Categories
Innovation in Compliance

Contracts as a Third-Party Risk Management Tool with Brad Hibbert


 
Tom Fox welcomes Brad Hibbert on this episode of the Innovation in Compliance Podcast. Brad is the Chief Strategy Officer of Prevalent, Inc. He joins Tom to talk about how Prevalent helps companies manage third-party risk, the importance of risk management, and what the future for risk management in the compliance world may look like. 
 

 
Managing Third-Party Risk
Tom asks Brad to explain how Prevalent helps companies manage third-party risks. “We have a SaaS platform that helps organizations identify those risks, report against those risks, and then provide remediation capabilities to reduce those risks at every stage of the vendor lifecycle,” Brad tells Tom. Risk management is no longer about just doing reactive reporting on an annual basis. Risk has to be proactively monitored, identified, and reduced on a day-to-day basis, and especially when companies are having day-to-day conversations with their third parties during contract execution. Prevalent enables its risk management platform by having different team members interact with the third parties to collaborate and reduce the risks at every stage of the vendor life cycle. 
 
A Must Have
Third-party risk management is a must-have right now, and will continue to be in the future. “What organizations are realizing is they have to move beyond the compliance check box and actually reduce the risk associated with these third parties,” Brad remarks. Compliance is one of the drivers of this, but another main factor is the pandemic. COVID has changed the way companies and businesses operate, and has also exposed their weaknesses. With the shift to the hybrid work environment, and the increase of work from home, companies have had rapidly onboard third-party risks due to the use of online platforms. The risk of cyber-attacks and information being leaked is high, so being able to manage and protect companies from that is paramount. 
 
The Contract Essentials SaaS Solution
Tom asks Brad to explain the contract essentials SaaS solution. The SaaS solution allows the company to onboard or add existing contracts. Prevalent’s platform has very strong workflow and collaboration capabilities that focus on vendor risk, which is also good for profiling current contracts to see where the risk lies. Companies can use the SaaS solution to upload their contracts, or any related documentation surrounding it to a secured file, and it allows them to collaborate with third parties outside of the corporate network.
 
The Future of Third-Party Risk Management
Brad predicts a convergence of third-party risk management and the broader third party. “We’re going to continue to focus on building solutions that are easy to use that enable data sharing between the different groups that promote efficiency, collaboration, and then risk reduction,” he says. Organizations can no longer simply rely on assessments, instead must have continuous insights play major roles at all levels of the vendor life cycle. Monitoring the financial risk, the business risk, and the cyber risk proactively to create appropriate measures is something that will continue as well. 
 
Resources
Brad Hibbert | LinkedIn | Twitter
Prevalent, Inc.
 

Categories
Daily Compliance News

March 8, 2022 the Turbocharged Edition


In today’s edition of Daily Compliance News:

  • Putin’s war has turbocharged anti-corruption. (Politico)
  • Lawyers as gatekeepers.  (Radical Compliance)
  • Was it a culture change or just messaging? (NYT)
  • NFL Nightmare comes true. (ESPN)
Categories
The Ethics Experts

Episode 114 – Lisa Bond-Holland

In this episode of The Ethics Experts, Nick welcomes Lisa Bond-Holland. Lisa is the Director of Environmental, Social, Governance for South Jersey Industries (SJI), a New Jersey-based energy services holding company. As the Director of ESG, she is responsible for the strategic development, implementation, and communication of the organization’s ESG program.

Categories
Compliance Kitchen

Russia Removal from SWIFT


The Kitchen reviews the Russia and removal from SWIFT – a joint statement of the allies.

Categories
The ESG Report

Sustainability Transition and Ratings with Jagmeet Lamba and Daniel Perry


 
Compliance is no longer the standard. Companies want to do business with other companies whose values align with theirs.’ This is one of the main talking points in this week’s episode of The ESG Report, where Jagmeet ‘Jag’ Lamba and Daniel Perry join Tom Fox for a conversation about third-party risk management.
 

 
The Importance of Third-Party Automation 
“Companies are not islands,” says Jag, “they exist mainly with the help of partners.” As the companies grow and expand, the third-party network does too. With the compliance burden, data security/privacy burden, and now, the ESG burden that accompany all of these third parties, it’s impossible to manage without automation.
 
Reputational Damage 
Tom mentions the risk of reputational damage to one’s brand through their third parties. In Jag’s company, Certa, reputation plays a role in all of the contracts they make with their key stakeholders, therefore, any reputational issue is a breach of that contract. He advises holding your third parties to that same standard. It is no longer sufficient to be compliant, as today, employees and other companies want to do business with those whose values align with theirs. “Compliance is no longer the standard,” Jag tells listeners.
 
The Work of EcoVadis: Improving Sustainability 
ESG stands for environmental, social, and governance. The ‘S’ can also stand for sustainability, but, “Sustainability actually covers all of the pillars of ESG,” Daniel claims. 
In a company, experts are generally required to aid in making procurement decisions, but they  are probably not also experts on sustainability and ESG. His company, EcoVadis, provides a simple scorecard that tells how well, or how poorly a company is doing on key areas of sustainability, such as environment, labor and human rights, ethics, and supply chain. With these scorecards, you can start making broad, tactical decisions. By having one way of understanding the ESG of all suppliers, companies are able to implement necessary changes. 
 
The Partnership between Certa and EcoVadis 
Both Daniel and Jag detail their goals for both their clients, as well as the world of ESG, from their respective company perspectives. “The only way to have a strong ESG profile is if you also measure the ESG profile of your third parties,” is a quote from Jag that sums up this partnership quite well. 
 
RESOURCES 
Tom Fox’s email
Jagmeet Lamba | LinkedIn | Twitter | Certa
Daniel Perry | LinkedIn | Twitter | EcoVadis
 

Categories
FCPA Compliance Report

Mikhail Reider-Gordon on Conflicts of Interest

In this episode of the FCPA Compliance Report, I am joined by Mikhail Reider-Gordon, Managing Director at Affiliated Monitors, Inc. We discuss conflicts of interest with some very high-profile examples torn literally from the headlines. Highlights include:

·      What exactly is a Conflict of Interest and how does it differ from self-dealing, nepotism?

·      Is a COI purely an ethical problem or are there are situations where COIs are illegal?

·      COIs in the news of late and in some surprising places?

·      Have there been other examples across industries?

·      The Courts, the Fed, SCOTUS?

·      Do you ever come across COIs in your work?

        Resources

Original Posting on podcast on Integrity Through Compliance

Mikhail Reider-Gordon at AMI

Categories
Daily Compliance News

March 7, 2022 the Ericsson Sued Edition


In today’s edition of Daily Compliance News:

  • Ericsson CEO, CFO sued over Iraqi bribery allegations. (Reuters)
  • Activision Blizzard sued over employee suicide.  (WaPo)
  • UK moving to protect public disclosures of corruption. (The Guardian)
  • Kleptocracy and corruption. (TI)
Categories
Blog

The Fall of the Alamo and Empowerment of the Compliance Professional

Yesterday, March 6 was the anniversary of the most historic day of many in the history of the great state of Texas, the date of the fall of the Alamo. While March 2, Texas Independence Day, is when Texas declared its independence from Mexico and April 21, San Jacinto Day, is when Texas won its independence from Mexico, probably both have more long-lasting significance, if it is one word that Texas is known for around the world, it is the Alamo. The Alamo was a crumbling Catholic mission in San Antonio where 189 men, held out for 13 days from the Mexican Army of General Santa Anna, which numbered approximately 5,000. But on this date in 1836, Santa Anna unleashed his forces, which over-ran the mission and killed all the fighting men. Those who did not die in the attack were executed and all the deceased bodies were unceremoniously burned. Proving he was not without chivalry, Santa Anna spared the lives of the Alamo’s women, children and their slaves. But for Texans across the globe, this is our day.
While Thermopylae will always go down as the greatest ‘Last Stand’ battle in history, the Alamo is right up there in contention for Number 2. Like all such battles sometimes the myth becomes the legend and the legend becomes the reality. In Thermopylae, the myth is that 300 Spartans stood against the entire 10,000-man Persian Army. However there was also a force of 700 Thespians (not actors; but citizens from the City-State of Thespi) and a contingent of 400 Thebans fighting alongside the 300 Spartans. Somehow, their sacrifices have been lost to history.
Likewise, the legend that lifts the battle of the Alamo to the land of myth is the line in the sand. The story goes that William Barrett Travis, on March 5, the day before the final attack, when it was clear that no reinforcements would arrive in time and everyone who stayed would perish; called all his men into the plaza of the compound. He then pulled out his saber and drew a line in the ground. He said that they were surrounded and would all likely die if they stayed. Any man who wanted to stay and die for Texas should cross the line and stand with him. Only one man, Moses Rose, declined to cross the line. The immediate survivors of the battle did not relate this story after they were rescued and this line in the sand tale did not appear until the 1880s.
But the thing about ‘last stand’ battles is they generally turn out badly for the losers.  Very badly. I thought about this when Chuck Duross, when he was head of the Department of Justice’s (DOJ) Foreign Corrupt Practices Act (FCPA) unit, said at a conference that he viewed anti-corruption compliance practitioners as “The Alamo” in terms of the last line of defense in the context of preventing violations of the FCPA. I gingerly raised my hand and acknowledged his tribute to the great state of Texas but pointed out that all the defenders were slaughtered, so perhaps another analogy was appropriate. Everyone had a good laugh back then at the conference. But in reflecting on the history of my state and what the Alamo means to us all; I have wondered if my initial response too facile?
What happens to a Chief Compliance Officer (CCO) or compliance practitioner when they have to make a stand? Do they make the ultimate corporate sacrifice? Will they receive the equivalent of a corporate execution as the defenders of the Alamo received? This worrisome issue has certainly occurred even if the person ‘resigned to pursue other opportunities.’ Michael Scher has been a leading voice for the protection of compliance officers. In a post entitled Michael Scher Talks to the Feds he said, “a compliance officer (CO) working in Asia asked for recognition and protection: “A CO will not stand up against the huge pressure to maintain compliance standards if he does not get sufficient protection under law. Most COs working in overseas operations of U.S. companies are not U.S. citizens, but they usually are first to find the violations. Since the FCPA deals with foreign corruption, how could the DOJ and SEC not protect these COs?””
The DOJ is now looking at not only the quality of your CCO and compliance function, but how they are perceived, treated and received in the corporate setting. In the 2019 Evaluation of Corporate Compliance Programs and the 2020 Update to the Evaluation of Corporate Compliance Programs, (collectively ‘Evaluation’) the DOJ expanded out its inquiry evaluate the “sufficiency of the personnel and resources within the compliance function, in particular, whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.”
Further there were four specific areas of inquiry and review: (1) Structure; (2) Experience and Qualifications; (3) Funding and Resources; and (4) Autonomy.
In the section entitled “Structure” the Evaluation made the following inquiries:

  • How does the compliance function compare with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers?
  • What has been the turnover rate for compliance and relevant control function personnel?
  • What role has compliance played in the company’s strategic and operational decisions? How has the company responded to specific instances where compliance raised concerns?
  • Have there been transactions or deals that were stopped, modified, or further scrutinized as a result of compliance concerns?

In the section entitled “Experience and Qualifications” the Evaluation made the following inquiries:

  • Do compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities?
  • Has the level of experience and qualifications in these roles changed over time?
  • Who reviews the performance of the compliance function and what is the review process?

In the area of “Funding and Resources” the Evaluation asked

  • Has there been sufficient staffing for compliance personnel to effectively audit, document, analyze, and act on the results of the compliance efforts?
  • Has the company allocated sufficient funds for the same?
  • Have there been times when requests for resources by compliance and control functions have been denied, and if so, on what grounds?

Finally, in the area of “Autonomy” the Evaluation asked:

  • Do the compliance and relevant control functions have direct reporting lines to anyone on the board of directors and/or audit committee?
  • How often do they meet with directors?
  • Are members of the senior management present for these meetings?
  • How does the company ensure the independence of the compliance and control personnel?

These were all deeper and more robust focus on the CCO and compliance team from the DOJ. If your compliance team is run on a shoestring, you will likely be downgraded for your overall commitment to doing business in compliance with the FCPA. The same is true for promotions and other opportunities for advancement within an organization. Not many organizations have such a mature compliance function that a CCO is appointed to another senior level position within an organization.
Upon further reflection I now believe Duross was correct and the Alamo reference was appropriate for compliance officers. It is because sometimes we have to draw a line in the sand to management. And when we do, we have to cross that line to get on the right side of the issue, the consequences be damned. The DOJ has made clear they expect CCOs and compliance professionals to draw that line when they must do so and when they do, companies must heed their warnings.

Categories
Sunday Book Review

March 6, 2022 the Russia/Ukraine edition


In today’s edition of Sunday Book Review:

  • Bloodlands by Timothy Snyder
  • Red Famine by Anne Applebaum
  • Ukraine’s Nuclear Disarmament by Yuri Kostenkov
  • The Frontlines: Essays on Ukraine’s Past and Present by Serhii Plokhy
Categories
Popcorn and Compliance

MCU Series – The Winter Soldier

 
In this podcast series, two complete MCU fans, Tom Fox, founder of the Compliance Podcast Network and Megan Dougherty, co-founder of One Stone Creative indulge in passion for all things in the Marvel Cinematic Universe by re-watching each movie and then podcasting on every movie in the MCU. If you want to indulge in your love for the MCU with two fans who are passionate about all things MCU, this is the podcast series for you. For this offering, we consider The Winter Soldier.
Some of the highlights include:
Ø  The story synopsis.
Ø  What are the key plot points?
Ø  What were some of our favorite cookies?
Ø  How does this movie fit into the overall MCU?
Ø  How is this movie an homage to prior non-MCU movies?
Next up in our series Guardians of the Galaxy 1.