Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance: Episode 38 – The SCCE Wrap Up Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

In this episode of the ‘Two Gurus Talk Compliance Podcast,’ hosts Kristy Grant-Hart and Tom Fox delve into recent updates and stories in the compliance world. They explore the DOJ’s latest guidance on corporate compliance programs, highlighting themes of data access and the role of AI. Discussion on domestic bribery leads to the case against NYC Mayor Eric Adams for alleged violations, including unauthorized travel expenses. The hosts also analyze four significant trade sanction cases detailed by Michael Volkov, illustrating the importance of rigorous compliance measures. Notable segments include the investigation into Binance’s hefty compliance investments, the influence of competition on corporate culture, and current issues in internal controls. A curious case on Caremark claims against Wells Fargo’s board is mentioned, providing insights into potential legal trends. The podcast closes with a humorous touch on a Florida man’s recurring jail visits due to retail fraud. The episode is a comprehensive overview of key compliance topics marked by real-world examples and expert insights.

Stories Include:

Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

2024 ECCP – Embracing Continuous Improvement

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute, Principal Deputy Assistant Attorney General Nicole M. Argentieri discussed the Evaluation of Corporate Compliance Programs (2024 ECCP). (A copy of her remarks can be found here.) Today, I want to consider her remarks and the 2024 ECCP on continuous improvement.

Continuous Improvement: A Foundational Pillar

The ability to adapt and evolve is at the heart of any successful compliance program. Deputy Attorney General Lanny Breuer said that in 2009, which is still true today. Continuous improvement ensures compliance programs remain agile and responsive to internal and external pressures. The DOJ’s 2024 ECCP clarified that there is no one-size-fits-all approach to compliance. Instead, companies must tailor their programs to reflect their specific risk profiles, industries, and operational footprints. The three key questions the DOJ asks when evaluating a company’s compliance program are pivotal:

  1. Is the program well-designed?
  2. Is it applied in good faith and adequately resourced?
  3. Does it work in practice?

The answers to these questions must evolve as the company grows, its risk environment changes and new technologies or regulatory frameworks emerge. In other words, continuous improvement should be ingrained in the DNA of the compliance function.

Focus on Emerging Risks and Technology

A critical aspect of the 2024 ECCP update is its emphasis on emerging risks, particularly those related to artificial intelligence (AI) and other disruptive technologies. The DOJ has clarified that prosecutors will closely examine how companies assess and mitigate risks associated with AI and technology-enabled schemes. In an age where AI is increasingly used in business operations, compliance professionals must ensure that their companies are leveraging these technologies ethically and implementing robust controls to monitor for potential misuse.

For instance, as AI systems are deployed in decision-making processes—such as approving financial transactions or conducting due diligence—companies must have mechanisms to validate AI-generated data’s accuracy and reliability. This includes periodic testing, ongoing monitoring, and ensuring that human oversight remains an integral part of the compliance process.

Moreover, continuous improvement in this area involves staying ahead of technological trends. Compliance professionals must regularly update risk assessments for new technological developments, ensuring their controls and policies remain relevant. The ability to proactively manage these emerging risks is a hallmark of a forward-thinking compliance program.

Encouraging a Speak-Up Culture

Another critical update to the ECCP addresses the importance of fostering a “speak-up” culture within organizations. The DOJ’s increased scrutiny of whistleblower protections underscores the need for companies to encourage internal reporting of misconduct without fear of retaliation. Compliance programs must be designed to detect wrongdoing and provide employees with the tools and confidence to report issues when they arise.

Continuous improvement in this area means regularly testing and refining internal reporting mechanisms. Companies should ask themselves: Are our employees aware of how to report misconduct? Do they trust the process? Are we doing enough to protect whistleblowers? The ECCP now explicitly evaluates whether companies have anti-retaliation policies and whether they promote a culture encouraging employees to come forward.

It is also worth noting that companies can earn significant benefits by prioritizing internal reporting. Under the DOJ’s whistleblower pilot program, companies that receive an internal report and then self-disclose misconduct to the DOJ within 120 days can qualify for a presumption of a declination of prosecution. This sends a powerful message that promoting a speak-up culture is the right thing to do and strategically advantageous.

