Categories
Innovation in Compliance

Innovation in Compliance – Dr. Karen Jacobson on Uncovering The Impact of Behavior

Innovation comes in many forms, and compliance professionals need to not only be ready for it but also embrace it. Today, I visited Dr. Karen Jacobson, a renowned expert in organizational leadership and communication.

Dr. Jacobson brings a unique perspective to her work, shaped by her diverse experiences ranging from serving in the military in Israel to running chiropractic offices in New York and Arizona. Dr. Jacobson’s holistic approach to organizational leadership and communication is rooted in her belief that work positioning, repetitive movements, and physical challenges are all interconnected and can impact the overall functioning of an organization. Drawing from her experiences in war, military, healthcare, and even competitive amateur ballroom dancing, she emphasizes the importance of core human connection skills such as conflict reduction, effective communication, and motivation. Her background as a chiropractor also gives her insights into understanding people and their behavior, including habits that affect posture and confidence. Join Tom Fox and Dr. Karen Jacobson on this episode of Innovation in Compliance.

Key Highlights:

  • Understanding behavioral styles is crucial for effective communication in the workplace.
  • Adapting communication for different generations and cultural differences is essential for effective workplace communication.
  • Effective leadership outside the United States requires understanding and respecting different cultures and customs.
  • Understanding personal strengths and leading with them can lead to more effective leadership.

Resources:

Karen Jacobson

Website

LinkedIn

Facebook

Twitter

YouTube

Instagram

 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Daily Compliance News

Daily Compliance News: January 30, 2024 – The Venezuelan Sanction Redux Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • WWE President resigns after allegations of assault and trafficking.  (NYT)
  • How Moro fell from grace. (FT)
  • Venezuelan sanctions are back on. (Bloomberg)
  • The first ADM shareholder suit for fraud was filed. (Reuters)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

What is a Root Cause Analysis?

One of the biggest changes in the 2020 FCPA Resource Guide, 2nd edition, is the addition of a new Hallmark, entitled, Investigation, Analysis, and Remediation of Misconduct, which reads in full:

The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigations structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s compliance program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls on a go-forward basis. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.

There are many interesting aspects to this Hallmark, not the least that it begins with “The truest measure of an effective compliance program is how it responds to misconduct.” This builds upon the language found in the “Confidential Reporting and Internal Investigations Hallmark, which stated, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response,”. Now beyond being properly funded, you must have a “well-functioning mechanism” for the “timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents.”

This clearly mandates that once an allegation or even suspicion comes to the attention of compliance, it must be properly triaged, your investigation protocol should kick in with a detailed and effective investigation that is completed in a reasonable time and provide a response to the investigative findings. Moreover, an investigation is not the ending point and should be followed with a robust root cause analysis. This builds upon several sources.

The 2023 ECCP also raised the following questions under “Root Cause Analysis—What is the company’s root cause analysis of the misconduct at issue? Were any systemic issues identified? Who in the company was involved in making the analysis?”

Well known fraud investigator Jonathan Marks, partner at BDO, defined a root cause analysis as “research based approach to identifying the bottom line reason of a problem or an issue; with the root cause, not the proximate cause the root cause representing the source of the problem.” He contrasted this definition with that of a risk assessment which he said “is something performed on a proactive basis based on various facts. A root cause analysis analyzes a problem that (hopefully) was previously identified through a risk assessment.” He went on to note, “Root cause analysis is a tool to help identify not only what and how an event occurred, but also why it happened. When we are able to determine why an event or failure occurred, we can then recommend workable corrective measures that deter future events of the type observed.”

However, there is no one formula for performing a root cause analysis. One protocol, articulated by Health COMPass, advocates a four-step process which includes:

Step 1: Identify possible causal factors. Using the incident(s) to identify causal factors—things that cause or contribute to the compliance failure. It includes asking such questions as:

• What sequence of events leads to the problem?

• What conditions allow the problem to occur? [e.g., traditional values and practices]

• What problems co-exist with the central problem and might contribute to it? [e.g., lack of health facilities]

• Identify as many causal factors as possible. Start with the problem and brainstorm causal factors for that problem by asking “Why?” The root cause analysis team can also ask themselves (based on their own experience) and stakeholders “why” or “so what” questions to identify causal factors.

