Tag: 2024 ECCP

FCPA Compliance Report: From Inputs to Outputs – Roxanne Petraeus and Susan Divers on Rethinking Compliance

Post author By admin
Post date October 14, 2024
No Comments on FCPA Compliance Report: From Inputs to Outputs – Roxanne Petraeus and Susan Divers on Rethinking Compliance

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, host Tom Fox is joined by Roxanne Petraeus and Susan Divers from Ethena to discuss innovative perspectives on compliance training, specifically focusing on the 2024 update to the Evaluation of Corporate Compliance Programs.

Roxanne, drawing from her military background, emphasizes the importance of practical and effective compliance training that resonates with employees rather than traditional ‘check-the-box’ methods. Susan highlights the shift towards emphasizing outputs over inputs, urging for compliance programs that are not just on paper but practiced and understood by all employees.

The discussion delves into the new expectations from the DOJ regarding the use of AI and data analytics in compliance, positioning compliance officers as pivotal to maintaining organizational justice and fairness. They also explore strategies for persuading senior management to prioritize compliance through emphasizing organizational culture and reputation. The conversation concludes with the role of leadership in fostering a compliant culture and practical steps for reaching out to Ethena for further insights.

Highlights in this Episode:

Deep Dive into the 2024 Compliance Program Update
Roxanne’s Journey and Ethena’s Mission
Susan’s Transition to Ethena
Outputs Over Inputs: A New Compliance Focus
The Role of AI in Compliance
Leadership and Compliance Strategy

Resources:

Roxanne Petraeus on LinkedIn

Susan Divers on LinkedIn

Tom Fox

For an audio/video version of the Compliance Kids book, Speaking Up is AWESOME, contact Tom Fox.

Tags 2024 ECCP, compliance, compliance training, Ethena, Roxanne Petraeus, Susan Divers

Everything Compliance

Everything Compliance: Episode 142, The 2024 ECCP Episode

Post author By admin
Post date October 10, 2024
No Comments on Everything Compliance: Episode 142, The 2024 ECCP Episode

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we are joined by Susan Divers, Consultant at Ethena as our Special Guest and we take up the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP).

This week we have the quartet of Matt Kelly, Jonathan Marks, Special Guest Susan Divers and Karen Moore; all hosted by Tom Fox.

Special Guest Susan Divers says the key to the 2024 is that it focuses on outputs rather than inputs or processes. She shouts out to Washington Commanders.

Jonathan Marks considers continuous controls monitoring mandates in the 2024 ECCP. He shouts out to Philadelphia Phillies for making the NL Playoffs and rants about TSA.

Karen Moore takes a deep dive into new information on whistleblowers, reporting functions and whistleblower protections in the 2024 ECCP. She is sad because of the increased threat of violence during the Jewish High Holy Days.

Matt Kelly looks at the intersection of AI and compliance found in the 2024 ECCP. He rants about Trump appointed US district judge Kathryn Mizelle who ruled the False Claims Act unconstitutional.

Tom Fox shouts out to Colorado District Judge Matthew Barrett for his sentencing of convicted election tamperor Tina Peters.

The members of the Everything Compliance are:

Karen Woody – Is one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
Jonathan Armstrong – is our UK colleague and an experienced data privacy/data protection lawyer in London. He can be reached at Armstrong@puntersouthall.law
Jonathan Marks can be reached at jtmarks@gmail.com
Karen Moore is a principal at Sounding Board Compliance, and can be reached at: Karen.moore@soundingboardcompliance.com

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Tags 2024 ECCP

Blog

Deere’s FCPA Enforcement Action: Performing a Root Cause Analysis to Inform Remediation

Post author By admin
Post date October 9, 2024
No Comments on Deere’s FCPA Enforcement Action: Performing a Root Cause Analysis to Inform Remediation

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere and Company (Deere) has bribery schemes torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I want to take a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

Compliance Professionals all know the pressure to act swiftly when misconduct is discovered. It is often tempting to jump straight into remediation to address the problem, protect the company, and appease regulators. However, the case of Deere’s recent FCPA enforcement action reminds us that acting without first understanding the root cause of the misconduct can lead to superficial fixes that fail to prevent future violations.

In the Deere enforcement action, the company faced significant penalties due to bribes paid by subsidiaries of Wirtgen Group, which Deere acquired in 2017. Between 2011 and 2017, Wirtgen subsidiaries engaged in corrupt practices, paying bribes to government officials in several countries, including China and India. While Deere eventually addressed the misconduct post-acquisition, its failure to perform robust due diligence and root cause analysis before remediation exposed it to regulatory and reputational damage.

This case highlights the critical need for companies to conduct a thorough root cause analysis before embarking on remediation efforts. In this blog post, we will detail why a root cause analysis should always precede remediation, what the process entails, and how it can protect your company from future enforcement actions and compliance failures.

Understanding the True Nature of the Problem

The first and most obvious reason to conduct a root cause analysis before remediation is to ensure you address the correct problem. In the Deere case, the misconduct stemmed from bribery by Wirtgen subsidiaries, but the real issue wasn’t just the bribery itself—it was the company’s failure to identify and prevent this behavior in the first place. Simply punishing the employees involved or updating internal policies would have been insufficient without understanding why these bribes were paid.

Before designing an effective remediation plan, you must understand why the misconduct occurred. Was it due to weak internal controls? A culture that tolerated unethical behavior? Inadequate training? A failure to perform due diligence on third parties? Each of these potential causes requires a different remediation strategy. If you do not identify the true cause of the problem, your remediation efforts will be superficial and may not prevent future violations. Root cause analysis allows compliance officers to uncover the underlying reasons for misconduct, enabling them to design targeted solutions that address the actual problem—not just the symptoms.

Root Cause Analysis Helps Identify Systemic Issues

One of the biggest risks when dealing with FCPA violations or corporate misconduct is that the issue may not be isolated to one event or individual. Corruption or compliance failures are often systemic, indicating deeper issues within the company’s culture, policies, or risk management framework. If Deere had conducted a more thorough root cause analysis post-acquisition, it could have uncovered broader issues in Wirtgen’s compliance program and taken proactive steps to address those weaknesses company-wide.

Root cause analysis forces you to ask tough questions about your company’s broader compliance infrastructure. Are certain business units, regions, or third-party relationships more misconduct-prone? Are there patterns of behavior that suggest systemic problems? You can implement more effective, company-wide remediation efforts by identifying these systemic issues beyond addressing a single incident.

Regulators Expect a Root Cause Analysis

Regulators, including the DOJ and the Securities and Exchange Commission (SEC), expect companies to conduct thorough root-cause analyses when investigating FCPA violations. The DOJ’s 2024 ECCP explicitly states that prosecutors will consider whether a company has adequately identified and remediated the root causes of misconduct when determining penalties. Additionally, this was specifically called out in the SAP Deferred Prosecution Agreement (DPA) earlier this year, where the DOJ stated, “5. Conducted a root cause analysis of the underlying conduct then remediating those root causes through enhancement of its compliance program;”.

In the Deere enforcement action, part of the company’s challenge was showing regulators that it had addressed the bribes themselves and the underlying reasons that allowed the misconduct to occur. Companies that skip the root cause analysis and rush into remediation without clearly understanding what went wrong will likely face harsher penalties.

Performing a root cause analysis is more than good practice; it has moved to a regulatory expectation. The more comprehensive your analysis, the more likely regulators (DOJ and SEC) are to view your remediation efforts as credible. A company that can demonstrate it understands the root cause of its compliance failures—and has taken meaningful steps to address those causes—is more likely to receive leniency during enforcement actions.

Preventing Recurrence: Moving Beyond Quick Fixes

One of the major pitfalls of jumping into remediation without a root cause analysis is the risk of implementing quick fixes that don’t address the root problem. For example, in the Deere case, if the company had updated its anti-corruption policy without addressing the broader cultural or systemic issues, it would have left the door open for future violations.

Root cause analysis ensures that your remediation efforts are comprehensive and designed to prevent future violations. Instead of focusing solely on policies or individuals, you’re addressing the broader systems and processes that allowed the misconduct to occur. This might involve rethinking your company’s approach to third-party due diligence, improving internal reporting mechanisms, or enhancing employee training programs to emphasize ethical behavior. A quick fix might resolve the immediate problem, but a comprehensive root cause analysis will prevent recurrence and protect your company long-term.

