Tag: CCO

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Board Investigation Protocols

Many companies have an investigation protocol in place when a potential compliance violation or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board does handle an investigation right, the consequences to the company, its reputation and value can be quite severe. The SEC considers a variety of factors around corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company?

Dan Chapman has said this is the time for a very frank conversation with your Board about what such an investigation will entail. Costs must be adequately discussed to set proper expectations. These include both direct costs and, what Chapman believes may be even more important, a discussion of indirect costs to the company. He noted, “the biggest cost to a company during an investigation is the diversion of management resources” and, as he further explained, “everything stops to focus on the investigation.” This indirect cost comes through largely the time commitment of senior management. He further explained, “if senior management has to commit 20% of their time to the investigation, that’s 20% that’s not going towards revenue generating, shareholder value protecting activities.”

Finally, Jonathan Marks has noted after notification of serious allegations, Boards should take the following steps:

• Consider creating a Special Committee to conduct the investigation;

• Establish a committee charter;

• Preserve the electronic and hardcopy documentation environment;

• Communicate with external auditors; and

• Plan potential communication with the SEC, DOJ, and the relevant stock exchange.

Marks also notes that while a special committee might be necessary in certain rare circumstances, the Board should try to avoid forming a special investigative committee to oversee the investigation if the Audit Committee is composed of independent and disinterested directors that are suited for the task. A special committee must be disbanded at some point (usually once the investigation is completed and before the restatement process begins), and the disbanding could become a complicated news item. Conversely, if the Audit Committee oversees the investigation, then, once the investigation is complete, they can pivot back to their normal role, which would include overseeing the actual restatement process. Investigations overseen by the Audit Committee also benefit from the positive relationship that the committee chair usually has with the audit partner of the company’s external auditor.

 Three key takeaways:

1. The Board should have a written protocol for investigations prepared in advance.

2. Any Board led investigation must be both credible and objective.

3. The investigation must be thorough but the Board can be cost effective.

Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – How an Investigation Informs Remediation

There is nothing like an internal whistleblower report about a FCPA violation, the finding of such an issue or (even worse) a subpoena from the DOJ to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However, it may well be the time for a very serious reality check.
In addition to robust investigation, a company must engage in remediation of the offending conduct. The 2020 Update to the Evaluation of Corporate Compliance Programs mandated the additional significance of this by providing that this process must be considered “both at the time of the offense and at the time of the charging decision and resolution”. When you consider the strictures around continuous monitoring and continuous improvement in compliance programs it is clear why this analysis is so important. Obviously, a key test of any compliance program is when a deficiency is found and a violation occurs. The question then becomes, what did you do about it.
But from the DOJ (and Securities and Exchange Commission) perspective, the key is to use the information to both fix the problem so that it does not occur again but also improve your compliance regime.

Three key takeaways:

  1. How does your investigation inform your remediation plan?
  2. A compliance program failure offers a way to upgrade your regime.
  3. Your investigative team must inform your remediation team.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Issues in Cross Border Investigations

In an article, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”, Mara Senn, now Director & Senior Counsel, Global Compliance Investigations at Zimmer Biomet  and Michelle K. Albert, former lawyer at Arnold & Porter discussed cross-border investigations. They considered the following issues.
Offer interview translations.
Avoid cultural pitfalls.
Observe data privacy restrictions.
Comply with labor requirements.
Be aware of other local requirements.
Put forms in native translations.
Preserve the attorney-client privilege.
Prepare for local enforcement actions.
Prepare for security risks.
Protect whistleblowers.

Three key takeaways:

  1. Use translators and translations of key documents in witness interviews.
  2. Use local counsel to facilitate the investigation and to help navigate any local anti-corruption investigation issues.
  3. Never, never, never retaliate. The SEC will pay whistleblower bounties for non-U.S. citizens.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – The Witness Interview

What are the characteristics of a good interview in the context of an internal investigation? Is there one technique you can use which will provide you the results you want to achieve? How should you think through your questions and document review prior to the investigation? At this point in time, how do such issues play out in the time of Coronavirus?
There is no one right way to prepare for and conduct an interview. What is important is that you have a plan and execute on that plan. Begin by obtaining an understanding of what the various stakeholders want answers to. This could include the Board of Directors, C-Suite executives, the GC and legal department, the CCO and compliance function or up to government regulators such as the SEC or DOJ.

Three key takeaways:

  1. There is no one right way to prepare and do an interview.
  2. The interview should not be confrontational.
  3. The interview, like the entire investigation process, is a chess match.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Investigative Challenges

What are some of the top challenges you may face during an investigation? Beyond the basics, a company must consider the intake process as a starting point, which Jonathan Marks noted is one of the biggest challenges. Rather surprisingly, he noted there are still companies without a hotline or anonymous reporting system, stating “We still see organizations whereby there is no formal ethics hotline except for the fact that they might send an email to some member of management or some member of the Board.”
Planning your investigation, having the right team members involved, and meeting the challenges which inevitably arise during an investigation can be difficult. However, beginning with the DOJ’s 2015 Yates Memo, the 2016 FCPA Pilot Program, and the 2017 and 2019 versions of Evaluation of Corporate Compliance Programs, together with the 2020 Update, 2023 ECCP, and FCPA Corporate Enforcement Policy, the pressure on every CCO and company to get an investigation done quickly, efficiently and, most importantly, right is even greater now. Marks has laid out a concrete way for you to think through how to plan an investigation, staff it correctly, and meet the inevitable challenges.

