The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, we have our first Director of Trade Compliance, Matt Silverman, Director of Trade Compliance at VIAVI. We discuss Matt’s journey to the Director’s chair and look down the road at where trade compliance will be in 2025 and beyond.
His first role as a Trade Compliance Director role was at Solvay. In this role, Silverman learned to balance individual employee management and employee development along with day-to-day compliance issues. Silverman then moved to VIAVI in the role of Global Trade Director & Senior Counsel. In this position he handles a wide variety of trade issues including import, export, sanctions and antiboycott. He also looks for ways to get involved in other areas that may intersect with trade compliance.
Categories
Year End Wrap Up
The Kitchen wraps up its 2021 with a look back at some of its top stories from the past year.
Human trafficking is the fastest-growing transnational crime with more than 25 million people held in forced labor and sexual exploitation. As if these numbers aren’t horrifying enough, 10 million of those trafficked people are children, and yet rarely are US organizations focused on human trafficking’s impact on their operations, much less society as a whole. In fact, most of us consider human trafficking to be a problem occurring in developing countries and that there are more pressing issues that should demand our attention and compliance resources. That false narrative is part of what makes human trafficking so difficult to counter.
>
Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, warlords, kleptocrats and more.
Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.
Tom Fox welcomes back Jeffrey Hayzlett to this week’s episode of the Innovation in Compliance Podcast. Jeffrey is the CEO and Chairman of The C-Suite Network. In this episode, Tom and Jeffrey explore where the business world is as the year comes to an end.
The Changing Business Community
Tom asks Jeffrey to reflect on what businesses are responding to now. “That there are no old ways; there are all going to be new ways,” he remarks. The mood of business is shifting, and businesses are simply going to have to adapt. There aren’t going to be offices in the way they used to be because the pandemic has shown that businesses can operate well remotely. The focus is going to be on how to utilize these new environments in the best way, as well as how to effectively and safely monitor them. Companies are changing the ways they do business as well: before the pandemic content was not a priority; now it is. “You have to be able to use content to drive the business,” Jeffrey iterates. Sometimes content will not generate as much money as you did previously, but it will generate engagement and reach more people. “You have to change, adapt, or die,” Jeffrey insists.
Grow, But Mitigate Risk
The C-Suite Network encourages senior management to mitigate risk as much as possible. Companies have to grow while doing this, however. “If you’re not growing, you’re dying,” Jeffrey tells Tom. Risk is always going to exist in business, but it cannot hinder you as a leader, especially a C-Suite one. “Our job is to be the most strategic people in the room,” Jeffrey adds. Asking the right questions, understanding the directions of the CEOs of the companies they counsel, and assessing the processes and tools these companies have, are all part and parcel of how C-Suite leaders think about, and mitigate risk.
Where Do We Go From Here
Tom asks Jeffrey where he sees in-person conference business going in the coming years. “You’re either gonna have really small groups or really big ones…not much in between,” Jeffrey responds. It’s going to be much more difficult in the coming years for speakers to have sustainable careers because of the digital era the world is in, and because audience preferences are changing. “If you’re not a subject matter expert, if you’re not a celebrity, it’s going to be a long road for you as a professional speaker…You’re really gonna have to have credentials,” he adds. Most people are going to be looking for experts to give them advice on how to move from point A to point B, or for celebrities who can draw people in and help fill a room. “Those are the things that are going to be the key driving factors in the future,” Jeffrey concludes.
Resources
Jeffrey Hayzlett | LinkedIn | Twitter
The C-Suite Network
We begin the week before Christmas by looking at one heck of a compliance failure (or perhaps series of compliance failures) which led JPMorgan Chase Bank, NA, J.P. Morgan Securities LLC, and J.P. Morgan Securities plc (JPMorgan) to paying some $200 million in fines and penalties to the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). It breaks down with $125 million to the SEC and $75 million to the CFTC. While that is probably just a rounding error to JPMorgan, it will purchase many, many lumps of coal that JPMorgan will probably get from Santa this year as they clearly have been very, very naughty. Both the SEC and CFTC settled via Orders, (herein CFTC Order and SEC Order).
Matt Kelly, writing in Radical Compliance, said of the underlying facts they do “not paint a pretty picture for JP Morgan. The misconduct happened from at least January 2018 through November 2020, and even supervisors in the broker-dealer unit — the people who were supposed to enforce compliance with records-retention policies — engaged in the same bad habits.” JPMorgan received numerous subpoenas for documents from the SEC between 2018 and 2020. JPMorgan failed to comply with these subpoenas as “JPMorgan frequently did not search for records contained on the personal devices of JPMorgan employees relevant to those inquiries.” Moreover, these failures “impacted the Commission’s ability to carry out its regulatory functions and investigate potential violations of the federal securities laws across these investigations; the Commission was often deprived of timely access to evidence and potential sources of information for extended periods of time and, in some instances, permanently.”
