Tag: CCO

Categories
Blog

Great Structures Week III – The Roman Arch and Resourcing Your Compliance Program

I continue my Great Structures Week with focus on structural engineering innovations from ancient Rome. I am drawing these posts from The Teaching Company course, “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler who said “When I think of Rome, the first image that comes to mind is an arch.” It is present in aqueducts, in the triumphal arches that adorn the city of Rome, in the city gates and even in the Coliseum.

The arch was a major engineering advancement because the prior method for traversing horizontal distance was the beam, which was limited in its use. Ressler notes “because the arch carries its load entirely in compression, its span isn’t limited by the tensile strength of the material, the size of its stones, and it can span greater distances which might be conceived of with stone beams”. The arch itself has two essential characteristics. First it carries an entire load in compression, that is it counter-balances against itself, which allows for construction using the most basic building materials known in the ancient world: stone, brick and concrete.

Yet the second characteristic of the arch is equally significant. An arch requires “both vertical and horizontal reactions to carry a load. The downward load of the arch is balanced by an upward reaction from the base”. Both the Arch of Titus and Pont du Gard aqueduct are still standing and can be seen today as magnificent examples of this Roman innovation.

I wanted to use the dual load system whereby an arch supports not only great weight but also esthetic engineering designs to discuss how a Chief Compliance Officer (CCO) or compliance practitioner might develop resources to implement a best practice anti-corruption compliance program under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law. Funding of a compliance program is always one of the biggest challenges. Short of being in the middle of a worldwide FCPA, UK Bribery Act or other anti-corruption investigation, you are never going to receive all the funding you want or even think that you are going to need.

However, this corporate reality is not going to save you if the government comes knocking. The FCPA Resource Guide 2nd edition, provides the following, “Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

Stephen Martin, CCO at  Skillsoft, often says that an inquiry a prosecutor might make is along the lines of the following. First what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), the next inquiry would be, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. Then the KO punch question would be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, most companies spent far more on Post-It Notes than they were willing to invest into their compliance program.

However this corporate reality will allow you to look to other areas to assist the compliance function. An obvious starting place is Human Resources (HR). There are several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touches every site in the company, globally. HR is generally seen as more approachable than many other departments in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document, and Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert (SME) so you can turn to them for any of your compliance program requirements, which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If your company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

All of these other corporate functions can greatly assist you in the actual doing of compliance. Moreover, in a resource-constrained environment, these other corporate disciplines can be used to strengthen your compliance program, in a manner similar to vertical and transverse integration of structural integrity presented in an arch. Finally, just as the arch utilized some of the most basic construction elements in existence, by using the other corporate disciplines, engaging in precisely their corporate functions, you can create a strong foundation in your compliance program going forward.

Join us tomorrow where we look at the intersection of Gothic Cathedrals and compliance incentives.

Categories
The Compliance Life

Bridget Abraham-Bridget Abraham-Into the CCO Chair

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

From Western Union, Bridget moved to the CCO Chair at Remitly, a remittance payment company. She discussed the mission-driven approach of Remitly to do the right thing. She talked about some of her early challenges and how she could leverage her economics background into a full compliance program. Some of her challenges included scaling up the compliance program and moving into new markets.

Resources

Bridget Abraham LinkedIn Profile

Categories
Blog

Great Structures Week II – Structures from Ancient Egypt and Greece and Written Standards

I continue my Great Structures Week with a focus on great structures from the earliest times, ancient Egypt and Greece. I am drawing these posts from The Teaching Company course, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. From Egypt there are of course the Pyramids, of which Ressler says, “They’re important, not just because they’re great structures, but also because they represent some of the earliest human achievements that can legitimately be called engineering. The Great Pyramid of Giza stands today as a testament to the strength and durability of Egyptian structural engineering skills.”

