Author: admin

Categories
31 Days to More Effective Compliance Programs

Day 5 | The Board and operationalizing compliance

In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Director, the Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) stated:

Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
 The DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Compliance Program Guidance) was even more explicit in announcing   their expectation for robust Board oversight of a corporate compliance function.  The Antitrust Compliance Program Guidance stated “For the antitrust compliance program to be effective, those with operational responsibility for the program must have sufficient autonomy, authority, and seniority within the company’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program.  The Antitrust Compliance Program Guidance then went on to ask the following questions: Who has overall responsibility for the antitrust compliance program?  Is there a chief compliance officer or executive within the company responsible for antitrust compliance?  If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body?  How often does the compliance officer or executive meet with the Board, audit committee, or other governing body?  How does the company ensure the independence of its compliance personnel? 
 Three key takeaways:

  1. The DOJ Evaluation requires active Board of Director engagement and oversight around compliance.
  2. Board communication on compliance is a two-way street; both inbound and outbound.
  3. Does the Board of Directors have a Compliance Expert?
Categories
Sunday Book Review

January 5, 2020, the Sunday Book Review, Releases in 2020 edition


In today’s edition of Sunday Book Review:

Categories
31 Days to More Effective Compliance Programs

Day 4 | Moving compliance tone down through an organization

Mike Volkov, in a blog post entitled “Mood in the Middle Versus Tone at the Top”, said, “Even when a company does all the right things at the senior management level, the real issue is whether or not that culture has embedded itself in middle and lower management.  A company’s culture is reflected in the values and beliefs that exist throughout the company.” To fully operationalize your compliance program, you must articulate the message of ethical values and doing business in compliance and then drive that message from the top down, throughout your organization.

The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) made clear a company must have more than simply good ‘Tone-at-the-Top’; it must move down through the organization from senior management to middle management and into its lower ranks. This means that one task is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization. The 2019 Guidance stated:
Shared CommitmentWhat actions have senior leaders and middle-management stakeholders (e.g., business and operational managers, finance, procurement, legal, human resources) taken to demonstrate their commitment to compliance or compliance personnel, including their remediation efforts? Have they persisted in that commitment in the face of competing interests or business objectives?
This requirement speaks to the greater role of non-compliance functions in fully operationalized compliance program. Indeed, one sign of a mature compliance and ethics program is the extent to which a company’s other corporate disciplines are involved in implementing and then taking forward a compliance solution. This approach can act as a lynch pin in spreading a company’s commitment to compliance throughout the employee base. It can also be used to ‘connect the dots’ in many divergent elements of a corporate compliance and ethics program.
Three key takeaways:

  1. Tone at the top – direct supervisors become the most important influence on people in the company.
  2. Give your middle managers a Tool Kit around compliance so they can fully operationalize compliance.
  3. Organizational justice is an additional way to help operationalize compliance.
Categories
Daily Compliance News

January 4, 2020, the More is Revealed edition

In today’s edition of Daily Compliance News:

  • Exxon wins reprieve from OFAC fine. (WSJ)
  • Was the fix in for Ghosn to leave Japan? (NYT)
  • Barbie tries to cut costs in Supply Chain. (WSJ)
  • Oil hits $61 bbl after attack on Iranian General. (Houston Chronicle)
Categories
This Week in FCPA

Episode 186 – the Ghosn the Ghost edition

The first week of the New Year brings James Bond into the world of corporate governance and compliance. Jay wonders if the Patriots run is at an end. The lads then turn to consider some of this abbreviated week’s top compliance and ethics stories which caught their collective eyes.

  1. Carlos Ghson flees captivity in Japan. WSJ on the escape. NYT on who will buy the movie rights. (Early candidate to write the screenplay-Jay Rosen?)
  2. What were some of the top compliance failures for 2019? Jaclyn Jaeger weighs in on Compliance Week. (Sub Req’d)
  3. Who were some of the compliance winners from 2019? Kyle Brassur opines in Compliance Week. (Sub Req’d)
  4. Does compliance have a dark side? Jeff Kaplan considers in the Conflict of Interest
  5. What is the combination of monitoring and compliance. Jay explores in CCI.
  6. What is the danger of fraudulent access requests under the CCPA? Davis Polk in the NYU Compliance and Enforcement blog.
  7. What is the difference in public company governance and JV governance? James Bamford, Tracy Branding and Lois D’Costa in Harvard Law School Forum on Corporate Goverance.
  8. Corruption returning to South America? Ernesto Londoño and Letícia Casado report in the NYT.
  9. Exxon overturns OFAC fine for doing business with sanctioned individual. Dylan Tokar in the WSJ Risk and Complaince Journal.
  10. On the Compliance Podcast Network, Tom premiers 31 Days to a More Effective Compliance Program. Day 1 detailed what 2019 brought to compliance ; Day 2 tackles measurement of risk; Day 3 deals with leadership’s conduct at the top; Day 4 discusses moving tone down in an organization; Day 5 considers the Board of Directors and operationalizing compliance.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
31 Days to More Effective Compliance Programs

Day 3 | Leadership’s conduct at the top

Obviously, in every compliance program, the ethical tone of a company and accountability all starts at the top and most specifically senior management. The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) stated, “The company’s top leaders – the board of directors and executives – set the tone for the rest of the company. Prosecutors should examine the extent to which senior management have clearly articulated the company’s ethical standards, conveyed and disseminated them in clear and unambiguous terms, and demonstrated rigorous adherence by example. Prosecutors should also examine how middle management, in turn, have reinforced those standards and encouraged employees to abide by them.” To assist companies in understanding this requirement the 2019 Guidance sets out the following inquiries.

Conduct at the TopHow have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How have they modelled proper behavior to subordinates? Have managers tolerated greater compliance risks in pursuit of new business or greater revenues? Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?
This requirement is more than simply the ubiquitous “tone-at-the-top,” as it focuses on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values and finally, how is such conduct monitored in an organization?
Three key takeaways:

  1. Senior management must actually do compliance; walk-the-walk, not simply talk-the-talk.
  2. Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.
  3. CEO as Compliance Ambassador.
Categories
Daily Compliance News

January 3, 2020, the Farewell to Perfection edition

In today’s edition of Daily Compliance News:

  • Perfection passes as Don Larsen passes away. (com)
  • How the NBA went international under David Stern. (NYT)
  • How much has President Nguema stolen? (FT)
  • What did BBVA do to foil a takeover attempt? (FT)
Categories
31 Days to More Effective Compliance Programs

Day 2 | Measuring your risk

Operationalizing your compliance program can take many shapes and forms. Using the entire risk management process to embed your compliance program within the contours of your organization is an important key step that will allow you to have full visibility of your compliance risks through a longer life cycle. Forecasting allows you to consider your business strategy and wed the risks you can foresee. Risk assessments allow you to evaluate and measure known risks. Risk-based monitoring allows you to monitor both the compliance risks you know about and detect those you do not know, on an ongoing basis.

Three key takeaways:

  1. The risk management process is an important backbone of operationalizing compliance.
  2. You should be able monitor and measure both known and unknown risks.
  3. All of these steps help a business to run more efficiently and more profitably.
Categories
Daily Compliance News

January 2, 2020, the Conspiracy edition

In today’s edition of Daily Compliance News:

  • How did Carlos Ghosn escape from Japan? (NYT) and (WSJ)
  • US targets more human rights abusers with economic sanctions. (WSJ)
  • Guilty of corruption, just get immunity. (Washington Post)
  • Will corruption finally kill off Venice? (BBC)
Categories
31 Days to More Effective Compliance Programs

Day 1 | What 2019 Brought to Compliance Programs

2019 was a very significant year for every compliance practitioner and compliance program. Not only was it the year with the single highest amount of FCPA enforcement actions, fines and penalties assessed against corporation but it also saw the greatest number of individual prosecutions. Yet perhaps most significantly there were three noteworthy releases of information by the federal government which directly impacted compliance professionals in 2019. Two came from the Department of Justice (DOJ) and one came from the Department of Treasury, Office of Foreign Asset Control (OFAC). These three guidances contributed to the continued evolution of what constitutes a best practices compliance program.

Three key takeaways:

  1. The 2019 Guidance asks three key questions of every corporate compliance program and adds a mandate for culture assessment, management and improvement.
  2. The OFAC Framework mandates on third parties not simply those in the sales cycle but also vendors in the Supply Chain and customers as well.
  3. The Antitrust Division Compliance Evaluation adds a requirement for data analytics and statistical analysis in monitoring and continuous improvement.