Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 17 – Policies for Third-Parties

As every compliance practitioner is well aware, third-parties still present the highest risk under the FCPA. The DOJ 2023 ECCP devotes an entire prong to third-party management. It begins with the following: A well-designed compliance program should apply risk-based due diligence to its third-party relationships.  Although the degree of appropriate due diligence may vary based on the size and nature of the company or transaction, prosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors that are commonly used to conceal misconduct, such as the payment of bribes to foreign officials in international business transactions.
This set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance program must have a process for the full life cycle of third-party risk management. There are five steps in the life cycle of third-party management: 1) business justification; 2) questionnaire to third-party; 3) due diligence on third-party; 4) compliance terms and conditions, including payment terms; and 5) management and oversight of third parties after contract signing.
I continually give my mantra of compliance, which is “Document, Document, and Document”. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program.

Three key takeaways:

  1. Use the full five-step process for third-party management.
  2. Make sure you have Business Development involvement and buy-in.
  3. Operationalize all steps going forward by including business unit representatives.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: 3M OFAC Enforcement Action

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent OFAC enforcement action involving 3M.

3 3M, found itself in hot water after violating Iran sanctions, leading to a hefty fine of $9,618,477 from the Treasury Department and OFAC. This violation, involving a subsidiary selling goods to a German reseller who then sold them directly to Iran, including to a sanctioned entity.

Tom points out the significant failures in controls and monitoring within the company that led to the violation. He emphasizes the importance of end user statements and monitoring in compliance functions to prevent such violations. On the other hand, Matt acknowledges that while 3M made an effort to comply with the Iran nuclear deal, changes in the arrangement that were not properly communicated or approved led to a violation of the sanctions agreement. He also underscores the importance of monitoring and obtaining end user statements to ensure compliance with export control laws.

Join Tom Fox and Matt Kelly as they delve deeper into this topic in the latest episode of the Compliance into the Weeds podcast.

 Key Highlights

·      Sanctions Compliance and Ongoing Monitoring

·      Challenges and Consequences of Sanctions Compliance

·      Sanctions Settlement for Selling Goods to Iran

·      Anticipated Impact of Recent Events on 3M

 Resources

Matt in LinkedIn

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

How Triage and Investigations Can Drive a Culture of Speak Up

I recently concluded a podcast series with Case IQ. Over this series, I visited with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. We tackled such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and will conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and more profitably. This blog post series will expand on these topics. In Part 3, we consider why and how having an effective triage for reports and investigations can drive a culture of speaking up in your organization.

Jakub Ficner has over 15 years of experience in the internal investigative space and is currently the Director of Partnership Development at Case IQ. He strongly advocates for the importance of the triage process and technology in organizational compliance. He is a passionate and determined team player with experience in prospecting and implementing complex global solutions in various industries. Experience working in cross-functional and multi-cultural teams in Canada, the United States, Germany, and India. His specialties include business strategy and development, international management, ethics and compliance, investigation management, and global implementation strategy.

Jakub emphasized the need for organizations to consider the assessment and triage process before receiving complaints or allegations. This proactive approach allows for increased response time and the ability to set realistic stakeholder expectations.

One of the key points highlighted by Jakub is the importance of setting service level agreements (SLAs) to determine response times based on the nature of the allegation. This concept, borrowed from customer service practices, ensures that employees who come forward with complaints or allegations are provided with a clear understanding of the expected timeline for response and communication. By setting these expectations, organizations can foster a culture of open communication and trust.

The triage process is particularly important for multinational companies that operate across different regions. With varying compliance programs and regulations in different countries, having a well-documented process becomes essential. It allows compliance departments to navigate the complexities of compliance programs and investigations, ensuring consistency and adherence to local laws.

Technology also plays a crucial role in establishing effective compliance processes. Jakub points out that many organizations still need efficient documentation and tracking processes. Implementing technology, such as a case management solution, can help establish accountability and defensibility. It allows for establishing clear procedures monitoring performance and provides documentation that can be used to assess the effectiveness of compliance programs.

