Tag: best practices

Categories
Blog

Day 21 of 30 Days to a Better Compliance Program, the Compliance Oversight Committee

Key Takeaways 

  1. Determine an appropriate committee membership.
  2. The committee is there to act as an extra set of eyes for the CCO, not to substitute its judgment.
  3. Determine the scope of items and issues to be reviewed by the committee.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Compliance Oversight Committee provides a second set of eyes for the CCO and compliance department.    ]]>

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.]]>

Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 350, Linda Justice and Her Nancy Drew Approach

Categories
FCPA Compliance Report - International Edition

Compliance Report-International Edition-Tim Khasanov on Compliance in post Soviet states

Integrity Corp. 50 Tips for Your Compliance Program in the Post-Soviet States.  Timur has worked in compliance, legal, consulting, and corporate governance roles in Russia, Uzbekistan, the United States, Kazakhstan, and Ukraine.  He has successfully launched and supervised execution of compliance programs for global and local businesses in the mining, energy, and pharmaceutical industries.
Tim has also recently released the first two installment of Compliance Man the first graphic novel of a compliance practitioner. You can find out more about Tim on his firm’s website, Complianceinpostussr.com.
We look at the former Soviet Union states, one of the most interesting region for Compliance professionals. we will touch 10 hot questions on corporate ethics in this region. Tim answers the following questions
1: Can we define this region as a single territory for the Compliance program structuring?
2: What regulatory trends should be taken in consideration by compliance practitioners in charge of this geography?
3: What is the biggest challenge in embedding corporate Compliance program in this region?
4:  Do you have any practical recommendations as to “dissemination of integrity” among personnel locally?
5: Is it legally permissible to deploy our FCPA/UKBA programmes in the countries of the region?
6: What is the most effective way to deliver training in this part of the world?
7: If there are any important things to remember when imposing penalties for misconduct on local personnel?
8: Do people on the ground appreciate compliance & ethics efforts?
 
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3tv” float=”none”]
What are some key compliance considerations in post-Soviet states?
[/tweet_box]
 ]]>

Categories
Blog

Day 2 of One Month to More Effective Continuous Improvement-the Compliance Audit

Internal Audit – What types of audits would have identified issues relevant to the misconduct? Did those audits occur, and what were the findings? What types of relevant audit findings and remediation progress have been reported to management and the board regularly? How have management and the board followed up? How often has internal audit generally conducted assessments in high-risk areas?

Interestingly, Foreign Corrupt Practices Act (FCPA) compliance follows some of the paths laid out by corporate safety departments some 20-30 years ago when safety became much more high profile in US corporations. The safety committee and safety audits became the mainstays of any company’s best practices in the area of safety. These techniques inform any anti-corruption best practices compliance program under the FCPA, UK Bribery Act, or any other anti-corruption regime. Indeed, audits are delineated explicitly in the 2012 FCPA Guidance to assist in continuously monitoring your compliance regime. Such an audit can be thought of as a systematic, independent, and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the compliance criteria are fulfilled. Three factors are critical for a compliance audit to have a chance for success: (1) an effective audit program that specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited. Auditing can take several different forms in an anti-compliance program. Of course, you should audit the compliance program in your organization. A forensic audit can collect and analyze accounting and internal-control evidence in your compliance regime. This information can produce a fact-based report informing the decision-making process in inquiries, investigations, and dispute resolution. The by-products of a forensic audit can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur.

Further, an internal audit can review compliance processes to determine if employees follow prescribed procedures or internal controls. In addition to collecting and analyzing evidence, an auditor’s objective is to attest to the credibility of assertions under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. One of the functions of such an audit is to determine if further investigation is warranted. Once again, this situation points out the difference between having a paper compliance program and the actual doing of compliance. Even with an appropriate oversight structure, you must do the work in the future. Another area ripe for audit in your compliance program is your third parties. While there is no one specific list of transactions or other items which should be audited when it comes to your third parties, below are some of the areas you may wish to consider reviewing:

  • Contracts with third parties to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party.
  • Review the compliance training program for any third party, both the substance of the program and attendance records.
  • Does the third party have a hotline or any other reporting mechanism for allegations of compliance violations? If so, how are such reports maintained? Review any reports of compliance violations or issues that arose through an anonymous hotline or any other reporting mechanism.
  • Does the third party have written employee discipline procedures? If so, have any employees been disciplined for any compliance violations? If yes, review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review expense reports for employees in high-risk positions or high-risk countries.
  • Testing for gifts, travel, and entertainment that were provided to or for foreign governmental officials.
  • Review the overall structure of the third party’s compliance program. If the company has a designated compliance officer, to whom, and how does that compliance officer report? How is the third-party vendor’s compliance program designed to identify risks, and what has resulted from any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party.
  • Concerning any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and use analytical procedures and testing.

Auditing is a more limited review that targets a specific business component, region, or market sector during a timeframe to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. In other words, the protocol is simple, and everyone understands you need to audit, but try and cut costs or corners and you will pay for it in the long run.

Three Key Takeaways

  1. Auditing takes a deep dive into your high-risk compliance areas.
  2. Internal audits should test your key FCPA risk areas as a part of their regular auditor rotation.
  3. The findings uncovered in an audit must be used in your compliance regime.

The compliance audit is a key component in the continuous improvement of a compliance program. [/tweet_box] For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor, Affiliated Monitors, at www.affiliatedmonitors.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – Episode 344 – Virginia Suveiu

Legal Risk Management Specialized Studies Certificate Program for UCI Extension, where she teaches for that program and the Contract Management Certificate Program. She has published articles on various business law matters, most recently for the National Contract Management Association’s Contract Management Magazine May 2015 issue, as well as for the National Center for State Courts and the Aerospace and Defense Forum. Every corporation and compliance practitioner faces a wide variety of risks. These include regulatory risks, legal risks, reputational risks, safety risks, environmental risks, and many other types of risks. We consider whether there is one process or approach to take to the over-arching concept of risk management or if the approach needs to be fined tuned by an organization. We discuss the Legal Risk Management Specialized Studies Certificate Program, including the program benefits and who should attend. We explore the approach to teaching risk management. We discuss some of her current initiatives on the study of and teaching of risk. In this episode, I discuss with Virginia Suveiu the theories of risk and the process of risk management.

Categories
FCPA Compliance Report

FCPA Compliance Report – Episode 343 – James Koukios on Morrison & Foerster’s Top Ten International Anti-Corruption Developments for May 2017

Top Ten International Anti-Corruption Developments for May 2017. Our topics include:

  1. FCPA Assistant Chief BJ Stieglitz has been selected for detail to UK Financial Enforcement Authorities. We discuss how a prosecutor works overseas, what this might mean for prosecutions going forward in the US and UK, and the relationship of the DOJ with its British counterparts.
  2. The DOJ has moved to terminate its DPA over Hewlett-Packard. We discuss what it means to have a DPA terminated and the DOJ’s role in this phase. We also consider the decision-making process if a DPA has to be extended due to continued or new conduct by a company under such an agreement.
  3. Finally, we consider some of the difficulties of the DOJ’s Challenges in Obtaining Foreign Evidence through a recent ruling in the Civil Forfeiture Case. On May 9, 2017, In the case of United States v. Prevezon Holdings Ltd., Southern District of New York Judge William H. Pauley III ruled that certain evidence obtained by prosecutors from foreign sources was admissible in a civil asset forfeiture case, notwithstanding that the documents lacked the requisite certifications under the Federal Rules of Evidence. We consider the process for getting information from overseas; why it takes so long, and what happens if it does not meet US evidentiary or even admissibility standards?

Click here to see a full copy of the firm’s Top Ten International Anti-Corruption Developments publication for May 2017. James Koukios returns to discuss MoFo’s Top Ten International Anti-Corruption Developments for May 2017. 

Categories
Everything Compliance

Everything Compliance-Episode 14

Show Notes for Everything Compliance-Episode 14 

Topics from Matt:

  1. Trump Administration & FCPA enforcement— we have two declinations now; maybe a compare-and-contrast and speculation on what a tough Trump Admin enforcement WOULD look like;
  2. EU’s GDPR— Do EU regulators know what they want to do with the enforcement of this law; if they follow the lead of the anti-competition people whacking Google, it could be a big deal;
  3. Hui Chen’s departure from the Justice Department, both her public rebuke of Trump and the substance of how she believes her guidance has been misinterpreted; and
  4. Ethical leadership and the lack thereof; the menace of abusing perks and privilege, connecting my posts about Uber’s leaders and Chris Christie vacationing on a closed beach.

Topics from Jay:

  1. How do the Campaign Finance Laws mirror/or differ from the FCPA?
  2. Will the Russian Collusion Investigation reveal the ultimate FCPA violation?
  3. Regarding Walter Shaub’s departure from the Office of Governmental Ethics (OGE), does it matter? What is OGE supposed to do, and why did it work for the past 40+ years but fall on deaf ears with the Trump administration?
  4. Dovetailing with Matt’s question about a slow H1 for FCPA enforcement and in light of the just-released Gibson Dunn FCPA Mid-Year Report, does the current climate (and lack of vigorous enforcement) provide a perfect storm for companies to look the other way if they fall off the E&C wagon, or do we think that companies are still being vigilant despite a perception of decreased enforcement?