In ongoing investigations, the SEC was provided What’s App, text messaging and emails from parties who were in contact with JPMorgan. The SEC brought this information to the attention of JPMorgan and the bank “identified other recordkeeping failures that it subsequently” reported to the SEC. The bank’s “Supervisory policies tasked supervisors with ensuring that employees completed training in the firm’s communications policies and adhered to JPMorgan’s books and recordkeeping requirements” were just as guilty of such conduct. The internal function charged with the screening and review of electronic communications, the compliance department’s e-surveillance group, “failed to implement a system of follow-up and review to determine that supervisors’ responsibility to supervise was being reasonably exercised so that the supervisors could prevent and detect employees’ violations of the books and records requirements. Even when employees used approved communications methods, including on personal phones, for business communications, JPMorgan failed to implement sufficient monitoring to assure that its recordkeeping and communications policies were being followed.” The Order concluded, “Even after the firm became aware of significant violations, the widespread recordkeeping failures and supervisory lapses continued with a significant number of JPMorgan employees failing to follow basic recordkeeping requirements.”
As a part of the remediation effort during the investigation, the Board of Director’s Audit Committee hired a consultant to help in the effort. The SEC Order broadened this initiative out further to a “Compliance Consultant” to be retained to lead a variety of remedial efforts. (This sounds suspiciously like a monitor). Some of these efforts will include:
- A comprehensive review of JPMorgan’s supervisory, compliance, and other policies and procedures.
- A comprehensive review of training conducted by JPMorgan to ensure personnel are complying with the requirements.
- An assessment of the surveillance program measures implemented by JPMorgan to ensure compliance.
- An assessment of the technological solutions that JPMorgan implements to meet the record retention requirements.
- An assessment of the measures used by the firm to prevent the use of unauthorized communications methods for business communications by employees.
- A review of JPMorgan’s electronic communications surveillance routines.
- A comprehensive review of the framework to address instances of non-compliance, including (1) how JPMorgan determined which employees failed to comply, (2) the corrective action carried out, (3) an evaluation of who violated policies, (4) why and what penalties were imposed, and (5) whether penalties were handed out consistently across business lines and seniority levels.
There were also additional reporting obligations from the Compliance Consultant in the SEC Order that bear mentioning. In addition to a report at one year of the overall JPMorgan compliance program on record keeping for electronic communications; at two years the Compliance Consultant is to report on any discipline imposed on employees for violations of the record keeping policies. This includes, “written warnings, loss of any pay, bonus, or incentive compensation, or the termination of employment, with respect to any employee found to have violated JPMorgan’s policies and procedures”. JPMorgan’s Internal Audit function is also mandated to conduct an internal audit to determine compliance with the firm’s record keeping policies for electronic communications.
All of these obligations should be studied by compliance professionals for not only best practices but to determine any gaps in your company’s electronic data record keeping regime. This is critical even if you are not under the regulatory regime imposed on financial institutions or other regulated industries. The Department of Justice (DOJ) has long mandated that companies both understand and capture ephemeral communications but if your company gets into a Foreign Corrupt Practices Act (FCPA) or other similar investigation you will need to demonstrate compliance for a FCPA perspective and to then internally investigate any claims. Not much will be worse for your company than if the DOJ or SEC finds out about some FCPA-violative conduct and comes to your company and then you find out your business folks have been communicating through technology you were completely unaware of, you have no record of it and you cannot capture it.
Everyone was aware of the changes in risk when most companies went to WFH. Now are we RTO those risks have changed again. Even if you are aware of and have approved the use of Teams, Slack, Zoom or other technology to collaborate in the RTO environment; these tools are coming out with new features literally weekly that may change your risk profile. Use the JPMorgan SEC and CFTC enforcement actions as benchmarks to guide you through an assessment of your electronic record keeping program as well as key areas to enhance.
Matt Kelly and myself take a deep dive into this matter on this week’s Compliance into the Weeds, which will post Wednesday AM.
Cécilia Fellouse-Guenkel is a well-known compliance practitioner in France. She and Tom Fox have worked together in live as well as virtual conferences. She moved into the compliance industry when she joined a medical device company in the US. Since then, she says, compliance has been her passion. She eventually opened her own compliance consulting business, called Compliance For Good. The name of her company signifies that compliance is not only for the greater good, but for the long term. She and Tom talk about the evolution of ESG and how it has a positive impact on companies as well as the wider community.
Evolution of ESG
Tom asks, “How have you seen ESG evolve in Europe and the EU over the past few years?” Cécilia responds that ESG is a broad notion, many aspects of which have existed for quite some time. “I guess what’s changed now with ESG is on the one hand, how the investment and the financial world have been behaving recently,” she remarks. ESG-oriented investments have increased to the tune of US$30 trillion in recent times. Financial institutions are now willing to put a price tag on companies’ ESG efforts based on KPIs, which is an area compliance professionals are experts in. She discusses the strict ESG regulations in France and the EU – particularly the Duty of Care Act and the SFDR mandates respectively – which she says are catapulting ESG into the limelight as a critical issue for companies and compliance professionals. She and Tom talk about the impact on companies’ supply chain and the disquiet some stakeholders feel about these new regulations because of the presumption of responsibility now placed on businesses.
A Holistic Conversation
What advice are you giving your clients about ESG, Tom asks Cécilia. Companies come to her with questions about the Duty of Care law and other ESG regulations. “What I love the most is to make it a more holistic conversation, a global conversation,” she tells Tom. She shows her clients how they can achieve both an impact analysis and Duty of Care plan at the same time. “What I like about ESG is that it’s a shift for compliance people going from mostly looking at the risks … ESG is also looking at the positive aspects. So it’s really risk, opportunity and positive impact,” Cécilia comments. The conversation immediately becomes more strategic, efficient and helpful when you take this perspective, she adds. Boards also are more willing to listen. She emphasizes that this type of holistic approach is not new to compliance officers: another reason they are in a good position to lead the conversation around ESG.
Value of Compliance in ESG
A recent report by McKinsey explains the impact ESG has on a company’s profitability, including lower risk of sanctions, higher employee retention, and attracting potential talent. Cécilia says that compliance professionals should make sure they’re part of the conversation. She shares practical advice from two books. Tom comments that some compliance professionals don’t feel as comfortable with the E of ESG, as they believe they lack technical skills in that area. He asks Cécilia to share her thoughts on the subject. Even though the environmental aspect is a technical area, she remarks, compliance officers can still offer their expertise, such as in monitoring and standardizing KPIs. Another key area where compliance has valuable expertise is in third-party risk management.
ESG Into the Future
Cécilia wants compliance professionals to jump on the ESG train in the future. “It’s where we belong,” she tells Tom, “in the strategic sphere and the strategic role of ethics and compliance.” She likes Allison Taylor’s idea of the CCO as the Chief Integrity Officer. She is also hoping for more standard KPIs to move the industry forward.
Resources
Cécilia Fellouse-Guenkel on LinkedIn
In this episode of the FCPA Compliance Report, I visit with Brandon Daniels, President of Exiger. Brandon is a long-time favorite on the FCPA Compliance Report, and he always brings a unique perspective to a variety of compliance topics. In this episode, we look at the Theranos case from a very different angle than the criminal fraud trial of Elizabeth Holmes. We consider the due diligence lessons from Theranos. Highlights of this podcast include:
- What is the difference between ongoing due diligence v. point in time due diligence?
- How does Due Diligence on potential investments different (or not) from DD on other types of 3rd parties?
- What areas should you look at in DD of potential business partners/investments?
- How do you perform DD on leaders or senior management of potential business partners/investments?
- What should people or skill sets be on your DD team? For instance, would you suggest being on a DD team to evaluate Theranos?
- How do you evaluate the risk, or are you simply trying to ID red flags?
- Does DD provide insight into the leader of potential business partners/investments continuing after the deal is done?
Resources
Brandon Daniels on Exiger website
Pre-investment, IPO, and Fund-Raising DD
In today’s edition of Daily Compliance News:
- Brain control tech company placed on blacklist. (WaPo)
- OSHA vaccine mandate reinstated. (NYT)
- Corruption at the heart of college sports? (Chronicle of Higher Ed)
- JPMorgan settles record keeping failures suite. (Reuters)
In today’s edition of Sunday Book Review:
- The Code Breaker: Jennifer Doudna, Gene Editing, and the Future of the Human Race, by Walter Isaacson
- A Thousand Brains: A New Theory of Intelligence by Jeff Hawkins
- Klara and the Sun by Kazuo Ishiguro
- Hamnet by Maggie O’Farrell
- Project Hail Mary by Andy Weir