Categories
Compliance Into the Weeds

DFS Fines Carnival Cruise Lines for Cyber Failures

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we deep dive into the recent New York Department of Financial Services enforcement action against Carnival Cruise Lines for failures in its cybersecurity reporting obligations.  Highlights include:

·      Why is Carnival Cruise Lines subject to the DFS?

·      What violations occurred?

·      Why were there false certifications?

·      What were the tactical cyber security violations?

·      Were they material?

·      Lessons for the compliance professional.

Resources

Matt in Radical Compliance

Categories
Daily Compliance News

July 13, 2021 the Ruin Your Life edition


In today’s edition of Daily Compliance News:
·       DOJ moving to prevention in white-collar crime.  (WSJ)
·       Corrupt former Herbalife exec defaults on SEC suit. (WSJ)
·       Corruption will ruin your life. (FCPA Blog)
·       Is the PGA anti-competitive? The DOJ is asking. (NYT)

Categories
Blog

CCO Skills at Mid-Century: Part 1 – From Soft Skills to Social Skills

What skills will be needed for the mid-century Chief Compliance Officer (CCO) [yes just a few more years to 2030 and ‘mid-century’]. Moving into the CCO chair today is far beyond compliance expertise and legal knowledge. What CCOs need even more as we move into 2030 and beyond are strong social skills. Compliance is becoming more complex and tech-centered; workforce diversity is growing; and firms face greater public scrutiny than ever before. These requirements are far beyond a Foreign Corrupt Practices Act (FCPA) or even compliance course in law school. Going forward, CCOs will need to be adept communicators, relationship builders, and people-oriented problem solvers. To succeed in the future, companies will need to focus on those skills when they evaluate CCO candidates and develop in-house talent in their compliance function. In a recent Harvard Business Review article (HBR), entitled “The C-Suite Skills That Matter Most”, authors Raffaella Sadun, Joseph Fuller, Stephen Hansen, and PJ Neal looked at this issue in the context of the Chief Executive Officer (CEO) position. I have adapted their work for the CCO role.
Previously, companies could look for good technical skills in a CCO. But today, companies need to seek out and hire CCOs “who are able to motivate diverse, technologically savvy, and global workforces; who can play the role of corporate statesperson, dealing effectively with constituents ranging from sovereign governments to influential NGOs; and who can rapidly and effectively apply their skills in a new company, in what may be an unfamiliar industry, and often with other colleagues in the C-suite whom they didn’t previously know.” Getting it wrong can be a disaster for the company. Witness the train wreck involving the Activision Blizzard, Inc. CCO, when that company’s scandal broke.
Previously, the CCO had to use influence to try and get compliance accomplished in an organization. In the early part of the past decade, Jenny O’Brien talked about about techniques for a CCO to employ to help influence decision-making within an organization.

  1. Understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
  2. Active Listening. Work constantly at active listening, which is listening, thinking and then speaking.
  3. Connections with other functions in an organization.
  4. The CCO does not need center stage.
  5. Make a win look like a win for everyone.
  6. The Triple ‘C’- Calm, cool and collected. Don’t let them see you sweat.
  7. Know your stuff.

However, the authors demonstrate that these soft skills are no longer enough for a CCO, even one with high technical competence in compliance programs. A critical first step is to develop greater clarity about what it now takes for a CCO to succeed as the range of necessary skills appears to have expanded. This is more than the ‘soft-skills’ approach articulated by O’Brien but more ‘social skills,’ “including a high level of self-awareness, the ability to listen and communicate well, a facility for working with different types of people and groups, and what psychologists call “theory of mind”—the capacity to infer how others are thinking and feeling.”
By looking at the reasons for these changes, the authors identify several areas that CCOs previously were not required to understand but are now mandatory for a mid-21st century compliance program.The focus on social skills is especially evident in large companies. This is even more true “at publicly listed multinational enterprises and those that are involved in mergers and acquisitions. These patterns are consistent with the view that in larger and more complex organizations, top managers are increasingly expected to coordinate disparate and specialized knowledge, match the organization’s problems with people who can solve them, and effectively orchestrate internal communication. For all those tasks, it helps to be able to interact well with others. It also reflects the web of critical relationships that leaders at such firms must cultivate and maintain with outside constituencies.” This of course includes the five sets of stakeholders identified in the Business Roundtable’s Statement on the Purpose of a Corporation. Again this reality is even considered in the 2013 COSO Internal Control-Integrated Framework.
There is no bigger change to the skill set of the CCO than around information and information-technology systems, i.e., data and data analytics. The authors cited to Peter Drucker for the following, “The more we automate information-handling, the more we will have to create opportunities for effective communication.” This means the CCOs and corporate compliance programs which “rely significantly on information-processing technologies today also tend to be those that need leaders with especially strong social skills.”
In compliance, when companies automate routine compliance tasks, “their competitiveness hinges on capabilities that computer systems simply don’t have—things such as judgment, creativity, and perception. In technologically intensive firms, where automation is widespread, leaders have to align a heterogeneous workforce, respond to unexpected events, and manage conflict in the decision-making process, all of which are best done by managers with strong social skills.” The authors conclude, “as more tasks are entrusted to technology, [CCOs] with superior social skills will be in demand at all levels and will command a premium in the labor market.”
Another new area is in social media and networking technologies. As companies move away from shareholder primacy and focus more broadly on stakeholder capitalism, as outlined in the Statement on the Purpose of a Corporation, CCOs will be expected to be public figures. They will meet and “interact with an increasingly broad range of internal and external constituencies but to do so personally and transparently and accountably.” Moreover, CCOs, and other corporate officers, will be required to operate in “real time, thanks to the increasing prevalence of both social media (which can capture and publicize missteps nearly instantaneously) and network platforms such as Slack and Glassdoor (which allow employees to widely disseminate information and opinions about their colleagues and bosses).” CCOs will be required to “be constantly attuned to how their decisions are perceived by various audiences. Failing to achieve their intended purposes with even a handful of employees or other constituents can be damaging.”
Join us tomorrow where we consider the way forward for the CCO role at mid-century.

Categories
The Compliance Life

Joe Burke -To Dell and Into Compliance

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Joe Burke, most recently the Chief Ethics & Compliance Officer and Employment Counsel, Quest Software Inc.

From Kentucky Fried Chicken in Louisville, Joe moved to Round Rock, TX, to work at Dell Inc. He began in Federal Government Sales, where he developed a compliance program for GSA and TAA work for  Dell Federal. He moved into compliance with the “big switch” from commercial legal to Chief Compliance Counsel. In this role, he was instrumental in building a new FCPA program using the Federal Sentencing Guidelines as a guideline.

Resources

Joe Burke LinkedIn Profile

Categories
The Compliance Life

Joe Burke – From UVA to Colonel Sanders

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Joe Burke, most recently the Chief Ethics & Compliance Officer and Employment Counsel, Quest Software Inc.

Episode 1- College & Early Career

Joe discusses his early life and going to college at UVA with a degree in history and French and then law school at Fordham. He began his legal career at Donovan, Leisure in NYC. From there, he transition to PepsiCo, Inc. in the Kentucky Fried Chicken sub in Louisville, KY and learned about the franchising world. He has some interesting observations on culture in the franchisor/franchisee relationship. He discusses how all of these institutions impacted his career going forward.

Resources

Joe Burke LinkedIn Profile

Categories
The Corruption Files

Energy Violations and the Panalpina Settlements with Thomas Fox and Michael DeBernardis

Thomas Fox and Michael DeBernardis discuss energy cases considered FCPA violations, highlighting Panalpina Settlement Day, the uncovered bribery methods, and its implications on the future of compliance, the written policies, and the solutions to commerce and transactions in higher-risk jurisdictions.

Key points discussed in the episode:
✔️ Tom Fox introduces the cases involving Shell, Transocean, Tidewater, Pride International, and Noble.
✔️ Michael DeBernardis describes the company’s methods as a hub-and-spoke arrangement and lays out the Department of Justice’s investigative process. The case has planted the seeds of the pilot program and corporate enforcement policy. The DOJ has become more deliberate in announcing settlements
✔️ Due diligence requires visibility across all aspects of the business. Thomas Fox shares a snippet of advice from a shipping company executive: “If you have a vendor with a 100% success rate, you have a problem.” Any business model based on bribery and corruption never ends well.
✔️ Panalpina’s methods were an open secret across other energy companies, designing ways to circumvent Nigerian customs. Monitoring during this time was less rigorous.
✔️ Due diligence is an ongoing process of improvement. High-risk jurisdictions for particular transactions are now thrown at the forefront.
✔️ Companies outside of the oil and gas industry have started to reconsider their strategies in high-risk areas. The solution is not to stop doing business completely but to work with companies that do compliance.
—————————————————————————-
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
Innovation in Compliance

The Power of the Written Word with Jaclyn Schiff


Jaclyn Schiff is the founder and CEO of PodReacher, a company that helps marketing teams transform their podcast into high-quality text content to increase impact. Tom Fox welcomes her to this week’s show to talk about her professional background, B2B marketing, and how PodReacher helps its clients. 
 

 
PodReacher and B2B Marketing
Tom asks Jaclyn how B2B content repurposing helps communications specialists and compliance officers. Marketers want to differentiate their product or service in the marketplace, Jaclyn responds. Podcasting is a growing B2B marketing trend because business leaders do not have time to personally create content that would captivate an audience. It became particularly popular during the pandemic as you can execute it remotely. Jaclyn states, “In any industry, a conversation is an easy way to get [your content] out there. Now taking that from the spoken word …and turning that into a good reader experience.” She explains that PodReacher turns audio into riveting content that people can use for marketing purposes. 
 
Why Repurpose Content
Repurposing your social media content on different platforms helps you to be more consistent with your promotions, Jaclyn tells Tom. For example, she will send out an email for a client, then use the email content to create a LinkedIn post on the same topic. However, it may be more difficult than it seems. “The key to repurposing content is you want to optimize for the channel,” she says. “So I’m not going to write an email the way I would write a LinkedIn post. I’m not going to write a script in the way I would write something that’s intended for people to read.” 
 
Looking Ahead
Tom asks Jaclyn if she believes that her brand of repurposing content will become more popular in the future. Jaclyn agrees; she believes that podcasts are the best outsourcing tools for creating content. It is one of the easiest ways to promote your company and create brand awareness, she remarks. There is so much information and content hidden in a single podcast episode and it would be a marketing shame not to utilize it to the best of its ability.
 
Resources
Jaclyn Schiff | LinkedIn | Twitter | Website   
PodReacher
 

Categories
Daily Compliance News

July 12, 2021 the Shelly on Corruption edition


In today’s edition of Daily Compliance News:

  • Percy Bysshe Shelly on corruption. (The Guardian)
  • How to survive the summer travel fiasco. (NYT)
  • Failure to disclose can cost you a government contract. (Reuters)
  • Uber whistleblower comes forward. (WaPo)
Categories
Blog

Death of dos Santos and Leadership at the Top

José Eduardo dos Santos, who served nearly four decades as Angola’s president, died on Friday in Spain where he had been living in self-imposed exile. According to his New York Times (NYT) obituary, “he was widely accused of corruption and nepotism, and the economic boom he presided over benefited mainly his family and a coterie of advisers.” If the name sounds familiar it may be due to his flamboyant daughter Isabel dos Santos who has been “accused of plundering institutions including Sonangol, the state petroleum company, to create a business empire with stakes in diamond exports, the dominant cellphone company, banks and the country’s biggest cement maker. In 2020, she was charged with embezzlement, money laundering and other financial crimes. She denied the charges, saying she was the victim of a witch hunt. She has been living mostly in Dubai, seeking to avoid arrest. Mr. dos Santos’s son José was found guilty of financial transgressions and sentenced to five years in prison.” In other words, it all started at the top.
The death of Santos is a good reminder of why substantive and deep dive due diligence needs to go into the background check on every business leader and C-Suite Executive. Candice Tal, founder and President of Infortal Worldwide, has long been telling us for this need for many years. Now a new article from the Harvard Business Review (HBR) by Aiyesha Dey, entitled “When Hiring CEOs, Focus on Character”, bears Tal’s warnings out with research. The author has “studied the ways in which the lifestyle behaviors of CEOs—in particular, materialism and a propensity for rule breaking—may spell trouble for a company.”  Her conclusion bears out why Tal has been saying all along, “Firms led by CEOs with even minor traffic tickets or excessive spending habits are disproportionately prone to fraud, insider trading, and other risky business activities.” Dey concludes by noting “that boards should pay attention to executives’ off-the-job behavior.”
Dey’s research centers on straight-forward questions: “Instead of focusing on systems and controls, should we be looking more closely at the people leading these companies?” Her conclusion is that taking a deeper dive into the background of those who become the C-Suite leaders at an organization bears more scrutiny as they can be “early warning signs” of trouble to come. That sounds like exactly what Boards would want to consider when reviewing potential C-Suite candidates. (I hope they will call Candice Tal to perform the actual due diligence recommended by Dey.)
The first area explored by Dey was in rule breaking, as “criminology researchers have found that people who flout even minor rules are subtly communicating that they don’t believe restrictions apply to them.” Indeed, Dey found that “18% of CEOs had been cited for infractions ranging from minor traffic offenses to driving under the influence, disturbing the peace, drug crimes, reckless behavior, domestic violence, and sexual assault.” Dey took this information a step further by asking, “Is fraudulent reporting more likely at a company if its CEO has a criminal record? Is the CEO (or CFO) more likely to be personally implicated in the fraud if he or she has a criminal record? Not surprisingly, the answer to both questions was yes… we found that if the CEO had a criminal infraction, the firm was more than twice as likely to be involved in fraud, and the CEO was seven times more likely to be personally named as a perpetrator.” Somewhat amazingly, even minor legal infractions such as traffic tickets were significant.
Dey then considered the effect of controls, such as insider trading blackout periods as a deterrence. Dey found “they had little effect on executives who committed serious crimes. Seemingly, then, governance structures and formal control systems are unlikely to rein in the worst actors. That’s discouraging news for boards and regulators that wish to curb opportunistic insider trading and limit other undesirable behavior.”
An area of Dey’s research, which was surprisingly insightful, was around “materialism.” Dey looked at it from the perspective of “the zealous pursuit of wealth and luxury regardless of the cost to others.” She and her teamed picked three criteria for review. (1) Ownership of a private home valued at twice as much as the median in the area; (2) Ownership of a car worth more than $75,000; and (3) Ownership of a boat more than 25 feet in length. “In our sample of CEOs, 58% had one or more of those markers and qualified as materialistic; we classified the remaining 42% as frugal.”
What Dey found “was a gradual weakening of the control environment in firms led by executives whose personal spending was excessive. Specifically, we observed more use of equity-based incentives (which can encourage managers to mislead capital markets by inflating reported performance), more appointments of materialistic CFOs, less intensive monitoring by the board, and a greater probability of a weakness in internal controls.”
In the financial sector, Dey “found that those with materialistic CEOs had relatively lax systems for risk management and thus faced more threat of significant negative performance than banks led by frugal CEOs.” Even more troubling for the compliance function, Dey “found that materialistic CEOs also contributed to a deterioration in corporate culture that led employees to more aggressively exploit insider-trading opportunities during the 2007–2009 financial crisis. Another correlation was in “corporate social responsibility (CSR) performance,” where Dey “found that firms with materialistic leaders received lower scores from CSR ratings agencies than did firms with frugal leaders. Our finding aligns with other scholarship showing that materialistic people display a lack of concern for the well-being of others and the environment.”
I asked Candice Tal what companies can do to investigate these issues. Tal stated, “Behavioral issues can be picked up during in-depth reference interviews by trained investigators, and can also be detected through patterns observed with type and frequency of civil lawsuits, such as sexual harassment, class action lawsuits, fraud and breach of contract matters. Themes around egregious behavioral issues can also be found when conducting deep web investigations on executives. This goes far beyond Google searches incorporating OSINT Open Source Intelligence. Tal notes that patterns and themes in behavioral traits should never be ignored. Executive due diligence backgrounds should be conducted by corporations on new executive hires and new board members.  Executives will be in the highest positions of trust, a simple background check will not reveal these types of issues, however, effective due diligence investigations enable this information to be discovered thus protecting the board and shareholders from unnecessary risk exposure.”
All this information should be digested by corporate compliance functions and Boards of Directors. Even in the Foreign Corrupt Practices Act (FCPA) world, nearly every major corporate scandal starts with a lax attitude at the top of the organization. Indeed, it is such CEOs who inevitably cry about ‘rogue employees” and not what their organizations stand for. But the myth of the rogue employees is just that, a myth, and it really all does start at the top. Boards need to take note.

Categories
The Ethics Experts

Episode 127 – Blake Wilson

In this episode of The Ethics Experts, Nick welcomes Michael Duran. Michael is the Senior Vice President and Chief Ethics & Compliance Officer at 3M. Michael leads 3M’s global Ethics & Compliance Department, driving innovations and enhancements to the program to identify, mitigate and address risk and build upon 3M’s strong ethical culture of Be 3M.