Categories
Blog

Navigating Digital Compliance: Managing Risks and Embracing Innovation

In a rapidly evolving digital landscape, managing compliance risks has become a critical priority for organizations. In a recent Innovation in Compliance podcast episode, I had the opportunity to interview Chris Lehman, CEO of Safeguard Cyber, a compliance and security company, to shed light on the importance of effective digital compliance and the challenges that arise with the shift in communication channels. This blog post explores the key insights from this conversation and offers practical advice on managing risk in the realm of digital compliance.

The manner in which communicate has undergone a dramatic transformation with the rise of smartphones and the increasing use of cloud-based applications and messaging platforms. Today, a staggering 45% of all business communication takes place outside of email, spanning channels like Slack, Microsoft Teams, WhatsApp, Telegram, Line, SMS, iMessage, and even social platforms such as LinkedIn. In addition to this tech side of the communication revolution, there is the generational change, from the way Baby Boomers communicated through GenXers to Millennials to GenZers. Moreover, corporations have not implemented the same level of controls for these new communication channels as they have for email, leaving potential vulnerabilities.

Lehman emphasizes the human factor as the most significant risk in compliance strategies. While technological advancements have enabled agility, innovation, and new ways of engagement, it is crucial to ensure compliance in these digital interactions. Safeguard Cyber highlights the need for organizations to prioritize compliance and good corporate governance, while still allowing employees to be agile and innovative.

To effectively manage risk in digital compliance, it is vital to treat it as a comprehensive risk management process. This involves understanding regulations, establishing robust policies, training employees, and leveraging technology to monitor and mitigate risks. It all starts with a risk assessment, which informs your risk management strategy. From there you must implement effective training and communications, then monitor and upgrade as needed. To do this you also need a tech solution which provides visibility into digital communication channels, enabling organizations to identify potential risks in real-time and take corrective action.

Unfortunately, there is often a tension that can arise between compliance teams and line of business teams. Rather than being seen as a hindrance, compliance teams should strive to be enablers and strategic partners. By providing visibility into the tools and applications employees use, compliance teams can facilitate decision-making on freedom and flexibility while maintaining compliance standards.

The regulators, such as the Securities and Exchange Commission (SEC), Commodities Futures Trading Commission (CFTC) and the Department of Justice (DOJ) have all take notice and have all emphasized the importance of compliance and good corporate governance in these new communication channels. This summer alone, SEC recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the CFTC ordered four financial institutions to pay a total of $260 million for recordkeeping and supervision failures for widespread use of unapproved communication methods. All of this means that companies must identify and assess their risks, implement risk management strategies, and ensure that policies and procedures are not only in place but also effectively trained and followed.

Fortunately, technologies now exist that allow organizations to achieve compliance without becoming overly burdensome through their monitoring function. Safeguard Cyber’s tech solution, for instance, monitors digital communication channels, such as email, messaging platforms, and social media, while ensuring employee privacy through an opt-in system. By leveraging natural language understanding technology, sensitive information can be flagged, and compliance can be maintained seamlessly.

As we move forward, the goal for organizations is to break down the walls between line of business and compliance teams. Technology will play a pivotal role in providing visibility into various communication channels and applications, helping employees stay within boundaries without intentionally breaking rules. Increased regulatory oversight is expected in the future, making it even more crucial for organizations to prioritize digital compliance.

In the modern business landscape, effective digital compliance and good corporate governance are paramount. Managing compliance risks in the realm of digital communication requires organizations to treat it as a risk management process, leveraging technology and establishing robust policies. By embracing technology solutions like Safeguard Cyber, organizations can monitor communication channels, flag potential risks, and ensure compliance without stifling innovation and agility. As we navigate this ever-evolving digital world, prioritizing digital compliance will be a key differentiator for organizations seeking long-term success.

Categories
Corruption, Crime and Compliance

Corficolombiana DOJ and SEC FCPA Settlements

When operations span across borders, navigating local regulations and ethical standards becomes even more crucial. As evidenced by Corficolombiana’s case, neglecting these measures can lead to hefty legal ramifications and significant economic repercussions. In this episode of Corruption, Crime and Compliance, Michael Volkov unravels the Corficolombiana and Group Aval scandal, shedding light on the importance of implementing and maintaining robust ethics and compliance programs for global companies.

You’ll hear Michael talk about:

  • Corfico is a subsidiary of the Colombian financial behemoth, Grupo Aval. The two entities agreed to substantial settlements with both the DOJ and SEC, stemming from allegations of a bribery scheme in Colombia.  
  • It emerged that Corfico had conspired with Odebrecht, a Brazilian construction firm, to pay around $23 million in bribes to influential Colombian government officials to clinch the project. The DOJ’s settlement with Odebrecht throws more light on the matter.
  • Corfico’s forthcoming cooperation with both DOJ and Colombian authorities demonstrated their intent to amend their ways.
  • Corfico embarked on extensive remedial measures, which the DOJ acknowledged and appreciated. This included a comprehensive root cause analysis and subsequent enhancements to their corporate governance and controls. 
  • Corfico also revamped its compliance program, introducing improved reporting, investigation, and disciplinary procedures and revisited its anti-corruption compliance program.
  • The DOJ extended a 30% fine reduction to Corfico, a significant reprieve. What stood out, however, was the decision against appointing an independent compliance monitor in this case. 
  • Such international scandals accentuate the risks that large projects in foreign lands pose. Drawing parallels with the ABB case, it’s clear that ethics and compliance are non-negotiables for global firms.

 

KEY QUOTES

“The DOJ credited Corfico’s cooperation, citing its production of facts obtained through the company’s internal investigation, making numerous detailed factual presentations that distilled certain key factual information producing documents that the government may not have been able to get access to because of foreign data privacy laws providing sworn testimony from Columbia.” – Michael Volkov

 

“Corfico promptly engaged in extensive remedial measures, including, among other things, conducting a root cause analysis of the bribery scheme identified during the internal investigation. Promptly took the actions to enhance its corporate governance and controls and joint venture entities as well as improved its oversight of noncontrolled joint ventures and investments, overhauled its compliance program… As a result of this, the DOJ awarded Corfico a 30% reduction off the bottom of the applicable guidelines fine range.” – Michael Volkov

 

“It’s always good to look at the underlying conduct, and imagine: If you’re working in a company, with your compliance program, would you have been able to detect this? How would your compliance program have prevented this from occurring?” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Adventures in Compliance

Adventures in Compliance – Compliance Lessons from The Adventure of the Beryl Coronet

The story begins with a respected banker, Alexander Holder, who comes to Sherlock Holmes for help. Holder tells Holmes that he was entrusted by a client with a precious artifact, the Beryl Coronet, which is studded with valuable jewels. Holder, fearing the artifact might get stolen, took it home and locked it in his safe.

The following morning, Holder finds the coronet damaged, and three beryls are missing. Holder immediately suspects his son Arthur, as he was found with the artifact in the middle of the night in a frantic state. Although he claims innocence, Arthur refuses to provide any alibi. Holder, devastated and confused, seeks Holmes’ help in solving the mystery.

After examining the scene, Holmes infers that the intruder was an amateur. He notices footprints that lead to and from a garden window. Holmes suspects Arthur’s cousin, Mary, after discovering that she had been out walking late that night and received a sizable payment from a mysterious source.

Holmes eventually identifies the true culprit as Sir George Burnwell, a man of questionable character who had been romantically involved with Mary. Mary had been paying Burnwell to keep quiet about their relationship, using money she received from pawning her own jewelry.

Holmes manages to recover the stolen jewels from a pawnbroker. It is revealed that Arthur was indeed innocent and had taken the blame to protect Mary, whom he loved. The story concludes with Holder expressing relief at the solution, but also sorrow that Mary had been led astray by Burnwell.

Compliance Lessons 

Due Diligence: The plot revolves around a precious beryl coronet that is partially stolen. The owner, Mr. Holder, fails to exercise due diligence in securing the coronet, leading to the theft. This highlights the importance of thorough risk assessment and due diligence in compliance, particularly regarding asset security.

Confidentiality: The coronet is a state secret. Its value is immense, and it is given to Holder to be used as a security against a loan. This underscores the importance of safeguarding sensitive or proprietary information and the responsibility individuals and organizations have in maintaining confidentiality.

Insider Threat: The theft is carried out by a trusted individual within the household. This reflects real-world scenarios where individuals within an organization pose significant risks. It’s crucial to establish systems that can detect and prevent insider threats.

Crisis Preparation: Holder makes an immediate decision to approach Sherlock Holmes when the theft is discovered. This can be related to the crisis training that should be followed when a breach or issue is detected within an organization, including notifying the relevant authorities or consulting professionals to handle the situation. You should game out and plan your cyber breach responses.

Trust and Transparency: The conclusion of the story reveals a complex web of familial relationships and a severe lack of trust and transparency within the Holder household. This emphasizes the significance of fostering a culture of openness, trust, and transparency within an organization. Honest communication and transparency can prevent misunderstandings and miscommunication that might lead to non-compliance issues.

Unintended Consequences: The impulsiveness and rash decisions of characters in the story lead to unintended consequences, such as Arthur’s unjust imprisonment. This is a reminder that organizations must think through the potential outcomes of their actions, especially with regards to compliance and regulatory matters, to avoid unexpected negative impacts.

Resource

The New Annotated Sherlock Holmes

Categories
Blog

What is Corporate Culture?

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 1, we ask what is culture with our special guest Yvette Hollingsworth-Clark.

Yvette currently holds the position of Chief Compliance Officer for State Street Corporation  and is on the Board of Directors at Diligent. With a robust background in risk management, Yvette has cultivated a deep understanding of the significance and measurement of corporate culture. She asserts that corporate culture should not be solely managed by the compliance function, but rather owned by the C-suite and executed in various forms. Yvette stressed the need for specific metrics to monitor and promote desired cultural values, such as integrity, and believes that culture can be measured through metrics such as the number of risk decisions overruled, challenged, or implemented correctly. She also highlighted the importance of considering stakeholders such as customers, clients, and third parties when assessing corporate culture.

Yvette emphasized that culture is not solely the responsibility of the compliance function but is owned by the C-suite and executed in various ways throughout the organization. CEOs have a significant role to play in driving corporate culture. They must lead by example, set expectations, and hold managers accountable for adhering to the desired cultural attributes.

One key aspect is the importance of tone from the top. Employees observe the behavior of their senior leaders and often mimic their actions. CEOs need to be conscious of the examples they set, both verbally and through their behavior. Fairness is also crucial in setting the culture of a company. Every decision made by senior leaders, regardless of their position, should demonstrate fairness and align with the desired culture.

The Board of Directors also plays a significant role in shaping and overseeing corporate culture. They need to understand how management defines culture and how ethical issues are managed within the organization. Yvette advises boards to think about the framework of culture more broadly, considering factors such as the company’s reputation to customers and other stakeholders, as well as the employee experience. It is essential to demonstrate how the organization is executing against the cultural attributes that are deemed positive for the company.

Assessing corporate culture is a complex task that requires a balance between art and science. While there are specific metrics that can be used to measure culture, such as risk decisions, policy violations, and disciplinary actions, it is important to anchor the assessment to the specific aspects of culture that are relevant to the organization. Yvette suggests using a suite of metrics that focus on risk excellence and positive indicators of culture, such as employee training, customer treatment, and incident handling.

One must always remember that assessing culture is not a one-size-fits-all approach. It requires organizations to be specific about what their data can answer and what it cannot. A culture assessment is still more of an art than a science, but it is crucial to have a clear understanding of the indicators that align with the organization’s desired culture.

In conclusion, corporate culture is of utmost importance in the financial services industry. It is not only the responsibility of the compliance function but is owned by the C-suite and executed throughout the organization. CEOs must lead by example and set expectations, while the board plays a significant role in shaping and overseeing culture. Assessing culture requires a balance between art and science, with organizations using specific metrics that align with their desired cultural attributes. By prioritizing and measuring culture, financial services organizations can create an environment that promotes ethical behavior, risk excellence, and positive outcomes for all stakeholders.

Join us tomorrow where we explore assessing organizational culture.

Tune into Yvette Hollingsworth-Clark on the Diligent-sponsored podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Written Standards: Day 10 – Policies and Procedures on Gifts and Business Entertainment

If one were to reflect upon the providing of gifts and business entertainment to foreign governmental officials, one might reasonably conclude that after 40 years of the FCPA, companies might follow its prescriptions regarding gifts and business entertainment. However, there have been some notable FCPA enforcement actions in this area.
The 2012 FCPA Guidance clearly stated the FCPA does not ban gifts and entertainment. Indeed, it specified, “A small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other. Some hallmarks of appropriate gift-giving are when the gift is given openly and transparently, properly recorded in the giver’s books and records, provided only to reflect esteem or gratitude, and permitted under local law. Items of nominal value, such as cab fare, reasonable meals and entertainment expenses, or company promotional items, are unlikely to improperly influence an official, and, as a result, are not, without more, items that have resulted in enforcement action by DOJ or SEC.”
These guidelines must be coupled with active training of all personnel, not only on a company’s compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and business entertainment. Lastly, it is imperative that all such gifts and business entertainment be properly recorded, as required by the books and records component of the FCPA.
And, as always, do not forget the gut check test.

Three key takeaways:

  1. Gifts and business entertainment continue to plague companies for compliance violations.
  2. The key is not the amount but of having a policy and procedure and following it.
  3. Always remember to record gifts and business entertainment expenses correctly.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
The Ethics Experts

Episode 158 – Anthony Palma

In this episode of The Ethics Experts, Nick welcomes Anthony Palma. Anthony M. Palma is a member of the faculty of the Fordham University School of Law and the Fordham University Gabelli Graduate School of Business Administration, with subject matter expertise in Business Ethics and Ethical Behavior, Global Corporate Compliance, Global Corporate Governance. He is a frequent speaker at various financial industry conferences on how ethical behavior demonstrated by corporate leaders and employees leads to a more successful and profitable enterprise.

Categories
Innovation in Compliance

Unlocking Success: The Crucial Role of Culture in Compliance: Part 1 – Yvette Hollingsworth – Clark on What is Culture?

Welcome to a special series on building a stronger culture of compliance through targeted and effective training sponsored by Diligent. I will visit with Yvette Hollingsworth-Clark, Viktor Culjak, Jessica Czeczuga, Michael Parker, and Alexander Cotoia in this series. Over this series, we will consider what culture is, how to assess culture, putting together a strategy to manage culture based upon this assessment, monitoring that strategy in the future, and using information from your monitoring to improve your culture continuously. In Part 1, we ask what culture is with our special guest, Yvette Hollingsworth-Clark.

Yvette Hollingsworth-Clark, a seasoned professional in the financial services industry, currently holds the position of Chief Compliance Officer for State Street Corporation. With a robust background in risk management, Yvette has cultivated a deep understanding of the significance and measurement of corporate culture in the financial sector. She asserts that corporate culture should not be solely managed by the compliance function but rather owned by the C-suite and executed in various forms. Yvette emphasizes the need for specific metrics to monitor and promote desired cultural values, such as integrity. She believes culture can be measured through metrics such as the number of risk decisions overruled, challenged, or implemented correctly. She also highlights the importance of considering stakeholders such as customers, clients, and third parties when assessing corporate culture. Join Tom Fox and Yvette Hollingsworth-Clark on this episode to delve deeper into this topic.

Key Highlights:

  • Measuring and Managing Corporate Culture in Finance
  • Shaping Corporate Culture: Board’s Key Role
  • The Nuances of Assessing Organizational Culture

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com

Join us tomorrow, where we consider how to assess your culture.

Categories
Daily Compliance News

Daily Compliance News: September 18, 2023 – The Texas is Open for Business Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Singapore AML corruption case reaches $1.2bn?  (South China Morning Post)
  • Jann Wenner ousted from Rock HOF Board. (WSJ)
  • Head of China military under investigation for corruption. (Reuters)
  • Texas AG acquitted of corruption. (Texas Tribune)
Categories
FCPA Compliance Report

FCPA Compliance Report – Carlos Villagrán Muñoz on Implementing Effective Compliance Programs in Latin America

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Carlos Villagrán Muñoz, Chief Compliance Officer at CMPC in Chile. We discuss operationalizing compliance at CMPC and in Latin America.

Carlos Villagrán Muñoz is a seasoned Chilean attorney with considerable experience in implementing and advancing compliance programs in Latin America. His perspective on the subject is shaped by his extensive experience and understanding of the unique challenges in the region. Carlos identifies two major hurdles in implementing effective compliance programs in Latin America: the need to tailor programs to both global and local contexts due to cultural nuances and differing perceptions of corruption and the pressing issue of money laundering, fueled by illegal activities such as corruption, drug trafficking, and human trafficking. He believes that Latin America lags in anti-money laundering efforts, which are crucial in combating corruption, and advocates for compliance programs that address these issues while considering cultural differences. Join Tom Fox and Carlos Villagrán Muñoz as they delve deeper into these topics and more in this episode of the FCPA Compliance Report podcast.

 Key Highlights

·      CMPC’s Compliance Program Addressing Antitrust Infringement

·      Navigating Cultural Nuances and Money Laundering: Compliance Challenges in Latin America

·      CMPC’s Comprehensive Compliance Training Program

·      The Rise of Technologically Savvy Compliance Experts in Chile

·      Dynamic Networking Opportunities for Compliance Professionals

Resources

Carlos Villagrán Muñoz on LinkedIn

The FinCEN Report Company

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Sunday Book Review

Sunday Book Review: September 17, 2023 – The More Books on Business Process Edition

In the Sunday Book Review, I consider books that would interest the compliance professional, the business executive or anyone who might be curious. It could be books about business, compliance, history, leadership, current events or anything else that might interest me. In today’s edition of the Sunday Book Review, I continue my summer exploration of books on crime. Today, look at some of the top books on auditing, both for the audit professional and the compliance professional.

  • Operations & Process Management: Principles & Practice for Strategic Impact by Nigel Slack and Alistair Jones
  • High Performance Through Business Process Management: Strategy Execution in a Digital World by Mathias Kirchmer
  • The Power of Business Process Improvement: 10 Simple Steps to Increase Effectiveness, Efficiency, and Adaptability by Susan Page
  • Fundamentals of Business Process Management by Marlon Dumas, Marcello La Rosa, Jan Mendling, and Hajo A. Reijers

Resource

10 Business Process Management Books Worth Reading By William Jepma