Rants follow this week’s episode. What do the two declinations in 2017 mean? The Everything Compliance panel of experts weighs in.

Categories
Compliance Into the Weeds

Compliance into the Weeds – Episode 43 – The Linde Declination

On June 16, 2017, the Department of Justice (DOJ) issued a Declination to Linde North American Inc. and Linde Gas North America LLC (collectively “Linde”). This is the first Declination issued by the DOJ in the era of the Trump Administration. For that reason alone, it was instructive and should be studied by the compliance profession. However, the case presented several interesting factors which merit consideration, so we are discussing in depth to present lessons to be learned for the Chief Compliance Officer (CCO) or compliance practitioner.

Lessons Learned

This was yet another Foreign Corrupt Practices Act (FCPA) action where a company performed insufficient due diligence in the acquisition phase. The timing of the Linde purchase of Spectra Gases and Spectra Gases’ purchase of the income-producing assets is too close in time to be a coincidence. It would certainly appear that Linde purchased Spectra Gases to facilitate its acquisition of the boron column and other assets. If your company is going to make such a multi-step acquisition, you must perform due diligence on all the actors and the assets involved.

The Byzantine corporate structure created for the ownership of the boron column, its operation, and its management contract are clear red flags that any CCO should sniff out immediately. While I am sure the internal corporate excuse for this clear ruse was the ubiquitous ‘tax considerations,’ every such transaction should also be reviewed by compliance. Anytime there is more than one entity to accomplish one task, there is the possibility of fraud. Further, it is unclear how Linde could not have been aware of the company’s ownership interests that it ultimately controlled. It would seem that the company did not even make any inquiries.

Even in 2006, the Republic of Georgia’s reputation for bribery and corruption was quite high. The 2006 Transparency International-Corrupt Perceptions Index (TI-CPI) listed Georgia at 99 out of 176 countries, which warranted red flag scrutiny. Extra care is warranted if you are purchasing an entity in a country with such a well-known affinity for corruption. Perhaps in 2006, Linde did not view the FCPA as something it would deal with in such a situation.

Yet even with all the apparent miss-steps and non-steps of compliance, the company was able to secure a declination from the DOJ. While there may be some additional penalties or sanctions by the Securities and Exchange Commission (SEC) for the failures of internal controls, the result obtained by Linde was certainly superior. The company has met the four pillars under the FCPA Pilot Program through (a) self-disclosure, (b) extraordinary cooperation, (3) full remediation, and (d) profit disgorgement. Interestingly, in this case, the profit disgorgement would have been beyond the five-year limitations for profit disgorgement under the recent Supreme Court decision in Kokesh. If the SEC brings an FCPA enforcement action, additional facts may be recited in any resolution documents.

Nevertheless, kudos are due to Linde and its counsel for obtaining this declination. Every CCO should study it for both the superior result received and underlying facts to see if you face anything similar in the Republic of Georgia or elsewhere.

For a full copy of the Linde Declination, click here

Categories
This Week in FCPA

This Week in FCPA-Episode 56

  • The Kokesh case at the US Supreme Court is significant for SEC enforcement of the FCPA around profit disgorgement. For what it means to the compliance practitioner, see Tom’s piece in the FCPA Compliance & Ethics Blog. For a legal review of the decision, see Miller & Chevalier client alert authored by Saskia Zandieh. Marc Bohn considered the case in the FCPA Blog. Marc and I discuss the case on the FCPA Compliance Report, Episode 332.
  • Trevor McFadden to leave the DOJ for federal bench. See article by Matt Kelly in Radical Compliance. Hui Chen’s contract not to be renewed, her position is posted for job applicants. Apply for the position here. Andrew Weissman leaves as head of the Fraud Section to go Special Prosecutor’s staff.
  • Former PetroTiger General Counsel Gregory Weismann is banned from SEC practice. See article in the FCPA Blog.
  • Matthew Stephenson considers what a Wal-Mart settlement might look like. See his article in the Global Anti-Corruption Blog.
  • The federal judge who sentenced Samuel Mebiame, the bag man for Och-Ziff; criticized the DOJ for its lack of prosecution of any individuals from the company. See article by Sam Rubenfeld in WSJ Risk and Compliance Report.
  • Jay previews his weekend report.
  • Tom continues to talk about the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.

    •  
    [tweet_box design=”default” url=”http://wp.me/p6DnMo-3kx” float=”none”]
    When do Mike & Mike agree on anything? Find out on This Week in FCPA. [/tweet_box]
    Jay Rosen can be reached:
    Mobile (310) 729-6746
    Toll Free (866)-201-0903
    JRosen@affiliatedmonitors.com
    Tom Fox can be reached:
    Phone: 832-744-0264
    Email: tfox@tfoxlaw.com]]>