There is an overriding need for organizations to build accountability and defensibility into their compliance processes. By having a documented triage process and utilizing technology, organizations can ensure that complaints and allegations are handled promptly and consistently. This fosters a culture of speaking up and provides employees with the confidence that their concerns will be taken seriously and addressed promptly.

However, it is important to recognize the tradeoffs in balancing different factors when implementing a triage process and technology in organizational compliance. While efficiency and speed are crucial, organizations must also consider the need for thorough investigations and the protection of employee rights. Striking the right balance requires careful consideration and ongoing evaluation of processes to ensure continuous improvement.

In conclusion, the triage process and technology are vital in promoting a speak-up culture and ensuring organizational compliance. By proactively assessing and triaging complaints and allegations, organizations can increase response time and set realistic expectations for stakeholders. Implementing technology, such as a case management solution, helps establish accountability and defensibility. However, it is important to consider the impact on employee rights and the need for thorough investigations when making decisions about the importance of the triage process and technology in organizational compliance.

Join us tomorrow when we discuss closing the loop by improving your compliance program through a culture of speaking up.

Listen to Jakub Ficner on Innovation in Compliance here.

Categories
Innovation in Compliance

Breaking the Silence: How Speaking Up Enhances Corporate Cultures – Jakub Ficner on How Triage and Investigations Can Drive a Culture of Speak Up

Welcome to a special five-part podcast series on enhancing corporate culture through a great speak-up regime. This podcast series is sponsored by Case IQ. Over this series, Tom Fox will visit with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. They will tackle such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and, at the end of the day, more profitably. In Part 3, Tom Fox visits with Jakub Ficner on the importance of your triage protocol and investigative process to foster a culture of speaking up.

Jakub Ficner has over 15 years of experience in the internal investigative space and is currently the Director of Partnership Development at Case IQ. He strongly advocates for the importance of the triage process and technology in organizational compliance. Jakub emphasizes the need for a rigorous reporting, triage, and investigation process, even before receiving a complaint or allegation. He believes that effective means of documenting and tracking investigative processes are crucial for establishing accountability and defensibility in compliance processes. Drawing from his extensive experience, Jakub highlights the significance of having a documented process, especially for multinational companies with compliance officers in various regions. He recommends using technology, such as a case management solution, to ensure accountability, defensibility, and easy information retrieval. Join Tom Fox and Jakub Ficner on this episode as they delve deeper into these topics of triage and investigations.

 Key Highlights:

  • The importance of effective triage
  • Improving Response Time and Setting Expectations
  • Effective Compliance Documentation and Tracking
  • Using Technology to Establish Accountability and Defensibility

Resources:

Jakub Ficner on LinkedIn

Case IQ

Categories
Great Women in Compliance

Great Women in Compliance 2.0 – A New Era

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Hemma Lomax.

GWIC is back to start the 2.0 era! We are very excited to be back, and to start out our new format and hear your views. One consistent thing about the GWIC community is how much you all accomplish and that happened with Lloydette. As you will hear, Lloydette has been offered an amazing government appointment. One of the downsides is that she needed to re-evaluate some of her public commitments. It made the most sense for her to step down from GWIC. During the hiatus, the inaugural Women in Compliance Summit took place, and it was a huge success. Hemma has also been a guest of the podcast (Episode 145), and an advocate of “Sending the Elevator Back Down, “ and was already helping behind the scenes.

We are thrilled to have Hemma as a co-host, and Ellen Hunt of Spark Compliance and Sarah Hadden of Corporate Compliance Insights as part of the GWIC team and supporting our larger discussions. All four of us will be in Chicago at the SCCE CEI the first week in October, and then the 4 of us will recap the conference for the October 10 episode and to officially kick off this semester.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Into the Chair - Tales from Chief Compliance Officers

Into the Chair, Tales from Chief Compliance Officers: Discovering a Passion for Compliance – Mario Chilin’s Journey into the CCO Chair

Welcome to the latest edition to the Compliance Podcast Network: Into the Chair: Tales from Chief Compliance Officers details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to successfully navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Into the Chair: Tales from Chief Compliance Officers is a Comply podcast hosted by Tom Fox and is a production of the Compliance Podcast Network. In this episode, I visit with Mario Chilin the Chief Compliance Officer at EP Wealth Advisors.

Mario Chilin is a seasoned professional in the compliance field, boasting a robust background in the financial industry, with degrees from California State University and Pennsylvania State University, and a paralegal certificate from Cerritos College. His perspective on his career in compliance is overwhelmingly positive, having discovered a passion for the field while working at the Bank of Tokyo Mitsubishi. Despite the challenges he faces as a Chief Compliance Officer, such as limited resources and the growing threat of cybersecurity, Chilin remains dedicated to his profession. His experiences, from working in operations during the 2008 financial crisis to his current role at EP Wealth Advisors, have only fueled his belief that others who delve into compliance will find the same passion and excitement. Join Tom Fox and Mario Chilin as they delve deeper into this topic on the next episode of the Into the Chair podcast.

Key Highlights

·      Unexpected Paths to a Successful Compliance Career

·      Navigating the Regulatory Side of Finance

·      Maximizing Resources and Cybersecurity: Compliance Officer Challenges

Resources

Mario Chilin on LinkedIn

EP Wealth Advisors

Comply

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Ari Tulla on Data for the Body

Do you need help keeping up with your business’s ever-changing compliance programs? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. The intersection of law, compliance, and data is becoming increasingly important in cross-border transactions, mergers, and acquisitions.

Today, we take things differently as Tom Fox visits with Ari Tulla, founder and CEO at ELO. Ari is a tech entrepreneur and healthcare innovator with a background in the tech sector who has made significant strides in personalized nutrition and healthcare. Ari believes that the future of healthcare lies in the convergence of healthcare and food systems, envisioning a future where personalized nutrition plans are prescribed to patients alongside their medication. This perspective is shaped by his experiences navigating the healthcare system during his wife’s health issues and his belief in the importance of behavioral changes and lifestyle improvements over-reliance on medication alone. His company, ELO Health, embodies this vision by offering smart supplements based on individual data and blood biomarkers, aiming to prevent and reverse chronic conditions through personalized dietary plans. Join Tom Fox and Ari Tulla on this Data Driven Compliance podcast episode to learn more about Ari’s revolutionary approach to personalized nutrition and healthcare.

Highlights Include:

  • The Intersection of Healthcare and Nutrition
  • Revolutionizing Nutrition with Personalized Smart Plans
  • The Future of Prescribed Nutrition for Healthcare
  • Finding Meaning and Purpose in Healthcare
  • Revolutionizing Healthcare through Personalized Nutrition Plans

Resources:

Ari Tulla on LinkedIn

ELO

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 16: Policies on Facilitation Payments

From the information provided by the DOJ in Opinion Releases and in enforcement actions, there are several different insights which may be drawn on regarding what should go into your policy on facilitation payments. Do not forget that facilitation payments must be accurately shown on the books and records of your company. In all cases the employee who requested permission to make the facilitation payment must be responsible for obtaining all required approvals and forwarding a copy of the approvals and any other relevant supporting documentation as required, so that the it is recorded as a facilitation expense in the books and records and maintained in a central file. Facilitation payments should not be recorded as consulting fees, entertainment expenses, or other types of expenses that may misrepresent the true nature of the payments.
There may be emergency situations when it will be difficult or impossible for employees to obtain approvals before having to decide whether or not to pay a facilitation payment. If the facilitation payment is made in an emergency, the employee reports the facilitating payment to the compliance department and explains the emergency as soon as practical after making the facilitation payment.

Three key takeaways:

  1. What was the amount of the facilitation payment?
  2. Was the action truly routine?
  3. How high up was the government official who received the facilitation payment? Was his or her decision discretionary?

