Author: admin

Categories
Blog

Assessing Organizational Culture

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 2, consider how to assess your culture with Viktor Cuijak.

Cuijak, a chartered accountant with a strong background in finance, audit, and risk consulting, currently serves as the Director of Customer Success and Services at Diligent. With a decade of experience in the Big Four and a focus on governance, risk, and compliance (GRC) objectives, Cuijak firmly believes in the importance of assessing and managing organizational culture as a risk factor. He views culture as a dynamic risk that can have significant consequences if not properly managed, and advocates for standardized and benchmarked culture assessments to provide valuable insights for risk management. Cuijak emphasizes the need for practical guidance on implementation, highlighting the significance of tone at the top and other artifacts such as policies, procedures, and feedback mechanisms in culture assessments. Crucial Role of Culture podcast.

Assessing and managing organizational culture as a risk factor is a crucial aspect of ensuring the success and sustainability of any organization. A compliance professional can begin by the using existing frameworks like COSO (Committee of Sponsoring Organizations of the Treadway Commission) for guidance in assessing and managing organizational culture. This framework provides principles and guidelines that help organizations understand the key factors that impact culture as a risk factor.

The tone at the top, policies, procedures, and feedback mechanisms were identified as key indicators of an organization’s culture. The tone at the top refers to the leadership’s actions and behaviors, which set the tone for the entire organization. Policies and procedures play a crucial role in shaping the desired culture, but it is not enough to simply have them in place. Actions, communications, and responses must align with the stated culture.

One of the key challenges is the nebulous and intangible nature of culture, which can make it difficult to assess and audit. However, Cuijak emphasized that culture can be thought of as just another risk that organizations need to manage. By asking the question, “What can go wrong?” organizations can identify potential risks and gaps in their culture and take steps to address them.

Standardized evaluation was also discussed as a valuable tool for assessing and benchmarking culture. It provides a common language and framework for managing risks associated with culture. By using evaluation tools, organizations can track their progress and identify areas for growth.

Cuijak also emphasized the importance of considering the impact of culture when making decisions. Culture is not just a checklist exercise, but rather a holistic approach that encompasses actions, communications, and responses. It is not enough to have policies and procedures in place; organizations must demonstrate their culture through their actions and communications.

While frameworks like COSO provide principles and guidance, they may not always provide the specific “how” in assessing and managing culture. This is where organizations need to tailor their approach and consider additional tools and techniques that align with their specific needs and goals.

In conclusion, assessing and managing organizational culture as a risk factor is a complex but essential task for organizations. By using existing frameworks, evaluating key indicators, and considering the impact of culture on decision-making, organizations can identify potential risks, address gaps, and create a culture that supports their overall success and sustainability.

Join us tomorrow where we explore creating a strategy to manage culture risk.

Tune into Viktor Cuijak on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
Daily Compliance News

Daily Compliance News: September 19, 2023 – The $2111 Per Hour Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Is your lawyer worth $2K+ per hour?  (Reuters)
  • From a smoking break to a weed break? (NYT)
  • Boards looking more critically at CEO behavior. (FT)
  • US Treasury Sec wants to tackle Nigerian corruption. (Bloomberg)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 11 – Charitable Donation Enforcement Actions

When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and violates the FCPA. This was a feature of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the SEC in 2012, involving a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the DOJ as a criminal matter, against another U.S. entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.

Three key takeaways:

  1. Every compliance practitioner should study both the Lilly and Schering-Plough enforcement actions.
  2. What is the purpose of the charitable entity you are making a donation to?
  3. “Document, Document, and Document” your due diligence around donors.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Data Driven Compliance

Data Driven Compliance: Rachael Ormiston on Privacy as a Business Differentiator

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

We take things in a data privacy direction today as I visit with Rachael Ormiston, Head of Privacy at Osano, whose No Penalties Pledge sets them apart in the privacy industry, offering customers assurance that they won’t face fines for non-compliance. In conversations with Tom Fox, Rachael Ormiston discusses the importance of privacy as a business differentiator and the impact of GDPR. Trust is highlighted as crucial for building a positive customer experience. Osano has developed a privacy maturity model to help companies assess their progress and prioritize compliance. Their website offers valuable resources, catering to both experts and beginners in the field. Rachael emphasizes the increasing importance of data privacy and the need for companies to prioritize it at the executive level.

Highlights Include

·      Osano’s No Penalties Pledge

·      Privacy as a Business Differentiator

·      The Importance of Privacy Compliance

·      Data Privacy and Free Resources

Resources:

Osano

 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Navigating Digital Compliance: Managing Risks and Embracing Innovation

In a rapidly evolving digital landscape, managing compliance risks has become a critical priority for organizations. In a recent Innovation in Compliance podcast episode, I had the opportunity to interview Chris Lehman, CEO of Safeguard Cyber, a compliance and security company, to shed light on the importance of effective digital compliance and the challenges that arise with the shift in communication channels. This blog post explores the key insights from this conversation and offers practical advice on managing risk in the realm of digital compliance.

The manner in which communicate has undergone a dramatic transformation with the rise of smartphones and the increasing use of cloud-based applications and messaging platforms. Today, a staggering 45% of all business communication takes place outside of email, spanning channels like Slack, Microsoft Teams, WhatsApp, Telegram, Line, SMS, iMessage, and even social platforms such as LinkedIn. In addition to this tech side of the communication revolution, there is the generational change, from the way Baby Boomers communicated through GenXers to Millennials to GenZers. Moreover, corporations have not implemented the same level of controls for these new communication channels as they have for email, leaving potential vulnerabilities.

Lehman emphasizes the human factor as the most significant risk in compliance strategies. While technological advancements have enabled agility, innovation, and new ways of engagement, it is crucial to ensure compliance in these digital interactions. Safeguard Cyber highlights the need for organizations to prioritize compliance and good corporate governance, while still allowing employees to be agile and innovative.

To effectively manage risk in digital compliance, it is vital to treat it as a comprehensive risk management process. This involves understanding regulations, establishing robust policies, training employees, and leveraging technology to monitor and mitigate risks. It all starts with a risk assessment, which informs your risk management strategy. From there you must implement effective training and communications, then monitor and upgrade as needed. To do this you also need a tech solution which provides visibility into digital communication channels, enabling organizations to identify potential risks in real-time and take corrective action.

Unfortunately, there is often a tension that can arise between compliance teams and line of business teams. Rather than being seen as a hindrance, compliance teams should strive to be enablers and strategic partners. By providing visibility into the tools and applications employees use, compliance teams can facilitate decision-making on freedom and flexibility while maintaining compliance standards.

The regulators, such as the Securities and Exchange Commission (SEC), Commodities Futures Trading Commission (CFTC) and the Department of Justice (DOJ) have all take notice and have all emphasized the importance of compliance and good corporate governance in these new communication channels. This summer alone, SEC recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the CFTC ordered four financial institutions to pay a total of $260 million for recordkeeping and supervision failures for widespread use of unapproved communication methods. All of this means that companies must identify and assess their risks, implement risk management strategies, and ensure that policies and procedures are not only in place but also effectively trained and followed.

Fortunately, technologies now exist that allow organizations to achieve compliance without becoming overly burdensome through their monitoring function. Safeguard Cyber’s tech solution, for instance, monitors digital communication channels, such as email, messaging platforms, and social media, while ensuring employee privacy through an opt-in system. By leveraging natural language understanding technology, sensitive information can be flagged, and compliance can be maintained seamlessly.

As we move forward, the goal for organizations is to break down the walls between line of business and compliance teams. Technology will play a pivotal role in providing visibility into various communication channels and applications, helping employees stay within boundaries without intentionally breaking rules. Increased regulatory oversight is expected in the future, making it even more crucial for organizations to prioritize digital compliance.

