Tag: Albemarle

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 4, Start with a Root Cause Analysis

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point out a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 4, Root Cause, Risk Assessment, and Gap Analysis. Your remediation should begin with a root cause analysis. From there, move on to a risk assessment and gap analysis, and then you are ready to start your complete remediation.

SAP

The SAP Deferred Prosecution Agreement (DPA) laid out the best example of how this works in practice. The DPA reported extensive remediation by SAP, and the information provided in the DPA is instructive for every compliance professional. SAP engaged in a wide range of remedial actions. It all started with a root cause analysis. Root Cause analysis was enshrined in the FCPA Resource Guide, 2nd edition, as one of the Hallmarks of an Effective Compliance Program. It stated, “The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigation’s structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.”

This means a company should respond to the specific incident of misconduct that led to the FCPA violation. This means your organization “should also integrate lessons learned from misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.” The SAP DPA noted that SAP engaged in the following steps based on these factors:

1. Conducted a root cause analysis of the underlying conduct, then remediated those root causes through enhancement of its compliance program;
2. Conducted a gap analysis of internal controls, remediating those found lacking;
3. Undertook a “comprehensive risk assessment focusing on high-risk areas and controls around payment processes and enhancing its regular compliance risk assessment process”;
4. SAP documented using “comprehensive operational and compliance data” in its risk assessments.

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s compliance program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls on a go-forward basis. To do so, a company will need to analyze the root causes of the misconduct and remediate those causes promptly and appropriately to prevent future compliance breaches. This SAP did it during its remediation phase.

Albemarle

Albemarle also received credit “because it engaged in extensive and timely remedial measures.” This remedial action began based on the company’s root cause analysis of its FCPA violations.
This root cause analysis led to a risk assessment, which led to remediation. All of these steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out an effective compliance program and had tested it.

ABB

ABB also did an excellent job in its remedial efforts. According to the ABB Plea, ABB “engaged in extensive remedial measures, including hiring experienced compliance personnel and following a root-cause analysis of the conduct,” which led to the FCPA enforcement action. More on the ABB remediation later.

Each entity worked diligently to rebuild its compliance programs from the ground up. Whatever the faults of their prior compliance programs, each company was quite diligent in revamping their compliance regimes. While each company builds out a program based on its own risk, there is quite a bit of guidance you can draw from if your company finds itself in this position.

Here, the DOJ communicates that your remedial measures should start with a root cause analysis of the FCPA violation. From there, move to a risk assessment and internal control gap analysis to create a clear risk management strategy.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 3, Extensive Remediation

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point out a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 3, Extensive Remediation. The DOJ expects extensive remediation, well documented with data analytics to support everything you have done. Each of the companies engaged in extensive remediation.

ABB

The plea agreement said that ABB “took a lot of corrective action,” such as hiring experienced compliance staff and, after figuring out what caused the behavior described in the Statement of Facts, putting a lot more money into testing and monitoring compliance across the whole company; putting in place targeted training programs and extra case-study sessions on-site; and continuing to test and monitor to see how things are going. This final point was expanded on in the SEC Order, which reported that all employees involved in the misconduct were terminated.

At this point, there are not many specific components of the ABB remediation available, but we do know that ABB was given credit for hiring “experienced compliance personnel,” starting with the hiring of Natalia Shehadeh, SVP and Chief Integrity Officer, and then allowing Shehadeh to hire a dream team of compliance professionals to work with her.

Albemarle

The NPA cited several remedial actions by the company that helped Albemarle obtain a superior result regarding the discounted fine and penalty. These steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out an effective compliance program and had tested it. The NPA provided that Albemarle engage in the following remedial efforts:

  • Strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization;
  • Transformed its business model and risk management process to reduce corruption risk in its operation and to embed compliance in the business, including implementing a go-to-market strategy that resulted in eliminating the use of sales agents throughout the Company, terminating hundreds of other third-party sales representatives, such as distributors and resellers, and shifting to a direct sales business model;
  • Provided extensive training to its sales team, restructuring compensation and incentives so that compensation is no longer tied to sales amounts;
  • Used data analytics to monitor and measure the compliance program’s effectiveness and
  • We are engaged in continuous testing, monitoring, and improving all aspects of its compliance program, beginning immediately after identifying misconduct.

SAP

SAP also did an excellent job in its remedial efforts, whether SAP realized that, as a recidivist in dire straits, it was after the publicity in South Africa around corruption or some other reason that the company made major steps to create an effective, operationalized compliance program that met the requirements of the Hallmarks of an Effective Compliance Program as laid out in the 2020 FCPA Resource Guide, 2nd edition.

The remedial actions by SAP can be grouped as follows:

  1. Root Cause, Risk Assessment, and Gap Analysis. After doing a gap analysis of internal controls and fixing any problems found, the company did a root cause analysis of the behavior in question and fixed the issues it found. It then did a full risk assessment, focusing on high-risk areas and controls around payment processes, and used the results to improve its compliance risk assessment process.
  2. Enhancement of Compliance. Here, the company significantly increased the budget, resources, and expertise devoted to compliance; restructured its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership; enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties; enhanced its reporting, investigations and consequence management processes;
  3. Change in sales models. On the external sales side, SAP eliminated its third-party sales commission model globally, prohibited all sales commissions for public sector contracts in high-risk markets, and enhanced compliance monitoring and audit programs, including creating a well-resourced team devoted to audits of third-party partners and suppliers. On the internal side, SAP adjusted internal compensation incentives to align with compliance objectives and reduce corruption risk.
  4. Data Analytics. Here, SAP expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally, and comprehensively used data analytics in its risk assessments.

Each of these entities worked quite diligently to rebuild their compliance programs from the ground up. Whatever the faults of their prior compliance programs, each company was quite diligent in revamping their compliance regimes. While each company builds out a program based on its own risk, there is quite a bit of guidance you can draw from if your company finds itself in this position.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 1, Self-Disclosure

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring, and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions. Today, we begin with Number 1, self-disclosure. The first and most important thing is that a company should self-disclose a potential FCPA violation to the DOJ.

The DOJ expects and will reward self-disclosure above all else. The ABB enforcement action all began with ABB’s putative attempt to self-disclose. ABB set up a meeting where they intended to self-disclose but only set up the meeting without telling the DOJ the reason for the meeting. Unfortunately for ABB, this attempt was unsuccessful, as the South African press broke the story of ABB’s bribery and corruption between the time ABB called to set up a meeting and sat down with the DOJ. Yet the DOJ spent significant time discussing the underlying facts, and it was clear it positively impacted the DOJ.

Kenneth Polite, then Assistant Attorney General, said of ABB’s conduct around this attempt, “Before the meeting, however, a media report drew public attention to the wrongdoing.  But because the company could demonstrate intent and efforts to self-disclose before, and without any knowledge of, the media report, the Department weighed both the early detection of the misconduct and the intent to disclose it significantly in ABB’s favor.”

In the Albemarle enforcement action, there was a significant discussion in the NPA around Albemarle’s voluntary self-disclosure to the DOJ. “The disclosure was not “reasonably prompt,” as it was made approximately 16 months ago to the DOJ after initial discovery by the company. This meant the self-disclosure “was not within a reasonably prompt time after becoming aware of the misconduct in Vietnam,” and it means that Albemarle did not meet the standard for voluntary self-disclosure. While the DOJ “gave significant weight” to the company’s voluntary, even if untimely, disclosure of the misconduct, it is certainly cautionary.

Equally interesting was the SAP enforcement action. Although this factor was not present in the SAP enforcement action, the DOJ’s message regarding the DOJ’s expectation of self-disclosure and the obvious and palpable benefits could not be any clearer. Under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the U.S.S.G. fine range but rather at 40% from above the low end. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. SAP’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

In addition to these enforcement actions, Kenneth Polite, in a speech announcing changes in the Corporate Enforcement Policy, made clear the importance of self-disclosure in the eyes of the DOJ. “Our existing policy provides that if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates, there is a presumption that we will decline to prosecute absent certain aggravating circumstances involving the offense’s seriousness or the offender’s nature. These aggravating circumstances include, but are not limited to, involvement by executive management of the company in the misconduct; a significant profit to the company from the wrongdoing; egregiousness or pervasiveness of the misconduct within the company; or criminal recidivism.” If a company self-discloses, but a criminal resolution is warranted, our existing policy offers 50% off of the low end of the applicable Sentencing Guidelines penalty range.