From Greece we derive what Vitruvius called the “Empirical Rules for Temple Design” which define a “single dimensional module equal to the radius of a column in the temple portico, then specify all other dimensions of the building in terms of that module.” These rules are best seen in Greek temples, largely consisting of columns, which are defined as “a structural element that carries load primarily in compression” and beams, which are “structural elements subject to transverse loading and carry load in bending.” My favorite example of the use of columns is seen in the Parthenon; the most famous of all Greek temples still standing.

In many ways these two very different structures stand as the basis of all structural engineering and Great Structures that come later throughout history. For any anti-corruption compliance regime based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery statutes, the same is true for a Code of Conduct and written policies and procedures. They are both the building blocks of everything that comes thereafter.

In an article Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, stated a company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the FCPA Resource Guide 2nd edition, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Another way to think of policies, procedures and controls was stated by Aaron Murphy, in his book “Foreign Corrupt Practices Act”, when he said that you should think of all three as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Borrowing from an article in the Houston Business Journal, entitled “Company policies are source and structure of stability”, I found some interesting and important insights into the role of policies in any anti-corruption compliance program. Allen says that the role of policies is “to protect companies, their employees and consumers, and despite an occasional opposite outcome, that is typically what they do. A company’s policies provide a basic set of guidelines for their employees to follow. They can include general dos and don’ts or more specific safety procedures, work process flows, communication guidelines or dress codes. By establishing what is and isn’t acceptable workplace behavior, a company helps mitigate the risks posed by employees who, if left unchecked, might behave badly or make foolhardy decisions.”

Allen notes that policies “are not a surefire guarantee that things won’t go wrong, they are the first line of defense if things do.” The effective implementation and enforcement of policies demonstrate to regulators and the government that a “company is operating professionally and proactively for the benefit of its stakeholders, its employees and the community it serves.” If it is a company subject to the FCPA, by definition it is an international company so that can be quite a wide community.

Allen believes that there are five key elements to any “well-constructed policy”. They are:

  • identify to whom the policy applies;
  • establish the objective of the policy;
  • explain why the policy is necessary;
  • outline examples of acceptable and unacceptable behavior under the policy; and
  • warn of the consequences if an employee fails to comply with the policy.

Allen notes that for polices to be effective there must be communication. He believes that training is only one type of communication. I think that this is a key element for compliance practitioners because if you have a 30,000+ worldwide work force, the logistics alone of such training can appear daunting. Consider gathering small groups of employees, where detailed questions about policies can be raised and discussed, as a powerful teaching tool. Allen even suggests posting Frequently Asked Questions (FAQ’s) in common areas as another technique.

The FCPA Resource Guide 2nd edition ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” Allen puts a bit differently in that “it is important that policies are applied fairly and consistently across the organization.” He notes that the issue can be that “If policies are applied inconsistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated.” This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

Join us tomorrow where we look at the Roman Arch and resourcing your compliance program.

Categories
The Compliance Life

Bridget Abraham-From Consulting to Compliance

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

From the Federal Reserve, Bridget then moved into the consulting world, starting a Bearing Point and then Deloitte. From there, she moved into the realm of compliance, starting in the financial world at Citibank, working in Compliance Analytics and Assessments. The banking world was transitioning from a manual approach to compliance into more of a tech solution option. She then moved to Western Union, first as Vice President of Global Compliance Programs, then to Deputy Chief Compliance Officer, where her role was much broader than her prior focus on data and data analytics.

Resources

Bridget Abraham LinkedIn Profile

Categories
Daily Compliance News

October 6, 2022 the Worst CCO Ever Edition

In today’s edition of Daily Compliance News:

Categories
The Compliance Life

Bridget Abraham- College & Early Career

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

Bridget was the first member of her family to go to college. She got a degree in Economics from Colorado State University and then obtained a Master Degree, also in Economics. Her Master’s degree focused agricultural economics, which was really about sustainability,  the environment that had the impact that it had in small rural America, and research focusing on the economics of small business and the importance of agriculture in those communities. After a brief stop in NYC, Bridget went to work at the Federal Reserve Bank where she presented her research at various forums. She began her career with the Federal Reserve Bank working on economic research, later moving into more of a banking supervision role. She dealt with compliance with the Patriot Act and the Bank Secrecy Act.