Leveraging Data for Compliance Effectiveness

The 2024 ECCP also strongly emphasizes the role of data in compliance programs. Companies are expected to use data to identify misconduct and assess the effectiveness of their compliance programs. Compliance professionals must ensure adequate access to relevant data sources and the resources to analyze that data effectively.

Continuous improvement in data management involves regularly auditing the sources and quality of data used in the compliance program. Are compliance personnel receiving timely and relevant data? Are there gaps in data collection that could hinder the detection of misconduct? By addressing these questions and implementing the necessary improvements, companies can ensure that their compliance programs function efficiently.

The Power of Adaptation

One of the most insightful aspects of the 2024 ECCP is its focus on learning from past mistakes—whether those mistakes occurred within the company or elsewhere in the industry. The DOJ encourages companies to conduct thorough root cause analyses after incidents of misconduct, using those insights to inform and improve compliance policies and procedures

Incorporating lessons learned into a compliance program is key to continuous improvement. Companies should routinely review their own experiences and external enforcement actions to identify weaknesses and strengthen their controls. For example, a company that uncovers a gap in its third-party due diligence process should take immediate action to address it and prevent similar issues.

Compensation and Clawbacks: A Shift Toward Accountability

Finally, the DOJ’s Compensation Incentives and Clawbacks Pilot Program is another area where continuous improvement can drive compliance excellence. By aligning compensation structures with ethical behavior, companies can incentivize employees to prioritize compliance. The DOJ now requires that compensation systems include criteria for promoting compliance and deterring misconduct, and early indications suggest that this positively impacts corporate behavior.

Continuous improvement in this area means regularly assessing whether the metrics used to evaluate employee performance are aligned with compliance objectives. Companies should also ensure that their compensation structures provide clear consequences for misconduct, such as clawing back bonuses or withholding future compensation from culpable employees.

In 2024 and as we move to 2025, continuous improvement is not a luxury but a necessity. Compliance professionals must remain vigilant, regularly evaluating and updating their programs to address new risks, leverage emerging technologies, and promote a strong culture of ethics. The DOJ’s 2024 ECCP provides a roadmap for how companies can achieve these goals, but the responsibility ultimately falls on compliance professionals to ensure that their programs are well-designed and effective in practice.

As we progress, the key to success lies in our ability to embrace continuous improvement. We must make the necessary investments in compliance to prevent, detect, and remediate misconduct. By doing so, we protect our organizations from legal and financial risk and foster a corporate culture that values integrity and ethical leadership.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The 2024 ECCP Update on Data Access

The award winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the 2024 update to the Department of Justice’s guidelines for corporate compliance programs, focusing on data and data access.

Tom and Matt explore the significance of these updates and whether they stem from companies showing advancements in data analytics or the DOJ recognizing gaps in data access for compliance officers. The discussion highlights the challenges compliance officers face, especially with diverse ERP systems and data silos, and provides insights into how compliance officers can leverage these guidelines to advocate for better data access within their organizations. The episode also breaks down specific questions from the DOJ’s guidelines, offering practical advice on addressing obstacles to data, resources for data access, and data maintenance.

Key Highlights:

  • The Importance of Data Access in Compliance
  • Challenges in Data Access for Compliance Officers
  • DOJ’s Six Key Questions on Data Access
  • Addressing Data Access Impediments
  • Tools and Resources for Data Analytics
  • Communicating with the Board on Data Analytics

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The 2024 ECCP – Using Data Analytics to Determine Employee Engagement, Trust, and Corporate Culture

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke about the CWA and reviewed its early developments. (A copy of her remarks can be found here.) There was also updated information on the DOJ approach to whistleblowers and anti-retaliation found in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP). She addressed the growing importance of using data analytics to evaluate key aspects of a company’s corporate culture, particularly employee engagement, trust, and overall corporate ethics.

