Amanda welcomes Bria Washington to the show to discuss compliance in churches and other religious organizations. Tune in to learn how to be prepared for a scandal and take actions BEFORE it hits the news.
Listen to the episode:
Check out more episodes and full episode videos at ComplianceLine.com, and don’t forget to subscribe on your favorite podcast platform!
We previously considered the Prong in the Evaluation that was not present in the Ten Hallmarks of an Effective Compliance Program; that being root cause analysis. The requirement was first raised in the 2017 Evaluation. It was then carried forward as a requirement in the FCPA Corporate Enforcement Policy, later in 2017. It was discussed again in the 2019 Guidance.
You should begin with the question of who should perform the remediation; should it be an investigator or an investigative team which were a part of the root cause analysis? Jonathan Marks, believes the key is both “independence and objectivity.” It may be that an investigator or investigative team is a subject matter expert and “therefore more qualified to get that particular recourse”. Yet to perform the remediation, the key is to integrate the information developed from the root cause analysis into the solution.
Marks further noted that the company may also have deficiencies in internal controls. More importantly, the failure to remediate gaps in internal controls “provides the opportunity for additional errors or misconduct to occur, and thus could damage the company’s credibility with regulators” by allowing the same or similar conduct to reoccur. Finally, with both the 2019 Guidance and FCPA Corporate Enforcement Policy, the DOJ has added its voice to prior SEC statements that regulators “will focus on what steps the company took upon learning of the misconduct, whether the company immediately stopped the misconduct, and what new and more effective internal controls or procedures the company has adopted or plans to adopt to prevent a recurrence.
Three key takeaways:
Welcome to a special series of Trekking Through Compliance, the podcast series inspired by my review of Star Trek, the Original Series. In this special series I am joined by another uber Star Trek maven, Megan Dougherty. In this series we will review the new television show Picard which is currently streaming on CBS.
SPOILER ALERT-Although we will review each episode after it appears, we will discuss each episode in depth.
Episode 1, Remembrance begins with former Admiral Jean-Luc Picard in retirement tending to his vineyards on his family’s ancestral home in in La Barre, France. Picard has resigned his commission from Starfleet in protest of their failure to save the lives of Romulan citizens after the Romulan sun went supernova. Star Fleet made this decision, in no small part, because of an attack on the Confederated Martian Colonies and the Utopia Planitia Shipyards by synthetics. These attacks led to Star Fleet banning their existence.
In Greater Boston, Dahj is enjoying an evening with her boyfriend, when Romulan assassins transport into her apartment. They kill him, but before they can kill her, something activates in Dahj and she kills the assassins. She then has visions of Picard and seeks him out after seeing him being interviewed on the Federation News Network. Dahj finds sanctuary in La Barre but runs away after only night’s stay out of fear of bringing harm to Picard. Picard goes to the Starfleet Archives in San Francisco and discovers a painting Data made thirty years previous entitled “Daughter”, bearing a female figure resembling Dahj. Dahj tracks Picard down and reunites with him, but it proves to be a brief reunion. Romulan assassins beam to their location and kill her.
Picard then goes to the Daystrom Institute in Okinawa and meets with Dr. Agnes Jurati, who reveals Dahj may be Data’s daughter through an experimental procedure known as fractal neuronic cloning. This entails creating an android with an organic body but inserting a positronic brain. More significantly for the storyline, this process results in twins being created. The episode ends in a Romulan reclamation site where a Romulan named Narek meets with Soji Asher, Dahj’s twin. Most stunningly, the reclamation site is a partially constructed Borg Cube.
Highlights include:
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.In episode 48, Lisa Fine speaks with Gwen Romack, who is the Senior Director of Legal and Regulatory Compliance at VMWare. They visit about creating multi-faceted ‘Dream Teams’ for a corporate compliance function.
Almost every compliance practitioner is asked at least once “what do you mean by compliance?” And, the answer is often very different, depending on many factors – public or private sector, non-profit, geography…just to name a few. It’s also hard to build a compliance team to address the different parts of each program. Prior to that her current position of Senior Director of Legal and Regulatory Compliance at VMWare where she has been for the past four years, Gwen spent twenty years at HP, growing her career first outside of compliance and then in the area of ethics and compliance, building a public sector program. Gwen has built many different programs, and Lisa and Gwen start to build one version of a “dream team.”
Gwen is a senior compliance leader, and she is not an attorney, and has looked at various work areas. Her perspective on how attorneys and non-attorneys work together to build a team to look at four pillars of compliance that she categorizes as awareness, process controls, inspection, and mitigation. As a woman in compliance, as well as a non-attorney, Gwen also discusses her experiences with imposter syndrome, which impacts so many people, of all genders and that sometimes one type of imposter syndrome replaces another, and how to move past it altogether. Building anything should have architects, contractors, and inspectors, and we hope you enjoy thinking about your work and the role you and your colleagues play on your dream team.