Improving Your Compliance Program Over Time

Root cause analysis is not a reactive tool; it is a mechanism to continuously improve your company’s compliance program. By regularly performing root cause analyses in response to compliance failures or near misses, you can identify trends, weaknesses, and gaps in your existing program. This allows you to make proactive adjustments and improvements, ensuring that your compliance program evolves to meet new risks and challenges.

Compliance is an ongoing process, and root cause analysis is key. By taking the time to understand why compliance failures happen, you can strengthen and improve your program over time. Don’t wait for a major enforcement action to identify weaknesses in your compliance program—use root cause analysis as a tool for continuous improvement.

Building a Culture of Accountability

Finally, one of the most important benefits of conducting a root cause analysis before remediation is that it fosters a culture of accountability. When employees see that the company is taking a thoughtful, thorough approach to addressing misconduct, they’re more likely to trust the compliance function and adhere to ethical standards.

In the Deere case, the company’s failure to identify and address the root causes of Wirtgen’s corrupt practices could have contributed to a culture where employees felt that bribery was tolerated or encouraged. By contrast, companies emphasizing accountability and transparency in their root cause analyses send a clear message: misconduct will be thoroughly investigated, and systemic issues will be addressed.

Building a strong culture of compliance starts with holding people—and processes—accountable. Root cause analysis helps you identify the individuals responsible for misconduct and the broader systems and structures that allowed it to happen. This accountability, in turn, strengthens your compliance culture and reinforces your company’s commitment to ethical behavior.

The Deere FCPA enforcement action powerfully reminds us of the importance of conducting a root cause analysis before proceeding with remediation. Companies need to understand why misconduct occurred before implementing superficial fixes. By taking the time to perform a thorough root cause analysis, compliance professionals can ensure that their remediation efforts are comprehensive, effective, and designed to prevent future violations.

Remember, root cause analysis isn’t just a best practice, as the DOJ has now noted several times in several places and through several different media; it is a regulatory expectation. It’s also a critical tool for improving your compliance program, building a culture of accountability, and protecting your company from future compliance failures. This means that before you rush to fix the problem, ensure you understand it first. Only then can you design a remediation plan that addresses the cause of misconduct and sets your company up for long-term success.

Tags 2024 ECCP, Deere and Company, DOJ, FCPA, root cause analysis, SAP

Creativity and Compliance

Creativity and Compliance: Engaging Compliance – From Training to Values

Post author By admin
Post date October 4, 2024
No Comments on Creativity and Compliance: Engaging Compliance – From Training to Values

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices that people use to consume information in their everyday, non-work lives, and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies and resources more accessible.

In this episode of ‘Creativity and Compliance,’ Tom and Ronnie discusses recent updates to the Evaluation of Corporate Compliance Programs (ECCP). The focus is on enhancing the effectiveness of compliance training and communication. Key insights include the importance of tailoring training to employees’ needs, interests, and values, and the necessity of frequent, targeted communication to keep employees engaged. The discussion highlights the shift from rule-based to values-based training and explores innovative ways to present content, such as using real-world events or creating engaging dialogues. Additionally, the podcast emphasizes the need for qualitative measures to assess training engagement and underscores the DOJ’s evolving standards that align with effective compliance practices.

Key Highlights:

Engaging Compliance Training with Personalized Content
Engaging Compliance Training through Real Scenarios
Enthusiastic Commitment to Ongoing Dialogue
Engaging Human-centric Communication and Training Methods

Resources:

Ronnie

Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
Compliance Confessions – inspired by “Mean Tweets” these 90-second commercials address misconceptions and excuses to promote speak up culture and the E&C team as positive and helpful.
E&C Training Jams – a soulful singer banters with ethics & compliance explaining policies, sharing examples and debunking excuses.
Tales from the Hotline – Real speak up-themed stories about workplace behavior gone wrong.
Workplace Tonight Show! – E&C meets SNL Weekend Update explaining corporate risk topics and why employees should care.
60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up and the E&C team as helpful advisors and coaches.
Custom Live & Digital Programing – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.

Tom

Tags 2024 ECCP, compliance, engagement, SCCE, training

2 Gurus Talk Compliance

2 Gurus Talk Compliance: Episode 38 – The SCCE Wrap Up Edition

Post author By admin
Post date October 4, 2024
No Comments on 2 Gurus Talk Compliance: Episode 38 – The SCCE Wrap Up Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

In this episode of the ‘Two Gurus Talk Compliance Podcast,’ hosts Kristy Grant-Hart and Tom Fox delve into recent updates and stories in the compliance world. They explore the DOJ’s latest guidance on corporate compliance programs, highlighting themes of data access and the role of AI. Discussion on domestic bribery leads to the case against NYC Mayor Eric Adams for alleged violations, including unauthorized travel expenses. The hosts also analyze four significant trade sanction cases detailed by Michael Volkov, illustrating the importance of rigorous compliance measures. Notable segments include the investigation into Binance’s hefty compliance investments, the influence of competition on corporate culture, and current issues in internal controls. A curious case on Caremark claims against Wells Fargo’s board is mentioned, providing insights into potential legal trends. The podcast closes with a humorous touch on a Florida man’s recurring jail visits due to retail fraud. The episode is a comprehensive overview of key compliance topics marked by real-world examples and expert insights.

Stories Include:

How Binance found that old time ‘compliance’ religion. (WSJ)
Wells Fargo must face Caremark claim. (Reuters)
SEC fines 11 more firms for failures in messaging apps. (SEC Press Release)
4 top sanctions cases. (Corruption, Crime and Compliance)
On the importance of internal controls. (Harvard Law School Forum on Corporate Governance)
Revamped Compliance Program Guidance! (Radical Compliance)
Canada, Mexico Should Halt China Forced-Labor Imports, U.S. Lawmakers Say. (WSJ)
NYC Mayor Eric Adams accepted harmless ‘courtesies,’ not bribes, his lawyer says (AP)
Companies Like to Pit Internal Teams Against Each Other. Bad Idea. (WSJ)
57-year-old Florida man goes to jail for 75th time (WTSP)

Resources:

Kristy Grant-Hart on LinkedIn

Tom

Tags 2024 ECCP, Binanace, Florida Man, Forced Labor, sanctions, SEC, Well Fargo

Blog

2024 ECCP – Embracing Continuous Improvement

Post author By admin
Post date October 3, 2024
No Comments on 2024 ECCP – Embracing Continuous Improvement

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute, Principal Deputy Assistant Attorney General Nicole M. Argentieri discussed the Evaluation of Corporate Compliance Programs (2024 ECCP). (A copy of her remarks can be found here.) Today, I want to consider her remarks and the 2024 ECCP on continuous improvement.

Continuous Improvement: A Foundational Pillar

The ability to adapt and evolve is at the heart of any successful compliance program. Deputy Attorney General Lanny Breuer said that in 2009, which is still true today. Continuous improvement ensures compliance programs remain agile and responsive to internal and external pressures. The DOJ’s 2024 ECCP clarified that there is no one-size-fits-all approach to compliance. Instead, companies must tailor their programs to reflect their specific risk profiles, industries, and operational footprints. The three key questions the DOJ asks when evaluating a company’s compliance program are pivotal:

Is the program well-designed?
Is it applied in good faith and adequately resourced?
Does it work in practice?

The answers to these questions must evolve as the company grows, its risk environment changes and new technologies or regulatory frameworks emerge. In other words, continuous improvement should be ingrained in the DNA of the compliance function.

Focus on Emerging Risks and Technology

A critical aspect of the 2024 ECCP update is its emphasis on emerging risks, particularly those related to artificial intelligence (AI) and other disruptive technologies. The DOJ has clarified that prosecutors will closely examine how companies assess and mitigate risks associated with AI and technology-enabled schemes. In an age where AI is increasingly used in business operations, compliance professionals must ensure that their companies are leveraging these technologies ethically and implementing robust controls to monitor for potential misuse.

For instance, as AI systems are deployed in decision-making processes—such as approving financial transactions or conducting due diligence—companies must have mechanisms to validate AI-generated data’s accuracy and reliability. This includes periodic testing, ongoing monitoring, and ensuring that human oversight remains an integral part of the compliance process.

Moreover, continuous improvement in this area involves staying ahead of technological trends. Compliance professionals must regularly update risk assessments for new technological developments, ensuring their controls and policies remain relevant. The ability to proactively manage these emerging risks is a hallmark of a forward-thinking compliance program.