He re-emphasized this position: “When a company has uncovered criminal misconduct in its operations, the clearest path to avoiding a guilty plea or an indictment is voluntary self-disclosure.  It is also the clearest path to the greatest incentives that we offer, such as a declination with disgorgement of profits.” While noting the difficulty of a company deciding to self-disclose, “we are underscoring that a corporation that falls short of our expectations does so at its own risk. Make no mistake – failing to self-report, cooperate, and remediate fully can lead to dire consequences.” [emphasis supplied]

The DOJ could not be clearer. The No. 1 lesson is that you need to self-disclose if you want any of the benefits available.

Categories
Blog

Self-Disclosure is Now the Key

The Department of Justice (DOJ) has been making significant strides in emphasizing the importance of voluntary self-disclosure in corporate enforcement cases, particularly in the Foreign Corrupt Practices Act (FCPA) realm. This shift in approach is evident in recent policy announcements and enforcement actions, beginning with the 2022 ABB Foreign Corrupt Practices Act (FCPA) settlement to the 2023 Albemarle FCPA resolution and continuing to the 2024 SAP Foreign Corrupt Practices Action settlement. Through these three resolutions,  the DOJ clarified that its most important criteria for evaluating a company for a fine under the FCPA is whether or not it self-discloses.

Representatives of the DOJ Kenneth Polite and Lisa Monaco further discussed this incentive in speeches in 2023. In announcing a revision to the 2017 FCPA Corporate Enforcement Policy, which became the 2023 Corporate Enforcement Policy, Kenneth Polite emphasized the ‘need for speed’ both in self-disclosure and during the pendency of any FCPA or compliance real compliance-related involving the DOJ.

The DOJ’s focus on incentivizing self-disclosure is a strategic move to encourage companies to come forward with violations and cooperate with authorities. The new Corporate Enforcement Policy offered up to a 75% reduction in penalties for voluntary disclosure. This discount is available even if there were ‘aggravating factors’ in the matter, such as C-Suite involvement in bribery and corruption. The DOJ could not send a more precise signal and be more transparent about what they want and will incent. This approach reflects a broader trend toward rewarding companies that proactively address compliance issues and work collaboratively with law enforcement agencies.

One of the key factors influencing the DOJ’s enforcement actions is the impact of recidivism. In October 2021, the DOJ, through a speech by Lisa Monaco and memorialized in the 2023 Evaluation of Corporate Compliance Programs (2023 ECCP), made it clear that it will not tolerate repeat offenders and is prepared to impose harsh penalties on companies that fail to self-disclose violations. However, even recidivist companies are encouraged to come forward and address compliance issues head-on, with the potential for significant penalty reductions if they demonstrate genuine cooperation and remediation efforts. The ABB resolution, in which the company was the first three-time FCPA recidivist yet received a superior outcome, once more demonstrated the DOJ’s current focus. The attempted self-disclosure fell short by only a day or two, as ABB had scheduled a meeting with the DOJ to self-disclose but had not formally done so. In the interim, a news story broke in South Africa about ABB’s systemic bribery and corruption in that country.

Although this factor was absent from the SAP enforcement action, the DOJ’s message regarding the benefits of self-disclosure and the DOJ’s expectation of self-disclosure could not have been clearer. Under the Corporate Enforcement Policy, SAP’s failure to self-disclose costs it an opportunity of at least 50% and up to a 75% reduction off the low end of the acceptable range of the US Sentencing Guidelines. Its actions as a criminal recidivist resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the USSG acceptable range but rather at 40% from above the low back. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. Its inability to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

There was a significant discussion in the NPA around Albemarle’s voluntary self-disclosure to the DOJ. However, NPA noted that “the disclosure was not “reasonably prompt” as defined in the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy and the US Sentencing Guidelines.” The NPA reported that Albemarle learned of allegations regarding possible misconduct in Vietnam approximately 16 months before disclosing them to the DOJ. Interestingly, the SEC Order only stated, “Albemarle made an initial self-disclosure to the Commission of potential FCPA violations in Vietnam after completing an internal investigation of such conduct and, simultaneously, self-reported potential violations it was investigating in India, Indonesia, and China. Albemarle later self-disclosed potential violations in other jurisdictions to the Commission as part of an expanded internal investigation.”