Assessing corporate culture is essential for compliance professionals. Culture is a powerful determinant of whether employees will adhere to company policies, report misconduct, and act ethically. The DOJ has made it clear through the 2024 ECCP that an organization’s culture of compliance is as critical as the controls themselves. Compliance programs must go beyond preventing misconduct and cultivate a culture where ethics and transparency are prioritized.

Employee engagement and trust are at the heart of this culture. Engaged employees are more likely to comply with rules and report issues. However, if there is a lack of trust—whether in the company’s leadership, policies, or reporting mechanisms—the risk of ethical lapses and misconduct increases. Data analytics can offer compliance professionals actionable insights into these hard-to-measure elements of corporate culture.

Leveraging Data Analytics for Cultural Insights

Traditionally, companies have relied on surveys, focus groups, and audits to assess employee engagement and trust. Despite their value, these methods frequently have limitations due to low response rates, biases, and a point-in-time perspective. On the other hand, data analytics offers ongoing, real-time insights across various indicators. Let’s explore how data analytics can help evaluate employee engagement, trust, and corporate culture:

Employee Engagement Data

Employee engagement can be a key indicator of whether a compliance program is likely to succeed. High levels of engagement suggest that employees are motivated, aligned with corporate values, and likely to act in the company’s best interest.

Metrics to Consider

  • Employee Feedback Platforms. Tracking data from feedback platforms (such as pulse surveys or anonymous feedback tools) can provide insights into employee sentiment about their work environment and leadership.
  • Participation in Training Programs. Data on employee participation in compliance training—especially voluntary programs—can offer insights into employees’ engagement with the company’s compliance initiatives.
  • Use of Corporate Tools. Monitoring internal systems such as compliance hotlines, whistleblower portals, and internal messaging boards can help assess whether employees feel empowered to engage with compliance resources.

By monitoring engagement trends over time, compliance officers can detect shifts in employee engagement and intervene if levels drop. For instance, increasing non-compliance with mandatory training could be a red flag for broader cultural issues.

Trust in Leadership and Compliance Programs

Trust is a critical component of a successful corporate compliance culture. If employees do not trust leadership or the compliance function, they are less likely to report misconduct and more likely to turn a blind eye to ethical violations.

Metrics to Consider

  • Whistleblower Reporting. Data on the number of whistleblower reports can be telling. A lack of reports may not necessarily indicate a lack of issues—it could signal a fear of retaliation or distrust in the reporting process.
  • Retention Rates in High-Risk Areas. Monitoring employee turnover in areas that are considered high-risk (e.g., finance, procurement, or overseas offices) can help determine whether ethical concerns are driving departures.
  • Survey Data on Trust Levels. Regular employee surveys on perceptions of leadership and the compliance program can offer a pulse on trust. The key is to go beyond traditional engagement surveys and ask questions about ethical concerns and trust in compliance leadership.

Combining survey data with data from whistleblower systems and employee retention analytics can offer a more nuanced view of whether employees trust leadership. A low reporting rate and high turnover in high-risk areas may indicate deeper cultural problems requiring intervention.

Monitoring Employee Behavior and Risk Indicators

One of the most significant ways data analytics can support compliance efforts is by detecting behavioral patterns that may indicate a lapse in corporate culture or potential compliance risks.

Metrics to Consider

  • Expense and Travel Data. Analyzing expense reports and travel data patterns can reveal inconsistencies or potential misconduct, such as fraudulent claims or unauthorized spending.
  • Email and Communication Analysis. Some companies use natural language processing (NLP) tools to analyze internal communications for warning signs of ethical issues. This can include detecting language that suggests rule-breaking, covering up misconduct, or expressing discontent with corporate policies.
  • Business Unit Performance vs. Compliance Reporting. Comparing performance data across business units with the frequency of compliance-related issues can provide insights into whether high-performing units are cutting corners to achieve their results.

Behavioral analytics can help compliance professionals detect patterns before they escalate into larger issues. For example, if a particular business unit shows exceptional financial performance but is under-reporting compliance concerns, this could signal a risky culture of non-compliance.

Driving a Data-Driven Culture of Compliance

Implementing data analytics in your compliance program requires the right technology, processes, and, most importantly, corporate buy-in. As the DOJ highlighted in its recent updates to the 2024 ECCP, compliance personnel must have adequate access to relevant data sources and the resources to interpret and act on that data. Companies should invest in the same level of technology for their compliance functions as they do for their business operations.

