Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Author: admin
There is nothing like an internal whistleblower report about a FCPA violation, the finding of such an issue or (even worse) a subpoena from the DOJ to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However, it may well be the time for a very serious reality check.
In addition to robust investigation, a company must engage in remediation of the offending conduct. The 2020 Update to the Evaluation of Corporate Compliance Programs mandated the additional significance of this by providing that this process must be considered “both at the time of the offense and at the time of the charging decision and resolution”. When you consider the strictures around continuous monitoring and continuous improvement in compliance programs it is clear why this analysis is so important. Obviously, a key test of any compliance program is when a deficiency is found and a violation occurs. The question then becomes, what did you do about it.
But from the DOJ (and Securities and Exchange Commission) perspective, the key is to use the information to both fix the problem so that it does not occur again but also improve your compliance regime.
Three key takeaways:
- How does your investigation inform your remediation plan?
- A compliance program failure offers a way to upgrade your regime.
- Your investigative team must inform your remediation team.
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes back the Lawyer to Podcasters – Gordon Firemark.
With the increasing prevalence of AI and Chat GPT technologies in the podcasting world, legal implications must be addressed. Tom and Gordon discuss potential legal issues, such as AI accessing private information and Chat GPT generating false information. To further this discussion, Firemark will be presenting at Podcast Movement 2023 on the importance of protecting freedom of expression in the arts. It is essential for creatives to understand their rights and obligations, as well as the potential impact of AI and Chat GPT on their work, to ensure they are fairly compensated for their creative efforts. This podcast episode provides valuable insight into the changing dynamics of the podcasting world and the need for creatives to remain informed.
Key Highlights
· AI and Chat GPT
· AI and Copyright Issues
· Fair Compensation for Creatives
· Legal Issues in Art
Resources
Gordon Firemark on LinkedIn
Tom Fox
Tom Fox and guests Kenyen Brown and Kevin Carroll take a deep dive into the legal drama surrounding President Trump. On this week’s episode of All Things Investigations their seasoned attorneys walk us through three major legal events that unfolded in a momentous week. They uncover the delicate balance of political and legal intrigue, explain court strategies, and reveal the ins and outs of the judicial process.
Kevin Carroll and Kenyen Brown are partners at Hughes Hubbard & Reed. Kevin served as a senior counsel to the House Homeland Security Committee. Kenyen is a former United State Attorney.
You’ll hear Tom, Kenyen and Kevin discuss:
- The surprising lack of preparation on President Trump’s defense team’s part. They were surprised by the lack of a structured legal argument and the pleading for a trial after the election.
- Is there any merit to the defense’s claim that the amount of information to be reviewed necessitates a delay? Kenyen and Kevin agree that the defense might be asking for too long of a delay; however, they do not rule out a timeline extension due to the volume of documents involved.
- Trump’s defense does not have a large legal team to sift through the discovery material.
- They examine the defense strategy, in particular the call for the trial not to be held before the election. Such a privilege is not usually granted to typical defendants.
- Kevin voices his concerns over the defense’s public statements, questioning the judge’s hesitance in issuing gag orders. Kenyen speculates that the choice of the federal district for this case could be strategic on the part of the Justice Department, aiming for a more credible verdict.
- They discuss Trump’s announcement about receiving a target letter from Jack Smith, and its implications. They believe that it indicates that the Special Counsel believes there is already probable cause to indict Trump.
- Tom wonders if Smith’s motivation was to pre-empt any indictment that might have been made by the state of Georgia.
- Kevin speculates that the Justice Department might have been embarrassed by the January 6 Committee progressing far ahead of their investigation. He posits that it would be even more mortifying if a smaller District Attorney’s office managed to build a significant conspiracy and racketeering case against the President while the DOJ was lagging behind.
- Kenyen emphasizes that justice should be their main focus and he would hope that the pace of Smith’s actions is determined by the facts and evidence he has, rather than being influenced by a state prosecutor’s progress.
- Would the District of Columbia be an appropriate venue for a case involving the January 6 insurrection? Kevin believes so since most of the activity relating to January 6, including the preparation and the event itself, happened in DC.
- Tom asks Kenyen and Kevin for their views on this matter of the recent announcement from the Attorney General of Michigan, who charged a series of persons claiming to be electors from Michigan but who were in fact fraudulent.
- Kevin finds it interesting that Federal Prosecutor Smith is also examining the fake elector scheme. He labels the indictment as apt and defines the false claims of electoral victory as fraudulent.
- Kenyen remarks on the difficulties of prosecuting election fraud cases due to allegations of partisanship. He underlines the necessity to protect the integrity of the election system.
- Kevin discusses an incident in Michigan, where meetings were apparently recorded in which fake electors were selected.
