Categories
31 Days to More Effective Compliance Programs

Day 20 | Responding to investigative findings

 
There is nothing like an internal whistleblower report about a compliance violation, the finding of such an issue, or (even worse) a subpoena from the DOJ or notice letter from the SEC to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However, it may well be the time for a very serious reality check.
Three key takeaways:

  1. A serious FCPA allegation gets the attention of the Board and senior management. Use this time to move the compliance program forward.
  2. Be aware of how your investigation can impact and even inform your remediation efforts.
  3. Be prepared to deal with the dreaded “where else” question.
Categories
FCPA Compliance Report

Dave Lefort on 10 Stories CW Will Follow in 2020


In the Episode, I visit with Dave Lefort, Editor in Chief for Compliance Week. Dave recently wrote “It’s hard to tell whether the age we’re living in is the calm before the storm or if it is the storm. One way or another, we’ll likely get some clarity in the year ahead for CCOs navigating these choppy waters.” I asked him to come on the podcast and discuss his 10 predictions on what will dominate compliance headlines in 2020.

  1. Big Tech in antitrust crosshairs. Is everyone ganging up on big tech?
  2. Deregulation. Is it real or is it Memorex?
  3. Recession worries: Impact on ethics and compliance. Will compliance have to do more with less or less with less?
  4. 2020 elections. How could it impact the regulatory environment heading into 2021?
  5. Protecting whistleblowers. Will Congress step in where the Supreme Court gutted protection? Will Trump’s public berating of the impeachment whistleblower embolden those accused of wrongdoing to retaliate?
  6. Data privacy equation has changed. How so?
  7. GDPR: Waiting for the big one. Which US company will it be?
  8. Regulators will reward good-faith efforts. Is it softening or a refocus?
  9. Ethics and Artificial Intelligence: Trouble ahead? Will Skynet become self-aware?
  10. Supply chains, geopolitical risk, and third parties. If this is such a big problem, where are the resources to fix it? 

Resources
Dave’s article Ten Things We’ll Be Talking About in 2020
Subscribe to Compliance Week here. Use the code, NEWYEAR2020 … for a $365 for a one-year membership.
Register for Compliance Week 2020, here.

Categories
Daily Compliance News

January 20, 2020, the MLK edition edition


In today’s edition of the Daily Compliance News:

Categories
Sunday Book Review

January 19, 2020, the NY Review of Books edition


In today’s edition of Sunday Book Review:

Categories
31 Days to More Effective Compliance Programs

Day 19 | The investigation protocol


After the internal report comes in and you have properly triaged the matter, you need to scope out and investigate it, promptly, thoroughly and with competent personnel. Your company should have a detailed written procedure for handling any complaint or allegation of bribery or corruption, regardless of the means through which it is communicated. The mechanism could include the internal company hotline, anonymous tips, or a report directly from the business unit involved. You can make the decision on whether or not to investigate with consultation with other groups such as the Audit Committee of the Board of Directors or the Legal Department. The head of the business unit in which the claim arose may also be notified that an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis. Through the use of such a detailed written procedure, you can work to ensure there is complete transparency on the rights and obligations of all parties, once an allegation is made. This allows the compliance team to have not only the flexibility but also the responsibility to deal with such matters, from which it can best assess and then decide on how to manage the matter.
 Three key takeaways:

  1. A written protocol, created before an investigation, is a key starting point.
  2. Create specific steps to follow so there will be full transparency and documentation going forward.
  3. Consistency in approach is critical.
Categories
31 Days to More Effective Compliance Programs

Day 18 | Internal reporting and the triaging of claims


The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward.
This scenario was driven home by the SEC in a 2015 FCPA enforcement action involving Mead Johnson Nutrition Company. In this enforcement action, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately, the first investigation, performed in 2011, did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.
Three key takeaways:

  1. The DOJ and SEC put special emphasis on internal reporting lines.
  2. Test your hotline on a regular basis to make sure it is working.
  3. Have a triage protocol in place before the call comes in so you will be ready to go and not required to scramble to create a protocol.
Categories
Daily Compliance News

January 18, 2020, the Ethical Edge edition


In today’s edition of the Daily Compliance News:

  • How AB InBev uses the ‘ethical edge’. (WSJ)
  • US citizen found guilty for receiving bribes illegal under FCPA. (DOJ Press Release)
  • Grammy head alleges ‘irregularities’ is put on Administrative Leave. (NYT)
  • Smith & Wesson President fired for unethical conduct. (Washington Post)
Categories
31 Days to More Effective Compliance Programs

Day 17 | Managing your third parties


The building blocks of any compliance program lay the foundations for a best practices compliance program. For instance, in the life cycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third-party management becomes more important. It is also the one where the rubber meets the road of operationalizing compliance. It is also an area the DOJ specifically articulated in the 2019 Evaluation that companies need to consider.

