Tag: 31 Days to a More Effective Compliance Program

Categories
31 Days to More Effective Compliance Programs

31 days to a More Effective Compliance Program: Day 8 – Building Effective Compliance Through Payroll

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

Operationalizing a compliance program through payroll is a vital component of a company’s risk management strategy, serving as both a control mechanism and a crucial link to the broader compliance function. Payroll is instrumental in identifying potential red flags, such as offshore payments, which require meticulous documentation and enhanced internal controls to prevent compliance violations. Tom Fox, a noted expert in compliance, underscores the significant role payroll plays in fortifying compliance programs by aligning with FCPA requirements and preventing fraudulent activities. He advocates for implementing demonstrable controls like Approval Certification processes, segregation of duties, and regular review procedures to mitigate compliance risks effectively. According to Tom, by embedding robust controls within payroll operations, companies deter potential violations and ensure compliance is woven into the organizational fabric, thus operationalizing their compliance programs seamlessly.

Key highlights:

  • Payroll should be on the front lines of any attempt to prevent, detect, and remediate anti-corruption compliance.
  • Key compliance program components for payroll.
  • Watch for offshore payments.

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 5- Enhancing Compliance Through Automation

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2025, I will post a key part a best practices compliance program each day. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

In this episode, we explore how automation can revolutionize traditional compliance reporting, which is often manual, time-consuming, and error-prone. By leveraging data-driven solutions, compliance professionals can achieve near real-time reporting, improving decision-making and efficiency across their organizations. Reg Ops (regulatory operations) plays a key role in this transformation by focusing on automating compliance artifact creation and integrating existing security and compliance tools. This helps provide a comprehensive, real-time view of the company’s compliance status. However, organizations must carefully balance the need for real-time reporting with data accuracy, security, and cultural adaptation to realize these benefits. Tune in as we highlight three key takeaways: the critical role of automation in improving compliance effectiveness, the necessity of near real-time reporting, and the importance of balancing data accuracy and security in compliance programs. Join us tomorrow to discuss the impact of privacy regulations on data-driven compliance programs and analytics.

Key Highlights

  • Challenges in Traditional Compliance Reporting
  • Integrating Tools for Real-Time Compliance
  • Balancing Real-Time Reporting with Data Security
Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 4- Building Effective Data Analytics Programs for Compliance

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2025, I will post a key part a best practices compliance program each day. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

In today’s business environment, compliance professionals leverage data analytics to adhere to regulatory requirements and ethical standards. This episode focuses on the importance of defining specific risks an organization wants to monitor, capturing relevant data creatively, and utilizing internal expertise to build effective data analytics programs. By starting small and focusing on one risk at a time, compliance officers can demonstrate their dedication to improving compliance despite limited resources. Additionally, a data-driven approach helps shift focus from individual policy violations to identifying systemic issues, enhancing overall organizational compliance. Key takeaways include understanding multiple factors in creating data-driven compliance programs, recognizing the value of shifting focus to systemic issues, and gradually building analytics capabilities.

Key Highlights

  • Defining and Identifying Risks
  • Innovative Data Capture and Internal Collaboration
  • Demonstrating Value to Senior Management

Resources

Listeners to this podcast can receive a 20% discount to The Compliance Handbook, 5th edition by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 3- Key Updates in the ECCP: Messaging Apps, Internal Controls, and Compensation

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2025, I will post a key part a best practices compliance program each day. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

In today’s episode, we delve into the significant updates in the evaluation of corporate compliance programs, focusing on messaging apps, internal controls, and adequate compensation. The revised language in the ECCP highlights the DOJ’s increased scrutiny on the use of messaging apps, emphasizing the need for tailored policies that align with a company’s specific risks and business needs. We also discuss the critical importance of internal controls as minimum expectations set by the DOJ, and the necessity of continuous monitoring to manage these risks effectively. Lastly, we examine the newly added provisions related to adequate compensation, ensuring that compliance teams are empowered and protected against retaliation. The episode concludes by summarizing three key takeaways for compliance professionals: the growing importance of communications compliance, the need for robust and functional internal controls, and the imperative of adequately compensating compliance personnel.

Key Highlights

  • Messaging Apps and Compliance
  • Internal Controls and Risk Management
  • Adequate Compensation for Compliance Teams

Resources

Listeners to this podcast can receive a 20% discount to The Compliance Handbook, 5th edition by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 2-2024 ECCP on Incentives, Consequences, and Clawbacks

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2025, I will post a key part a best practices compliance program each day. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

In this episode, we discuss how the Department of Justice (DOJ) has emphasized the importance of designing and implementing compliance-based compensation schemes. Financial incentives, such as deferred or escrowed compensation tied to conduct, play a critical role in fostering a culture of compliance. The episode also explores the necessary continuum of assessment, analysis, implementation, and monitoring that companies must follow for effective compliance incentive programs. Additionally, Tom covers the DOJ’s rigorous approach to consequence management, particularly concerning clawback provisions in executive contracts. The episode guides compliance professionals on the essential steps and analyses required to adhere to the enhanced DOJ expectations. Key takeaways include the importance of financial incentive analysis and the distinct yet related roles of clawbacks and consequence management within a compliance program.

