Author: admin

Categories
31 Days to More Effective Compliance Programs

Day 8 | Internal controls and compliance


What specifically are internal controls in a compliance program? The starting point is the FCPA itself, which requires issuers to devise and maintain a system of internal controls that can reasonably assure:

  1. Transactions are executed in accordance with management’s general or specific authorization;
  2. Transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
  3. Access to assets is permitted only in accordance with management’s general or specific authorization; and
  4. The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

The DOJ and SEC, in the 2012 FCPA Guidance, stated:
Internal controls over financial reporting are the processes used by compa­nies to provide reasonable assurances regarding the reliabil­ity of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organi­zation regarding integrity and ethics; risk assessments; con­trol activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring. … The design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.
Three key takeaways:

  1. Effective internal controls are required under the FCPA.
  2. Internal controls are a critical part of any best practices compliance program.
  3. There are four significant controls for the compliance practitioner to implement initially. (a) Delegation of authority (DOA); (b) Maintenance of the vendor master file; (c) Contracts with third parties; and (d) Movement of cash/currency.
Categories
Great Women in Compliance

Olga Pontes-Planting the Seeds of Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley. In this episode, Lisa Fine has a conversation with Olga Pontes, the Chief Compliance Officer at Odebrecht SA.
What do you do when faced with the largest foreign bribery case of all time?  In Odebrecht’s case they identified a fearless leader who would face the big job ahead of being the new Chief Compliance Officer of the company with optimism and strength.  Meet Olga Pontes, the executive and Great Woman in Compliance tasked with leading the Compliance function and post settlement workstreams including project managing multiple monitorships!
We speak with Olga, who started out her career as an external auditor at a big four firm, about what it was like commencing the Odebrecht role three years ago compared with how she is feeling further down the track with a lot of hard work under her the belt of her team and seek her advice for other multi-national corporations who are at the beginning of a similarly daunting situation having recently settled with regulators.  Olga also shares her major goal for going into 2020 with our audience.
As we go into a new year, we take the time to plan ahead and strategically think about our professional goals. In Lisa and Mary’s case it’s a time to reflect on the previous year of podcast episodes and direct our thoughts to what we wish to achieve for the Great Women in Compliance podcast in the year ahead to best benefit our audience.  As always, we welcome your thoughts to inform this process.  Is there anything you want to see more of, you think we should stop doing or start doing?  If so, we’re all ears.  We strongly believe that when you stop accepting feedback, you stop developing so we make a conscious effort to seek feedback that not only helps give our listeners what they want, but also helps us become better at our labor of love hobby, making podcasts!  Wishing all of our listeners a very happy and prosperous new year ahead.
Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Compliance Issues in 2020, Part 1

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Welcome to the first Into the Weeds podcast of the new decade and the new year. In this Part 1 of a two-part podcast series, Matt Kelly and I take a look at ten issues that we think will be significant for the compliance professional in the upcoming year.

Some of the highlights include:

  • A legislative fix to the Supreme Court’s Digital Realty Trust decision? Can Congress do anything, including overturning this anti-compliance ruling.
  • The Fed will take a look at technological service providers? How this will impact compliance.
  • Climate change disclosures. We use this topic to consider the impact on corporate governance, Boards and mandated disclosures.
  • Disgorgement at the Supreme Court. Will the SCt allow fraudsters to keep their ill-gotten gains?
  • Critical audit matters. Will companies move make controls more data based and less subjective?

Check in next week, where Matt and Tom continue the discussion.
Resources
Matt’s blog post 7 Compliance Items to Watch in 2020 in Radical Compliance.

Categories
Daily Compliance News

January 8, 2020, the Bedbug Terrorism edition


In today’s edition of Daily Compliance News:

  • Where will he run now? (CNN)
  • Uber garners a declination from the DOJ. (WSJ)
  • Why did Ghosn leave his wife to face the music in Japan? (NYT)
  • Are you ready – Bedbug terrorism strikes Wal-Mart. (NYT)
Categories
31 Days to More Effective Compliance Programs

Day 7 | Policies and Procedures

There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly a first line of defense when the government comes knocking. The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures against bribery and corruption; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and procedures in anti-corruption compliance.

The specific written policies and procedures required for a best practices compliance program are well known and long established. According to the 2012 FCPA Guidance, some of the risks companies should keep in mind include the nature and extent of transactions with foreign governments (including payments to foreign officials); use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectations for standards of conduct in your company. Procedures are the documents that implement these standards of conduct.
Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.
Three key takeaways:

  1. Written compliance policies and procedures, together the Code of Conduct, with form the backbone of your compliance program.
  2. The DOJ and SEC expect a well-thought out and articulated set of compliance policies and procedures and that they be adequately communicated throughout your organization.
  3. Institutional fairness for the application of policies and procedures demands consistent application across the globe.
Categories
Innovation in Compliance

Completing the Last Mile of Validation with Craig Carpenter


Like its namesake, which was the first piloted aircraft to break the sound barrier, X1 values innovation, and speed. The company is laser-focused on fixing problems in new, better and more cost-effective ways. Its software capability has evolved from search & productivity applications into the ability to collect social, media and web content for legal proceedings, as well as the ability to access and act on employee information in a scalable manner without disrupting productivity. CEO of X1, Craig Carpenter, joins Tom Fox on this week’s show to chat about how his company is making data accessible for its clients.

Distributed GRC Solution
Tom asks Craig to talk about X1’s distributed GRC solution. Craig responds that the name itself conveys that the software is wherever the data resides. Distributed GRC is a two-part product, he says. The first part is software that sits on an endpoint such as a laptop. The second part is a command and control layer that allows you to access your data sources and analyze what data is available as well as take action on it. Craig explains how X1 enables social media discovery in a forensically sound fashion. Data can be manipulated today, he comments. So being able to prove that your data is credible and that the chain of custody is accurate, is critical especially in the context of legal proceedings.
Quick Access
Tom comments that X1’s emphasis on speed equates to greater business productivity, efficiency, and profitability. The company was founded for this very reason, Craig agrees. Finding the right information in a timely fashion, and being able to act on it for your productivity purposes, is critical to business. 
CFIUS and Preventing Violations
The Department of Justice’s new guidelines require companies to go beyond policies and questionnaires to using technology to validate data. Craig says that X1’s solution is a last mile validation piece. He and Tom discuss how X1 helps its clients comply with CFIUS (The Committee on Foreign Investment in the US) regulations. “Our technology is very effective because we can not only get the server data and some of the structure data as well to ensure that that’s compliant,” Craig comments, “but stuff on laptops and desktops where people work is also compliant. That’s kind of the key hidden element that we’re really good at attacking.”
Resources
X1.com

Categories
Daily Compliance News

January 7, 2020, the Autocracy in the Corp World edition


In today’s edition of Daily Compliance News:

  • Too much partying – at McDonald’s? (WSJ)
  • Does office sharing destroy employee morale? (FT)
  • KPMG faces uphill climb to restore reputation in UK. (FT)
  • Is management by deeming on the return? (FT)
Categories
31 Days to More Effective Compliance Programs

Day 6 | The Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in the creation of your company’s Code of Conduct?

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United’s operations at the company’s huge east coast hub at Newark, NJ.
The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to its 2016 Non-Prosecution Agreement (NPA) settlement with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.
In the 2012 FCPA Guidance, the DOJ and SEC states:
A company’s Code of Conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.
The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) further specified “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” The Department of Justice (DOJ) Antitrust Division, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance) also specified “If the company has a Code of Conduct, are antitrust policies and principles included in the document?”
Three key takeaways:

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity.
  3. “Document, Document, and Document” your training and communication efforts.
Categories
FCPA Compliance Report

Fry Wernick on the Hoskins Jury Instructions

In the Episode, I visit with Ephraim (Fry) Wernick. He is a partner in the Government Investigations and White-Collar Practice Group at Vinson & Elkins LLP in Washington, DC.  Mr. Wernick joined V&E in June 2019 after serving 11 years as a federal prosecutor, including most recently as Assistant Chief of the U.S. Department of Justice, Criminal Division’s Fraud Section, where he supervised dozens of FCPA cases, including four of the largest-ever corporate criminal resolutions.  Mr. Wernick now represents public and private companies and individuals in connection with government and internal investigations.  Mr. Wernick is a graduate of Brown University and the University of Texas School of Law. In this podcast we take a deep dive into the jury instructions in the recent Hoskins FCPA trial. Some of the highlights include:

  • What was the procedural history of the Hoskins case leading up to trial?
  • The court’s agency instruction required the government to establish three elements: (1) “a manifestation by the principal that the agent will act for it”; (2) “acceptance by the agent of the undertaking”; and (3) “an understanding between the agent and the principal that the principal will be in control of the undertaking.” The court further instructed that “[t]he undertaking consists of the acts or services which the agent performs on behalf of the principal.” Hoskins’ arguments focus primarily on the element of control. Did the DOJ satisfy this element?
  • At trial, the DOJ presented evidence that although Hoskins worked for the French parent, for the purposes of his actions around bribery and corruption, he was the agent of the US subsidiary. What was some of evidence presented at trial to show agency? Will it be enough to satisfy the Second Circuit definition in the inevitable appeal?
  • At the ACI National Conference, Assistant Attorney General Brian Benczkowski said that the DOJ would analyze each case individually to determine if there was such an agency relationship present. What will the DOJ likely take into account?
  • Might there be further clarification from the trial court or Second Circuit?
  • Does the DOJ trial win against Hoskins open up wider individual prosecutions under the FCPA for foreign employees of foreign subsidiaries who may never set foot in the US?

Resources
Vinson and Elkins’ firm page on Fry Wernick

Categories
Daily Compliance News

January 6, 2020, the NCAA in Trouble edition


In today’s edition of Daily Compliance News:

  • Congress takes aim at NCAA. (WSJ)
  • Massive Cambridge Analytica document dump. (The Guardian)
  • Does Ghosn flight bode no bail for super wealthy going forward? (FT)
  • Ex-Ecuador President charged with corruption in absentia. (Brussels Times)