Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 4

Over the past year, the role of the Chief Compliance Officer (CCO) has shifted in some very dramatic ways. The shifts have been from disparate groups and for a variety of reasons. Yet when put together, one can see a clear and bright line expanding and elevating the role of the CCO in the corporate world. From the announcement of the requirement for CCO Certification last year up to the announcement of the Delaware Court of Chancery’s decision in the case of In re McDonald’s Corporation Stockholder Derivative Litigation, it is now clear that the CCO has as wide a remit and responsibility as any corporate officer, other than the Chief Executive Officer (CEO) of a company.

I think the following announcements, changes in DOJ and SEC focus on Foreign Corrupt Practices Act (FCPA) enforcement and now a court case out of Delaware will change the role of the CCO forever.

CCO Certification

This shift began with the speech by Kenneth Polite, Assistant Attorney General for the Criminal Division speech on May 17, 2022, at Compliance Week 2022; announcing the new requirement for CCO Certification of compliance programs for companies going through a Deferred Prosecution Agreement (DPA). This CCO Certification required the Glencore CCO to certify Glencore compliance program “is reasonably designed to detect and prevent violations of the FCPA and other anti-corruption laws” at the conclusion of the DPA.  Who is the only other person required to make a similar certification at the conclusion of a DPA? The CEO of the company.

This means the CCO (and CEO) are certifying the entire compliance program meets the standards of not simply best practices but also all the enhanced requirements set out in Attachment C of any DPA. While many have focused on the question of whether this would bring criminal liability to a long-gone (or even current) CCO; this question now seems to miss the mark. Recall what Polite said when announcing the new requirement “It is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has an ethical and compliance focused environment.”

Monaco Memo and Changes in the Corporate Enforcement Policy

The 2022 Monaco Memo and 2023 announced changes in the DOJ’s Corporate Enforcement Policy (CEP) are bookends of a series of changes which began as far back as October 2021 when Deputy Attorney General Lisa Monaco first announced the revisions which would eventually be incorporated into the Monaco Memo and CEP. In many ways the Monaco Memo laid out the sticks while the CEP provided the carrots for current FCPA and other white-collar enforcements.

The Monaco Memo directed prosecutors to evaluate a corporation’s compliance program as a factor in determining the appropriate terms for a corporate resolution; as prosecutors should now assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision.  Kenneth Polite further defined the effectiveness of a compliance program at the time of the offense as “At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal accounting controls that allowed the identification of the misconduct and led to the company’s self-disclosure.” This is the first time the DOJ has said that it is the detection of wrongdoing which defines the effectiveness of a compliance program. This means a company’s investment in a compliance program, CCO and corporate compliance team are all elevated in importance. This prong does not simply get you a discount, but it can put you on the road to the default position of the DOJ for a FCPA violation, a declination.

Moreover, when you couple the ABB FCPA resolution to the Monaco Memo, you see the carrots which appeared in the new CEP. ABB was the first, three-time FCPA recidivist yet was able to get an excellent resolution with the government and a fine of only $315 million despite clear aggravating factors including corruption up to and in the corporate office. From the ABB resolution, you begin to see how the role of the CCO increases dramatically.

Duty of Oversight

These trends were brought together in the Delaware Court of Chancery’s decision in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst in the case In re McDonald’s Corporation Stockholder Derivative Litigation, where for the first time, a Delaware court formally recognized the oversight duties of officers of Delaware corporations.

As I have previously noted, one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a prime reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

The court noted that the CCO has a broad scope within an organization. The court stated “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority.” The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

What Does It Mean?

This is the part where it gets interesting. Under the CCO Certification and the Delaware court’s ruling, it is the CCO who is 1B to the CEO’s 1A. The first step every company must make it to put the CCO in position to report up directly to the Board of Directors. It also means that the days of a CCO reporting to a Chief Legal Officer (CLO) or General Counsel (GC) are certainly numbered. The Delaware Court drove this point home by specifically naming  a CLO/GC as a person “responsible for legal oversight and for making a good faith effort to establish reasonable information systems to cover that area.” In other words, not responsible for the company wide remit such as the CCO.

The next area would come from the Hallmarks of an Effective Compliance Program as laid out in the FCPA Resource Guide, 2nd edition. In that document it states “In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.” That means financial resources and head count.