KEY QUOTES
“I would hope that federal authorities are not motivated by what might be taking place in a parallel state jurisdiction. In other words, your master in these circumstances is supposed to be justice…” – Kenyen Brown
“Having investigated a few instances of election fraud cases in Alabama that ended up not being accurate or true, it’s almost a no win for the prosecutor because there are going to be allegations of partisanship regardless of the outcome of the merit of your case. Nonetheless, you do it to protect the integrity of the election system.” – Kenyen Brown
“The only thing worse than getting a target letter from the Justice Department is when everybody else who was involved in the crime, except you, didn’t get a target letter, they suggest that everybody’s cooperating against you.” – Kevin Carroll
“It’s super interesting because we all know that the federal Prosecutor Smith is also looking at the fake elector scheme because he specifically subpoenaed some individuals who were electors or state election officials in the different states that the results were in question legitimately or illegitimately. It’s a very apt indictment. It’s a fraud.” – Kevin Carroll
Resources
Hughes Hubbard & Reed website
Kevin Carroll on LinkedIn
Kenyen Brown on LinkedIn
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.
- DOJ revamps Crypto enforcement team. (WSJ)
- Altice co-founder denies corruption. (Reuters)
- US consultancies struggle in China after raids. (FT)
- GOP release FBI report showing no Biden corruption in Ukraine. (Bloomberg)
In today’s world data is the new gold, and protecting it has become imperative for businesses worldwide. On this week’s episode of Corruption, Crime and Compliance, Michael Volkov navigates the cybersecurity landscape, unpacking the key threats haunting businesses and the elements of a robust cybersecurity compliance program. He underscores the importance of proactively managing these digital threats, to ensure your business remains protected.
You’ll hear him discuss:
- The growing partnership between compliance and cybersecurity is a rapidly emerging issue in compliance, affecting companies and their risk management strategies. Cyber threats are not only external but also internal, resulting from employee behavior and cybersecurity hygiene.
- Chief Information Security Officers (CISOs) are increasingly collaborating with Chief Compliance Officers (CCOs), leveraging the latter’s expertise in governance, risk management, and training. This collaboration enables better education and training for employees on cybersecurity risks and the importance of good cybersecurity hygiene.
- Approximately 50% of cyber or data breaches are the result of internal actors, either intentionally or through negligence. Thus, CCOs can play a crucial role in designing controls, conducting training, and monitoring employee behavior to mitigate such risks.
- Major cybersecurity risks today include ransomware, cloud security, work from home security, phishing schemes, supply chain security, and identity and access management (IAM).
- The rise of cyber threats: The digital landscape is rife with cybersecurity threats, including insider threats, DoS and DDoS attacks, AI and machine learning attacks, and cyber espionage.
- Organizations need to be vigilant against disgruntled employees with access privileges who could intentionally or unintentionally harm systems. This emphasizes the need for robust access controls, regular monitoring, and comprehensive employee training.
- While AI and machine learning can enhance cyber defenses, they can also be weaponized by cybercriminals to automate and scale their attacks.
- A robust cybersecurity compliance program is necessary to protect a company’s IT infrastructure and includes:
-
- Application Security: Familiarity with cloud security policies and the implementation of multifactor controls and administration privileges can help strengthen application security.
- Information Security: Companies must adhere to strict security standards and employ encryption among other strategies to protect data from possible breaches.
- Disaster Recovery Planning: This requires implementing backup and recovery systems, incident response drills, and endpoint protections.
- Network Security: Most companies use firewalls to monitor traffic for cyber threats and attacks. Companies must also secure their wireless networks and ensure that remote connections are encrypted.
- End User Security: Since hackers often gain unauthorized access through endpoints, companies must ensure that devices are updated with security programs and antivirus applications.
- Operational Security: This involves identifying any potential vulnerabilities that could be exploited by a hacker.
- Given the prevalence of phishing attacks and insider threats, cyber training for employees is of paramount importance for an organization’s cybersecurity.
KEY QUOTES:
“To the extent that cyber risks are the result of internal employee misbehavior or negligence, CCOs are natural experts in developing strategies for controls, mitigation of risks, and monitoring employee behavior, because they’re already doing that to a certain extent with regard to other risks.” – Michael Volkov
“Businesses that misconfigure security settings for applications can result in cloud account data breaches. Companies that rely on major cloud services have to design their security settings for their applications.” – Michael Vokov
“In the end, cybersecurity fails when there’s a lack of adequate controls and security readiness, and companies have to make smart strategic decisions when developing their controls and cybersecurity protections; and always focus on the human element, common mistakes, effectiveness of controls and vulnerabilities to hacker strategies to exploit any weaknesses.” – Michael Volkov
Resources
In an article, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”, Mara Senn, now Director & Senior Counsel, Global Compliance Investigations at Zimmer Biomet and Michelle K. Albert, former lawyer at Arnold & Porter discussed cross-border investigations. They considered the following issues.
Offer interview translations.
Avoid cultural pitfalls.
Observe data privacy restrictions.
Comply with labor requirements.
Be aware of other local requirements.
Put forms in native translations.
Preserve the attorney-client privilege.
Prepare for local enforcement actions.
Prepare for security risks.
Protect whistleblowers.