Step 2: Identify the root cause. To find root causes—the primary sources of the compliance violation—start with the causal factors and ask why. Root causes are seldom found in the most obvious causes. It is important to dig deeper and continue to ask “Why?” until nearly all responses have been exhausted or roots that seem important to address are reached. There are several useful methods for identifying root causes. One is to construct a root cause tree. Start with the problem and brainstorm causal factors for that problem by asking why. Connect them in a logical cause and effect order until arriving at the root of the problem.

Step 3: Identify communication challenges. Now ask which root causes are challenges that compliance can and should address and which are not. Share findings about other root causes with local authorities and leaders or organizations that might be able to address them.

Step 4: Prioritize compliance challenges. If root cause analysis identifies more than one compliance failure, decide which failure to address first. Rank root causes in order, starting with the main cause. To determine rank, consider:

• The potential impact of addressing the compliance failure. The greater the potential impact, the more important it is to address.

• How difficult it will be to reach the audience associated with the compliance failure.

• The mandate attached to the funding.

• If more than one causal factor is linked to the root cause. When a root cause is the source of multiple causal factors, it indicates that addressing the root cause can have far-reaching effects.

Another approach articulated by Marks is the Five Why’s approach. As he explained “Early questions are usually superficial, obvious; the later ones more substantive.” Borrowing from Six Sigma, the folks at iSixSigma.com believe this approach contemplates that “By repeatedly asking the question “Why” (five is a good rule of thumb), you can peel away the layers of symptoms which can lead to the root cause of a problem. Very often the ostensible reason for a problem will lead you to another question. Although this technique is called “Five Whys,” you may find that you will need to ask the question fewer or more times than five before you find the issue related to a problem.”

To use this approach, iSixSigma.com suggests the following protocol. Begin by writing down the specific problem, which assists you to formulate the issue or problem. Then begin asking, “Why?” Ask why the compliance failure occurred write the answer down below the problem. But do not stop there if this first response does not “identify the root cause of the problem that you wrote down in Step 1, ask why again and write that answer down. Loop back to step 3 until the team is in agreement that the problem’s root cause is identified. Again, this may take fewer or more times than five whys.”

Ultimately, performing a root cause analysis is not simply a matter of sitting down and asking a multitude of questions. You need to have an operational understanding of how a business operates and how they have developed their customer base. Overlay the need to understand what makes an effective compliance program, with the skepticism an auditor should bring so that you do not simply accept an answer that is provided to you, as you might in an internal investigation. As Marks noted, “a root cause analysis is not something where you can just go ask the five whys. You need these trained professionals who really understand what they’re doing.”

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 29 – Strategic Considerations for Implementing AI in Compliance

Implementing AI in compliance requires strategic considerations and decision-making. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider. Balancing exploration and rules, as well as selecting the right AI tools, are challenges that need to be addressed. By carefully navigating these considerations and challenges, companies can leverage AI to enhance their compliance programs and stay ahead in an ever-evolving regulatory landscape.

 Three key takeaways:

1. What are the key factors that impact these strategic considerations for implementing AI in compliance?

2. Compliance professionals need to stay updated with the latest AI developments and trends, which requires continuous learning and keeping abreast of industry news and insights.

3. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Adventures in Compliance

The Return of Sherlock Holmes – Leadership Lessons from The Empty House

Welcome to a review of all the Sherlock Holmes stories that are collected in the work “The Return of Sherlock Holmes.” It is a collection of thirteen detective stories written by Sir Arthur Conan Doyle, marking the reappearance of the brilliant detective Sherlock Holmes after his apparent death in “The Final Problem.” The collection spans various intriguing cases and mysteries that Holmes and his loyal friend Dr. John Watson tackle. Today we take up the Adventure of the Empty Room and mine it for leadership traits for the CCO and compliance professional.

In the world of compliance, where ethical standards are of utmost importance, there are valuable lessons to be learned from the iconic detective Sherlock Holmes. In an episode of the podcast “Adventures in Compliance,” host Tom Fox explores the principles embodied by Holmes in the story “The Final Problem” and how they can serve as a guide for compliance professionals. “The Final Problem” features Holmes’ continued confrontation with his arch-nemesis, Moriarty, through Moriarty’s acolyte, Colonel Sebastian Moran. It showcases Holmes’ continuous learning, persistence, adaptability, attention to detail, and teamwork. These principles can be applied by compliance professionals to maintain ethical and legal standards in their organizations. Join Tom Fox in this episode of The Adventures in Compliance as he delves deeper into how the methods of Sherlock Holmes can be applied to uphold ethical standards in the world of compliance.

 

Key Leadership Traits from Sherlock Holmes for the Compliance Professional

  1. Adaptability.
  2. Problem-Solving.
  3. Attention to detail.
  4. Persistence.
  5. Teamwork.
  6. Leadership Presence.
  7. Continual Learning.

Resources:

The New Annotated Sherlock Holmes

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
All Things Investigations

All Things Investigations – Mike DeBernardis on The SAP Enforcement Action

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, I was joined by HughesHubbardReed partner Mike DeBernardis to discuss the recently announced FCPA enforcement action involving SAP.

Mike DeBernardis is a seasoned expert in the field of FCPA enforcement, with a specific focus on SAP enforcement action and the critical role of compliance programs. Drawing from his extensive knowledge of corruption schemes in various countries and the role of third-party intermediaries in these activities, DeBernardis views the SAP enforcement action as a pivotal case study that underscores the importance of robust compliance programs and proactive remedial actions. He commends SAP for their significant investment in their compliance program and their willingness to alter their business practices, such as severing certain third-party relationships and high-risk conduct. DeBernardis believes these actions reflect a commitment to business integrity and serve as a valuable lesson for companies navigating complex investigations. Join Tom Fox and Mike DeBernardis as they delve deeper into this topic on this episode of All Things Investigations.

Key Highlights:

  • SAP’s Corrupt Third-Party Intermediaries and Enforcement Action
  • The Power of Cooperation and Remediation
  • DOJ’s Emphasis on Cooperation and Technology

Resources:

Hughes Hubbard & Reed website

Mike DeBernardis on LinkedIn

Categories
Corruption, Crime and Compliance

FCPA 2023 Year in Review

For the Justice Department and the SEC, 2023 was a slow year in FCPA enforcement. Despite promises of aggressive enforcement, the DOJ and the SEC failed to achieve increases in FCPA enforcement. The DOJ and the SEC issued no blockbuster enforcement actions or settlements. The SEC’s number of enforcement actions was steady and eclipsed its 2022 number by one. Equally significant was DOJ’s reduction in individual criminal prosecutions, thereby raising legitimate questions as to its ability to deliver on its promise of aggressive enforcement against individual FCPA violators. Despite a slower enforcement year, DOJ dedicated significant resources to the issuance of new policy statements encouraging voluntary disclosures, incentivizing clawbacks, elevating compliance programs, and offering new safe harbors for mergers and acquisitions.

In this episode, Michael Volkov reviews FCPA enforcement in 2023 and outlines new compliance trends in the anti-corruption field.

  • Clear Channel’s former Chinese subsidiary, Clear Media, was charged with bribery violations involving expensive gifts, entertainment, and travel given to influence contract renewal negotiations with Chinese government officials.
  • Clear Media engages in deceptive practices, such as falsely documenting payments to cleaning and maintenance companies to fund illegal payments. They used oral agreements, omitted gift recipients, and created false invoices and tax records to disguise payments through shell company intermediaries.
  • Senior executive complicity was another trend observed in the cases discussed. In some instances, senior executives were aware of the bribery schemes but either turned a blind eye or actively participated in the misconduct.
  • Internal audits conducted from 2012 to 2017 identified deficiencies, red flags, and indicators of bribery within Clear Channel. However, the company failed to take aggressive remedial actions to address these issues.
  • Clear Media resisted internal auditors and even provided false information, hindering the detection and resolution of bribery-related problems.
  • Despite these challenges, Clear Channel cooperated extensively with the investigation. They promptly shared relevant facts, produced necessary documents, and facilitated interviews with current and former employees.

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
FCPA Compliance Report

FCPA Compliance Report – Karen Woody on Officers Duty of Oversight

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Professor Karen Woody and they take a deep dive into the Segway case from Delaware.

The bottom line is that proving bad faith and breaching the duty of oversight remains a challenging task. The conversation delved into the fiduciary duties of directors and officers, specifically the duty of care and the duty of loyalty. The duty of care requires fiduciaries to be well-informed about material information and exercise prudence in decision-making. On the other hand, the duty of loyalty necessitates undivided interests towards the corporation, with no conflicts of interest or self-dealing.