Some of the keys every compliance program should consider to help implement a data-driven culture of compliance include the following strategies:.

  • Build Cross-Functional Partnerships. Compliance teams should collaborate with human resources, IT, and business operations to gain access to the data they need. A cross-functional approach ensures compliance data is integrated into the company’s broader performance metrics.
  • Foster Transparency in Data Use. Be clear with employees about how their data will be used, particularly in sensitive areas such as monitoring communication. Emphasizing the ethical use of data can help build trust.
  • Regularly Reassess Your Metrics. As with any compliance program, the metrics used to evaluate corporate culture should evolve. New risks, technologies, and business challenges should inform your data strategy.

Strengthening Compliance through Analytics

The DOJ made clear in the Argentieri speech and the 2024 Update to the Evaluation of Corporate Compliance Programs that a data-driven approach to understanding employee engagement, trust, and corporate culture is essential for compliance success. Data analytics offers compliance professionals powerful tools to assess whether employees are following the rules and truly engaged in creating an ethical and compliant corporate environment.

As we look toward the future, companies prioritizing data analytics in their compliance programs will be better equipped to prevent misconduct, identify cultural risks, and foster a workplace that values ethics and transparency. For compliance officers, the time is now to embrace data analytics and use it to reinforce the foundation of a strong corporate compliance program.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Highlights from Argentieri Speech

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at the key highlights for compliance professionals from the recent speech by Nicole Argentieri announcing the 2024 Update to the Evaluation of Corporate Compliance Programs.

Categories
FCPA Compliance Report

FCPA Compliance Report: Vince Walden on Leveraging Data Analytics for Effective Compliance Monitoring

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.

In this edition of the FCPA Compliance Report, Tom Fox welcomes back Vince Walden, founder of KonaAI. Vince reports on the 2024 Update to the Evaluation of Corporate Compliance Programs. (Today’s episode is a cross-posting from Data Driven Compliance.)

Walden, a distinguished expert in compliance data analytics, actively participates in industry forums such as the Society of Corporate Compliance and Ethics annual summit in Grapevine, Texas. He advocates for compliance professionals to have ample access to relevant data sources, enabling them to monitor and test policies, controls, and transactions effectively. Walden stresses the importance of AI developers being vigilant about potential biases and public harm, aligning with the Department of Justice’s stance on accountability. He advises compliance practitioners to collaborate with internal audit and finance teams to ensure they have the necessary transactional data for comprehensive risk assessments, highlighting successful, cost-effective implementations like those at Albemarle as models for gradual, data-driven compliance program adoption.

Highlights in this Episode

  • Data-Driven Compliance for Cost Savings
  • Enhancing Compliance through Advanced Data Analysis
  • Identifying High-Risk Areas for Data Analytics
  • Proactive Risk Mitigation through Real-Time Monitoring
  • ROI-driven Compliance Programs with Data Analytics

Resources

Vince Walden on LinkedIn

KonaAI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.

Categories
Blog

The 2024 ECCP: Complying with the 2024 ECCP on Whistleblowers

The Department of Justice (DOJ), in its 2024 Update, has explicitly directed companies to ensure they have robust processes in place to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, we are responsible for safeguarding the integrity of our organizations and fostering a culture where ethical behavior is the norm, not the exception. The 2024 Update to the Evaluation of Corporate Compliance Programs provides us with critical insights into how we can enhance the effectiveness of our compliance programs, particularly regarding reporting mechanisms and whistleblower protection. These elements are the bedrock of a robust compliance culture, and the update offers a clear roadmap for their implementation and improvement.

The DOJ posed two sets of queries for compliance professionals. They are found in Section I, entitled “Is the Corporation’s Compliance Program Well Designed?” A prosecutor could ask a company or compliance professional going through an investigation in the following series of questions.

Effectiveness of the Reporting Mechanism

  • Does the company have an anonymous reporting mechanism, and if not, why not?
  • How is the reporting mechanism publicized to the company’s employees and other third parties? Has it been used?
  • Does the company test whether employees know the hotline and feel comfortable using it?
  • Does the company encourage and incentivize reporting of potential misconduct or violations of company policy? Conversely, does it use practices that tend to chill such reporting?
  • How does the company assess employees’ willingness to report? How has the company assessed the seriousness of the allegations it received?
  • Has the compliance function had full access to reporting and investigative information?

Commitment to Whistleblower Protection and Anti-Retaliation

  • Does the company have an anti-retaliation policy?
  • Does the company train employees on internal and external anti-retaliation policies and whistleblower protection laws?
  • To the extent that the company disciplines employees involved in misconduct, are employees who reported internally treated differently than others involved in misconduct who did not?
  • Does the company train employees on internal reporting systems, external whistleblower programs, and regulatory regimes?

As compliance professionals, we are charged with safeguarding the integrity of our organizations and fostering a culture where ethical behavior is the norm, not the exception. The 2024 Update to the Evaluation of Corporate Compliance Programs provides us with critical insights into how we can enhance the effectiveness of our compliance programs, particularly regarding reporting mechanisms and whistleblower protection. These elements are the bedrock of a robust compliance culture, and the update offers a clear roadmap for their implementation and improvement.

The Importance of an Anonymous Reporting Mechanism

One key takeaway from the 2024 Update is the emphasis on having an anonymous reporting mechanism. This tool is essential for any compliance program as it provides employees and third parties with a safe and confidential way to report potential misconduct or violations of company policy.

The update explicitly asks whether your company has such a mechanism and, if not, why not. The absence of an anonymous reporting system should be a red flag for any compliance professional. In today’s regulatory environment, where transparency and accountability are paramount, the lack of such a mechanism can severely undermine the credibility of your compliance program.

If your organization does not have an anonymous reporting mechanism, now is the time to implement one. The benefits are clear: it encourages more reports, provides a sense of security to the reporter, and demonstrates the company’s commitment to addressing unethical behavior. However, merely having a mechanism is not enough.

The lesson here is that the existence of an anonymous reporting mechanism is not just a best practice—it’s a necessity. If your company lacks such a system, it’s time to reconsider seriously. The key takeaway is ensuring your company has an anonymous reporting mechanism. This tool is crucial for empowering employees and third parties to report misconduct without fear of exposure. The absence of this mechanism signals a significant gap in your compliance program, which could undermine trust and deter reporting.

How Is the Reporting Mechanism Publicized?

Another critical aspect highlighted in the update is how well the reporting mechanism is publicized within the company and to third parties. A reporting mechanism that isn’t well-known or accessible might as well not exist. The compliance team is responsible for ensuring employees know and understand how to use this tool. This can be achieved through regular training sessions, clear communication channels, and visible reminders throughout the workplace.

It is not simply about making employees aware but also making them comfortable with using the mechanism. This involves creating a workplace culture where reporting misconduct is seen as a positive action, not something that will lead to negative repercussions.

The key lesson for every compliance professional is that a reporting mechanism is only as effective as its visibility and accessibility. If employees and third parties aren’t aware of it, it will not be used. However, it would be best if you publicized your reporting mechanism widely. Regularly communicate its existence, purpose, and how to use it. Training sessions, internal communications, and visible reminders throughout the organization are essential to ensure everyone knows how to report concerns.

Testing Employee Awareness and Comfort

The 2024 Update introduces a crucial question: Has the company tested whether employees know the hotline and feel comfortable using it? This goes beyond just tracking the number of reports received. It requires proactive steps such as surveys, focus groups, or even role-playing scenarios to gauge the effectiveness of your reporting system.

Understanding employees’ perceptions and addressing any concerns they may have is vital. For instance, if employees hesitate to use the hotline due to fear of retaliation or believing nothing will change, these issues must be addressed head-on. Ensuring that the reporting mechanism is perceived as a trusted and effective tool is key to its success.

The bottom line is that awareness is one thing; comfort in using the reporting system is another. Employees must feel secure using the mechanism without fear of retaliation or inaction. As a compliance professional, you must regularly test and measure employee awareness and comfort. Use surveys, focus groups, and feedback sessions to gauge whether employees know about the reporting channels and feel safe using them. Address any concerns or misconceptions that may prevent employees from reporting misconduct.

Encouraging and Incentivizing Reporting

The update also challenges companies to reflect on whether they encourage and incentivize reporting of potential misconduct or violations. This is a nuanced area, as it involves balancing encouragement without creating a system that can be abused.

One effective approach is to incorporate positive reinforcement into the reporting process. This could be recognition programs for employees who demonstrate ethical behavior, including those who report concerns. Additionally, communicating the outcomes of investigations (while maintaining confidentiality) can reinforce the idea that reporting leads to tangible results and positive organizational changes.

Conversely, the update warns against practices that might chill reporting. These can include overly aggressive investigations, a lack of confidentiality, or a corporate culture that implicitly discourages speaking up. Compliance professionals must be vigilant in identifying and eliminating these barriers. Ensuring that employees feel safe and supported when they report misconduct is non-negotiable.

It is incumbent to note that practices that discourage or chill reporting are counterproductive and can erode trust in the compliance program. Compliance professionals must identify and eliminate practices that may deter reporting. This includes ensuring confidentiality, avoiding overly aggressive investigations, and addressing any cultural factors that may implicitly discourage speaking up. Building a culture where reporting is seen as a positive and valued action is crucial.

Assessing and Acting on Reports

Once a report is made, how the company handles it speaks volumes about its commitment to compliance. The update emphasizes the importance of assessing the seriousness of the allegations and ensuring that the compliance function has full access to reporting and investigative information.

This means every report deserves to be taken seriously, regardless of how minor it may seem. The compliance department must ensure that investigations are thorough, impartial, and conducted with the utmost confidentiality. This helps resolve the issue at hand and builds trust in the system, encouraging more employees to come forward in the future.

Other key components are both transparency and communication. While maintaining confidentiality, it is crucial to keep the reporter informed about the status of their report. This can significantly impact their perception of the process and the company’s commitment to addressing misconduct.

A compliance professional must realize that how reports are handled reflects the company’s commitment to compliance and ethics. Further, every corporate compliance program must ensure thorough and impartial investigations. Every report deserves serious attention, regardless of its perceived severity. The compliance team should have full access to reporting and investigative information, and the process should be transparent. Keeping the reporter informed while maintaining confidentiality builds trust and encourages future reporting.

Commitment to Whistleblower Protection and Anti-Retaliation

One of the update’s most critical aspects is its focus on whistleblower protection and anti-retaliation. A robust compliance program is complete with strong measures to protect those who come forward. The 2024 ECCP asks whether the company has an anti-retaliation policy in place. This is a fundamental requirement. Without such a policy, employees will be reluctant to report misconduct, fearing repercussions. However, having a policy is just the first step.

Training ensures employees know internal anti-retaliation policies and external whistleblower protection laws. This training should be regular, comprehensive, and tailored to different levels of the organization. Employees must understand that retaliation is against company policy and illegal under various regulatory regimes.

The 2024 ECCP also asks whether employees who report misconduct are treated differently than those who do not. This question is crucial as it touches on the fairness and integrity of your compliance program. It is essential that reporters are not penalized for their actions and that the company consistently demonstrates its commitment to protecting whistleblowers. Protecting whistleblowers is fundamental to maintaining an effective compliance program. Without strong anti-retaliation measures, your program’s credibility is at risk. Every corporate compliance function must implement and enforce a robust anti-retaliation policy.

Compliance must regularly train employees on internal policies and external whistleblower protection laws. This will ensure that whistleblowers are not treated unfairly and that there is a clear, consistent approach to handling reports. This protection not only encourages reporting but also supports a culture of integrity.

However, simply being aware of the reporting mechanism is not enough. Employees also need to be trained in the broader regulatory environment. Compliance functions must not conduct regular training on internal reporting systems and external whistleblower programs. Make sure that employees understand not only how to report but also the legal protections available to them. This comprehensive approach helps reinforce the importance of compliance and the company’s commitment to ethical behavior.

The 2024 Update to the Evaluation of Corporate Compliance Programs is a critical reminder that compliance is not just about having policies in place but about creating a culture of ethics and integrity. For in-house compliance professionals, the lessons are clear: prioritize anonymous reporting mechanisms, ensure robust whistleblower protections, and foster a culture where employees feel safe and encouraged to speak up. Doing so protects our organizations and builds a workplace where ethical behavior is the norm, not the exception.

The 2024 Update to the Evaluation of Corporate Compliance Programs underscores the importance of a well-structured, well-publicized, and well-enforced compliance program. For compliance professionals, the key takeaways are clear: ensure your reporting mechanisms are robust and accessible, foster a safe and supportive environment for reporting, and protect those who come forward. By focusing on these areas, you can build a culture of integrity that meets regulatory expectations and creates a workplace where ethical behavior is the standard.

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending September 28, 2024

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week.

Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • DOJ releases a 2024 Update to the Evaluation of Corporate Compliance Programs. (FCPA Compliance & Ethics Blog)
  • China probes PVH. (Reuters)
  • Wells Fargo must face Caremark claim. (Reuters)
  • Wagner Group used HSBC and JPMorgan for payments. (FT)
  • Caroline Ellison sentenced to 2 years in prison and forfeits $11bn (NYT)
  • How Binance found that old time ‘compliance’ religion. (WSJ)
  • New York City Mayor Adams indicted on bribery and corruption charges. (NYT)
  • SEC fines 12 more firms for failures in messaging apps. (SEC Press Release)
  • S. Iswaran was convicted for corruption in Singapore. (BBC)
  • Ex-CEO of Skael faces criminal fraud charges. (WSJ)

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The Argentieri Speech: Mid-Point Reflections on the DOJ’s Compensation Clawback Pilot Program

Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. ( A copy of her remarks can be found here.) She reiterated the long-stated policy that compliance professionals play a critical role in ensuring companies comply with the law and foster a culture of ethics and integrity. She noted that the Department of Justice (DOJ) has made it clear that companies are the first line of defense against corporate crime, and compliance officers are on the front lines of this defense. The 2024 update to the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) and the introduction of new pilot programs in 2024 underscored the increasing importance of the roles of compliance professionals. This blog post will review her remarks on the DOJ Compensation Incentives and Clawbacks Pilot Program (Clawbacks Program).

The Early Impact: Changing Corporate Behavior

Argentieri believes that early indications suggest these innovations are changing corporate behavior. One notable example comes from a company under agreement with the Criminal Division that required adherence to compliance standards and reporting misconduct as part of its annual performance reviews. Coupled with a company-wide messaging campaign, these efforts have increased reporting of potential compliance issues—a clear sign that employees are responding to the new incentives.

Moreover, the DOJ has observed companies integrating assessments of how employees demonstrate core values into their performance reviews. For example, one company now evaluates employees across categories such as individual and team performance, goal accomplishment, and demonstration of core values. These metrics are then factored into both compensation and promotion decisions. This approach reinforces the importance of ethical behavior and embeds compliance into the fabric of corporate culture.

Dual Pillars of the Clawbacks Program

The program is built on two foundational pillars. The first involves mandating that every corporate resolution under the Criminal Division’s supervision include compliance-related criteria in its compensation and bonus systems. This mandate compels companies to establish metrics that reward compliance-promoting behavior and deter misconduct. While similar language has been included in some corporate resolutions, the pilot program has made it a requirement in every Criminal Division resolution since its inception. So far, this requirement has been incorporated into nine corporate resolutions spanning five industries: tech, finance, crypto, manufacturing, and energy.

This shift is a formality and a strategic realignment in how companies approach compensation. By linking financial incentives to ethical behavior, these nine companies set a precedent for others in their industries. They align compensation with financial performance and the broader goal of conducting business ethically. This is a significant move, one that has the potential to set a new tone across the marketplace.

The Second Pillar: Fine Reductions for Financial Accountability

The second part of the Clawbacks Program offers a tangible incentive for companies to hold individuals financially accountable for misconduct. Specifically, companies that recoup or withhold compensation from culpable employees—or those who had supervisory authority and were aware of or willfully blind to the misconduct—are eligible for a fine reduction. The reduction is equal to the amount of the withheld compensation, reflecting the DOJ’s commitment to promoting financial accountability as a cornerstone of corporate compliance.

Argentieri reviewed the two companies that have benefited from this aspect of the clawbacks program; both come from Foreign Corrupt Practices Act (FCPA) enforcement actions. Albemarle, for instance, implemented procedures to freeze future bonuses for those suspected of misconduct, those who directly oversaw employees involved in misconduct, or those who ignored red flags. As a result, Albemarle received a reduction in its criminal monetary penalty equal to the amount of the withheld bonuses. In recognition of its substantial cooperation and significant remediation efforts, Albemarle also received a 45% reduction from the low end of the applicable penalty range—the highest percentage reduction to date.

Similarly, SAP withheld compensation from culpable employees and defended this decision through litigation, reinforcing the message that misconduct would have individual financial consequences. SAP’s actions not only earned the company a fine reduction equal to the amount of the withheld compensation but also played a critical role in the DOJ’s decision to grant a 40% reduction in its overall fine.

Lessons for Compliance Professionals: The Power of Financial Incentives

The lessons from the DOJ’s clawbacks pilot program are clear and compelling for compliance professionals. First, integrating compliance into compensation structures is a powerful tool for driving ethical behavior and deterring misconduct. Companies that make compliance a critical factor in determining compensation send a strong message to their employees: engaging in ethical behavior is not just encouraged but essential for business success.

Second, the importance of financial accountability must be balanced. The DOJ’s willingness to reduce fines for companies that recoup compensation from culpable employees highlights the agency’s commitment to holding individuals responsible for their actions. This aspect of the pilot program is particularly significant as it underscores the role of individual accountability in fostering a strong culture of compliance.

Finally, continuous evaluation is key. The DOJ is urging companies to regularly assess the effectiveness of their compliance-linked compensation systems, seek feedback, and make necessary adjustments. This iterative process ensures compliance metrics remain relevant and effective, allowing companies to stay ahead of emerging risks and maintain a robust compliance culture.

As we move towards the second half of the DOJ’s pilot program, the early successes in promoting compliance through compensation-linked incentives and financial accountability are setting the stage for a new era in corporate governance. The evidence so far suggests that this approach is feasible and effective in driving meaningful change in corporate behavior.

For those in the compliance profession, this is a pivotal moment. Integrating compliance into compensation and emphasizing financial accountability are significant advancements in corporate ethics and governance. It’s an opportunity to champion these changes within your organization and to be part of a broader movement that aligns financial success with ethical business practices.

In the long run, this pilot program’s true test will be its enduring impact on corporate behavior. But if the early indicators are anything to go by, we are witnessing the beginning of a new chapter in compliance—one where doing the right thing is not just the ethical choice but also the smart one.

Categories
Data Driven Compliance

Data-Driven Compliance: The DOJ Mandate on Transforming Compliance Through Data Analytics and AI with Vince Walden

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, Vince Walden, founder of KonaAI, the sponsor of this podcast, returns to talk about the recent speech by Nicole Argentieri and the release of the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP).

Walden shares insights from the Nicole Argentieri’s keynote and ECCP update, emphasizing the DOJ’s focus on data access in compliance. We explore the importance of utilizing both compliance and business data for effective fraud and risk management. Walden underscores the necessity for compliance professionals to collaborate with internal audit and finance departments, advocating for a risk-based approach to data analytics and continuous controls monitoring. The discussion also delves into leveraging AI and machine learning to improve compliance efficacy and overall business operations, arguing for the proportional allocation of resources to match the company’s sophistication level.

Key Highlights:

  • DOJ’s Focus on Data Access
  • Understanding Compliance Data Analytics
  • Training Compliance Officers on Data
  • Implementing Continuous Controls Monitoring
  • Cost Savings and ROI in Compliance
  • Proportionate Resource Allocation
  • Documentation and Transparency

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn