Categories
All Things Investigations

All Things Investigations – Kevin Carroll on the DC Court of Appeals Immunity Argument

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast All Things Investigations. In this podcast, I joined by HughesHubbardReed partner Kevin Carroll as we continue to review the various indictments against former President Trump. In this episode we look at the oral argument in the DC Court of Appeals immunity defense appeal.

Kevin Carroll, a professional in the field of investigation and law, brings his expertise to the podcast “All Things Investigation” with Tom Fox. Carroll’s perspective on the topic of Trump’s immunity claims and military officers’ constitutional oath is shaped by his deep understanding of the various Trump lawsuits and his military background. He believes that military officers have a strong commitment to upholding their constitutional oath, distinguishing them from oppressive organizations like the  SS or the Soviet KGB. Carroll also expresses concern about the potential harm caused by the irresponsible behavior of former President Trump and his lawyers. Join Tom Fox and Kevin Carroll on this episode of the All Things Investigation podcast for more insights into these topics.

Key Highlights

  • Trump’s Absolute Immunity Claims and Criticisms
  • The Significance of the Constitutional Oath
  • Ongoing Lawsuits and National Security Proceedings

Resources:

Hughes Hubbard & Reed website

Kevin Carroll on LinkedIn

Categories
Everything Compliance - Shout Outs and Rants

Episode 127 – Shout Outs and Rants – The Awesome Edition

Welcome to Everything Compliance—Shout Outs and Rants. Today we have the quintet of Tom Fox, Jay Rosen, Jonathan Marks, Jonathan Armstrong, and Matt Kelly.

1. Matt Kelly rants about the SEC getting hacked around the Bitcoin ETF announcement and reminds everyone to use two-factor authentication.

2. Tom Fox shouts out to the University of Michigan for winning the College Football National Championship.

3. Jonathan Armstrong shouts out to Jay Rosen, who is in transition and would be a great addition to any compliance product or service BD team.

4. Jay Rosen shouts out to Robert Kraft and the New England Patriots for paying departing coach Bill Belichick his full 2024 salary.

5. Jonathan Marks rants about the Philadelphia Eagles.

The members of the Everything Compliance are:

Jay Rosen – Jay is Vice President, Business Development, Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

Karen Woody – one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

Jonathan Armstrong – is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

Jonathan Marks can be reached at jtmarks@gmail.com.

The host, producer, and ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Data Driven Compliance

Data Driven Compliance: The Journeys of Albemarle and ABB to Data – Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I co-hosted with Vince Walden, CEO of KonaAI, to visit with our guests Andrew McBride, Chief Risk Officer at Albemarle, and Tapan Debnath, Head of Integrity, Regulatory Affairs, & Data Privacy—Process Automation at ABB, on their respective companies’ journeys to data-driven compliance.

We consider the importance of integrating due diligence systems with business conduct and anticipate 2024 to be a breakthrough year for data-driven compliance. McBride, recognized by the Department of Justice for his work in data-driven compliance, believes in the critical role of data in identifying and responding to risks, testing the effectiveness of compliance programs, and reporting to internal stakeholders. Debnath stressed the need for visibility and alignment with senior business stakeholders during investigations and the use of data analytics platforms to measure integrity and key performance indicators. Join Tom Fox, Vince Walden, Andrew McBride, and Tapan Debnath on this episode of the Data Driven Compliance podcast as they delve deeper into the challenges and importance of data-driven ethics and compliance programs.

Key Highlights:

  • Using data analytics to assess program effectiveness
  • Proactive risk management through continuous monitoring
  • Leveraging due diligence for proactive risk management
  • Data transparency and collaboration for compliance success
  • Transitioning from external dependencies to internal capabilities

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: January 16, 2024 – The Crown Jewel Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Crypto firm Genesis Trading was fined $8 million for compliance failures.  (WSJ)
  • Is the Chinese military as corrupt as the Russian army? (Business Insider)
  • Ackman threatens a law suit against Business Insider. (FT)
  • The Russian war reigned over Ukrainian oligarchs. (NYT)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Tailored and Effective Compliance Training

One of the key goals of any compliance program is to train employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. While it seems axiomatic that compliance training is a mainstay of any best practices compliance program, the conversation around training has evolved over the years. The 2020 FCPA Resource Guide, 2nd edition, started the conversation stating:

Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.

Beginning in the fall of 2016, through the announcement of the FCPA Enforcement Pilot Program, the DOJ began to talk about whether you have determined the effectiveness of your training. This conversation continued with the 2017 Evaluation where it asked, “How has the company measured the effectiveness of the training?” This point has bedeviled many compliance professionals yet is now a key metric for the government in evaluating compliance training. It evolved further in the 2023 ECCP with the mandate that training must be “truly effective”. Finally, the training must be presented in a language in which the employees understand, which means in a local language, if the training is outside the US or other non-English-speaking countries.

Also raised in the 2017 Evaluation was the focus of your training programs, where the DOJ inquired into whether your training was “tailored” for the audience. This added two requirements. The first was to assess your employees for risk to determine the type of training you might need to deliver by risk ranking your employees. Obviously, the sales force would be the highest risk but there may be others who are deserving of high-risk training as well. From this risk ranking, you were required to develop tailored training for the risks those employees will face.

The 2023 ECCP spelled this out in greater detail. It stated, “Prosecutors should assess … periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners. Prosecutors should also assess whether the company has relayed information in a manner tailored to the audience’s size, sophistication, or subject matter expertise. … for instance, give employees practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise. Other companies have invested in shorter, more targeted training sessions to enable employees to timely identify and raise issues to appropriate compliance, internal audit, or other risk management functions. Prosecutors should also assess whether the training adequately covers prior compliance incidents and how the company measures the effectiveness of its training curriculum.”

Under Training and Communication, the following questions were posed by the DOJ:

Risk-Based Training—What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees, including training that addresses risks in the area where the misconduct occurred? Have supervisory employees received different or supplementary training? What analysis has the company undertaken to determine who should be trained and on what subjects?

Form/Content/Effectiveness of Training––Has the training been offered in the form and language appropriate for the audience? Is the training provided online or in-person (or both), and what is the company’s rationale for its choice? Has the training addressed lessons learned from prior compliance incidents? Whether online or in-person, is there a process by which employees can ask questions arising out of the trainings? How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated the extent to which the training has an impact on employee behavior or operations?

I would suggest that you start at the beginning with an evaluation of your compliance training and move outward. This means starting with attendance, which many companies tend to overlook. You should determine that all senior management and Board members have attended compliance training. You should review the documentation and confirm attendance. Make your department or group leaders accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.

Some other metrics you should consider in the post-training evaluation phase include an increase in hotline use; are there more calls into the compliance department requesting assistance or even asking questions about compliance? Is there a decrease in compliance violations or other acts of non-compliance?

Consider using surveys to provide feedback on not simply compliance training but to determine effectiveness of a much wider variety of areas for your compliance program. These surveys can provide critical information on the state of your compliance program and provide substantive feedback for further inclusion back into your compliance program. Testing your program and using that information in a feedback loop is another key component of a best practices compliance program.

What are “espresso shots” of training to help facilitate effective training? Tina Rampino, Associate Managing Director, at K2 Integrity suggests keeping your compliance training segments concise as “shorter, bite-size learning is a trend in training programs.” This means that instead of offering half-day and full-day sessions, break programs into shorter segments of 20 minutes or less, which are easier for participants to absorb—and schedule. Jessica Czeczuga, a Principal Instructional Designer, suggested training effectiveness through micro-learning and metrics; including the adoption of micro-learning techniques for content delivery, the utilization of interruptive training methods for behavior disruption and tailoring targeted training for at-risk employees.

The importance of determining effectiveness of your compliance program has been enshrined by the DOJ. The 2023 Update confirmed that the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many CCOs and compliance professionals still struggle to determine. Both the simple guidelines suggested herein, the more robust assessment and results provide you with a start to fulfill the precepts set out by the DOJ, as you will eventually need to demonstrate the effectiveness of your compliance training going forward.

Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Mark Maynor on Audio Branding

In this episode of the PodfestExpo 2024 Speaker Preview Podcasts series, I visit with noted podcaster Mark Maynor to discuss his presentation at PodfestExpo on audio branding for podcasters. Some of the issues we tackle in this podcast are:

  • Why every podcaster needs audio branding.
  • Why is Mark Maynor so excited about the 10th-anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through the powerful mediums of audio and video. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

Podfest Expo 2024 is a production of Podfest Global, which sponsors this podcast series.

Podcast Production Music

Mark Maynor on LinkedIn

Categories
Blog

The SAP FCPA Enforcement Action-Part 1: Introduction

The year in Foreign Corrupt Practices Act (FCPA) enforcement started off with a bang on January 10 with the announcement of a resolution of the outstanding SAP enforcement action. The bribery schemes used by SAP were massive in scope and literally worldwide in geographic area. As usual, Harry Cassin at the FCPA Blog broke the story for the compliance profession. SAP SE agreed to pay the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) approximately $222 million in penalties and disgorgement. SAP also entered into a three-year deferred prosecution agreement (DPA) with the Department of Justice imposing a $118.8 million criminal penalty and an administrative forfeiture of $103.4 million. Cassin went on to the note that the DOJ “will credit up to $55.1 million of the criminal penalty against amounts that SAP pays to resolve an investigation by law enforcement authorities in South Africa for related conduct, and up to the full forfeiture amount against disgorgement that SAP pays to the SEC or South African authorities.”

The SEC Press Release noted that the illegal actions included bribery schemes in the following countries: South Africa, Malawi, Kenya, Tanzania, Ghana, Indonesia, and Azerbaijan. SAP was held liable by the SEC based up its ownership of American Depositary Shares (ADR) shares which are listed on the New York Stock Exchange and violating the FCPA by employing third-party intermediaries and consultants from at least December 2014 through January 2022 to pay bribes to government officials to obtain business with public sector customers in the seven countries mentioned above. The SEC total fine and penalty was nearly $100 million. This figure represents disgorgement to the SEC of “$85 million plus prejudgment interest of more than $13.4 million, totaling more than $98 million, which will be offset by up to $59 million paid by SAP to the South African government in connection with its parallel investigations into the same conduct.”

What They Said

In a DOJ Press Release, Acting Assistant Attorney General for the Criminal Division, Nicole M. Argentieri said, “SAP paid bribes to officials at state-owned enterprises in South Africa and Indonesia to obtain valuable government business. Today’s resolution—our second coordinated resolution with South African authorities in just over a year—marks an important moment in our ongoing fight against foreign bribery and corruption. We look forward to continuing to strengthen our relationship with South African authorities and others around the world. This case demonstrates not only the critical importance of coordinated international efforts to combat corruption, but also how our corporate enforcement policies incentivize companies to be good corporate citizens, by cooperating with our investigations and appropriately remediating, so that we can take strong action to address misconduct.”

U.S. Attorney Jessica D. Aber for the Eastern District of Virginia also noted, “SAP has accepted responsibility for corrupt practices that hurt honest businesses engaging in global commerce,” said. “We will continue to vigorously prosecute bribery cases to protect domestic companies that follow the law while participating in the international marketplace.”

Postal Inspector in Charge of Criminal Investigations Eric Shen noted,  “When the mails are used in furtherance of a fraud or corruption scheme, borders are not an obstacle for U.S. Postal Inspectors. Postal inspectors, with our FBI law enforcement partners and Justice Department prosecutors, followed the wide-spread trail of bribes and corruption from South Africa to Indonesia. This joint effort resulted in the defendant company paying a significant criminal penalty and agreeing to long-term remedial measures.”

Assistant Director in Charge of the FBI’s Los Angeles Field Office, Donald Always added “This successful resolution against SAP is another example of the power of relationships and persistence. The sustained diligence by the prosecution team and continuous collaboration with South African law enforcement, regulators, and prosecutors identified corrupt activity in multiple countries. The FBI will continue our nonstop efforts to identify, investigate, and prosecute companies willfully engaging in corrupt activities around the world.”

Finally, Charles E. Cain, Chief of the SEC Division of Enforcement’s FCPA Unit, said in the SEC Press Release, “Our order holds SAP accountable for misconduct that spanned seven jurisdictions and persisted for several years and serves as a stark reminder of the need for global companies to be attuned to both the risks of their business and the need to maintain adequate entity-level controls over all their subsidiaries.”

Order and Information

The SEC Order found that SAP violated the FCPA by employing third-party intermediaries and consultants from at least December 2014 through January 2022 to pay bribes to government officials to obtain business with public sector customers in the seven countries mentioned above.” Additionally, “SAP inaccurately recorded the bribes as legitimate business expenses in its books and records, despite the fact that certain of the third-party intermediaries could not show that they provided the services for which they had been contracted.” Finally,  “SAP failed to implement sufficient internal accounting controls over the third parties and lacked sufficient entity-level controls over its wholly owned subsidiaries.”

The DOJ Information found that between approximately 2015 and 2018, “SAP, through certain of its agents, engaged in a scheme to bribe Indonesian officials to obtain improper business advantages for SAP in connection with various contracts between and among SAP and Indonesian departments, agencies, and instrumentalities, including the Kementerian Kelautan dan Perikanan (the Indonesian Ministry of Maritime Affairs and Fisheries) and Balai Penyedia dan Pengelola Pembiayaan Telekomunikasi dan Informatika (an Indonesian state-owned and state-controlled Telecommunications and Information Accessibility Agency).”

Given SAP’s prior SAP enforcement history, its recidivist status FCPA status,  its culture of non-compliance (at the very least), a non-prosecution agreement (NPA) from 2021 with the DOJ’s National Security Division, as well as administrative agreements with the Departments of Commerce and the Treasury relating to export law violations; one might wonder  SAP was able to receive such a superior result. Over the next several blog posts, we will be exploring that issue as well a host of others for the compliance professional. I hope you will join me over the next few blog posts.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 15 – Monitoring and Improvement of Internal Controls

What happens when controls are continually overridden? Does that necessarily mean that companies are engaging in activities that violate the FCPA or some other law, such as Sarbanes-Oxley (SOX)? Cristina Revelo said she would start out with some basic questions, such as “How often would something be manually approved? How often are controls skipped? What are the levels of approvals that you have and what is your documentation? What are the reasons? And are you documenting how often a certain department is requiring those overrides?” While it could indicate that a company lacks a culture of compliance or that everything is an emergency, it might mean something else. It might mean that your internal controls need to be evaluated and then recalibrated. The Department of Justice calls this continuous monitoring leading to continuous improvement. Joe Oringel, co-founder of Visual Risk IQ, calls it continuous control monitoring.

However, many compliance professionals, and particularly lawyers, think once a control is in place, it’s set in stone, and it’s there forever. This derives from the unfortunate fact that, once again, many compliance professionals and most lawyers do not understand internal controls. Yet, internal controls, much like the rest of a compliance program, can and should be continually monitored and improved based on information about such things as the number of overrides. Such a review can be evidence of a management problem or a culture of non-compliance at the organization. However, it could be that perhaps the controls need to be adjusted.

Revelo emphasized that it is not simply identifying the issues but remedying them as well, “because that actually might look worse if you identify a lot of issues, but do not fix them. You are better off by remediating everything you are identifying.” From there, you can conduct a root cause analysis as to why there was failure in a control or violation of a compliance procedure. Revelo concluded, “You need to really do that in an in-depth manner and then remediate.”

Three key takeaways:

1. An internal control override is not necessarily a bad thing if proper procedure is followed.

2. Internal controls are not set in stone.

3. The key is to have a process for monitoring the controls and taking input, literally from each line of defense.

To obtain a free White Paper from our sponsor, Ethico, on key compliance issues from 2023, click here.

Categories
The Ethics Experts

Episode 170 – Wesley Bizzell

In this episode of The Ethics Experts, Nick welcomes Wesley Bizzell. Wesley Bizzell serves as Senior Assistant General Counsel, External Affairs, and Managing Director of Political Law and Ethics Programs for Altria Client Services LLC (“ALCS”), where he provides in-house legal counsel on matters relating to the political, legislative, lobbying, and ESG-related activities of Altria Group, Inc., its service companies, including ALCS, and its operating companies, including Philip Morris USA Inc. and U.S. Smokeless Tobacco Co. LLC, John Middleton Co., and Helix Innovations LLC.

Twitter: @wesleydbizzell
LinkedIn: https://www.linkedin.com/in/wesley-bizzell/

Categories
Career Can D0

AI, Career Planning, and The Future of Work with Mark Herschberg

Is your plan for a career path nothing more than a list of vague aspirations? What if you could create a concrete plan and gain the skills that will help you achieve the career success you’re hoping for? Mark Herschberg joins Mary Ann Faremouth in this episode of Career Can Do and shares his insights on how to navigate the new work world. Mark is an instructor at MIT and the author of the book “The Career Toolkit: Essential Skills for Success No One Taught You.” They discuss a common mistake in creating a career plan, how to adapt to the changing landscape of AI, and the importance of the ‘firm skills’ no one taught you.

Mark emphasizes the need for individuals to have a career plan rather than simply hoping for promotions or advancements. “So many people, when they ask themselves about their careers or others ask, might say, well, I’d like to be a VP, and I’m a director of whatever, or a senior… And that’s the plan. Their entire plan is, “I hope one day to get this promotion or get to that level.” That’s not a plan.” Mark also suggests discussing the plan with one’s company and being open to the idea that the plan may lead to transitioning to a different job in the future.

Mark discusses the concerns surrounding AI and its potential to automate tasks and replace jobs. He offers a different perspective on how you can stay relevant in your career. “You want to be very strategic. Understand how those tasks will evolve, what will go away, what will stay, and what new tasks will come in.” Mark advises people to evaluate which tasks are high-value and hard to automate, as well as low-value tasks that can be automated. By focusing on high-value tasks and understanding the evolving nature of your role, you can adapt and position yourself for long-term career success.

Your career development plan shouldn’t be created in a vacuum. Mark emphasizes the importance of discussing career plans with employers and managers. He believes employers should work together with employees to find mutually beneficial solutions. As an employer, he shares some of the discussions he’s had with employees who want to transition to different roles or even different companies. By fostering open communication and understanding, employers can create a supportive environment that encourages growth and development.

Resources:

Mark Herschberg on LinkedIn | The Career Toolkit

Faremouth.com