The duty of oversight, derived from the landmark Caremark case in 1996, is an extension of the duty of loyalty. It requires the establishment of information reporting systems and compliance programs to inform senior management and the board about potential issues. There are two prongs to bring a duty of oversight claim: the systems or information prong and the red flag prong. The former focuses on the absence or ineffectiveness of systems, while the latter deals with the conscious disregard of red flags.

However, proving bad faith and breaching the duty of oversight is a high bar to clear. The Caremark standard is challenging to meet, and most cases are dismissed on a motion to dismiss. The recent Segway case, following the McDonald’s case, indicated a pushback against lowering the bar for officers compared to directors. The interpretation of the duty of oversight remains stringent, emphasizing the need for strong evidence of bad faith.

The conversation concluded by acknowledging the importance of context and the specific facts of each case. While there has been a slow march of weakening the Caremark standard in some cases, the facts in those instances were particularly egregious. The recent cases discussed in the episode did not exhibit the same level of egregiousness, leading to a retraction and a reaffirmation of the high bar set by the Caremark standard.

Resources:

Karen Woody on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Daily Compliance News

Daily Compliance News: January 29, 2024 – The From Russia With Love Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Massive corruption scandal was uncovered in Ukraine.  (CNN)
  • Trump wants amped up trade war with China. (WaPo)
  • Removing friction in companies. (FT)
  • Avon is still doing business in Russia. (BBC)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Strategic Considerations for Implementing AI in Compliance

What are some of the strategic considerations for implementing AI in compliance? What are the key factors that impact these strategic considerations for implementing AI in compliance, exploring the tradeoffs, challenges, and importance of considering the impact on decision-making.

The first consideration is understanding the impact of AI on the company. AI can affect a company in various ways, from internal operations to the products or services it sells. It is crucial for compliance professionals, CEOs, and compliance functions to take a high-level perspective and identify all the ways AI can impact their organization.

The second consideration is maintaining an inventory of all tools used. This can be challenging, especially when a company uses a mix of homegrown and commercially available tools. However, understanding the tools being used in different parts of the company is essential for fully comprehending the privacy and regulatory risks involved.

The third consideration is understanding the tools for cost efficiency and risk avoidance. Companies need to evaluate the value and usage of AI tools regularly. This evaluation helps in balancing the necessary provision of tools with rigorous data security and risk minimization practices. It also ensures cost efficiencies by avoiding redundant tools and optimizing their usage.

The fourth consideration is involving all business sectors in AI discussions. AI implementation should not be siloed within compliance or any specific department. It requires collaboration and participation from various stakeholders, including the board, operations, and compliance teams. Bringing everyone together in an AI working group or team allows for a holistic and strategic approach to AI implementation.

The fifth consideration is utilizing AI for better data usage in compliance. AI enables compliance professionals to analyze trends and patterns in data effectively. This goes beyond simple automation and moves towards predictive analytics. By leveraging AI, compliance programs can enhance their effectiveness and stay ahead of potential risks.

While implementing AI in compliance brings numerous benefits, there are tradeoffs and challenges to consider. One tradeoff is the need to balance exploration and innovation with rules and regulations. Companies should encourage employees to explore and experiment with AI tools but within a safe environment and with clear guidelines. This ensures that AI is used to benefit the company without causing harm.

Another challenge is the selection of AI tools. With the rapid pace of AI development, companies must carefully evaluate and choose the right tools. The wrong choice can lead to wasted resources and missed opportunities. It is crucial to consider factors such as reliability, controls, and the ability to retrieve data if needed.

The impact of AI implementation on compliance cannot be underestimated. Compliance professionals need to stay updated with the latest AI developments and trends. This requires continuous learning and keeping abreast of industry news and insights. Subscribing to relevant sources, such as AI-focused publications or news platforms, can help compliance professionals stay informed.

Implementing AI in compliance requires strategic considerations and decision-making. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider. Balancing exploration and rules, as well as selecting the right AI tools, are challenges that need to be addressed. By carefully navigating these considerations and challenges, companies can leverage AI to enhance their compliance programs and stay ahead in an ever-evolving regulatory landscape.