Three key takeaways:

  1. The intake process may seem the most straightforward but many companies drop the ball at this initial step.
  2. You must never retaliate against employees who come forward in good faith.
  3. Always think several steps ahead.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Preparing for the Investigation

Under Part 1, Section D. Confidential Reporting Structure and Investigation Process stated in part, Properly Scoped Investigation by Qualified Personnel –What steps does the company take to ensure investigations are independent, objective, appropriately conducted, and properly documented? How does the company determine who should conduct research, and who makes that determination? These questions were presaged by the DOJ’s 2015 Yates Memo and the 2016 FCPA Pilot Program. The pressure on every CCO and company to get an investigation done quickly, efficiently and, most importantly, right is even greater now.
Jonathan Marks began by cautioning that when considering any well-run internal investigation, a CCO must be cognizant of the strictures laid out in the Evaluation. It all begins with who in-house is looking at the complaint and does the CCO, compliance practitioner, or legal team have the skills and capabilities to handle the matter which has arisen. Obviously, if there are esoteric accounting issues or significant internal control workarounds and overrides, a CCO may not have the skills to really understand all the issues. Similarly, if the matter is a global FCPA or equivalent bribery and corruption matter, Marks related, these “come in different flavors, and because they come in different flavors you may not have the skills or capabilities to do an investigation that would take place in say Brazil or Russia or China or India.”

Three key takeaways:

  1. Always remember your ultimate audience may be the government.
  2. You must understand both the business environment and extended business enterprise.
  3. Communication and collaboration in any investigation are critical so you should begin early and continue to do so throughout the investigation.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Triage of Internally Reported Allegations

One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. In the 2012 FCPA Guidance, there is a short but succinct statement, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” This is considered in more expansive language in the 2020 Update to the Evaluation of Corporate Compliance Programs.  Under Part 1, Section D. Confidential Reporting Structure and Investigation Process, it stated in part, Properly Scoped Investigation by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation?
Appropriate triage of allegations has several different impacts for any matter which comes to the attention of compliance. Obviously, it will help you to initially determine the seriousness of the matter. From there you can allocate an appropriate level of resources. It will also aid in your discussion with the DOJ if you must go that route. Finally, in the situation where facts come in, it provides the required documented evidence that a process was followed that you can show the government that a claim was properly scoped, as required under the Evaluation. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before an allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.

Three key takeaways:

  1. Compliance can learn from M*A*S*H about the need for triage.
  2. Initial triage allows you to separate the wheat of serious allegations from the chaff of more inconsequential allegations.
  3. A robust triage process allows for greater credibility with government regulators.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Answering DOJ Questions on Confidential Reporting

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.”

This was expanded in the DOJ’s 2020 Guidance, in the section entitled “D. Confidential Reporting Structure and Investigation Process,” with the following language, “Another hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct. Prosecutors should assess whether the company’s complaint-handling process includes proactive measures to create a workplace atmosphere without fear of retaliation, appropriate processes for submitting complaints, and processes to protect whistleblowers.”

Three Key Takeaways:

  1. Internal reporting systems indicate a working, operationalized compliance program.
  2. There must be a solid communication line between the people doing the investigation and those leading the remediation.
  3. Your internal reporting mechanism must be trusted.
Categories
Data Driven Compliance

Data Driven Compliance: Christian Perez-Font on Law, Compliance & Data

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. The intersection of law, compliance, and data is becoming increasingly important in cross-border transactions, mergers, and acquisitions.

In this episode, Tom welcomes Christian Perez-Font for the first of two parts on using performance bonds and data analytics to guarantee these transactions and the legal requirements and nuances of different jurisdictions when conducting due diligence. They also discussed how technology changes how companies manage Latin American operations, how practitioners need to understand Excel spreadsheets, and how to share data to benchmark and extract the correct information. Christian’s background in engineering and economics has helped him incorporate data analytics, compliance, and law into a unique package. Tune in to Data Driven Compliance and stay ahead of the curve in the compliance world!

Key Highlights:

  • Law Compliance & Data
  • Data as Fuel
  • Data Analytics in M&A
  • Data Analytics in Compliance

Resources:

Christian Perez-Font on LinkedIn 

Thinkeen Legal

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Man Chooses the Target

Compliance Man Takes a Eurotrip – Piotr Żyłka on Poland’s Compliance Revolution

Compliance Man is back for a new season! Get ready for a EuroTrip with Tom Fox and Tim Khasanov-Batirov on their hit podcast, Compliance Man! Join Tom Fox and co-host Timur Khasanov-Batirov on a Euro trip as they delve into the world of Poland’s Compliance Revolution with guest Piotr Żyłka.

The implementation of the Whistleblowing Directive and the Corporate Sustainability Due Diligence Directive into the Polish Legal System could be a major step forward in the fight against corruption. Tom Fox and Tim Khasinov-Batirov had a conversation with Piotr Żyłka, an author of the It’s All About Compliance blog, publisher, and compliance platform in Europe, to discuss the Polish compliance scene and the need for a Polish FCPA. Piotr discussed the banking law requirements, the DOJ guidelines, the New York City Bar Association paper, and the influence of foreign companies on compliance controls in Poland. He also highlighted the need for trainings, engagement of top management, and internal controls like KYC. Tom and Tim thanked Piotr for his time and knowledge and invited him to come back on the podcast to share his views.

Key Highlights

·      Internal Controls in Poland

·      Compliance in Poland

·      Sanctions Compliance

·      A Polish FCPA Needed?

 Resources

Piotr Żyłka on LinkedIn

It’s All About Compliance

Tim Khasanov-Batirov on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn