Categories
Daily Compliance News

Daily Compliance News: January 11, 2024 – The SAP Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • FINRA says AI is emerging.  (WSJ)
  • SAP has yet another FCPA enforcement action.  (FCPA Blog)
  • Microsoft OpenAI investment faces EU scrutiny. (Reuters)
  • The SEC approves a new type of Bitcoin fund.  (NYT)
Categories
Blog

Moving Compliance Tone Down Through an Organization

Mike Volkov, in a blog post entitled, Mood in the Middle Versus Tone at the Top, said, “Even when a company does all the right things at the senior management level, the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that exist throughout the company.” To fully operationalize your compliance program, you must articulate the message of ethical values and doing business in compliance and then drive that message from the top down, throughout your organization.

The 2023 ECCP made clear a company must have more than simply good ‘Tone-at-the-Top’; it must move down through the organization from senior management to middle management and into its lower ranks. It stated, “Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.”

The 2023 ECCP posed the following questions under the section, Shared CommitmentWhat actions have senior leaders and middle-management stakeholders (e.g., business and operational managers, finance, procurement, legal, human resources) taken to demonstrate their commitment to compliance or compliance personnel, including their remediation efforts? Have they persisted in that commitment in the face of competing interests or business objectives?

This requirement speaks to the greater role of non-compliance functions in a fully operationalized compliance program. Indeed, one sign of a mature compliance and ethics program is the extent to which a company’s other corporate disciplines are involved in implementing and then taking forward a compliance solution. This approach can act as a lynch pin in spreading a company’s commitment to compliance throughout the employee base. It can also be used to ‘connect the dots’ in many divergent elements of a corporate compliance and ethics program.

What should the tone in the middle be? What should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and, consequently, they will take their cues from how middle management responds to a situation. Perhaps most importantly, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees have an outlet to express their concerns. Your organization should train middle managers to enhance listening skills in the overall context of providing training for their “Manager’s Toolkit.” This can be particularly true if there is a compliance violation or other incident which requires some form of employee discipline. Most employees think it important that there be organizational justice so that people believe they will be treated fairly. For if there is organizational justice, it engenders perceived procedural fairness which makes it more likely an employee will be willing accept a decision that they may not like or disagree with the end result.

Even with great “tone at the top” and positive “mood in the middle”, you cannot stop. One of the greatest challenges of a compliance practitioner is how to impact the most front-line employees or the “tone at the bottom”. One of the things you can do is assemble a compliance focus group to find out how business is done in the field and if it differs from what your company expects from an ethical and compliance perspective. Begin by assembling a group of employees who are familiar with the challenges of doing business in a compliant manner in certain geographic regions to discuss the challenges of doing business ethically and in compliance. Ask them questions about their understanding of your compliance regime. Then categorize the answers into the theory and practice of compliance in your company.

From this, test what is real in theory and in practice. You can check and see which employees are promoted more regularly; those who do business ethically and in compliance or those who meet their sales quotas every quarter? After you have internally tested, reassemble the original group and have them consider the beliefs that were articulated by them individually in the context of your how your compliance model is subsequently tested. Lead a discussion that attempts to identify what is different in practice and in theory. From there you can move from theory to practice to fully operationalizing your compliance regime. Finally, and in the feedback step, test how more fully operationalized your compliance regime has become. These tests can be accomplished in the regular course of business or through a special project with a special team and separate budget.

By engaging employees at this level, you can find out not only what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. Employees want to do business in an ethical manner. Giving employees the chance to engage in business the right way, as opposed to cheating, will win their hearts and minds almost all the time. By using this protocol, you can not only find out the effect of your compliance program on the employees at the bottom, but you can affect them as well.

Employees often look to their direct supervisor to determine what the tone of an organization is and will be going forward. Many employees of large, multi-national organizations may never have direct contact with the CEO or even senior management. By moving the values of compliance through an organization into the middle, you will be in a much better position to inculcate these values and operationalizing compliance with them.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 10 – Leadership’s Conduct at The Top

The 2022 Monaco Memo emphasized the basic point that the key to every company is culture. The bottom line is that corporate culture matters, and corporate culture that fails to hold individuals accountable or fails to invest in compliance—or worse, that thumbs its nose at compliance—leads to bad results.

To assist companies in understanding this requirement, the 2023 ECCP sets out inquiries demonstrating that DOJ requirements are more than simply the ubiquitous “tone-at-the-top,” as they focus on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior based on a company’s values and finally, how is such conduct monitored in an organization?

Three key takeaways:

1. Senior management must actually do compliance—not simply talk the talk of compliance but also walk the walk.

2. The DOJ is now actively assessing corporate culture during investigations.

3. Your CEO is a Compliance Ambassador.

 

Categories
Great Women in Compliance

Great Women in Compliance – Hayley Tozeski – From Big Law to Big Compliance

Welcome to the Great Women in Compliance Podcast. Today Hemma visits with Hayley Tozeski on her career in compliance.

Hayley Tozeski is a seasoned professional in strategic compliance and risk management in business conduct, with a rich background in big law and financial crime enforcement. Hayley’s perspective on the subject is that it is vital to prioritize and allocate resources effectively, advising companies on strategic investments of money, time, and resources in managing risks. She believes that a clear strategy is essential for the company and its stakeholders to understand the timeline and pace of development in managing ethics and compliance risks. Additionally, Hayley emphasizes the importance of addressing underlying business processes and building a solid foundation before implementing an ethics and compliance program, viewing strategy as the key to connecting different pieces of the program and ensuring that they are aligned and effective. Join Hemma Lomax and Hayley Tozeski on this episode of Great Women in Compliance to delve deeper into these insights.

Key Highlights:

  • Strategic Resource Allocation in Compliance Management
  • Building Strong Ethics and Compliance Programs
  • Effective Risk Management through Data Analytics
  • Strategic Risk Management for Ethical Business Conduct
  • Driving integrity through values, leaders, and champions
  • Supporting Youth Transitioning from Foster Care
  • Connecting and Learning Through Mentoring

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: FTC and Rite-Aid: Compliance Issues with AI Facial Recognition

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the recent FTC enforcement action involving Rite-Aid and its inappropriate use of AI-generated facial recognition.

The adoption of AI technologies, as demonstrated by the Rite Aid case, underscores the critical need for robust compliance oversight. This case, involving the use of AI-driven facial recognition technology, resulted in compliance risks and a high rate of false positives, highlighting the potential pitfalls of AI technologies when not properly managed. Tom emphasized the importance of a comprehensive process to assess, manage, and monitor the risks associated with new technologies. He believes that collaboration among different stakeholders is key to understanding and mitigating potential risks. Matt stressed the need for careful consideration of how new technologies will impact business processes and the importance of correct governance from both a technical and human perspective. Join Tom Fox and Matt Kelly in this episode of the Compliance into the Weeds podcast as they delve deeper into the importance of robust governance in adopting AI technologies.

Key Highlights:

  • The Impact of AI Facial Recognition Technology
  • Concerns of AI Facial Recognition and Racial Profiling
  • Issues with AI Facial Recognition Training
  • Collaborative Risk Management for AI Implementation

Resources:

Matt Kelly on LinkedIn

Matt on Radical Compliance

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: January 10, 2024 – The Never Again (yet again) Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Don’t say dirty words at work. (WSJ)
  • A former top NRA official pleads out. (NPR)
  • Boeing CEO says ‘this can never happen again’ (yet again). (Reuters)
  • Gold bars are a sign of a statesman—Bob Menendez. (NYT)
Categories
Greetings and Felicitations

Podfest Expo 2024 Speaker Preview Series – Dr. Anne Burnley on Leveraging the Superpowers of Neurodivergent Voices in Podcasting

In this episode of the Podfest Expo 2024 Speaker Preview Podcasts series, I visited with noted podcaster Dr. Anne Burnley to discuss her presentation at PodfestExpo on leveraging the superpowers of neurodivergent voices in podcasting. Some of the issues we tackle in this podcast are:

  • How to use neurodivergent voices in podcasting.
  • Why is Dr. Burnley so excited about the 10th anniversary event?
  • Why you should attend PodfestExpo 2024.

I’m hoping you’ll be able to join me at PodfestExpo 2024, which Podfest Global is hosting. This year’s event will be the 10th anniversary and will be held January 25–28, 2024, at the Wyndham in Orlando, Florida. The line-up of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voice and message with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

PodfestExpo is so much more than just a mere conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, the thing that sets the PodfestExpo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event – you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, PodfestExpo 2024 has plenty to offer!

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Podfest Expo is offering a discount on the registration price. Enter the discount code, Listener.

PodfestExpo 2024 is a production of Podfest Global, which sponsors this podcast series.

Dr. Anne Burnley on LinkedIn

Categories
Blog

Leadership’s Conduct at the Top

The 2022 Monaco Memo emphasized the basic point that the key to every company is culture. The bottom line is that corporate culture matters and corporate culture that fails to hold individuals accountable, or fails to invest in compliance—or worse, that thumbs its nose at compliance—leads to bad results.

From the enforcement perspective, the DOJ will be assessing companies for the ethical cultures. From the compliance perspective, the ethical tone of a company and accountability all starts at the top and, most specifically, senior management. The 2020 FCPA Resource Guide, 2nd edition, stated, “Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.” To assist companies in understanding this requirement the 2023 ECCP sets out the following inquiries.

Conduct at the TopHow have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How have they modelled proper behavior to subordinates? Have managers tolerated greater compliance risks in pursuit of new business or greater revenues? Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?

These requirements are more than simply the ubiquitous “tone-at-the-top,” as they focus on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values and finally, how is such conduct monitored in an organization?

This means you must document corporate decisions where a compliance solution was proposed but rejected. In other words, is there a business justification for moving forward with the action. If this action occurs, how was the compliance risk managed going forward? Similarly, compliance techniques used should be documented to demonstrate that your compliance function has met the requirements of the final question.

Senior management must share these same values through operationalizing compliance going forward. Lynn Paine, in her seminal article, Managing for Organizational Integrity, laid out five factors, which can be used as guideposts to not only to set the right tone from senior management on doing business ethically and in compliance, but it can also lay the groundwork for senior management to model appropriate behavior and then have it monitored by the company going forward.

1. The guiding values of a company must make sense and be clearly communicated by senior management in a variety of settings, to the entire company workforce.

2. The company’s leader must be personally committed and willing to act on the values. This means that management must not simply ‘overlook’ the transgressions of top producers.

3. A company’s systems and structures must support its guiding principles and these internal systems and structures cannot be over-ridden by senior management without both justification and Board approval.

4. A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions. Sometimes a company must turn down business if there are too many red flags present or by engaging in such behavior the company’s value and ethics will be violated.

5. Managers must be empowered to make ethically sound decisions on a day-to-day basis. This means senior management must fully support and back-up such decisions.

I once had a Chief Executive Officer (CEO), observe the following, “You want me to be the ambassador for compliance.” I immediately said yes, that is exactly what I need you to do. A CEO, as an “Ambassador of Compliance”, can fully model the conduct that senior management engage in going forward. Another area a CEO can forcefully engage an entire company is through a powerful video message about doing business the right way and in compliance. A great example was a CenterPoint Energy video put out in 2015 after the Volkswagen (VW) emissions-testing scandal became public. The video featured Scott Prochazka, former CenterPoint Energy President and CEO. He used the VW scandal to proactively address culture and values at the company and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with an additional resource, entitled Manager’s Toolkit—What does Integrity mean to you? that managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, the cost for the video was quite reasonable as it was produced internally.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 9 – Continuous Monitoring and Continuous Improvement

Continuous monitoring and continuous improvement are two of the most important phrases for any compliance program. These twin concepts were further enshrined in the 2023 Update to the Evaluation of Corporate Compliance Programs (2023 ECCP). In 2023, all companies’ risks changed as we moved from Working From Home to Return To Office and, now, a hybrid model. In addition to this straight-forward change in risk due to working locations, new risks in the form of geopolitical, supply chain, and export control, as well as increased risk due to social media, continue to impact compliance programs.  Your compliance program must be ready to respond to whatever those risks might be going forward.

Continuous improvement runs the gamut in a best practices compliance program, from risk assessments to policies and procedures to periodic testing and review.

Three key takeaways:

1. How have your company’s risks changed over the past year, and how will they change in 2024?

2. What is your process for continuous monitoring and improvement?

3. What sources of information do you use that come from outside your organization?

Categories
Daily Compliance News

Daily Compliance News: January 9, 2024 – The National Champion Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Elon Musk says he never failed a drug test.  (WSJ)
  • Boeing is facing more fallout over the 737 MAX.  (WaPo)
  • China ABC campaign to go after ‘ants and flies. (CNN)
  • Singapore completes a corruption probe.  (Bloomberg)