Categories
31 Days to More Effective Compliance Programs

Day 19 – Your Investigation Protocol

After the internal report comes in and you have properly triaged the matter, you need to scope out and investigate it promptly, thoroughly, and with competent personnel. In the 2020 Update, provided these series of questions about your internal investigations:

Properly Scoped Investigations by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation? How does the company ensure that investigations are properly scoped? What steps does the company take to ensure investigations are independent, objective, appropriately conducted, and properly documented? How does the company determine who should conduct an investigation, and who makes that determination?

 Investigation Response – Does the company apply timing metrics to ensure responsiveness? Does the company have a process for monitoring the outcome of investigations and ensuring accountability for the response to any findings or recommendations?

 Resources and Tracking of Results – Are the reporting and investigating mechanisms sufficiently funded? How has the company collected, tracked, analyzed, and used information from its reporting mechanisms? Does the company periodically analyze the reports or investigation findings for patterns of misconduct or other red flags for compliance weaknesses? Does the company periodically test the hotline’s effectiveness, for example, by tracking a report from start to finish?

In a presentation, Jay Martin, retired Chief Compliance Officer at Baker Hughes, and Jacki Trevino, Senior Director of Advisory Services Group at SAI Global Limited, discussed the specifics of an investigation protocol. It consisted of 1) opening and categorizing the case; 2) planning the investigation; 3) executing the investigation plan; 4) determining appropriate follow-up, and 5) closing the case. If you follow this basic protocol, you should be able to work through most investigations in a clear, concise, and cost-effective manner. Furthermore, you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to “Document, Document, and Document” not only the steps you took but why and the outcome obtained.

Three key takeaways:

  1. A written protocol, created before an investigation, is a key starting point.
  2. Create specific steps to follow so there will be full transparency and documentation going forward.
  3. Consistency in approach is critical.
Categories
31 Days to More Effective Compliance Programs

Day 1 – What 2022 Brought To Compliance Programs

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2023, I will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, three actions were significant, with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism. In Glencore, we saw what happens to a company that engages in worldwide systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit, which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company could take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies on the Foreign Corrupt Practices Act (FCPA) enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was additional commentary by Principal Associate Deputy Attorney General Marshall Miller in a speech and by Assistant Attorney General Kenneth A. Polite. Every compliance professional should know them in detail as they significantly turn the heat up on corporate compliance programs. The Monaco Memo is further clarification and guidance for line prosecutors when considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing, which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. The DOJ hired Matt Galvan to help develop data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance professional in data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.

 Three key takeaways:

1. Key FCPA cases in 2022 were Glencore, ABB, and Stericycle.

2. The Monaco Memo refocused the DOJ’s efforts on FCPA and other white-collar crime and put the heat on compliance programs.

3. The DOJ’s hiring of Matt Galvan will focus on the DOJ’s expertise in data analytics and their employment in compliance programs.

Categories
Blog

Introducing the January 2022 Podcast Series – 31 Days to a More Effective Compliance Program

I have always striven to provide my readers and listeners with the most up-to-date information on what goes into a best practices compliance program. To that end, beginning January 1, and for the next 31 days, I will be exploring the best way to more fully operationalize a compliance program using these resources. The podcast series will provide the compliance practitioner with a thorough grounding in the key aspects of a best practices compliance program based on the latest information from the regulators. Each day I will highlight a new topic based upon the information we learned on compliance programs in 2021. If you are starting out to design, create and implement a best practices compliance program, this series will give you the basics. If you are looking for the most current thinking on how to enhance your compliance program, this series will also benefit you as well.
I hope you will join me as we engage in 31 days to a more effective compliance program. It will be available on the FCPA Compliance Report, iTunes, YouTube and JDSupra.