Resources

Bridget Abraham LinkedIn Profile

Categories
FCPA Compliance Report

The EC Gang on the Monaco Doctrine

In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, we have the Award-Winning Everything Compliance quartet of Jonathan Marks, Jonathan Armstrong, Karen Woody, and Tom Fox on the Monaco Memo.

1. Tom Fox looks at the Monaco Memo through the monitorship language and answers a listener’s questions about compliance programs under the Monaco Memo.

2. Karen Woody reviews the Monaco Memo, the self-disclosure angle, and investigatory considerations and ponders the role of defense counsel going forward.

3. Jonathan Marks also looks at investigatory issues under the Monaco Memo, the role of the Board of Directors, and the role of the forensic auditor under the Monaco Memo.

4. Jonathan Armstrong’s self-disclosure from a UK angle joins Karen Woody in questioning how defense counsel should move forward.

Resources

Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog

1.     A Jolt for Compliance

2.     Timely Self-Disclosure

3.     Corporate Compliance Programs

4.     Monitors

5.     The Heat is On

Monaco Memo

Categories
Great Women in Compliance

Margarita Derelanko – She’s Going Places

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

In late 2018, Mary and Lisa began advertising the launch of the Great Women in Compliance podcast, which would air on 6 December 2018.  Margarita Derelanko was one of the people who saw the marketing collateral and grew excited about the incoming podcast.  She affords Lisa and Mary the opportunity to hear what the launch of the podcast was like from the other side of the fence – the to-date missing aspect of their origin story – what the listenership was thinking and how the podcast was received.  Margarita shares how the podcast has impacted her life, including her takeaways from having her first article published, and the benefits she has gained from the encouragement of the hosts and guests.

Unlike many of the GWIC and certainly unlike Mary and Lisa, Margarita had the opportunity to choose whether or not to be in Compliance and she shares what it’s like for the new generation to consider joining the field – spoiler alert, Compliance Destiny appears yet again!  It’s a real thing folks!

Margarita shares some advice for helping to overcome biases when you don’t look like you fit the part.  She is of very small stature and is lucky enough to have youthful looks – causing some to make unfair judgments.  Listen in for how she overcomes the biases and consider how you can turn some of your perceived greatest weaknesses into a strength.

Following on from Mia Reini’s tips for putting together an engaging line up for the The Home Depot’s Compliance Summit, Margarita lends some tips from her experience on the planning team for the Waud Capital Partner’s Compliance Symposium to have a successful event.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.

You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Monaco Doctrine and Memo

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we look at the recently announced Monaco Doctrine as encapsulated in the Monaco Memo. Highlights include:

  1. Corporate accountability.
  2. Timeliness in turning over evidence of wrongdoing.
  3. Baby Carrots in evaluating the corporate history of misconduct.
  4. Additions to Evaluation of Corporate Compliance Programs.
  5. Tweaks to the Yates Memo formulation.
  6. Monitors and Monitorships.

 Resources

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

  1. Introduction
  2. Self-Disclosure
  3. Corporate Compliance Programs
  4. Monitors
  5. The heat is on

Monaco Memo

Categories
The Compliance Life

Maria D’Avanzo – To Traliant and Beyond

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Maria D’Avanzo. We discuss Maria’s journey from a real estate and small business lawyer to compliance, then CCO chair, and now as the Chief Evangelist Officer at Traliant.

In this concluding episode, Maria discussed how she used the tools and skills she learned to move to a Traliant, where she is well positioned to help compliance professionals gain insights into their programs and help them better appreciated how Traliant can support their efforts. She is working with  with Traliant’s executive team as we not only develop new products but also enhance our existing offerings by listening tours with customers,  customer advisory councils and expounding on training’s role in speak-up culture.

Resources

Maria D’Avanzo LinkedIn Profile

Traliant.com