In the modern business landscape, effective digital compliance and good corporate governance are paramount. Managing compliance risks in the realm of digital communication requires organizations to treat it as a risk management process, leveraging technology and establishing robust policies. By embracing technology solutions like Safeguard Cyber, organizations can monitor communication channels, flag potential risks, and ensure compliance without stifling innovation and agility. As we navigate this ever-evolving digital world, prioritizing digital compliance will be a key differentiator for organizations seeking long-term success.

Categories
Corruption, Crime and Compliance

Corficolombiana DOJ and SEC FCPA Settlements

When operations span across borders, navigating local regulations and ethical standards becomes even more crucial. As evidenced by Corficolombiana’s case, neglecting these measures can lead to hefty legal ramifications and significant economic repercussions. In this episode of Corruption, Crime and Compliance, Michael Volkov unravels the Corficolombiana and Group Aval scandal, shedding light on the importance of implementing and maintaining robust ethics and compliance programs for global companies.

You’ll hear Michael talk about:

  • Corfico is a subsidiary of the Colombian financial behemoth, Grupo Aval. The two entities agreed to substantial settlements with both the DOJ and SEC, stemming from allegations of a bribery scheme in Colombia.  
  • It emerged that Corfico had conspired with Odebrecht, a Brazilian construction firm, to pay around $23 million in bribes to influential Colombian government officials to clinch the project. The DOJ’s settlement with Odebrecht throws more light on the matter.
  • Corfico’s forthcoming cooperation with both DOJ and Colombian authorities demonstrated their intent to amend their ways.
  • Corfico embarked on extensive remedial measures, which the DOJ acknowledged and appreciated. This included a comprehensive root cause analysis and subsequent enhancements to their corporate governance and controls. 
  • Corfico also revamped its compliance program, introducing improved reporting, investigation, and disciplinary procedures and revisited its anti-corruption compliance program.
  • The DOJ extended a 30% fine reduction to Corfico, a significant reprieve. What stood out, however, was the decision against appointing an independent compliance monitor in this case. 
  • Such international scandals accentuate the risks that large projects in foreign lands pose. Drawing parallels with the ABB case, it’s clear that ethics and compliance are non-negotiables for global firms.

 

KEY QUOTES

“The DOJ credited Corfico’s cooperation, citing its production of facts obtained through the company’s internal investigation, making numerous detailed factual presentations that distilled certain key factual information producing documents that the government may not have been able to get access to because of foreign data privacy laws providing sworn testimony from Columbia.” – Michael Volkov

 

“Corfico promptly engaged in extensive remedial measures, including, among other things, conducting a root cause analysis of the bribery scheme identified during the internal investigation. Promptly took the actions to enhance its corporate governance and controls and joint venture entities as well as improved its oversight of noncontrolled joint ventures and investments, overhauled its compliance program… As a result of this, the DOJ awarded Corfico a 30% reduction off the bottom of the applicable guidelines fine range.” – Michael Volkov

 

“It’s always good to look at the underlying conduct, and imagine: If you’re working in a company, with your compliance program, would you have been able to detect this? How would your compliance program have prevented this from occurring?” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Adventures in Compliance

Adventures in Compliance – Compliance Lessons from The Adventure of the Beryl Coronet

The story begins with a respected banker, Alexander Holder, who comes to Sherlock Holmes for help. Holder tells Holmes that he was entrusted by a client with a precious artifact, the Beryl Coronet, which is studded with valuable jewels. Holder, fearing the artifact might get stolen, took it home and locked it in his safe.

The following morning, Holder finds the coronet damaged, and three beryls are missing. Holder immediately suspects his son Arthur, as he was found with the artifact in the middle of the night in a frantic state. Although he claims innocence, Arthur refuses to provide any alibi. Holder, devastated and confused, seeks Holmes’ help in solving the mystery.

After examining the scene, Holmes infers that the intruder was an amateur. He notices footprints that lead to and from a garden window. Holmes suspects Arthur’s cousin, Mary, after discovering that she had been out walking late that night and received a sizable payment from a mysterious source.

Holmes eventually identifies the true culprit as Sir George Burnwell, a man of questionable character who had been romantically involved with Mary. Mary had been paying Burnwell to keep quiet about their relationship, using money she received from pawning her own jewelry.

Holmes manages to recover the stolen jewels from a pawnbroker. It is revealed that Arthur was indeed innocent and had taken the blame to protect Mary, whom he loved. The story concludes with Holder expressing relief at the solution, but also sorrow that Mary had been led astray by Burnwell.

Compliance Lessons 

Due Diligence: The plot revolves around a precious beryl coronet that is partially stolen. The owner, Mr. Holder, fails to exercise due diligence in securing the coronet, leading to the theft. This highlights the importance of thorough risk assessment and due diligence in compliance, particularly regarding asset security.

Confidentiality: The coronet is a state secret. Its value is immense, and it is given to Holder to be used as a security against a loan. This underscores the importance of safeguarding sensitive or proprietary information and the responsibility individuals and organizations have in maintaining confidentiality.

Insider Threat: The theft is carried out by a trusted individual within the household. This reflects real-world scenarios where individuals within an organization pose significant risks. It’s crucial to establish systems that can detect and prevent insider threats.

Crisis Preparation: Holder makes an immediate decision to approach Sherlock Holmes when the theft is discovered. This can be related to the crisis training that should be followed when a breach or issue is detected within an organization, including notifying the relevant authorities or consulting professionals to handle the situation. You should game out and plan your cyber breach responses.

Trust and Transparency: The conclusion of the story reveals a complex web of familial relationships and a severe lack of trust and transparency within the Holder household. This emphasizes the significance of fostering a culture of openness, trust, and transparency within an organization. Honest communication and transparency can prevent misunderstandings and miscommunication that might lead to non-compliance issues.

Unintended Consequences: The impulsiveness and rash decisions of characters in the story lead to unintended consequences, such as Arthur’s unjust imprisonment. This is a reminder that organizations must think through the potential outcomes of their actions, especially with regards to compliance and regulatory matters, to avoid unexpected negative impacts.

Resource

The New Annotated Sherlock Holmes

Categories
Blog

What is Corporate Culture?

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 1, we ask what is culture with our special guest Yvette Hollingsworth-Clark.

Yvette currently holds the position of Chief Compliance Officer for State Street Corporation  and is on the Board of Directors at Diligent. With a robust background in risk management, Yvette has cultivated a deep understanding of the significance and measurement of corporate culture. She asserts that corporate culture should not be solely managed by the compliance function, but rather owned by the C-suite and executed in various forms. Yvette stressed the need for specific metrics to monitor and promote desired cultural values, such as integrity, and believes that culture can be measured through metrics such as the number of risk decisions overruled, challenged, or implemented correctly. She also highlighted the importance of considering stakeholders such as customers, clients, and third parties when assessing corporate culture.

Yvette emphasized that culture is not solely the responsibility of the compliance function but is owned by the C-suite and executed in various ways throughout the organization. CEOs have a significant role to play in driving corporate culture. They must lead by example, set expectations, and hold managers accountable for adhering to the desired cultural attributes.

One key aspect is the importance of tone from the top. Employees observe the behavior of their senior leaders and often mimic their actions. CEOs need to be conscious of the examples they set, both verbally and through their behavior. Fairness is also crucial in setting the culture of a company. Every decision made by senior leaders, regardless of their position, should demonstrate fairness and align with the desired culture.

The Board of Directors also plays a significant role in shaping and overseeing corporate culture. They need to understand how management defines culture and how ethical issues are managed within the organization. Yvette advises boards to think about the framework of culture more broadly, considering factors such as the company’s reputation to customers and other stakeholders, as well as the employee experience. It is essential to demonstrate how the organization is executing against the cultural attributes that are deemed positive for the company.

Assessing corporate culture is a complex task that requires a balance between art and science. While there are specific metrics that can be used to measure culture, such as risk decisions, policy violations, and disciplinary actions, it is important to anchor the assessment to the specific aspects of culture that are relevant to the organization. Yvette suggests using a suite of metrics that focus on risk excellence and positive indicators of culture, such as employee training, customer treatment, and incident handling.

One must always remember that assessing culture is not a one-size-fits-all approach. It requires organizations to be specific about what their data can answer and what it cannot. A culture assessment is still more of an art than a science, but it is crucial to have a clear understanding of the indicators that align with the organization’s desired culture.

In conclusion, corporate culture is of utmost importance in the financial services industry. It is not only the responsibility of the compliance function but is owned by the C-suite and executed throughout the organization. CEOs must lead by example and set expectations, while the board plays a significant role in shaping and overseeing culture. Assessing culture requires a balance between art and science, with organizations using specific metrics that align with their desired cultural attributes. By prioritizing and measuring culture, financial services organizations can create an environment that promotes ethical behavior, risk excellence, and positive outcomes for all stakeholders.

Join us tomorrow where we explore assessing organizational culture.

Tune into Yvette Hollingsworth-Clark on the Diligent-sponsored podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Written Standards: Day 10 – Policies and Procedures on Gifts and Business Entertainment

If one were to reflect upon the providing of gifts and business entertainment to foreign governmental officials, one might reasonably conclude that after 40 years of the FCPA, companies might follow its prescriptions regarding gifts and business entertainment. However, there have been some notable FCPA enforcement actions in this area.
The 2012 FCPA Guidance clearly stated the FCPA does not ban gifts and entertainment. Indeed, it specified, “A small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other. Some hallmarks of appropriate gift-giving are when the gift is given openly and transparently, properly recorded in the giver’s books and records, provided only to reflect esteem or gratitude, and permitted under local law. Items of nominal value, such as cab fare, reasonable meals and entertainment expenses, or company promotional items, are unlikely to improperly influence an official, and, as a result, are not, without more, items that have resulted in enforcement action by DOJ or SEC.”
These guidelines must be coupled with active training of all personnel, not only on a company’s compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and business entertainment. Lastly, it is imperative that all such gifts and business entertainment be properly recorded, as required by the books and records component of the FCPA.
And, as always, do not forget the gut check test.

Three key takeaways:

  1. Gifts and business entertainment continue to plague companies for compliance violations.
  2. The key is not the amount but of having a policy and procedure and following it.
  3. Always remember to record gifts and business entertainment expenses correctly.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Innovation in Compliance

Unlocking Success: The Crucial Role of Culture in Compliance: Part 1 – Yvette Hollingsworth – Clark on What is Culture?

Welcome to a special series on building a stronger culture of compliance through targeted and effective training sponsored by Diligent. I will visit with Yvette Hollingsworth-Clark, Viktor Culjak, Jessica Czeczuga, Michael Parker, and Alexander Cotoia in this series. Over this series, we will consider what culture is, how to assess culture, putting together a strategy to manage culture based upon this assessment, monitoring that strategy in the future, and using information from your monitoring to improve your culture continuously. In Part 1, we ask what culture is with our special guest, Yvette Hollingsworth-Clark.

Yvette Hollingsworth-Clark, a seasoned professional in the financial services industry, currently holds the position of Chief Compliance Officer for State Street Corporation. With a robust background in risk management, Yvette has cultivated a deep understanding of the significance and measurement of corporate culture in the financial sector. She asserts that corporate culture should not be solely managed by the compliance function but rather owned by the C-suite and executed in various forms. Yvette emphasizes the need for specific metrics to monitor and promote desired cultural values, such as integrity. She believes culture can be measured through metrics such as the number of risk decisions overruled, challenged, or implemented correctly. She also highlights the importance of considering stakeholders such as customers, clients, and third parties when assessing corporate culture. Join Tom Fox and Yvette Hollingsworth-Clark on this episode to delve deeper into this topic.

Key Highlights:

  • Measuring and Managing Corporate Culture in Finance
  • Shaping Corporate Culture: Board’s Key Role
  • The Nuances of Assessing Organizational Culture

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com

Join us tomorrow, where we consider how to assess your culture.