Categories
Sunday Book Review

Sunday Book Review: January 14, 2024 The Books on Morality Edition

In the Sunday Book Review, I consider books that would interest the compliance professional, the business executive, or anyone who might be curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest me. Over the month of January, we will review some of the best books reported by the Financial Times in various categories. In today’s edition of the Sunday Book Review, we look at four books on morality you should read in 2024.

  • The Morality of the Exterior Act by Fr. Chad Ripperger
  • Making Choice by Peter Kreeft
  • Moral Psychology by Valerie Tiberius
  • Modern Moral Philosophy by Stephen Darwall

Resource:

Ten Best New Morality Books to Read in 2024

Categories
Blog

Internal Controls

What are internal controls? The best definition I have come across is from Jonathan Marks, partner at BDO, who defined internal controls as:

An internal control is an action or process of interlocking activities designed to support the policies and procedures detailing the specific preventative, detective, corrective, directive and corroborative actions required to achieve the desired process outcomes or the objectives(s). This, along with continuous auditing, continuous monitoring and training reasonably assures:

The achievement of the process objectives linked to the organization’s objectives;

Operational effectiveness and efficiency;

Reliable (complete and accurate) books and records (financial reporting);

Compliance with laws, regulations and policies; and

The reduction of risk-fraud, waste and abuse, which, aids in the decline of process and policy variation, leading to more predictive outcomes.

What specifically are internal controls in a compliance program? The starting point is the FCPA itself, which requires issuers to devise and maintain a system of internal controls that can reasonably assure:

1. Transactions are executed in accordance with management’s general or specific authorization;

2. Transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

3. Access to assets is permitted only in accordance with management’s general or specific authorization; and

4. The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

The DOJ and SEC, in the 2020 FCPA Resource Guide, 2nd edition, stated:

Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring. … The design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.

This was supplemented in the 2023 ECCP, with a pair of pointed questions: whether a company has made significant investigation into its internal controls and have they been tested, then remediated based upon the testing?

The whole concept of internal controls is that companies need to focus on where the risks—compliance or otherwise—are and then allocate their limited resources to putting controls in place that address those risks. In the compliance world, of course, your two biggest risks are 1) company assets or resources, marketing expenses, petty cash or other sources of funds being used to pay a bribe, and 2) diversion of company assets, such as unauthorized sales discounts or receivables and write offs used to pay a bribe.

There are four significant controls for the compliance practitioner to implement initially. They are:

1. Delegation of authority (DOA);

2. Maintenance of the vendor master file;

3. Contracts with third parties; and

4. Movement of cash/currency.

Your DOA should reflect the impact of compliance risk including both transactions and geographic location so that a higher level of approval for matters involving third parties, for fund transfers and invoice payments to countries outside the US would be required inside your company.

Next is the vendor master file, which can be a powerful preventative control tool largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Internal controls are needed over the submission, approval, and input of changes to the vendor master file.

Contracts with third parties can be a very effective internal control that works to prevent nefarious conduct rather than simply as a detect control. For contracts to provide effective internal controls, however, relevant terms of those contracts—including, for instance, the commission rate, reimbursement of business expenses, use of subagents, etc.,—should be made available to those who process and approve vendor invoices.

All situations involving the movement of cash or transfer of monies outside the US—including such methods as computer checks, manual checks, wire transfers, replenishment of petty cash, loans, and advances—should be reviewed from the compliance risk standpoint. This means identifying the ways in which a country manager or a sales manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.

To prevent these types of activities, internal controls need to be in place. All wire transfers outside the US should have defined approvals in the DOA. The persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA, and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.

The bottom line is that internal controls are just good financial controls. The internal controls that detail requirements for third-party representatives in the compliance context will help to detect fraud, which could well lead to bribery and corruption. As an exercise, map your existing internal controls to the Hallmarks of an Effective Compliance Program or some other well-known anti-corruption regime to see where gaps may exist. This will help you to determine whether adequate compliance internal controls are present in your company. From there you can move to see if they are working in practice.

Categories
31 Days to More Effective Compliance Programs

Day 31 to a More Effective Compliance Program: Day 13 – Policies and Procedures

There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly the first line of defense when the government comes knocking. The 2023 ECCP made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well-thought-out and articulated policies and procedures against bribery and corruption, all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and procedures in anti-corruption compliance.

Three key takeaways:

1. Written compliance policies and procedures, together with the Code of Conduct, form the backbone of your compliance program.

2. The DOJ and SEC expect a well-thought-out and articulated set of compliance policies and procedures and that they be adequately communicated throughout your organization.

3. Institutional fairness for the application of policies and procedures demands consistent application of your policies and procedures across the globe.

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending January 13, 2024

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for compliance professionals, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  1. Trump took payments from China as president.  (WaPo)
  2. Clyde & Co. was fined for breaching AML. (Reuters)
  3. The world’s top 3 trading companies allegedly paid bribes.  (Bloomberg)
  4. SAP has yet another FCPA enforcement action.  (FCPA Blog)
  5. Boeing CEO says ‘this can never happen again’ (yet again). (Reuters)
  6. Gold bars are a sign of a statesman—Bob Menendez.  (NYT)
  7. When de-risking leads to more risks, or at least newer risks,.  (WSJ)
  8. Boeing is facing more fallout over the 737 MAX.  (WaPo)
  9. China ABC campaign to go after ‘ants and flies. (CNN)
  10. Singapore completes a corruption probe.  (Bloomberg)

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day here.

Connect with Tom:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Welcome to 2024 Edition

What happens when two top compliance commentators get together? They talk about compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on a wide variety of topics, including the self-improvement of the Florida Man gone astray.

In the ever-evolving world of regulatory compliance and risk management, challenges are constant, and strategies must be dynamic. Tom highlights the SFO, culture assessments, Key Board issues for 2024 and the McDonald’s Doctrine. Kristy highlights the new law, FEPA, Supply Chains, AI, and checks in on Florida Man. Join Tom Fox and Kristy Grant-Hart as they delve deeper into these issues in this episode of the 2 Gurus Talk Compliance podcast.

Highlights Include:

  1. U.S. Prosecutors Can Charge Foreign Officials With Bribery Under New Provision (WSJ)
  2. New Actions from the White House Highlight the Difficulty of Tracing Forced Labor in Supply Chains (Supply Chain Brain Blog)
  3. Maryland looks to harness AI for government use with executive order (Washington Post)
  4. WorkLife’s definitive guide to what’s in and out for 2024 (WorkLife)
  5. Analysis of failure to exercise duty of oversight by a corporate officer. (D&O Diary)
  6. Key Board issues for 2024. (Compliance and Enforcement)
  7. Are emojis evil? (FCPA Blog)
  8. SFO hammered in the ENRC report. (WSJ)
  9. Why do you need to do a culture assessment? (CCI)
  10. Florida woman sues Hershey for $5 million over ‘deceptive’ Reese’s packaging (ABC News)

 Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Policies and Procedures

There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly a first line of defense when the government comes knocking. The 2023 ECCP made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures against bribery and corruption; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and procedures in anti-corruption compliance.

The specific written policies and procedures required for a best practices compliance program are well known and long established. According to the 2020 FCPA Resource Guide 2nd edition, some of the risks companies should keep in mind include the nature and extent of transactions with foreign governments (including payments to foreign officials); use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectations for standards of conduct in your company. Procedures are the documents that implement these standards of conduct.

Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.

There are five general elements to a compliance policy, which should stake out the following:

  • Identify who the compliance policy applies to;
  • Set out the objective of the compliance policy;
  • Describe why the compliance policy is required;
  • Outline examples of both acceptable and unacceptable behavior under the compliance policy; and
  • Lay out the specific consequences for failure to comply with the compliance policy.

The 2023 ECCP went further by requiring an assessment whether a company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations, through a design which is appropriate to the organization, based upon that organization’s assessed risks.

Design––What is the company’s process for designing and implementing new policies and procedures and updating existing policies and procedures, and has that process changed over time? Who has been involved in the design of policies and procedures? Have business units been consulted prior to rolling them out?

Comprehensiveness––What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of risks it faces, including changes to the legal and regulatory landscape?

The 2023 ECCP Evaluation mandated there must be communication of your compliance policies and procedures throughout the workforce and relevant stakeholders such as third parties and business venture partners.

Accessibility––How has the company communicated its policies and procedures to all employees and relevant third parties? If the company has foreign subsidiaries, are there linguistic or other barriers to foreign employees’ access? Have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?

Responsibility for Operational Integration––Who has been responsible for integrating policies and procedures? Have they been rolled out in a way that ensures employees’ understanding of the policies? In what specific ways are compliance policies and procedures reinforced through the company’s internal control systems?

Moreover, just as risks evolve, your policies and procedures should evolve. The 2023 ECCP asked the following questions:

  • How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices?
  • Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training?
  • What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?
  • Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?

The bottom line is that the DOJ expects updates to your policies and procedures needed to be reviewed on a regular basis and updated as your risks evolve.

Finally, the 2020 FCPA Resource Guide, 2nd edition, ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” It is important that compliance policies and procedures are applied fairly and consistently across the organization. Institutional fairness demands that if compliance policies and procedures are not applied consistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated. Moreover, inconsistent application of your policies and procedures will destroy the credibility of your compliance program. This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the U.S. with the same quality of discipline.

Categories
Kerrville Weekly News Roundup

Kerrville Weekly News Roundup: January 13, 2024

Welcome to the Kerrville Weekly News Roundup. Each week, veteran podcaster Tom Fox and his colleagues Andrew Gay and Gilbert Paiz get together to go over a couple of their favorite stories from the past week from Kerrville and the greater Hill Country. Sit back, enjoy a cup of morning coffee and listen in to get a wrap-up of the Kerrville Weekly News. We each consider two of our favorite stories and talk about the upcoming weekend’s events, which we will enjoy or participate in this weekend.

In this episode, Tom takes a solo turn to discuss the following stories that caught his attention over the past week.

  • Highways closure at I-10 and Loop 1604
  • WWII vet and Koran War POW celebrates 100th birthday
  • Serve Kerrville in emergency services or on Parks and Rec Committee
  • Winter weather coming to Kerrville

Resources:

Tom Fox on LinkedIn

Gilbert Paiz on LinkedIn

Andrew Gay on LinkedIn

Texas Hill Country Podcast Network

The Lead

Kerrville Daily Times

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 12 – Your Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in a regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal of the creation of your company’s Code of Conduct?

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on a violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be an FCPA internal control violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity that has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, NJ.

Three key takeaways:

1. A Code of Conduct is a foundational document in any compliance regime.

2. The substance of your Code of Conduct should be tailored to the company’s culture, to its industry, and to its corporate identity.

3. “Document, Document, and Document” your training and communication efforts regarding your Code of Conduct.

Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Bob Wheeler on Tax Tools and Tips for Podcasters

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visit with noted podcaster Bob Wheeler to discuss his presentation at PodfestExpo on tax tools and tips for podcasters. Some of the issues we tackle in this podcast are:

  • Tax tools and tips for podcasters.
  • Why is Bob so excited about the 10th anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

Podfest Expo 2024 is a production of Podfest Global, which sponsors this podcast series.

Bob Wheeler on LinkedIn

The Money Nerve

Categories
Daily Compliance News

Daily Compliance News: January 12, 2024 – The All 3 Paid Me Bribes Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • The SEC hack is under investigation. (NYT)
  • Trump took payments from China as President. (WaPo)
  • Clyde & Co. was fined for breaching AML. (Reuters)
  • The world’s top 3 trading companies allegedly paid bribes. (Bloomberg)