Author: admin

Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 1

I recently had the opportunity to visit with Vince Walden for the inaugural episode of the newest podcast on the Compliance Podcast Network, Data Driven Compliance. Walden is a compliance professional with 15 years of experience, who left his day job and founded Kona AI, a cutting-edge innovation for compliance professionals. Kona AI is an on-premise platform to build advanced analytics and compliance monitoring that aligns with the DOJ’s expectations.

Over this multi-part blog post series, I will be discussing how to create an effective compliance program through  the use of data analytics by considering the requirement laid out by the Department of Justice (DOJ) in their recent pronouncements on a best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics.

It is important for compliance professionals to make informed decisions that are driven by data to ensure that the compliance program is effective and efficient. Data-driven decisions enable compliance professionals to make decisions that are backed by evidence, allowing them to make informed decisions that are based on facts and figures rather than assumptions or guesswork. Without data, compliance professionals would be unable to accurately measure the effectiveness of their compliance program or identify potential risks or areas of non-compliance.

Data-driven decisions also allow compliance professionals to identify areas of strength and opportunities for improvement. By utilizing data, they can identify trends, patterns, and correlations that can help them understand the underlying causes of compliance issues and formulate strategies to address them. Furthermore, data-driven decisions are more likely to be accepted and supported by stakeholders, as they are based on facts and have been thoroughly researched and analyzed. Ultimately, data-driven decisions ensure that compliance professionals are making informed decisions that are in the best interests of their organization. Walden articulate 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at your fingertips.

Under Step 1, the assessing of your company’s conduct begins with understanding the DOJ’s  expectations for an effective compliance program. Companies should have policies and procedures in place that enable them to access relevant sources of data, conduct ongoing monitoring of third-party relationships, and hold compliance officers accountable for the effectiveness of the compliance program. Additionally, companies should ensure they have the necessary technology in place to be able to quickly conduct an analysis of their data to determine if a self-disclosure is necessary. By taking these steps, companies can ensure they are meeting the DOJ’s expectations and are in a better position to successfully self-disclose if necessary.

Finally, assessing a company’s conduct should also involve an analysis of the company’s external communications. Companies should have a process in place for responding to inquiries from the public, media, and other stakeholders, and they should ensure that all communications are accurate and timely. Additionally, companies should ensure they are regularly engaging with their stakeholders to keep them informed of any changes in their compliance policies or procedures. By taking these steps, companies can ensure they are engaging in effective external communications that foster trust and confidence in their compliance program.

Self-disclosure is a key step in achieving an effective compliance program. Walden lists this as Step 2. It is important for companies to to demonstrate their commitment to compliance and avoid possible enforcement actions. Recently Kenneth Polite reiterated the importance of self-disclosure and discussed the changes to the corporate enforcement policy. Self-disclosure is viewed as a sign of good faith and can have a major impact on the DOJ’s decision to pursue or not to pursue a case.

However, to meet this requirement under the DOJ Corporate Enforcement Policy, companies need to have access to their data quickly in order to determine if self-disclosure is necessary. This means having an on-premises platform that can quickly search through transactions, identify potential corrupt payments, and compare them to a predictive model. This will demonstrate that they have an effective compliance program for the DOJ to consider them for leniency. But it requires having access to relevant sources of data and conducting monitoring throughout the relationship with third parties. Having an analytics platform can help companies detect anomalies in their data and identify patterns in the data that can help create an effective compliance program.

In addition to self-disclosure, companies must also take steps to ensure that their compliance program is effective and meets the standards of the DOJ. Companies should have access to a streamlined technology platform that helps them manage their compliance efforts. This platform should have tools to monitor third-party relationships, identify suspicious activity, and monitor compliance efforts. An effective compliance program also requires ensuring that employees receive proper training and understanding of the company’s policies and procedures. Companies should also have an audit system in place to regularly check that their compliance program is meeting the standards of the DOJ. This audit system should include periodic assessments of the compliance program and regular reviews of third-party relationships.

Of course, if you do not know you have a problem, you organization cannot self-disclose and cannot meet the mandates to demonstrate an effective compliance program. Hence under Step 3, an organization must understand if there is a problem or not which warrants self-disclosure.  With the right technology in place, companies can monitor their compliance efforts and ensure that they are meeting the expectations of the DOJ. Additionally, companies should ensure that employees are properly trained on the company’s policies and procedures. Taking these steps can help create an effective compliance program that meets the expectations of the DOJ.

Join us tomorrow where continue our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance.

Categories
SBR - Authors' Podcast

Jeffrey Hayzlett on The Mirror Test

Welcome to the Sunday Book Review, the Authors Podcast! On this inaugural episode, Tom welcomes special guest Jeffrey Hazlett, the founder and CEO of C-Suite, former Chief Marketing Officer at Eastman Kodak, and a prime-time host on Bloomberg. They talked about Hayzlett’s updated version of his seminal work, The Mirror Test. They discuss Hayzlett’s 3 key elements of leadership: improvisation, talent, and bottom-line results. He also discussed his new book about Murphy the spy, which is a metaphor for the subject matter. Hazlett emphasized the importance of company culture, noting that it can be detrimental if it’s not up to par. This Sunday Book Review-Authors Podcast episode is sure to leave you inspired and well-informed about leadership! Be sure to tune in!

 Key Highlights Include:

·      Leadership lessons from The Mirror Test [00:03:55]

·      Talent and Leadership for Business Success [00:06:54]

·      Positioning Your Unique Selling Proposition [00:10:01]

·      The Necessity of Representing Different Communities in Messaging [00:13:33]

·      The Impact of Company Culture on Employee Performance [00:16:46]

 Notable Quotes

1.     “What problem are we solving? And that’s really what it is.”

2.     “You have to become a personal brand because you are. A brand is nothing but a promise delivered.”

3.     “You must be out there because you take on the brand’s attributes. The brand takes on the attributes of you.”

4.     “You have to develop the culture and understand what the culture will be like and then recruit people that are similar to your culture or at least will fit in because I’ve seen people who’ve gotten fired within weeks or days because they just didn’t fit in the culture.”

 Resources

Purchase The Mirror Test Purchase

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance-Episode 113, Shout Outs and Rants

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Karen Woody, and Matt Kelly who discuss a potpourri of issues. We conclude with our fan fav Shout Outs and Rants section.

1. Matt Kelly rants about Facebook hiring 11K employees and then laying them off and then giving a large number of employees poor performance reviews.

2. Jonathan Armstrong shouts out to the British Navy for the Altmark Incident in 1940, the last recorded English naval battle fought with cutlasses.

3. Tom Fox shouts out about Valentine’s Day and all those hopeless romantics out there.

4. Karen Woody shouts out to the Netflix show Cunk on Earth.

5. Jay Rosen shouts out to Stevie Van Zandt donating a do rag to California Representative Jamie Raskin to wear during his cancer treatment.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Data Driven Compliance

Vince Walden on Taking Your Compliance Program to the Next Level Through Data Analytics

Welcome to Data Driven Compliance, the newest edition to the Compliance Podcast Network. In this podcast we will discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on the investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by Kona AI.

In our inaugural episode, I visit with Vince Walden, a forensic data analytics expert and the CEO of Kona AI, a cutting-edge compliance monitoring platform. He has a long history of consulting for white collar crime investigations and forensic data analytics. He has worked on high profile data analytical projects such as Anheuser Busch’s BrewRite platform.

Key Highlights

  1. Discover how data analytics can be used to fight global corruption and identify improper payments.
  2. Learn how data transparency and cost-effectiveness are paramount to an effective compliance program.
  3. Investigate how data analytics platforms can be used to keep organizations out of trouble and make the business better.

Notable Quotes

“Compliance professionals are now being looked at to help spearhead this initiative around business transparency, especially into their third parties or their employee activities, and sometimes even customers or distributors.”

“Getting companies to commit resources to it, it needs to be cost effective.”

“Data analytics is always a topic at the conferences, at the conferences on social media, et cetera. Gaining insights into transparency in your data is paramount to an effective compliance program.”

“Being able to make the business better by adding cash back onto the balance sheet and stopping improper payments or finding errors or stopping a corrupt payment before it’s paid, that’s all making the business better.”

 Resources:

Connect with Vince Walden on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn

Categories
Innovation in Compliance

Leveraging Technology in Third-Party Risk Management with Jag Lamba and Jared Ezzell

Jag Lamba and Jared Ezzell from Certa, join Tom Fox on the Innovation In Compliance podcast to explore the essential elements of a thriving third-party risk management program. They emphasize the significance of minimizing reliance on third-party self-disclosures by utilizing technology and data. They also highlight the importance of integrating due diligence, training, and ongoing monitoring to create a comprehensive approach to risk management. The conversation extends to payment controls, charitable donations, and the integration of the program into the overall third-party risk management lifecycle. 

Jag is the founder and CEO of Certa. Jared Ezzell is the Chief Customer Officer. Certa is a third-party lifecycle management platform for procurement, compliance, and ESG. Their no-code platform provides an easy and efficient way to digitize and manage the lifecycle of all suppliers, partners, and customers. Certa’s automated onboarding, contract lifecycle management, and ESG management eliminate the procurement bottleneck, allowing companies to onboard third parties three times faster. With their cutting-edge technology, Certa is transforming the way businesses manage their third-party relationships, ensuring compliance and sustainability at every step.

 

Here are some key points Tom, Jag, and Jared talk about:

  • Jared talks about his professional background and his role at the company Certa, their products, and their customers. 
  • The hallmark of an effective anti-bribery and anti-corruption compliance program is the concept of risk assessment.
  • Jared discusses the nine elements developed by Certa for an effective compliance program.
  • The three dimensions of a complete solution for compliance risk management are full spectrum risk management, the full life cycle of the third party, and the full spectrum of third parties.
  • A successful technology transformation project should be a modular rollout, with a focus on solving the highest pain point within three months and continuously phasing the rollout to avoid becoming overwhelmed.
  • Jag and Jared clarify that while the company doesn’t play the role of creating the documentation, they provide input and help evidence the client’s defensible positioning in support of the client’s policies.
  • Jag tells Tom that the ongoing monitoring of third-party relationships requires companies to have data sources and processes in place, have a controls framework to act on information, and automate controls to handle egregious alerts.

 

KEY QUOTE:

“The ability to systematically enforce payment controls is a key common practice in successful third-party risk management.” – Jared Ezzell

 

Resources:

Jag Lamba on LinkedIn | Twitter 

Jared Ezzell on LinkedIn 

Certa

Categories
Daily Compliance News

February 21, 2023 – The CEO Whisperer Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Ex-JPMorgan banker found guilty of Libya fraud. (Bloomberg)
  • US meatpacker fined for using underaged children. (WaPo)
  • Meta gets a slight reprieve in UK class action. (Reuters)
  • Who is the boss whisperer? (FT)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls-COSO Objective I-Control Environment

Both Board of Directors’ independence and Compliance Committee (or other applicable committees) oversight issue are essential to this Objective because the Compliance Committee needs to be actively engaged to be comfortable that the company has implemented the internal controls under Sarbanes-Oxley (SOX) 404(a); as required under Principles 1 & 2. The external auditors must then be comfortable that this requirement is met. Finally, there must be evidence that the company has appropriate disclosure controls because that is central to the objective. This is all tested against Board independence and Compliance Committee oversight over those activities that management has undertaken and their engagement and conversations with their external auditor. Under Principle 3, structures in reporting lines, authority, and responsibility are essential to recognizing revenue. There are processes in an entity’s internal controls or financial reporting details. There are policies, and there is documentation, the authority and documentation of the judgments are being made, the review of those in responsibility for making those ultimate judgments about the recognition of revenue and the recognition or timing of the revenue and the expenses, that those need to be in place.

Under Principle 4, a business must attract, develop, and retain competent talent. Of course, this is good business as well. But it is more than simply some appropriate levels of staffing; one of the reasons that companies have said they do not have money to reinvest in the deep dive study and process improvement necessary to implement it [the 2013 Framework] is that it comes down to both to commitment level from the top and the tone at the top that this important and these financial disclosures are critical to the ability of the investors to rely on the company’s disclosures. You must ensure the team can access the right level of technical accounting talent and business process and controls talent to make the judgments.” All these leads, of course, tie into Principle 5, which mandates that individuals be held responsible. This requires someone to document that they have made a judgment based upon the evidence they have accumulated, that the company has analyzed that evidence, and has gone through the process of comparing this to the COSO 2013 Framework and the spirit of the standard. Howell said, “those individuals are being held responsible for doing that properly. When you tie all that back together, when you get to the control environment, the COSO principle number one is that it can be completely tied back to what is required.” 

Three Key Takeaways:

  1. What controls do you have in place to measure conduct at the top?
  2. Reporting lines must be clear and functioning.
  3. You must provide the right personnel with the right resources.

For more information on building a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.

 

Categories
The ESG Report

Why Sustainability is the Business Opportunity with Richard Blundell

*This episode first aired as episode 182 of the ESG Report.*

 

Tom’s guest on this week’s episode of the ESG Report, Richard Blundell, discusses the risks and opportunities associated with growth in the insurance industry. They talk about how to finance a company’s growth by understanding their risks. Business financing is trending towards sustainability, and Tom and Richard explore how companies can access capital by implementing sustainable practices and strategies.

A global environmental services and technology consultant with over 35 years’ experience, Richard Blundell has extensive experience in senior executive management and consulting. Mergers and acquisitions, corporate and market development, and operations management are among his areas of expertise. His experience includes launching new businesses and managing growth-stage businesses around the world. He is also an advisor to the Prince of Wales Accounting for Sustainability charity.

 

Here are some key points Tom and Richard talk about: 

  • Richard talks about his professional background and current role as an advisor on sustainability.
  • Richard believes that sustainability in business leads to lower costs, less waste, more resource efficiency, better quality jobs, better employee engagement, and more access to capital.
  • In addition to improving access to capital, sustainability can also improve performance in public markets, lower capital costs, and lower debt costs.
  • Richard highlights that materiality is a way for companies to determine priorities and goals for sustainability, decarbonization, and ESG by considering what is important for both the corporation and its stakeholders
  • Quoting Paul Wellman, Richard tells Tom that working toward social, environmental, and economic outcomes can invigorate and energize an organization.
  • Sustainability can be a life insurance policy for the planet.
  • Companies without decarbonization plans may not have access to financing from banks and other financial institutions as they do not understand the risks associated with growth, and may not be seen as providing a benefit to society, Richard tells Tom.
  • Richard believes that the circular economy aims to eliminate waste by keeping inputs and outputs at their highest utility throughout their life cycle.
  • Companies like Interface and Nike are committed to sustainability and continue to innovate and stretch their targets as they learn more about driving efficiency and process in the decarbonization journey.

 

KEY QUOTE:

“If I am going to finance a company’s growth, I want to finance a company that’s in the insurance industry as well. I want to finance the company’s growth by understanding the risks associated with that growth.” – Richard Blundell

 

Resources 

Richard Blundell | LinkedIn

Categories
Corruption, Crime and Compliance

DOJ’s Compliance Frontier: Incentives and Disincentives

On this episode of the Crime, Corruption and Compliance podcast, host Michael Volkov discusses the Department of Justice’s recent focus on incentives and disincentives as part of an effective ethics and compliance program. This includes awards for ethical conduct, clawbacks, and deferred payment schemes to hold officers and employees accountable for misconduct, and requirements for executives to be evaluated on their compliance with laws and regulations. Michael also talks about how companies can create appropriate policies and procedures to incentivize and monitor compliance, and how to design and implement a compensation system that ensures compliance.



Key ideas you’ll hear in this episode: 

  • DOJ stresses the need for positive incentives for ethical conduct, including awards and annual employee performance reviews.
  • Companies already have a strong disincentive for engaging in misconduct, which is termination.
  • Recent enforcement actions against companies like Novartis and Wells Fargo have highlighted the gap in the incentive-disincentive framework.
  • DOJ is examining the efficacy of clawbacks and deferred payment schemes as an important alternative to massive criminal fines against companies. This will hold the bad actors accountable, as well as those who had supervisory responsibilities and failed to act.
  • Clawbacks and punishments for bad actors will need to be incorporated into settlements and terminations. Company policies will need to include more protections and discretion to pull back benefits from bad actors.
  • There are a number of issues to consider when implementing a clawback program, including who it applies to, how it is triggered, and how much of the company’s bonus payments should be subject to clawback.
  • DOJ anticipates requiring a wide clawback program that extends to senior management level. Crafting these measures will require a collaborative process within the company involving legal and business representatives, human resources, ethics and compliance, senior management, and potentially union representatives or work councils.
  • Danske Bank is the first to implement a compliance compensation requirement in their settlement papers with the Justice Department. The settlement includes a provision that executives will be evaluated on their compliance efforts and a failing score will make them ineligible for bonuses.
  • Companies need to design and implement compensation systems to incentivize compliance behavior and create disincentives for non-compliant conduct.

 

KEY QUOTES:

“Your company policies are going to have to incorporate more protections and more discretion for the company to pull back on benefits to bad actors. Bad actors here, I mean not just the actual bribe payer or scheme designer, but also those people who failed to conduct proper oversight and monitoring of the department that engaged in the misconduct.” – Michael Volkov 

 

“In practice, companies need to formulate appropriate policies and procedures, document their system, and demonstrate commitment to enforcement of the policies to incentivize compliance behavior and create clear disincentives for noncompliant conduct.” – Michael Volkov

 

“A compliance-oriented compensation system has to be implemented along with other clawback and deferred payment systems.” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
FCPA Compliance Report

Erica Salmon Byrne – Information is a Gift

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Erica Salmon Byrne, the CEO of Ethisphere, to discuss the company’s recent “2023 Ethical Culture Report: Lessons from the Pandemic.” Erica shares that the report found a significant uptick in reported cases of bullying, likely due to masking feelings with the anonymity of a keyboard. While an employee’s direct manager is most often the first avenue for employees to report concerns, other forms of reporting weren’t utilized due to a fear of retaliation. Erica suggests that companies need to make it easy for employees to communicate broader ethical issues, as doing so will result in a tripling of employee faith in the system.

Key Highlights:

·      The Impact of the Pandemic on Bullying Incidents

·      Reasons Younger Employees Don’t Speak Up When Witnessing Unethical Behavior

·      Creating a Speak Up Culture in the Workplace

·      Improving Communication Between Employees and Managers

·      Reporting Issues to Managers: Examining the Results of a Recent Report

·      The Importance of Managerial Leadership in Ethical Decision Making

·      The Importance of Making it Easier for Employees to Report Issues

Notable Quotes

1.    “Employee willingness to raise their hand stayed pretty steady.”

2.    “It’s a lot easier to be a jerk behind a keyboard than to be a jerk to somebody’s face.”

3.    “The reason we have non-retaliation language in our code is that information is a gift.”

4.    “Think of the information as a gift, practice thinking of the information as a gift, and then your responsibility as the manager is to listen and follow up.”

Resources:

Ethisphere Resources

·      Ethisphere

·      2023 Ethical Culture Report

Connect with Erica Salmon Byrne

●      LinkedIn

Connect with Tom Fox

●      LinkedIn