I would add, a level of professionalism and expertise in compliance means more than simply ‘being a lawyer’. Under Chapter 9, Section 47 of the US Attorney’s Manual, the DOJ is mandated to evaluate “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk.”  Finally, the DOJ will also evaluate other factors such as CCO compensataion as commiserate with the position of being second in importance to the CEO.

The Delaware Court decision creating the Duty of Oversight was not designed to increase the scope, reach and importance of a CCO but the more I look at the case I believe that will be its most lasting legacy. When you look back over the past 12 months, you see that the CCO has more stature and responsibility than it has ever had before.

With a converse nod to Uncle Ben from Spiderman, with great responsibility must come great power.

Categories
Innovation in Compliance

The Digital Knowledge Graph with Evgeny Likhoded and Vladimir Ershov

This week’s guests are Evgeny Likhoded, CEO and founder, and Vladimir Ershov, Head of Data Science, of Clausematch. They join Tom Fox to talk about a groundbreaking new innovation, the Digital Knowledge Graph in open source. Learn how this game-changer is revolutionizing the way compliance is managed and what it means for industries, companies, and governments around the world.

Evgeny Likhoded is the CEO and founder of Clausematch, a global compliance and regulatory technology company. He started Clausematch to digitize and structure regulation and help regulators to innovate in the space. Jay has worked to solve a common problem in compliance – managing compliance documents and compliance content. He has brought all of the workflow and content management under one platform to provide compliance professionals a way to collaborate on content in real time.

Vladimir Ershov is the head of Data Science at Clausematch. He has been working in the field of data science for four years and previously worked at Apple. Vladimir is passionate about semantic linkage for law documents and was excited to join Clausematch four years ago to continue his work in this field.

You’ll hear them discuss:

  • The process of developing the Clausematch Knowledge Graph took a year with involvement from multiple teams and experts in the regulatory field.The process included discussions with regulatory experts, data preparation, model training and evaluation, and integration with Clausematch’s tools.
  • The key idea behind Clausematch was to capture data in a structured form from the start, allowing for more to be done with the data.
  • Clausematch was pitched to several financial services regulators, including FCA and ADGM, as a platform for tagging regulation text through expert work and machine learning models.
  • The open source Knowledge Graph generated by Clausematch can be used by other companies and regulators to automatically analyze regulations.
  • The structured regulations can also be applied to a financial institution’s internal compliance documents to identify gaps and contradictions in their policies.
  • The Knowledge Graph helps digitize the meaning of regulations. 
  • The models can be used to look for patterns in regulations and to show regulators if internal policies are compliant with regulatory rules.
  • The ultimate goal is a world where every regulation is structured and consumable via API. The release of the Knowledge Graph in open source will help reach the goal faster.
  • Knowledge Graph technology is relevant to compliance technology. Historically, compliance solutions have been focused on formalizing rules and processes into a framework through manual means. Knowledge Graph technology automates the process of structuring data and extracts entities and obligations to form the framework.
  • Neural network models or reinforcement learning agents can be run on top of the extracted graph to look for compliance patterns.
  • The knowledge graph technology will be available on Clausematch.com and GitHub, and a scientific paper with more information will be released.
  • The graph structure is important in compliance due to the need for exact inference in compliance, unlike the correlation approach in language models like GPT.

 

KEY QUOTATIONS: 

“There is a principal flow in the models like ChatGPT and other language models which are based on correlation approach… [but] in the compliance field we need causation, we need exact inference and that’s why the graph structure is extremely important to be able to build the automation for the compliance.” – Vladimir Ershov

 

Resources 

Evgeny Likhoded | LinkedIn 

Vladimir Ershov |  LinkedIn 

Clausematch

Knowledge Graph Information

Categories
Life with GDPR

Cookies, Cookies & More Cookies

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. Data protection has become a priority for many authorities with the French regulator, CNIL,  recently issuing fines and penalties to Microsoft for not complying with the data protection laws. Changes were made to their practices in March 2022, and similar action was taken against Google and Amazon.

In this episode, we discuss the regulatory landscape for cookies which has become difficult for businesses to maneuver, requiring board-level oversight of data privacy, data protection, and data security. Together, these measures are deemed necessary in order to mitigate the biggest risks to organizations. Max Schrems and his pressure group were two of the key adjutants and had filed a substantial number of complaints. This eventually led to a large fine at the end of 2022, announced this month, from CNIL, the French Data Protection Regulator, against Microsoft, for €60 million. This fine highlighted the fact that cookies had been on the agenda for many Data Protection Authorities and the severity of the consequences for not following GDPR requirements. The implications of this case will have a lasting effect on the relations between European Data Protection Authorities and corporations, as well as the resources necessary to stay compliant.