This meant the self-disclosure “was not within a reasonably prompt time after becoming aware of the misconduct in Vietnam,” which means that Albemarle did not meet the standard for voluntary self-disclosure under the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy. While the DOJ “gave significant weight” to the Company’s voluntary disclosure, even if untimely, disclosure of the misconduct is undoubtedly cautionary.

The tradeoffs involved in balancing different factors, such as self-disclosure, cooperation, and remediation, can present challenges for companies navigating the complex landscape of FCPA enforcement. While the DOJ’s emphasis on self-disclosure offers potential benefits regarding penalty reductions and monitoring requirements, companies must carefully weigh the risks and rewards of voluntary disclosure against the possible consequences of non-disclosure.

The importance of considering the impact of decisions about the DOJ’s FCPA enforcement actions cannot be overstated. Companies that prioritize a culture of compliance, proactive monitoring, and data-driven analytics are better positioned to detect and address potential violations before they escalate into costly enforcement actions. By aligning their compliance programs with the DOJ’s expectations and demonstrating a commitment to ethical business practices, companies can mitigate the risks associated with FCPA violations and build a strong foundation for long-term success.

What the DOJ wants is self-disclosure as soon as possible. One only needs to recall the case of Cognizant Technologies, where the company received a complete declination, and there were allegations of C-Suite involvement in the bribery schemes. This Declination was provided mainly because the company self-disclosed only two weeks after the information was filtered to the Board of Directors. While Cognizant Technologies may be the gold standard, a company’s timely self-disclosures can be considered for a full Declination.

Categories
FCPA Compliance Report

FCPA Compliance Report – Tom Fox and Michael Volkov Look at Incentives for Self-Disclosure

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Michael Volkov as they take a deep dive into the ABB, Albemarle, and SAP FCPA enforcement actions to try and unpack the DOJ’s pivot away from heavy penalties for recidivists to prioritizing self-disclosure above all else.

Volkov’s perspective on the Department of Justice’s (DOJ) FCPA enforcement actions is both critical and analytical, shaped by his extensive experience. He underscores the necessity of transparency and explanation in the factors considered by the DOJ, highlighting its significance to practitioners in the field. Volkov also recognizes the shift in DOJ policy towards data-driven compliance, requiring companies to provide data to substantiate their conclusions and demonstrate their compliance efforts. He further notes the evolving landscape of voluntary disclosure and remediation, suggesting these areas are now pivotal in the DOJ’s enforcement approach. Volkov’s insights reflect a nuanced understanding of the changing dynamics in FCPA enforcement and the imperative for companies to adapt to these shifts.

Key Highlights:

  • Importance of Cooperation in Corporate Enforcement Cases
  • Incentivizing Self-Disclosure in DOJ’s FCPA Enforcement
  • Increased Penalty Reduction for Voluntary Self-Disclosure
  • DOJ’s Evolving Approach to Corporate Penalties
  • Benefits of Voluntary Self-Disclosure in Enforcement

Resources:

Volkov Law Group

Corruption, Crime and Compliance

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

 

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Data Driven Compliance

Data Driven Compliance: The Journeys of Albemarle and ABB to Data-Driven Compliance, Part 2

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. In this special second part of a two-part podcast, I co-host with Vince Walden, CEO of KonaAI, to visit with our guests Andrew McBride, Chief Risk Officer at Albemarle, and Tapan Debnath, Head of Integrity, Regulatory Affairs, and Data Privacy—Process Automation at ABB, on their respective companies’ journeys to data-driven compliance.

Debnath’s perspective on the challenges and strategies in compliance data analytics is centered on the need for clear goals, defined processes, and the importance of early planning and resource allocation. He sees compliance data analytics as a journey rather than a project, encouraging organizations to start with imperfect data and refine their processes over time. On the other hand, McBride’s perspective is focused on prioritization, resource allocation, and audience-driven decision-making. He emphasizes the iterative nature of data analytics projects and believes that a successful ethics and compliance program does not necessarily require a large data analytics team, but rather the right roles and support from the IT function. Join Tom Fox and Vince Walden as they delve deeper into these insights with Tapan Debnath and Andrew McBride on this episode of Data-Driven Compliance.