Encouraging a Speak-Up Culture

Another critical update to the ECCP addresses the importance of fostering a “speak-up” culture within organizations. The DOJ’s increased scrutiny of whistleblower protections underscores the need for companies to encourage internal reporting of misconduct without fear of retaliation. Compliance programs must be designed to detect wrongdoing and provide employees with the tools and confidence to report issues when they arise.

Continuous improvement in this area means regularly testing and refining internal reporting mechanisms. Companies should ask themselves: Are our employees aware of how to report misconduct? Do they trust the process? Are we doing enough to protect whistleblowers? The ECCP now explicitly evaluates whether companies have anti-retaliation policies and whether they promote a culture encouraging employees to come forward.

It is also worth noting that companies can earn significant benefits by prioritizing internal reporting. Under the DOJ’s whistleblower pilot program, companies that receive an internal report and then self-disclose misconduct to the DOJ within 120 days can qualify for a presumption of a declination of prosecution. This sends a powerful message that promoting a speak-up culture is the right thing to do and strategically advantageous.

Leveraging Data for Compliance Effectiveness

The 2024 ECCP also strongly emphasizes the role of data in compliance programs. Companies are expected to use data to identify misconduct and assess the effectiveness of their compliance programs. Compliance professionals must ensure adequate access to relevant data sources and the resources to analyze that data effectively.

Continuous improvement in data management involves regularly auditing the sources and quality of data used in the compliance program. Are compliance personnel receiving timely and relevant data? Are there gaps in data collection that could hinder the detection of misconduct? By addressing these questions and implementing the necessary improvements, companies can ensure that their compliance programs function efficiently.

The Power of Adaptation

One of the most insightful aspects of the 2024 ECCP is its focus on learning from past mistakes—whether those mistakes occurred within the company or elsewhere in the industry. The DOJ encourages companies to conduct thorough root cause analyses after incidents of misconduct, using those insights to inform and improve compliance policies and procedures

Incorporating lessons learned into a compliance program is key to continuous improvement. Companies should routinely review their own experiences and external enforcement actions to identify weaknesses and strengthen their controls. For example, a company that uncovers a gap in its third-party due diligence process should take immediate action to address it and prevent similar issues.

Compensation and Clawbacks: A Shift Toward Accountability

Finally, the DOJ’s Compensation Incentives and Clawbacks Pilot Program is another area where continuous improvement can drive compliance excellence. By aligning compensation structures with ethical behavior, companies can incentivize employees to prioritize compliance. The DOJ now requires that compensation systems include criteria for promoting compliance and deterring misconduct, and early indications suggest that this positively impacts corporate behavior.

Continuous improvement in this area means regularly assessing whether the metrics used to evaluate employee performance are aligned with compliance objectives. Companies should also ensure that their compensation structures provide clear consequences for misconduct, such as clawing back bonuses or withholding future compensation from culpable employees.

In 2024 and as we move to 2025, continuous improvement is not a luxury but a necessity. Compliance professionals must remain vigilant, regularly evaluating and updating their programs to address new risks, leverage emerging technologies, and promote a strong culture of ethics. The DOJ’s 2024 ECCP provides a roadmap for how companies can achieve these goals, but the responsibility ultimately falls on compliance professionals to ensure that their programs are well-designed and effective in practice.

As we progress, the key to success lies in our ability to embrace continuous improvement. We must make the necessary investments in compliance to prevent, detect, and remediate misconduct. By doing so, we protect our organizations from legal and financial risk and foster a corporate culture that values integrity and ethical leadership.

Tags 2024 ECCP, compliance, continuous improvement

Compliance Into the Weeds

Compliance into the Weeds: The 2024 ECCP Update on Data Access

Post author By admin
Post date October 2, 2024
No Comments on Compliance into the Weeds: The 2024 ECCP Update on Data Access

The award winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the 2024 update to the Department of Justice’s guidelines for corporate compliance programs, focusing on data and data access.

Tom and Matt explore the significance of these updates and whether they stem from companies showing advancements in data analytics or the DOJ recognizing gaps in data access for compliance officers. The discussion highlights the challenges compliance officers face, especially with diverse ERP systems and data silos, and provides insights into how compliance officers can leverage these guidelines to advocate for better data access within their organizations. The episode also breaks down specific questions from the DOJ’s guidelines, offering practical advice on addressing obstacles to data, resources for data access, and data maintenance.

Key Highlights:

The Importance of Data Access in Compliance
Challenges in Data Access for Compliance Officers
DOJ’s Six Key Questions on Data Access
Addressing Data Access Impediments
Tools and Resources for Data Analytics
Communicating with the Board on Data Analytics

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Tom

Tags 2024 ECCP, Data, data access, Data Analytics, DOJ

Blog

The 2024 ECCP – Using Data Analytics to Determine Employee Engagement, Trust, and Corporate Culture

Post author By admin
Post date October 1, 2024
No Comments on The 2024 ECCP – Using Data Analytics to Determine Employee Engagement, Trust, and Corporate Culture

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke about the CWA and reviewed its early developments. (A copy of her remarks can be found here.) There was also updated information on the DOJ approach to whistleblowers and anti-retaliation found in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP). She addressed the growing importance of using data analytics to evaluate key aspects of a company’s corporate culture, particularly employee engagement, trust, and overall corporate ethics.

Assessing corporate culture is essential for compliance professionals. Culture is a powerful determinant of whether employees will adhere to company policies, report misconduct, and act ethically. The DOJ has made it clear through the 2024 ECCP that an organization’s culture of compliance is as critical as the controls themselves. Compliance programs must go beyond preventing misconduct and cultivate a culture where ethics and transparency are prioritized.

Employee engagement and trust are at the heart of this culture. Engaged employees are more likely to comply with rules and report issues. However, if there is a lack of trust—whether in the company’s leadership, policies, or reporting mechanisms—the risk of ethical lapses and misconduct increases. Data analytics can offer compliance professionals actionable insights into these hard-to-measure elements of corporate culture.

Leveraging Data Analytics for Cultural Insights

Traditionally, companies have relied on surveys, focus groups, and audits to assess employee engagement and trust. Despite their value, these methods frequently have limitations due to low response rates, biases, and a point-in-time perspective. On the other hand, data analytics offers ongoing, real-time insights across various indicators. Let’s explore how data analytics can help evaluate employee engagement, trust, and corporate culture:

Employee Engagement Data

Employee engagement can be a key indicator of whether a compliance program is likely to succeed. High levels of engagement suggest that employees are motivated, aligned with corporate values, and likely to act in the company’s best interest.

Metrics to Consider

Employee Feedback Platforms. Tracking data from feedback platforms (such as pulse surveys or anonymous feedback tools) can provide insights into employee sentiment about their work environment and leadership.
Participation in Training Programs. Data on employee participation in compliance training—especially voluntary programs—can offer insights into employees’ engagement with the company’s compliance initiatives.
Use of Corporate Tools. Monitoring internal systems such as compliance hotlines, whistleblower portals, and internal messaging boards can help assess whether employees feel empowered to engage with compliance resources.

By monitoring engagement trends over time, compliance officers can detect shifts in employee engagement and intervene if levels drop. For instance, increasing non-compliance with mandatory training could be a red flag for broader cultural issues.

Trust in Leadership and Compliance Programs

Trust is a critical component of a successful corporate compliance culture. If employees do not trust leadership or the compliance function, they are less likely to report misconduct and more likely to turn a blind eye to ethical violations.

Metrics to Consider

Whistleblower Reporting. Data on the number of whistleblower reports can be telling. A lack of reports may not necessarily indicate a lack of issues—it could signal a fear of retaliation or distrust in the reporting process.
Retention Rates in High-Risk Areas. Monitoring employee turnover in areas that are considered high-risk (e.g., finance, procurement, or overseas offices) can help determine whether ethical concerns are driving departures.
Survey Data on Trust Levels. Regular employee surveys on perceptions of leadership and the compliance program can offer a pulse on trust. The key is to go beyond traditional engagement surveys and ask questions about ethical concerns and trust in compliance leadership.

Combining survey data with data from whistleblower systems and employee retention analytics can offer a more nuanced view of whether employees trust leadership. A low reporting rate and high turnover in high-risk areas may indicate deeper cultural problems requiring intervention.

Monitoring Employee Behavior and Risk Indicators

One of the most significant ways data analytics can support compliance efforts is by detecting behavioral patterns that may indicate a lapse in corporate culture or potential compliance risks.

Metrics to Consider

Expense and Travel Data. Analyzing expense reports and travel data patterns can reveal inconsistencies or potential misconduct, such as fraudulent claims or unauthorized spending.
Email and Communication Analysis. Some companies use natural language processing (NLP) tools to analyze internal communications for warning signs of ethical issues. This can include detecting language that suggests rule-breaking, covering up misconduct, or expressing discontent with corporate policies.
Business Unit Performance vs. Compliance Reporting. Comparing performance data across business units with the frequency of compliance-related issues can provide insights into whether high-performing units are cutting corners to achieve their results.

Behavioral analytics can help compliance professionals detect patterns before they escalate into larger issues. For example, if a particular business unit shows exceptional financial performance but is under-reporting compliance concerns, this could signal a risky culture of non-compliance.

Driving a Data-Driven Culture of Compliance

Implementing data analytics in your compliance program requires the right technology, processes, and, most importantly, corporate buy-in. As the DOJ highlighted in its recent updates to the 2024 ECCP, compliance personnel must have adequate access to relevant data sources and the resources to interpret and act on that data. Companies should invest in the same level of technology for their compliance functions as they do for their business operations.

Some of the keys every compliance program should consider to help implement a data-driven culture of compliance include the following strategies:.

Build Cross-Functional Partnerships. Compliance teams should collaborate with human resources, IT, and business operations to gain access to the data they need. A cross-functional approach ensures compliance data is integrated into the company’s broader performance metrics.
Foster Transparency in Data Use. Be clear with employees about how their data will be used, particularly in sensitive areas such as monitoring communication. Emphasizing the ethical use of data can help build trust.
Regularly Reassess Your Metrics. As with any compliance program, the metrics used to evaluate corporate culture should evolve. New risks, technologies, and business challenges should inform your data strategy.

Strengthening Compliance through Analytics

The DOJ made clear in the Argentieri speech and the 2024 Update to the Evaluation of Corporate Compliance Programs that a data-driven approach to understanding employee engagement, trust, and corporate culture is essential for compliance success. Data analytics offers compliance professionals powerful tools to assess whether employees are following the rules and truly engaged in creating an ethical and compliant corporate environment.

As we look toward the future, companies prioritizing data analytics in their compliance programs will be better equipped to prevent misconduct, identify cultural risks, and foster a workplace that values ethics and transparency. For compliance officers, the time is now to embrace data analytics and use it to reinforce the foundation of a strong corporate compliance program.

Tags 2024 ECCP, Data Analytics, employee engagement, trust

Compliance Tip of the Day

Compliance Tip of the Day: Highlights from Argentieri Speech

Post author By admin
Post date September 30, 2024
No Comments on Compliance Tip of the Day: Highlights from Argentieri Speech

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at the key highlights for compliance professionals from the recent speech by Nicole Argentieri announcing the 2024 Update to the Evaluation of Corporate Compliance Programs.

Tags 2024 ECCP, Nicole Argentieri

FCPA Compliance Report

FCPA Compliance Report: Vince Walden on Leveraging Data Analytics for Effective Compliance Monitoring

Post author By admin
Post date September 30, 2024
No Comments on FCPA Compliance Report: Vince Walden on Leveraging Data Analytics for Effective Compliance Monitoring

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.

In this edition of the FCPA Compliance Report, Tom Fox welcomes back Vince Walden, founder of KonaAI. Vince reports on the 2024 Update to the Evaluation of Corporate Compliance Programs. (Today’s episode is a cross-posting from Data Driven Compliance.)

Walden, a distinguished expert in compliance data analytics, actively participates in industry forums such as the Society of Corporate Compliance and Ethics annual summit in Grapevine, Texas. He advocates for compliance professionals to have ample access to relevant data sources, enabling them to monitor and test policies, controls, and transactions effectively. Walden stresses the importance of AI developers being vigilant about potential biases and public harm, aligning with the Department of Justice’s stance on accountability. He advises compliance practitioners to collaborate with internal audit and finance teams to ensure they have the necessary transactional data for comprehensive risk assessments, highlighting successful, cost-effective implementations like those at Albemarle as models for gradual, data-driven compliance program adoption.