Key Highlights

  • Starting with Incentives and Consequences
  • Incentive Program Breakdown
  • Consequence Management Deep Dive

Resources

Listeners to this podcast can receive a 20% discount to The Compliance Handbook, 5th edition by clicking here.

Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – The Investigation Protocol

After the internal report comes in and you have properly triaged the matter, you need to scope out and investigate it, promptly, thoroughly, and with competent personnel. In the 2020 Update, provided these series of questions about your internal investigations:
 Properly Scoped Investigations by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation? How does the company ensure that investigations are properly scoped? What steps does the company take to ensure investigations are independent, objective, appropriately conducted, and properly documented? How does the company determine who should conduct an investigation, and who makes that determination?
 Investigation Response – Does the company apply timing metrics to ensure responsiveness? Does the company have a process for monitoring the outcome of investigations and ensuring accountability for the response to any findings or recommendations?
 Resources and Tracking of Results – Are the reporting and investigating mechanisms sufficiently funded? How has the company collected, tracked, analyzed, and used information from its reporting mechanisms? Does the company periodically analyze the reports or investigation findings for patterns of misconduct or other red flags for compliance weaknesses? Does the company periodically test the effectiveness of the hotline, for example by tracking a report from start to finish?

In a presentation, Jay Martin, and Jacki Trevino discussed the specifics of an investigation protocol. It consisted of 1) opening and categorizing the case; 2) planning the investigation; 3) executing the investigation plan; 4) determining appropriate follow-up, and 5) closing the case. If you follow this basic protocol, you should be able to work through most investigations, in a clear, concise, and cost-effective manner. Furthermore, you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to “Document, Document, and Document”, not only the steps you took but why and the outcome obtained.
Three key takeaways:

  1. A written protocol, created before an investigation, is a key starting point.
  2. Create specific steps to follow so there will be full transparency and documentation going forward.
  3. Consistency in approach is critical.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Triage of Internally Reported Allegations

One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. In the 2012 FCPA Guidance, there is a short but succinct statement, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” This is considered in more expansive language in the 2020 Update to the Evaluation of Corporate Compliance Programs.  Under Part 1, Section D. Confidential Reporting Structure and Investigation Process, it stated in part, Properly Scoped Investigation by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation?
Appropriate triage of allegations has several different impacts for any matter which comes to the attention of compliance. Obviously, it will help you to initially determine the seriousness of the matter. From there you can allocate an appropriate level of resources. It will also aid in your discussion with the DOJ if you must go that route. Finally, in the situation where facts come in, it provides the required documented evidence that a process was followed that you can show the government that a claim was properly scoped, as required under the Evaluation. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before an allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.

Three key takeaways:

  1. Compliance can learn from M*A*S*H about the need for triage.
  2. Initial triage allows you to separate the wheat of serious allegations from the chaff of more inconsequential allegations.
  3. A robust triage process allows for greater credibility with government regulators.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Internal Reporting and Whistleblowers During Layoffs

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming, it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for various complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

These actions allow you to demonstrate that any laid-off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However, it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you lay off the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also, demonstrating that you are sincerely interested in a meritorious hotline complaint may keep this person from becoming an SEC whistleblower.

Three Key Takeaways:

  1. An employment separation is critical if an internal report has been made.
  2. Have appropriate language in your separation agreement.
  3. Treat terminated employees with dignity and respect.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Answering DOJ Questions on Confidential Reporting

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.”

This was expanded in the DOJ’s 2020 Guidance, in the section entitled “D. Confidential Reporting Structure and Investigation Process,” with the following language, “Another hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct. Prosecutors should assess whether the company’s complaint-handling process includes proactive measures to create a workplace atmosphere without fear of retaliation, appropriate processes for submitting complaints, and processes to protect whistleblowers.”

Three Key Takeaways:

  1. Internal reporting systems indicate a working, operationalized compliance program.
  2. There must be a solid communication line between the people doing the investigation and those leading the remediation.
  3. Your internal reporting mechanism must be trusted.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Internal Reporting System Best Practices

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The 2019 Guidance further refined this basic requirement for a hotline with inquiries into the effectiveness of your corporate hotline, asking, “Effectiveness of the Reporting Mechanism – Does the company have an anonymous reporting mechanism, and, if not, why not?  How is the reporting mechanism publicized to the company’s employees?  Has it been used?  How has the company assessed the seriousness of the allegations it received?  Has the compliance function had full access to reporting and investigative information?” In this podcast, we detail some of the key best practices.

Three key takeaways:

  1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
  2. Train your employees on the use of the hotline.
  3. Use data from your hotline to continually update and improve your compliance program.