Author: admin

Categories
FCPA Compliance Report

Jordan Arnold and Surjeet Mahant on the DFS Cyber Enforcement Action on First American Title

In this episode, I take a deep dive into the first cyber-security enforcement action brought by the state of New York, Department of Financial Services. It was against First American Title. In this exploration I am joined by Jordan Arnold, the Chief Innovation Officer at K2 Intelligence FIN. He is the founder and Global Chair of K2 Intelligence’s Private Client Services practice, which provides privacy and security services to ultra and high net worth families and clients in the entertainment, music, and sports industries and Surjeet Mahant, Managing Director in K2 Intelligence FIN’s Financial Crimes Risk and Compliance practice, where he leads cyber risk services. With over 20 years of experience in cybersecurity and privacy risk solutions for large institutions, Surjeet assists clients in developing the tools and strategies needed to protect the confidentiality of their data, the availability of their systems, and the integrity of their operations.
Some of the highlights include:

  • Overview of the enforcement action;
  • What are the broader consequences for the industry; significance of regulation/action; need for proactive actions;
  • What is the DFS and why is it regulating an insurance company around cyber?
  • Why has cyber become a part of the broader compliance conversation?
  • What specific steps can entities take to mitigate a violation or breach of data?
  • What can entities expect in the future from regulators in the cyber space?

For more information on K2 Intelligence FIN, click here.

Categories
Sunday Book Review

September 13, 2020, the Miscellaneous edition


In today’s edition of Sunday Book Review:

  • Summer by Ali Smith
  • Antkind by Charles Kaufman
  • God’s Shadow edited by Alan Mikhail
  • Wagnerism: Art & Politics in the Shadow of Music by Alex Ross
Categories
Daily Compliance News

September 12, 2020-the Glass Ceiling Broken edition


In today’s edition of Daily Compliance News:

  • Supply Chain fragility exposed. (McKinsey)
  • Citigroup appoints first female head of major US bank. (WaPo)
  • Compliance efforts mitigate Deutsche Bank fine. (WSJ)
  • Faucci says masks will be needed in theaters thru 2021. (NYT)
Categories
This Week in FCPA

Episode 221– the Remembrance edition


On this 19th anniversary of 9/11 Tom and Jay ask you to consider all that has changed for America in the past 19 years. Most importantly, remember there was a time when we were united as a country. We can do so again.
We continue to brave the surge in Covid cases by staying safe at home. We are back to look at top compliance articles and stories which caught their eye this week.

  1. Lebanon, Corruption and a Bomb. NYT reporters: Ben Hubbard, Maria Abi-Habib, Mona El-Naggar, Allison McCann, Anjali Singhvi, James Glanz and Jeremy White.
  2. Are today’s CCO ‘Super Execs’? Dick Cassin explores in the FCPA Blog.
  3. Time for a compliance housecleaning? Dylan Tokar in the WSJ Risk and Compliance Journal.
  4. A turning point in AML enforcement? Jack Hagel in the WSJ Risk and Compliance Journal.
  5. HerabLife settles long standing FCPA matter. Mike Volkov goes deep in a 3-part series. Part 1Part 2and Part 3.
  6. Does HerbalLife portend the end of monitors? Robert Anello in com.
  7. DOJ charges former Uber CISO for lying about data breach. Lawyers from Cleary Gottlieb in NYU’s Compliance and Enforcement Blog.
  8. Deutsche Bank fined yet again (twice). Matt Kelly reports in Radical Compliance.
  9. This month on The Compliance Life, I am joined by Deanna Nwankwo. She came to the CCO chair after a stint at QA in NASA. In this week’s Part 1, the message ‘The good news is you’re the new CCO. The bad news is you’re the new CCO.’
  10. On the Compliance Podcast Network, on 31 Days to a More Effective Compliance Program, this month focuses on internal controls. This week saw the following offerings: Tuesday– Assessing internal controls in international operations; Wednesday-risk assessments and internals controls; Thursday– mapping internal controls; and Friday– Implementing internal controls. The month of September is being sponsored by Affiliated Monitors. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.
  11. Join Jay and Tom at Converge20. Convercent’s top compliance conference is going virtual this year. Check at the agenda and register here.
  12. Two great K2 Intelligence FIN webinars upcoming. 1. Kevin Mullins and Yomi Peirce on procurement fraud during Covid-19, September 16, 2020; 1:00 PM ET. Registration and information here. 2. Robin Henry on how investigators can use social media, Thursday, 9-24 at 1600 GMT. Registation and information here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
The Ethics Movement

