byrne has noted, “In tracking how the stock prices of publicly traded honorees compare to the U.S. Large Cap Index, we found that listed World’s Most Ethical Companies outperformed the large cap sector.” In 2010 that number was a delta of 4.5%. Yet by 2020, that number had skyrocketed to 13.5%. Clearly, Ethisphere has been on to something.

Academic research has also shown the efficacy of ethics and compliance programs. George Serafeim and Paul M. Healy demonstrated in their paper, An Analysis of Firm’s Self-Reported Anti-Corruption Efforts, that companies with robust compliance programs do better financially in countries prone to corruption than companies with less effective compliance programs. Without a robust compliance program, even with high sales in a high-risk country, the sales will drop off and lead to a negative Return on Equity (ROE) of between 24% to 30%.

Dr. Kyle Welch, Assistant Professor at George Washington University (GWU), in his paper, co-authored with Stephen Stubben, Associate Professor from The University of Utah, entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems” (Report). In this paper, Welch and Stubben reviewed some 15 years of anonymized data from NAVEX Global, Inc. This data was from the company’s hotline reporting systems. Some of the key findings included that companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets (ROA) there were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur. Finally, there were fewer external whistleblower reports to regulatory agencies and other authorities.

 Three key takeaways:

1. It’s not simply speaking up, it’s a culture of speaking up.

2. Companies with speak-up culture, have a material reduction in legal fines and penalties.

3. Use Companies with a speak-up culture, to have a higher ROI.

Do you want to improve your culture? How can you assess your culture and develop a strategy to improve it going forward? In this free webinar on the new tool, The Culture Audit with Tom Fox and Sam Silverstein on Tuesday, November 28, 12 CT. For more information and registration, click here.

Categories
Adventures in Compliance

The Memoirs of Sherlock Holmes – The Adventures of The Crooked Man

Welcome to a review of all the Sherlock Holmes stories which are collected in the work, “The Memoirs of Sherlock Holmes.” They appeared in the Strand Magazine from December 1892 to December 1893. Over the next 12 episodes, I will be reviewing each story and mine them for leadership, compliance, and ethical lessons.  In this, we look at the story The Adventure of the Crooked Man. 

The Adventure of the Crooked Man” is a captivating Sherlock Holmes murder mystery that delves into themes of truth, justice, empathy, and personal responsibility. Tom Fox, a renowned Sherlock Holmes enthusiast, holds a positive perspective on this particular investigation. He regards it as one of his favorite stories, a sentiment shared by the author, Conan Doyle. Fox’s appreciation for the story is deeply rooted in the ethical lessons it imparts, such as the importance of truth, justice, empathy, and personal responsibility. He commends Holmes for his relentless pursuit of truth and his empathetic approach to understanding the characters’ motivations and emotions. Fox also appreciates the peaceful resolution Holmes chooses, emphasizing that vengeance and punishment are not always the best or most ethical solutions to conflicts.

Join Tom Fox in this episode of the Adventures of Sherlock Holmes podcast as he delves deeper into this intriguing investigation.

Key Highlights:

  • The Story
  • Truth and Justice
  • Understanding and Empathy
  • Retribution and Consequences
  • Personal Responsibility

Resources:

The New Annotated Sherlock Holmes

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Alex Cotoia and Daniela Meléndez Communications Compliance

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Alexander Cotoia and Daniela Meléndez from the Volkov Law Group to discuss the challenges and legal implications of ephemeral messaging in business.

Cotoia’s perspective emphasizes the significant risks ephemeral messaging poses for companies, particularly in terms of compliance and data preservation. He advocates for proactive measures, such as refining data preservation policies and monitoring all business-related electronic data. Similarly, Melendez, with her extensive knowledge and experience in conducting internal investigations, underscores the potential legal liabilities companies may face if they fail to secure relevant information. She cites real-world examples, like the Google case, to stress the importance of enforcing document preservation policies and educating employees on their responsibilities. Join Tom Fox, Alex Cotoia, and Daniela Meléndez as they delve deeper into this topic on the next episode of the FCPA Compliance Report podcast. 

Key Highlights:

  • Ephemeral Messaging: Balancing Compliance and Risk
  • Preserving Evidence and Compliance in Messaging
  • Data Preservation Policies and Risk Assessment
  • Paradigm Shift in Monitoring Business Communications

Resources:

Alex Cotoia on LinkedIn

Daniela Melendez on LinkedIn

Volkov Law Group

Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: November 27, 2023 – The Dirty 30 Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • The Indonesian anti-corruption chief was fired for corruption. (BBC)
  • Beware of reverse mergers. (WSJ)
  • Blood renewables in Western Sahara (Forbes)
  • Undercover cop William Casey dies. (NYT)
Categories
All Things Investigations

All Things Investigation: Episode 41 – The Albemarle FCPA Enforcement Action with Mike DeBernardis

How can companies effectively remediate after uncovering misconduct? In this episode of All Things Investigations, Tom Fox discusses with Mike DeBernardis the lessons learned from the recent Albemarle FCPA enforcement action and settlement. They analyze the company’s self-disclosure timeline, the credit received for holdbacks, and the overall cooperation and remediation efforts that led to a favorable NPA.

Mike DeBernardis is a partner in Hughes Hubbard’s Washington office and a member of the firm’s Anti-Corruption and Internal Investigations and White Collar & Regulatory Defense practice groups. He assists clients with internal investigations relating to high-stakes matters, including corruption under the Foreign Corrupt Practices Act, procurement fraud, financial and accounting fraud, money laundering, and other ethics issues and violations of company policy. 

You’ll hear Tom and Mike discuss:

  • The DOJ deemed Albemarle’s self-disclosure untimely, even though it was voluntary and unknown to the government. The 16-month delay from learning of allegations to disclosing crossed the line per updated standards.
  • Companies should carefully evaluate timing when self-disclosing misconduct if they want to maximize credit. Even voluntary disclosures can be considered untimely under an evolving reasonableness standard.
  • Albemarle discovered allegations in Vietnam in 2016, confirmed misconduct in early 2017, and then disclosed in January 2018 when FCPA Corporate Enforcement Policy permanence was still uncertain. 
  • $780,000 in total bonuses were held back from employees directly involved, those with supervisory responsibility, and other relevant staff. Albemarle received a full 1:1 penalty offset.
  • Contractual ability to withhold bonus payments is easier to execute than clawbacks of compensation already disbursed, especially across regions.
  • Settlement dynamics were shifting during Albemarle’s decision timeline, but current standards still applied for judging timeliness. Pandemic delays also won’t change future judgments.  
  • The egregiousness and duration of Albemarle’s schemes across multiple countries involving high-level executives would typically warrant a DPA or plea deal. Their cooperation and remediation directly led to the NPA result.
  • Albemarle thoroughly investigated, cooperated, remediated, and self-disclosed even though the misconduct was not yet government-known. This approach clearly benefited them.  
  • Implementing data analytics was called out in the settlement documents specifically. Even basic initial steps were still recognized and rewarded by the DOJ.

KEY QUOTES:

“And I think the lesson from this is doing something is better than doing nothing. Start to find ways. Work with your very smart people to find ways to incorporate some of the compliance data you have and find ways to use that to your benefit.” – Mike DeBernardis

“One of the things that companies don’t think about enough in these situations in the journey of Remediation is what business changes can we make? Because I think that could be really impactful, a really impactful, persuasive position is to say this company is different than the one who engaged in the conduct for various reasons.” – Mike DeBernardis

And then the fact they self-disclosed, they really did everything right except in the DOJ’s mind, waited just a little bit too long before they self-disclosed.” – Mike DeBernardis

Resources:

Hughes Hubbard & Reed website 

Mike DeBernardis on LinkedIn

Categories
Riskology

Riskology by Infortal Episode 14: International Mergers & Acquisitions

Geopolitics and business are inextricably linked. In this episode of Riskology by Infortal, Dr. Ian Oxnevad and Chris Mason explore how geopolitical risk analysis should be an integral part of mergers and acquisitions due diligence to uncover hidden risks and opportunities. They also discuss the emerging business activity in Cuba and its geopolitical implications.

Infortal Worldwide is a global risk management and investigations firm specializing in helping businesses navigate complex risk landscapes. The company’s focus extends to various areas, including economics, politics, and geopolitical risk. By delving into these interconnected realms, Infortal Worldwide aims to provide clients with comprehensive insights that empower them to make informed decisions, especially in critical areas such as mergers and acquisitions, private equity investments, and other strategic moves.

 

You’ll hear Chris and Ian discuss:

  • Cuba is an emerging market M&A opportunity. There is growing entrepreneurial activity and cross-industry demand for business with the U.S.  
  • However, the politics, military, and security dynamics around Cuba pose risks with China’s deepening involvement.
  • Cuba has significant untapped potential to again become an economic and financial hub, given its strategic geographic location.  
  • When looking for investment opportunities, it’s important to assess geopolitical risks to understand potential political issues that could impact the business environment before and after a deal.  
  • To ensure a thorough examination of potential risks, checklists for operational due diligence should include an analysis of geopolitical factors. This helps identify dependencies and vulnerabilities in the supply chain, allowing for proactive risk mitigation. 
  • Gathering intelligence from local sources at different stages of a deal provides insights into the actual state of affairs, business practices, and risks related to the target firm, industry, and operating environment.
  • Strengthen decision-making by obtaining verified information, establishing structured M&A due diligence processes, and documenting geopolitical risk analysis for your teams. 
  • Detect issues early and voluntarily report them to regulators to limit liabilities. The Saffron SA case in China exemplifies the benefits of FCPA due diligence in this regard.
  • With fluctuations in global supply chains, M&A decisions should be informed by geopolitical considerations, influencing reshoring and nearshoring choices as localization trends gain momentum. This presents both opportunities and the need for thorough due diligence.

 

KEY QUOTES

You need local boots on the ground, intelligence gathered and pulled in centrally so that you can really get a true handle on what the business climate and business cultural circumstances look like.” – Chris Mason

 

“…because M&A is one of the main ways that companies are going to be reshoring or nearshoring their supply chains.” – Dr. Ian Oxnevad

 

“When it comes to mergers and acquisitions, but also when it comes to seeking out your targets, does that process include geopolitical risk analysis? Are you really looking at how changes in international relations, changes in conditions, things that can impact supply chains, as an example, are you factoring that into the analysis to really make sure that you’re finding a good and solid opportunity? Because the last thing that you want is to pull together a deal …and then all of a sudden, a major international event just throws everything off course.” – Chris Mason

 

Resources

Infortal Worldwide

Email 

Dr. Ian Oxnevad on LinkedIn

Chris Mason on LinkedIn