Highlights include:

·      [00:04:16] Microsoft’s Changes to Cookie Practices

·      [00:09:21] Navigating Regulatory Landscapes for Businesses

·      [00:14:21] The Importance of Data Privacy Board Oversight

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Daily Compliance News

February 2, 2023 – The Happy Birthday Mom Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

·       Householder attorney argues trial judge biased.  (Channel 9-Cincinatti)

·       UK government moves to regulate crypto.  (BBC)

·       Musk asks for a Twitter lawsuit to be tossed. (Reuters)

·       UK plunges in 2022 TI-CPI. (Bloomberg)

Categories
Jamming with Jason

You Will Not Break Me with Jeffrey L Edwards

What would you do when you watch your father die in front of you, realize your childhood is over, and get recruited to a life of gangs and drugs? You turn to music as your sanctuary and escape into writing and listening to music and create an alter ego that helps you create the life you want.

In this #jammingwithjason #podcast I am joined by Detroit-based musician and fabulous human being, Jeffrey L Edwards where we discuss his latest album “JLE World,” listen and discuss a couple of tracks from the album, hear his amazing story, and realize You Will Not Break Me and Trouble Waters don’t last for long and make you strong.

FOR FULL SHOW NOTES AND LINKS VISIT:

E308 You Will Not Break Me with Jeffrey L Edwards

Download and listen to Jeffrey’s latest album JLE World at: https://music.apple.com/us/album/jle-world/1626763176 and listen to his Middle Group with JLE podcast at: https://podcasts.apple.com/gb/podcast/middle-ground-with-jle/id1560636813

DO YOU LOVE MUSIC LIKE ME?

If so, learn how you can use it to intentionally heal and change your emotions as well as use it for entertainment at: https://bit.ly/MeffordMusic

LIKE THE PODCAST?

If you’re the kind of person who likes to help others, then share this with your friends and family. If you find value, they will too. Please leave a review [https://itunes.apple.com/us/podcast/jamming-with-jason-mefford/id1456660699] on Apple Podcasts so we can reach more people.

Join my Facebook group: https://www.facebook.com/groups/beinguniquely

OTHER RESOURCES YOU MAY ENJOY:

My YouTube channel [https://www.youtube.com/c/jasonleemefford] and make sure to subscribe

My Facebook page [https://www.facebook.com/jammingwithjasonmefford]

My LinkedIn page [https://www.linkedin.com/in/jasonmefford/]

My website [https://jasonmefford.com]

STAY UP TO DATE WITH NEW CONTENT:

It can be difficult to find information on social media and the internet, but you get treated like a VIP and have one convenient list of new content delivered to your inbox each week when you subscribe to Jason’s VIP Lounge at: https://jasonmefford.com/vip/ plus; that way, you can communicate with me through email.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – What Are Internal Controls?

What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. Internal controls expert Joe Howell has said that internal controls are systematic measures, such as reviews, checks and balances, methods, and procedures instituted by an organization that performs several different functions. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes the diversion of company assets, such as by unauthorized sales discounts or receivables write-offs, as well as the distribution of assets.

Three key takeaways:

  1. Effective internal controls are required under the FCPA.
  2. Internal controls are a critical part of any best practices compliance program.
  3. There are multiple FCPA enforcement actions that demonstrate the enforcement spotlight on internal controls.
Categories
Career Can D0

Living Your Abundant Life with Elle Ballard

In this episode of Career Can Do, Mary Ann Faremouth chats with returning guest Elle Ballard, international best-selling author, speaker, Abundance mentor, and Founder of the Women of the World Network (WOTWN). Elle helps multinational women achieve abundance in their personal and professional world while helping them uncover and focus on their uniqueness. Elle shares her story as she discusses how WOTWN is accomplishing their mission to bring out their members’ potential.

Motivated by a desire to see more women live their dream lives, their “abundant” lives, Elle founded Women of the World Network. She hoped that she would provide more opportunities for women to create that abundance for themselves. Women often busy themselves with their families and put their dreams on the back burner. Elle wanted to make a platform where they would be able to pursue both if they so wished.

 

WOTWN is a community of multinational women entrepreneurs whose mission is to help other women achieve success in their businesses. They have multiple membership levels and host events that even non-members can attend. WOTWN offers members much exposure, marketability, professional expansion, and growth.

 

Resources

Faremouth.com

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 3

This week, we are exploring a shift in the duties of care owed by corporate officers to the corporation. This shift is coming through the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and his part in the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. The case is styled In re McDonald’s Corporation Stockholder Derivative Litigation, and in it, the court formally recognizes the oversight duties of officers of Delaware corporations. Today we discuss the role of the Chief Compliance Officer (CCO) in both the reasoning for the decision and what it means for CCOs going forward.

Perhaps one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a key reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

Specifically, the “Guidelines state that “[h]igh- level personnel of the organization shall ensure that the organization has an effective compliance and ethics program” and such senior person(s) “be assigned overall responsibility for the compliance and ethics program.” The Guidelines went on to define an organization’s “high-level personnel” as “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization,” which includes “a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.”

The court somewhat dryly concluded “It would seem hard to argue that, simply by virtue of being an officer, the Chief Compliance Officer could not owe a duty of oversight. That, however, is the logical implication of Fairhurst’s position that only directors can owe a duty of oversight.”

The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

Finally, the CCO has a broad scope within an organization. Indeed the court noted, that only the Chief Executive Officer (CEO) has as broad a remit, stating “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority. With a constrained area of responsibility comes a constrained version of the duty that supports an Information-Systems Claim.”

Yet the breadth of this portfolio does not mean a CCO can be liable for every corporate failure, even those directly in culture or compliance. Here the standard of liability for the CCO is critical and standard is breach of the duty of loyalty through bad faith. The court noted, that in the decision of Stone v. Ritter, upholding the original Caremark decision, “the Delaware Supreme Court adopted the Guttman formulation and stated that a breach of the duty of loyalty, such as acting in bad faith, was a “necessary condition to liability.” After Stone, then-Vice Chancellor Strine acknowledged that Caremark duties carried overtones of care, but explained that “to hold directors liable for a failure in monitoring, the directors have to have acted with a state of mind consistent with a conscious decision to breach their duty of care.”

Rarely, if ever do you see a CCO engage in bad faith. There have been some instances but I can think or only one or two that rise to the level of bad faith. The good news for CCOs is that while there may be a new cause of action against them for a duty of oversight; if there is a compliance program in place and if that compliance program detects wrongdoing which is reported up to the Board; a CCO has most probably met their duty under this decision.

Please join me tomorrow as I explore how this court decision, together with the CCO certification mandate by the Department of Justice, the Monaco Memo and the new Corporate Enforcement Policy will all change the relationships and dynamics of Chief Compliance Officers in the corporate world.

Categories
Great Women in Compliance

Ellen Hunt with the 2023 Hunt Report

If CEOs have Larry Fink’s Annual Letter to CEOs, then Lisa has Ellen Hunt’s “Hunt Report.”  Ellen is Principal Consultant Advisor at Spark Compliance and is well known as a mentor and advocate to many in the E&C community.

Ellen has finished her first year as a “Sparkie,” and will update us on how that is going and what she is seeing and learning through her work.  For the past few years, Lisa and Ellen have talked about retaliation and what we can do better to protect people who raise concerns and those who are witnesses in investigations.  While we have seen some improvements, there is still a long way to go.  They also look at this in light of organizational justice and our workplaces.

They also continue the discussions of the past few weeks about kindness, fairness and equality, and how these impact our programs.  This can impact how we collaborate with DEI and ESG teams, to ensure ethical workplaces.

One other way you can improve your workplace is with employee recognition, and Mary’s “Living Your Best Compliance Life” column at Corporate Compliance Insights can provide some great insights on the benefits of doing so and some ideas that can brighten someone’s day.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

McDonald’s and Duty of Corporate Officer Oversight

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. In this episode, Matt and I dive deep into a recent decision by the Delaware Court of Chancery in the McDonald’s case, creating a duty of oversight for corporate officers.

Some of the highlights include:

·      Why can bad facts make bad laws?

·      The sordid facts of David Fairhurst during his tenure at McDonald’s.

·      The legal rationale.

·      What is Caremark, and how did it influence this decision?

·      What does it mean for CCOs?

·      How does this decision intertwine with the Monaco Doctrine, CCO certification, and the new Corporate Enforcement Policy?

 Resources

Tom with a multipart series on the FCPA Compliance and Ethics Blog

Matt Kelly with two posts in Radical Compliance