Converge20-Hugh Bigwood- Behavioral Science: Why People Don’t Intervene


CONVERGE is in its 5th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of driving ethics to the center of your business. In today’s episode I visit with Hugh Bigwood, General Counsel at EverCare. We visit about his panel at Converge20 on Behavioral Science: Why People Don’t Intervene.
Why don’t employees intervene at work with they see something? This is a different question from employees do not speak up. Hugh Bigwood has been studying the science behind this question and has some answers which might surprise you. Find out more as Hugh explores these and other issues on this panel. For more registration and information on Converge20, click here.

Categories
Daily Compliance News

September 11, 2020-the Never Forget edition


In today’s edition of Daily Compliance News:

  • CFTC Issues Guidance on Corporate Compliance Programs. (WSJ)
  • DOJ charges another 57 with PPP fraud. (WaPo)
  • Corruption led to Beirut explosion. (NYT)
  • Houston area school refuses to drop name Robert E. Lee. (Houston Chronicle)
Categories
The Ethics Movement

Converge20-Don Sinko-Integrity v. Compliance-the Future of Our Profession


CONVERGE is in its 5th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of driving ethics to the center of your business. In today’s episode I visit with Don Sinko, Chief Integrity Officer at the Cleveland Clinic. We visit about his panel at Converge20 on Integrity v. Compliance-the Future of Our Profession. 
As a profession, we’ve gotten used to the “ethics and compliance” label—but the rise of the Chief Integrity Officer begs the question, “is Integrity the new E&C?” In this session, you will learn how meaningful company values, employee communications and organizational structures can propel a program to align a culture of integrity and ethics and make a significant impact on the bottom line. Find out more as Don explores these and other issues on this panel. For more registration and information on Converge20, click here.

Categories
31 Days to More Effective Compliance Programs

Mapping Internal Controls


As they made clear with several FCPA enforcement actions in 2020, the SEC has continued to emphasize the accounting provisions of the FCPA, specifically the internal controls provisions. Charles Cain, the Chief, FCPA Unit; Division of Enforcement of the SEC, reiterated that the SEC is committed to protecting investors in U.S. public companies and those which list other securities in the U.S., through enforcement of the accounting provisions, including internal controls provisions of the FCPA. The reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.
What can you do around the FCPA’s requirements for internal controls and continued SEC enforcement emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the 2020 FCPA Resource Guide. While most compliance practitioners are familiar with the Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Internal Controls Framework as your starting point.
As a CCO or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. Compliance is a straightforward exercise; this does not mean that it is easy, you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.
Three key takeaways:

  1. Learn the internal controls your company currently has in place.
  2. Map your compliance internal controls to the COSO 2013 Internal Controls Framework.
  3. Use your gap analysis as a basis for remediation.
Categories
The Walden Pond

Third-Party Due Diligence with Taylor Twining


Taylor Twining is the Director of Sales at ethiXbase, an organization dedicated to helping clients in every stage of their third-party compliance lifecycle. He joins Vince Walden to discuss how companies are taking a risk-based approach to third-party due diligence. 

ethiXbase helps compliance professionals reduce corruption and bribery risks by providing an end-to-end risk management platform which they can configure and customize to suit their needs. There are two categories of background checks: screening, which is instantaneous and involves inputting a name into a software program designed to monitor compliance watchlists; and enhanced due diligence reports, which is an in-depth analysis report done by humans, with a reduced risk of false positives. 
DDQ’s, or due diligence questionnaires, are tools which provide information for risk assessment; they are becoming more widely used in the compliance industry. This information is a critical part of understanding the risks third-parties may bring to your organization. 
Resources
Taylor Twining on LinkedIn 
ethiXbase.com

Categories
Daily Compliance News

September 10, 2020-a Bad Day for M&A edition

In today’s edition of Daily Compliance News:

  • TikTok not looking to good. (WSJ)
  • LVMH pulls out of Tiffany deal. (WSJ)
  • EU after Facebook yet again. (NYT)
  • What is the ‘weekend’ in a lockdown? (WSJ)