Key Highlights:

  • Navigating Data Privacy Laws Across Jurisdictions
  • Strategic Steps in Ethics and Compliance Analytics
  • Unlocking AI’s Potential in Compliance Analytics
  • Actionable Insights from Data Analytics
  • Leveraging Documentation for Enhanced Compliance and Risk Mitigation

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

Categories
Data Driven Compliance

Data Driven Compliance: The Journeys of Albemarle and ABB to Data – Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I co-hosted with Vince Walden, CEO of KonaAI, to visit with our guests Andrew McBride, Chief Risk Officer at Albemarle, and Tapan Debnath, Head of Integrity, Regulatory Affairs, & Data Privacy—Process Automation at ABB, on their respective companies’ journeys to data-driven compliance.

We consider the importance of integrating due diligence systems with business conduct and anticipate 2024 to be a breakthrough year for data-driven compliance. McBride, recognized by the Department of Justice for his work in data-driven compliance, believes in the critical role of data in identifying and responding to risks, testing the effectiveness of compliance programs, and reporting to internal stakeholders. Debnath stressed the need for visibility and alignment with senior business stakeholders during investigations and the use of data analytics platforms to measure integrity and key performance indicators. Join Tom Fox, Vince Walden, Andrew McBride, and Tapan Debnath on this episode of the Data Driven Compliance podcast as they delve deeper into the challenges and importance of data-driven ethics and compliance programs.

Key Highlights:

  • Using data analytics to assess program effectiveness
  • Proactive risk management through continuous monitoring
  • Leveraging due diligence for proactive risk management
  • Data transparency and collaboration for compliance success
  • Transitioning from external dependencies to internal capabilities

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Data Driven Compliance: Current Trends and Innovations

Data-driven compliance strategies have become a game-changer in risk management and fraud prevention. I recently had the opportunity to participate in a KonaAi-sponsored webinar entitled “Data Driven Compliance: Current Trends and Innovations.” The event was hosted by Vince Walden and featured Rayne Towns, the Global Head of Risk and Monitoring at Nokia.

I view data-driven compliance strategies in risk management and fraud prevention as an evolution of the compliance profession. It can be seen in the importance of data analytics in improving the effectiveness of compliance programs. There is and will always be the need for human interpretation and utilization of the data. Towns see data-driven compliance strategies as a way to strengthen and improve the compliance program’s effectiveness, using data analytics to identify and address gaps in the compliance program. She also emphasizes the importance of prioritizing and starting with solving specific problems when implementing data analytics. Vince Walden joined in with his perspective on data-driven compliance strategies in risk management and fraud prevention.

Data driven compliance is one more in the evolution of the compliance profession, one more step. Fortunately, we have evolved from when compliance was very much legal driven by lawyers. And over time, most compliance professionals (and equally importantly, the DOJ and SEC) began to view compliance as a business process. As a business process, it can be measured, it can be studied, it can be monitored, and it can be approved based on that information.

We began with the importance of data analytics in compliance programs. The shift towards data-driven compliance has transformed the profession from solely legal-driven to a measurable and improvable business process. This shift has been recognized by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). The SEC first called out the use of data analytics, as it did in the Order concluding the Key Energy FCPA enforcement action. Most recently, the Albemarle FCPA resolution specifically called out the company’s use of data analytics in its remediation program, which occurred during the pendency of its FCPA resolution process.

In 2016, the Securities and Exchange Commission called out data analytics in an enforcement action for the first time. It was the Key Energy FCPA enforcement action, where they suggested data analytics would have shown or demonstrated a range of values outside the norm for certain gifts, travel, and entertainment for the company. This demonstrated that regulatory thinking evolved as well. Now, data analytics has become a critical element to improve the business process of compliance. Data driven compliance allows you to measure it, monitor it, and improve it all in a documented fashion so that if a regulator ever comes knocking, you can demonstrate to them not only the effectiveness of your compliance program but also how you are moving your compliance regime forward based on solid data and analysis.

AB InBev was one of the first companies to successfully implement data-driven compliance strategies, moving from detection to prevention of issues. This shift has resulted in cost savings and improved risk management for the company. Equally significant was the company’s public discussion of the BrewRight program and how it evolved into a broader business process tool.

The DOJ always telegraphs what is important to them. Starting 2020 with the 2020 Update to the Evaluation of Corporate Compliance Programs, they said the CCO must have access to all data across an organization. You may have data silos, but a CCO must be able to punch through all of those data silos. It is a natural progression from 2020 to this Albemarle FCPA enforcement action, where the DOJ clearly stated that the company’s data analytics program allowed them to move forward with the remediation.

Moreover, the critical part was that Albemarle was not required to have a monitor. To avoid having a monitor required under the resolution required two things. One, an effective compliance program, but two, testing of it. And the DOJ has made very clear those requirements. Albemarle had an effective compliance program, but more importantly, they have monitored it and tested it through their data analytics program. Their compliance function’s actions saved the company millions. And it tells the rest of us what the DOJ will look for in a compliance program going forward.

Data analytics plays a crucial role in various aspects of compliance, including M&A due diligence and risk assessment. By leveraging external data sources, compliance professionals can gain valuable insights into potential risks associated with vendors, customers, and employees. This information allows them to make informed decisions and mitigate risks effectively.

Compliance professionals must be aware of the importance of data-driven compliance strategies’ impact on decision-making. Using data analytics, compliance professionals can measure, monitor, and improve compliance programs in a documented fashion. This demonstrates the compliance program’s effectiveness and enables organizations to adjust and adapt more quickly to changing regulatory requirements.

However, implementing data-driven compliance strategies comes with its own challenges. Balancing the tradeoffs between automation and manual processes is one such challenge. While automation can streamline compliance processes and identify gaps, manual touches are sometimes necessary. Data analytics can help identify these gaps and drive accountability and training efforts.

There is great potential for new technologies like generative AI and machine learning to enhance compliance programs. These technologies can make compliance processes more efficient and enable better decision-making. For example, generative AI can guide users through dashboards and provide valuable insights, making compliance tasks easier and more effective.

Budget approvals are another crucial consideration for organizations when implementing data-driven compliance strategies. CFOs prioritize keeping the business out of legal risks and fines, fraud prevention and recoveries, and improved internal controls. Data analytics is not just a “nice-to-have” but a “must-have” for organizations. Those that do not embrace data analytics or fail to move towards it are at risk.

In conclusion, data-driven compliance strategies have revolutionized the compliance profession. Organizations can measure, monitor, and improve compliance programs by leveraging data analytics, resulting in cost savings, improved risk management, and better decision-making. While there are challenges associated with implementing data-driven compliance strategies, the benefits far outweigh the tradeoffs. Compliance professionals must embrace data analytics as a critical element of their compliance programs to stay ahead in an ever-evolving regulatory landscape.

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Holdbacks

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, Kristy Grant-Hart reviews the holdbacks on the internal control failures and other areas identified in the SEC enforcement action.

In this episode of the FCPA Compliance Report podcast, we delve into clawbacks and consequence management in compliance programs, particularly about the Foreign Corrupt Practices Act (FCPA). Our host, Tom Fox, brings a unique perspective, expressing disappointment over the lack of clawbacks in a recent case but emphasizing the importance of consequence management, such as withholding bonuses from employees involved in misconduct. His extensive experience in the field shapes Fox’s insights, and he underscores the need for businesses to shift their models in response to investigations and compliance violations. He also highlights the significance of a proactive approach to addressing compliance issues and the need for a significant change in the business model. Join Tom Fox as he navigates the complex world of compliance in this enlightening FCPA Compliance Report podcast episode.

 Key Highlights:

  • The Significance of Consequence Management in FCPA Investigations
  • The Significance of Shifting Business Models
  • Holdbacks going forward

Resources

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Internal Controls

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we have Karen Moore on the internal controls failures and other areas identified in the SEC enforcement action.

The recent FCPA enforcement action against Albemarle has sparked a lively debate in the compliance community, particularly regarding the company’s internal controls, imposed penalties, and the lack of monitorship. While Karen is surprised at this development, Tom believes it is consistent with the new DOJ FCPA policy.

One of the key takeaways from the episode is the importance of thorough due diligence and stronger measures to prevent corruption. The case highlights the need for compliance officers to operate beyond their comfort zones and ensure that the right people receive the right training to spot issues. It also raises questions about the credibility of messages about risk tolerance from senior leadership and the effectiveness of deal reviews. Join us as we dive deeply into these issues in this FCPA Compliance Report podcast episode.

 Key Highlights:

  • Albemarle’s Penalties
  • Identifying Red Flags in Due Diligence
  • Including Monitors in Plea Deals for Compliance

Resources:

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn