In today’s edition of Daily Compliance News:
Categories
Episode 026–Samantha Kelen
On this episode of The Ethics Experts, Nick speaks with Samantha Kelen about joining a new company, listening when people talk, and getting to know compliance.
Check out more episodes, and don’t forget to subscribe on your favorite podcast platform!
This week’s special guest is Yonason Goldson, an expert in ethical leadership, TEDx speaker, and consultant. He joins Tom Fox to discuss why ethics matters, as well as five important lessons the COVID-19 pandemic is teaching us.
Trust – the Key to Business Success
Yonason shares a story that illustrates how one moment of disrespect can destroy trust between an employer and an employee. He explains, “When you create a culture of trust, that generates loyalty, it generates passion, it generates productivity… The employees are engaged and want to give their all… And so they’re looking for opportunities to prove themselves by doing the best they can. And you have a company culture that thrives, it’s vibrant, it’s exciting. People want to come to work, and success is a foregone conclusion.” How Alcoa’s market value increased by 900% because of Paul O’Neill’s ethical leadership is a testament to the value of building a culture of trust, he says. He then talks about the huge cost of worker disengagement and points out that “Companies that are ranked highest for ethics, they grow faster than average, employees report being more satisfied, being more energized, being more loyal, recommending this job to friends and family.”
Listening Is a Key Leadership Skill
Tom comments that the ability to listen is the second most important step in fostering a speak-up culture. Yonason says that listening is how we get to know other people, and the more we know other people, the more we know ourselves. “The more discussion there is looking from every possible angle, the more likely it is that the conclusions and the decisions that we reach are going to be the best possible conclusions and decisions that we can reach,” he remarks.
Lessons from Coronavirus
Tom asks Yonason to share the practical lessons about ethics that we can learn from the pandemic. Yonason summarizes them as:
- Everything you do matters: the essence of ethics is to be aware of how your actions affect the world around you.
- Protect your ethical health: behavior is infectious.
- What you don’t see can hurt you.
- We need each other.
- Don’t wait for the next epidemic.
Secrets of Ethical Affluence
You can become ethically affluent by minding the CoDE of ethics. Yonason explains that this acronym stands for Communication, Diversity, and Ethics. He details why each aspect is important. Of diversity, he says, “Diversity is not just cultural or ethnic diversity, it’s intellectual diversity. It’s having people coming from different points of view… and different experiences… That intellectual diversity stimulates thought and new ideas…”
Resources
YonasonGoldson.com
Yonason Goldson on LinkedIn
The ROI of Ethics
The Ethics of Epidemic
TEDx Talk: How I Became My Own Worst Nightmare
Ebook: The Secrets of Ethical Affluence
Categories
A Tale of Two Careers
It was the best of times, it was the worst of time, it was the age of wisdom, it was the age of foolishness. These words from Charles Dickens “The Tale of Two Cities” is the inspiration for this week’s episode.
Two auditors start out graduating from similar universities, get similar starting positions, but in 10 years those two auditors are in very different places.
One is still a junior or senior auditor and the other is a director or chief audit executive earning 3-5 times the salary of the first auditor.
Do you know the difference between these two auditors?
Find out in this week’s #jammingwithjason #internalauditpodcast. Listen in at: http://www.jasonmefford.com/jammingwithjason/
When you are ready to take your career as a #chiefauditexecutive to the next level, join the CAE Briefing executive leadership program mentioned in this episode at: https://jasonmefford.mykajabi.com/caebriefing
Join thousands of lifelong learners in internal audit, risk and compliance at: With hundreds of learning options, you are sure to find exactly what you need: https://ondemand.criskacademy.com/?affcode=105582_jpp6czlf
In today’s edition of Sunday Book Review:
- Chocky by John Windham
- Moderan by David Bunch
- Store of the Worlds Stories by Robert Sheckley; edited by Alex Abramovich
- Machines in the Head by Jonathan Lethem
Next, I want to consider some of the issues around internal controls outside the U.S. and why your company’s internal controls might require changes for different countries across the globe. However, this provides an opportunity to further operationalize your compliance program through internal controls more narrowly tailored to mirror your business practices. Every CCO should consider entity-wide internal controls for a company. Under the FCPA accounting provisions, issuers can be held liable for the conduct of their foreign subsidiaries, even though the improper conduct occurred outside of the U.S. The scope of liability is based on the issuer’s incorporation of the subsidiary’s financial statements in its own records and SEC filings. So, as with the use of third-party distributors to sell product, FCPA enforcement looks past the structure of the transaction and makes enforcement decisions based upon the substance.
While a CCO should expect (or at least hope) that internal controls at locations outside the U.S. are of the same effectiveness as internal controls within U.S. business units and at the U.S. corporate office; unfortunately, that might not always be the case. It is often the case that corporate level internal controls are stronger than those in foreign business units. There may well be several reasons for this. First, the CFO may be paying closer attention to the corporate level internal controls, with the idea that the corporate level internal controls are the final “filter” to detect issues. This follows partly from the focus in most companies on the controls over financial reporting, which does not include all controls needed for compliance. A second reason is that many companies were built through acquisitions, resulting in many business units (both in and outside the U.S.) having completely different accounting, ERP and internal control systems than the corporate office. There is often a tendency to leave acquired companies in the state in which they were acquired, rather than trying to integrate their controls and conform them to those of current business units. After all, the reason for the acquisition was the profitability of the acquired company and nobody wants to be accused of negatively impacting profitability.