Three key takeaways:
- Use translators and translations of key documents in witness interviews.
- Use local counsel to facilitate the investigation and to help navigate any local anti-corruption investigation issues.
- Never, never, never retaliate. The SEC will pay whistleblower bounties for non-U.S. citizens.
Tony Bennett died last week. He was one of a handful of performers whose music filled my head, heart and ears my entire lifetime. For me, it all began with I Left My Heart in San Francisco in the mid-1960s. By that time Bennett had at least one maybe two careers of a lifetime. But by the 1960s Bennett was just getting started. He was a crooner of the old school but he wanted to sing the classics, which he did. The thing about classics, is that they are classic for a reason. They are great songs and in the hands of great singers the are wonderous.
The was never proved more so than in 1993 when MTV had Tony Bennett Unplugged. It was a musical event for the ages. It won a Grammy for Best Album. Here was a (then) 70-something crooning the classics to an entirely new generation of fan, GenXers. And they loved him, the songs and the music. That event led to Bennett going back on top for the rest of his life. It also led to collaborations and even duets with artists as diverse as Lady Gaga, KD Lange and Amy Winehouse. So farewell to Tony Bennett, forever singing the classics of the Great American Songbook.
Have you ever wondered how to make compliance training interesting and engaging? I thought about Tony Bennett after I recorded a recent podcast with Peter Grossman and Duane Stumpf, two experts in the field of compliance training, to discuss this very topic. Peter is the co-founder of Labyrinth Training, which creates interactive animated compliance trainings, and Dwayne is the global head of integrity and compliance and the chief compliance officer for Alcon Vision. Together, they discussed the challenge of incorporating a 1970s rock and roll music number into a compliance training, and how they created a training series that was interactive and required the user to make decisions that affected the narrative.
The conversation highlighted the importance of delivering lessons in a way that people will remember, enjoy, and take notice. Peter has a background in entertainment and publishing, having worked for US Weekly and Rolling Stone, and Dwayne is a “recovering sales rep” who spent the first decade of his life in sales and the next decade plus in consulting. Their combined experience and expertise made for a fascinating discussion.
The Lens policy is Alcon Vision’s policy on how they interact in the marketplace. It is a principles-based policy that helps guide and put context around being ethical in the marketplace with their products. Peter and his team helped Alcon Vision put real life scenarios into sticky, funny, and humorous content. The team then launched a compliance training program in a Netflix style, with five episodes each lasting seven to eleven minutes. The team hyped up the program with emails, internal social media posts, and movie posters.
The team was able to get an impressive 81% of people to complete the training within 60 days. They changed the narrative of compliance by creating something that had never been seen before. To make the training even more engaging, they incorporated a musical number into the training, with a 70s style rock song. They also created a catchy jingle for an awareness video about the importance of wearing masks.
The fourth episode of the training introduced the worst person, Dr. Louis. Dr. Louis is famous and is trying to take advantage of the salesperson by soliciting bribes. Dr. Louis is wearing a lab coat that looks like a NASCAR jacket, covered in ads for every product. He tries to convince the salesperson to sponsor his lab coat with the Q Four logo and even breaks into a song and dance to convince the salesperson to sponsor his lab coat. Martin, the salesperson, starts singing along with Dr. Louis at one point.
The CEO of the organization even sent a note of congratulations when the award was announced. They even created a fictional product called Q Four, a quadrifocal lens with a Siri-like voice command to change eye color. The purpose of the training was to get people to stop and think before they engage in activities. The team won two Telly Awards, one for the narrative and one for the interactive design.
The takeaway from this conversation is that compliance training should be engaging, interactive, and fun, and tailored to the needs of the organization. Using interactive elements, humorous content, and musical numbers, organizations can create effective and memorable compliance trainings that their employees will enjoy and take notice of and most importantly will become more engaged with your compliance function.
In the Sunday Book Review, I consider books that would interest the compliance professional, the business executive or anyone who might be curious. It could be books about business, compliance, history, leadership, current events or anything else that might interest me. In today’s edition of the Sunday Book Review, I look at books about serial killers, famous murderers and those who track them down.
- Behold the Monster by Jillian Lauren
- In Cold Blood by Truman Capote
- Helter Skelter by Vincent Bugliosi
- Whoever Fights Monster by Robert K. Ressler and Tom Shachtman
Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.
- Head of DOJ Criminal Division, Kenneth Polite to step down. (WSJ)
- Tesla Directors settle comp suit. (Reuters)
- KPMG caught cheating for exams again, this time in The Netherlands. (Dutch News)
- Does Singapore have a corruption problem? (FCPA Blog)
- Lisa Osofsky issues her final SFO report. (WSJ)
- Teens take on corruption in Nigeria. (Teen Vogue)
- US issues new anti-trust guidance. (FT)
- Panama ex-President sentenced for corruption. (Reuters)
- Sri Lanka passes ABC bill. (AL Jazeera)
- Deutsche Bank fined yet again for AML failures. (NYT)
You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.
Connect with Tom