The key is to have a strategic approach to how you structure and manage your third-party relationships. This may mean more closely partnering with your third parties to help manage the anti-corruption compliance risk. It would certainly lead towards enabling your company to control risk while optimizing the performance of your third parties.

Amalgamate third-parties but have fallbacks. It is incumbent to consolidate your third-party relationships to a smaller number to more fully operationalize your compliance program. This will make the entire third-party lifecycle easier to manage. From the compliance perspective, you may want to have a primary and secondary third-party that you work with in a service line or geographic area to retain this redundancy.

Monitor any subcontracted work. If your direct contracting party has the right or will need to subcontract some work out, you need to have visibility into this from the compliance perspective. You will need to require and monitor that your direct third-party relationship has your approved compliance terms and conditions in their contracts with their subcontractors.

Legal Protections. This is where your compliance terms and conditions will come into play. Consider a full indemnity if your third-party violates the FCPA and your company is dragged into an investigation because of the third-party’s actions. Another important clause is that any FCPA violation is a material breach of contract. This means that you can legally, under the terms of the contract, terminate it immediately, with no requirement for notice and cure. Finally, you need a clause that requires your third-party to cooperate in any compliance investigation. This means cooperation with you and your designated investigation team, but it may also mean cooperation with U.S. governmental authorities as well.

Keep track of your third parties’ financial stability. This is one area that is not usually discussed in the compliance arena around third parties, but it seems almost self-evident. You can certainly imagine the disruption that could occur if your prime third-party supplier in a country or region went bankrupt; but in the compliance realm there is another untoward red flag that is raised in such circumstances. Those third parties under financial pressure may be more easily persuaded to engage in bribery and corruption than third parties that stand on a more solid financial footing.

Formalize incentives for third-party performance. One of the key elements for any third-party contract is the compensation issue. If the commission rate is too high, it could create a very large pool of money that could be used to pay bribes.

Auditing third parties. Critical to any best practices compliance program and an important tool in operationalizing your compliance program, this is a key manner in which a company can manage the third-party relationship after the contract is signed and one which the government will expect you to engage in going forward.

Three key takeaways:

  1. Have a strategic approach to third-party risk management.
  2. Rank third parties based upon a variety of factors including compliance and business performance, length of relationship, benchmarking metrics and KPIs for ongoing monitoring and auditing.
  3. Managing the relationship is where the real work begins.
Categories
Daily Compliance News

January 17, 2020, the What’s Your Plan edition


In today’s edition of the Daily Compliance News:

  • Judge overseeing PG&E bankruptcy wants to see the plan. (Bloomberg)
  • ENI skates. (Reuters)
  • Mets official blasts MLB whistleblower. (com)
  • China pushes belt and road. Are you ready? (NYT)
Categories
This Week in FCPA

Episode 188 – the Say it Ain’t So edition

Jay and I are back to consider some of the top compliance articles and stories which caught our eye this week. Of course, we look into the MLB sign-stealing scandal which has embroiled the Houston Astros, may embroil the Boston Red Sox and let to the Mets firing their newest manager before he managed one game.

  1. MLB lays down the hammer on the Astros. Are the Red Sox next? Tom’s multipart series, Part 1, Part 2and Part 3. His cognitive dissonance is explored in the FCPA Blog.
  2. Mike Volkov says its time to move from reactive to proactive compliance, in a 3-part series on Corrruption Crime and Compliance. Part 1, Part 2 and Part 3
  3. What do DOJ changes mean for the compliance practitioner? Jay explores in his CCI
  4. What is the SEC Enforcement Network? Verity Winship explains in NYU’s Compliance and Enforcement Blog.
  5. Will the Fraud Section now refocus on commodities trading cases? Aitan Goelman in NYU’s Compliance and Enforcement Blog.
  6. What are Red Flags? Gini Dietrich explains in Spin Sucks. Harry Cassin says look out for expensive watches, in the FCPA Blog.
  7. Corporate governance and behavioral ethics, all in the Harvard Law Review on Corporate Governance.
  8. The trouble with transparency. Vera Cherepanova explains in the FCPA Blog.
  9. How Queen informs your compliance program (Hint: Pressure). Matt Kelly, the coolest guy in compliance in Radical Compliance.
  10. On the Compliance Podcast Network, Tom continues his 31 Days to a More Effective Compliance Program series.This week saw the following offerings: Day 13 reviews institutional justice ; Day 14considers risk assessments; Day 15 looks at evaluating a risk assessment; Day 16 details the 3rd party risk management process; Day 17 explains how to manage a 3rd Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.