Three key takeaways:
- Modifying your internal controls can work to more fully operationalize your compliance program.
- Check the effectiveness of your internal controls for your international locations.
- Revisit your internal controls when a country or region experience large growth or other disruption.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I have visited with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community, reviewed GRC and K2 Intelligence FIN and today, in Part 5, we conclude with a look at GRC then and now.
I found most interestingly that Jeremy Kroll believes one of the key mainstays of GRC is something that many compliance professionals are only now coming to realize, which is that proactive compliance is more effective and more cost effective than reactive compliance. With the addition of technology, it is possible to do things not only more quickly and more efficiently but in a much more cost-effective manner. Jeremy Kroll noted, “What we’re seeing is the velocity of data available, the increasingly important role of technology, coupled with a multi-disciplined approach within organizations to create governance, frameworks, risk management techniques and abilities, and compliance programs that are even more essential now.”
Moving forward, compliance and ethics as well as GRC professionals, who are living and breathing the mission every day, are more fully operationalized down to the front lines. It is these risk management professionals who will be the ones first identifying the risk and risk management strategy. As Jeremy Kroll noted, “This will help you to flatten the curve and that risk particularly to your reputation or your business. I would say, come on over the water’s warm here, we’re growing very quickly. And I think as a proof point, the investment community is showing up every day at our doorstep. And they’re also thankfully investing in a lot of other businesses in our field and technology, RegTech, CompliTech, also professional services and advisory.”
We ended by agreeing that GRC is going to be one of the most exciting areas, including the outsourcing of compliance, which also includes training and education. Here Jeremy Kroll said, “we are taking people who are already in their forties, fifties, or even sixties, and we’re retraining them. And so, pivoting and making a career change and growing in this field, this is a growth field and we want that wisdom. We want that judgment. We want that business or life experience. And you can couple that with young employees and technology enablement, and then you can add tremendous value to clients.” It really does not get much better than that.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
There are four significant controls that I would suggest the compliance practitioner implement initially. They are: 1) DOA; 2) maintenance of the vendor master file; 3) contracts with third parties; and 4) movement of cash/currency.
Your DOA should reflect the impact of compliance risk including both transactions and geographic location so that a higher level of approval for matters involving third parties, for fund transfers and invoice payments to countries outside the U.S. would be required inside your company. The vendor master file, can be one of the most powerful preventative control tools largely because payments to fictitious vendors are one of the most common occupational frauds. Near and dear to my heart as a lawyer are contracts with third parties. These can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. The Hewlett-Packard (HP) FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. All situations where funds can be sent outside the U.S., including such methods accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans or advances, should all be reviewed from the compliance risk standpoint. This means you need to identify the ways in which a country manager or a sales manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.
To prevent these types of activities internal controls, need to be in place. This means all wire transfers outside the U.S. should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the U.S. should always require dual approvals. Lastly, wire transfer requests going outside the U.S. should be required to include a description of proper business purpose.
The bottom line is that internal controls are just good financial controls. The internal controls that detail requirements for third party representatives in the compliance context will help to detect fraud, which could well lead to bribery and corruption.
Three key takeaways:
- Remember the top four internal controls for an effective compliance program.
- Effective internal controls should do more than protect but also prevent internal program violations.
- Effective internal compliance controls are good financial controls.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week am visiting with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community. In Part 4, we consider GRC and K2 Intelligence FIN and will conclude tomorrow with a look at GRC then and now.
Jeremy Kroll counseled that you must “start with an investigative mindset and understanding what the core risks are. Where is that inflection point? Sometimes you might find out a little bit late, but so long as you are quick to react and pivot, you can change the calculus. That means you have to be ready with enough resources internally. You need to make sure that you have a couple of key crisis response or organizations on speed dial because you can’t do everything yourself and your team is usually focused on doing business as usual.” He ended with “how do you be prepared and be in a position to make sure it is a normalized environment when you are dealing with a significant risk to your organization?”
A growing area is outsourced compliance, which was once again recognized in the 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs. Jeremy Kroll noted, “For entities of any size, it’s important to have the ability to constantly monitor and update compliance procedures and protocols as risk profiles change. However, we also know compliance budgets are under tremendous pressure to adhere to budget cuts and to create greater efficiencies. As a result, our third-party managed services offer outsourced technology and manpower service that enables these organizations to meet regulatory requirements and control costs. We leverage flexibility and scalability across areas including coping with a shortage of experienced employees; improving compliance processes; developing and maintaining a robust technology infrastructure; and tackling global compliance demands.” Jeremy Kroll concluded, “This way, for entities who don’t know where to begin or simply do not have the internal resources, they can rely on organizations like ours to help.”
Please join us for our final episode of this podcast series where we examine GRC: then and now.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
In this second episode of Fraud Eats Strategy, Scott Moritz speaks to Neil Barofsky, a partner at Jenner & Block and the former Special Inspector General of the Troubled Asset Relief Program about these issues. We will explore the increased discovery of financial crimes that occur in a down cycle of the economy and how organizations can use fraud risk assessments to identify fraud, pursue avenues of recovery and strengthen their organizations against the potential negative consequences of fraud.
Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, war lords, kleptocrats and more.
Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.