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Blog

Non-Retaliation and Protections for Those Speak Up

I recently concluded a podcast series with Case IQ. Over this series, I visited with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. We tackled such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and will conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and, at the end of the day, more profitably. This blog post series will expand on these topics. Part 2 considers the need for non-retaliation and affirmative protections for those who speak up with Kenneth McCarthy.

Kenneth McCarthy retired from the Canadian Public Service in 2020 and created Integrity by McCarthy Inc. to raise the bar on how organizations prevent and resolve incidents of workplace harassment, violence, wrongdoing, and fraud. He has seen the devastating consequences on individuals and organizations and set out to make a difference. McCarthy has led a workplace investigation program for a workforce of over 15,000 employees. He has also provided executive oversight in more than 500 workplace investigations and has designed and delivered investigation training sessions to 500 front-line managers.

Sexual harassment retaliation is a pervasive issue that creates a toxic work environment and discourages victims from reporting incidents. McCarthy stressed the importance of addressing sexual harassment retaliation and encouraging workplace reporting, which was discussed in detail. He highlighted a case where women who reported harassment faced severe retaliation, leading to a loss of trust in the reporting process. This fear of being labeled a “rat” or “gossip” often prevents victims from coming forward and seeking justice. To combat this issue, non-retaliation protocols are crucial to protect individuals and ensure legal compliance.

McCarthy emphasized the significance of non-retaliation protocols in encouraging reporting. He shared a disturbing case from his government days, where individuals who reported sexual harassment expressed regret and advised others to stay silent. The retaliation they faced was systemic and created an environment where they could no longer work with their colleagues.

The fear of retaliation is deeply rooted in the perception of being a whistleblower or complainant. McCarthy underlined the importance of having strong policies, consequences for violators, and open workplace conversations to empower bystanders. Bystanders play a crucial role in identifying and reporting harassment but often fear retaliation or loyalty conflicts.

McCarthy’s vision is for individuals to report concerns without even realizing they are whistleblowers or complainants. This can be achieved by fostering a culture where employees feel comfortable sharing any observations that don’t feel right. Real conversations between middle and senior managers and their staff are essential to emphasize the importance of raising concerns, no matter how small they may seem.

He also highlighted the need for confidentiality in reporting processes. Protecting the identity of whistleblowers and complainants is crucial to ensure their safety and prevent further retaliation. McCarthy emphasized the importance of continuous monitoring and promptly addressing incidents. You need a culture that provides resources for workplace issues and emphasizes the importance of bystander involvement, strong retaliation policies, and confidentiality in reporting processes. Organizations can create a safer and more inclusive work environment by encouraging bystanders to come forward and protecting them when they do.

Balancing the factors involved in addressing sexual harassment retaliation and encouraging reporting is challenging. Employers must navigate the tradeoffs between protecting individuals and maintaining the integrity of the reporting process. However, the long-term benefits of creating a workplace where harassment is not tolerated far outweigh the challenges.

The Me-Too movement has highlighted that addressing sexual harassment and discrimination is not solely the responsibility of the victims. Everyone is responsible for speaking up when they witness inappropriate behavior, regardless of whether it directly affects them. This shift in mindset is crucial to creating a culture of accountability and support.

In conclusion, addressing sexual harassment retaliation and encouraging workplace reporting requires a multifaceted approach. Strong non-retaliation protocols, open workplace conversations, and the empowerment of bystanders are key factors in creating a safe and inclusive work environment. By prioritizing the well-being of employees and fostering a culture of trust, organizations can effectively combat sexual harassment and ensure compliance with legal and regulatory requirements.

Join us tomorrow to discuss the importance of your triage and investigation process to foster a culture of speaking up.

Listen to Kenneth McCarthy on Innovation in Compliance here.

Categories
Daily Compliance News

Daily Compliance News: September 26, 2023 – The Deutsch Bank Fined Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Get on or off the train.  (FT)
  • Menendez defiant. (ABC News)
  • De-risking in China. (FT)
  • Deutsch Bank fined for greenwashing. (WSJ)