Join the Great Women in Compliance community on LinkedIn here.
Well known fraud investigator Jonathan Marks, defined a root cause analysis as “a research based approach to identifying the bottom line reason of a problem or an issue; with the root cause, not the proximate cause the root cause representing the source of the problem.” He contrasted this definition with that of a risk assessment which he said “is something performed on a proactive basis based on various facts. A root cause analysis analyzes a problem that (hopefully) was previously identified through a risk assessment.” He went on to note a, “Root cause analysis is a tool to help identify not only what and how an event occurred, but also why it happened. When we are able to determine why an event or failure occurred, we can then recommend workable corrective measures that deter future events of the type observed.”
Marks also contrasted a root cause analysis with an investigation. He noted, “in an investigation we are try to either prove or disprove an allegation.” This means that in a compliance investigation you may be trying to prove or disprove that certain transactions could form the basis of a corrupt payment or bribe by garnering evidence to either support or refute specific allegations. You do not assess blame and that is the point where a root cause should follow to determine how the compliance failure occurred or was allowed to occur
Three key takeaways:
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode Matt indulges me as we take a deep dive into 2020 Edelman Trust Barometer and its implications for the CCO and corporate compliance function.
Some of the highlights include:
Resources
Download the Edelman Trust Barometer here.
Read Matt’s blog post, Edelman Trust Report Gets Grim
In today’s edition of the Daily Compliance News:
Your company has just made its largest acquisition ever and your CEO says they want you to have a compliance post-acquisition integration plan on their desk in one week. Where do you begin? A good place to start would be the 2012 FCPA Guidance language: Pre-acquisition due diligence, however, is normally only a portion of the compliance process for mergers and acquisitions. DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program. Companies should consider training new employees, reevaluating third parties under company standards, and, where appropriate, conducting audits on new business units.
As reported by New and Trahanas, in a July 2018 speech, former Deputy Assistant Attorney General Matthew Miner emphasized that DOJ would apply the principles contained in the FCPA Corporate Enforcement Policy to successor companies that discover potential violations subsequent to an acquisition, as well as to acquirers who detect potential corrupt activities during the due diligence process. He also encouraged acquiring companies to seek guidance through the FCPA Opinion Procedures. Miner said the DOJ would apply the principles contained in the FCPA Corporate Enforcement Policy to acquiring companies that uncover potential FCPA violations in the mergers and acquisitions context. This means if you meet the four requirements under the FCPA Corporate Enforcement Policy, the default DOJ position would be a declination would be granted
Three key takeaways:
Gio Gallo, and his brother and co-CEO Nick Gallo, joined ComplianceLine because they saw a need for better vendor partners in the compliance industry. Their mission is to help more people every day. Today they care for the leaders who care for six million people around the world. Gio joins Tom Fox on this week’s show to talk about why the human element in compliance is mandatory and why it’s going to stay that way far into the future.
Taking Care of People
ComplianceLine helps compliance leaders by giving them actionable information so they can take care of their people. Gio lists the services his company offers, such as issue intake and case management, and hotline.
Data Cannot Replace Humans
Tom comments about the increasing importance of collecting and monitoring data, given regulatory mandates. He asks Gio why he believes that data cannot be allowed to replace the human element. Gio responds that automation is great, for machines. However, you can’t define every scenario or what should be done in every interaction, so there’s no way you can automate everything. In addition, where there are issues that involve people, you need people to find information, and to plan and execute the appropriate fixes. As more repetitive tasks become automated, the human element is going to become more important, Gio predicts.
Hotlines and Empathy
The human element of compliance is especially relevant in hotlines. People expect that human-caused problems with human-required solutions have human-considered interactions, Gio says. People calling in to report a problem need to feel heard and that their issue is being considered by someone who will do something about it. Tom commends Gio on a ComplianceLine blog post entitled, I Hope Things Get Better for You: The Importance Of Empathy In Compliance Reporting. Gio responds that empathy drives effectiveness. It’s also the way to show care and respect for others. Anyone calling your hotline should feel cared for and listened to. When you engage with them in a caring way, you understand where they’re coming from and you get better information. You can now follow up and close issues faster, and ultimately take care of damaging risks more quickly.
Resources
ComplianceLine.com
ComplianceLine on YouTube | LinkedIn | Facebook | Twitter | Instagram
ComplianceLive podcast
ggallo@complianceline.com
Blog post: I Hope Things Get Better for You
