Tag: CCO

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Answering DOJ Questions on Confidential Reporting

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.”

This was expanded in the DOJ’s 2020 Guidance, in the section entitled “D. Confidential Reporting Structure and Investigation Process,” with the following language, “Another hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct. Prosecutors should assess whether the company’s complaint-handling process includes proactive measures to create a workplace atmosphere without fear of retaliation, appropriate processes for submitting complaints, and processes to protect whistleblowers.”

Three Key Takeaways:

  1. Internal reporting systems indicate a working, operationalized compliance program.
  2. There must be a solid communication line between the people doing the investigation and those leading the remediation.
  3. Your internal reporting mechanism must be trusted.
Categories
Data Driven Compliance

Data Driven Compliance: Christian Perez-Font on Law, Compliance & Data

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. The intersection of law, compliance, and data is becoming increasingly important in cross-border transactions, mergers, and acquisitions.

In this episode, Tom welcomes Christian Perez-Font for the first of two parts on using performance bonds and data analytics to guarantee these transactions and the legal requirements and nuances of different jurisdictions when conducting due diligence. They also discussed how technology changes how companies manage Latin American operations, how practitioners need to understand Excel spreadsheets, and how to share data to benchmark and extract the correct information. Christian’s background in engineering and economics has helped him incorporate data analytics, compliance, and law into a unique package. Tune in to Data Driven Compliance and stay ahead of the curve in the compliance world!

Key Highlights:

  • Law Compliance & Data
  • Data as Fuel
  • Data Analytics in M&A
  • Data Analytics in Compliance

Resources:

Christian Perez-Font on LinkedIn 

Thinkeen Legal

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Man Chooses the Target

Compliance Man Takes a Eurotrip – Piotr Żyłka on Poland’s Compliance Revolution

Compliance Man is back for a new season! Get ready for a EuroTrip with Tom Fox and Tim Khasanov-Batirov on their hit podcast, Compliance Man! Join Tom Fox and co-host Timur Khasanov-Batirov on a Euro trip as they delve into the world of Poland’s Compliance Revolution with guest Piotr Żyłka.

The implementation of the Whistleblowing Directive and the Corporate Sustainability Due Diligence Directive into the Polish Legal System could be a major step forward in the fight against corruption. Tom Fox and Tim Khasinov-Batirov had a conversation with Piotr Żyłka, an author of the It’s All About Compliance blog, publisher, and compliance platform in Europe, to discuss the Polish compliance scene and the need for a Polish FCPA. Piotr discussed the banking law requirements, the DOJ guidelines, the New York City Bar Association paper, and the influence of foreign companies on compliance controls in Poland. He also highlighted the need for trainings, engagement of top management, and internal controls like KYC. Tom and Tim thanked Piotr for his time and knowledge and invited him to come back on the podcast to share his views.

Key Highlights

·      Internal Controls in Poland

·      Compliance in Poland

·      Sanctions Compliance

·      A Polish FCPA Needed?

 Resources

Piotr Żyłka on LinkedIn

It’s All About Compliance

Tim Khasanov-Batirov on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Board – 20 Questions Directors Should Ask about the Board Compliance Committee

In an area of inquiry entitled Oversight, the 2023 ECCP asks three basic questions which we have explored throughout this chapter:

1. What compliance expertise has been available on the Board of Directors?

2. Have the Board of Directors held executive or private sessions with the compliance function?

3. What types of information has the Board of Directors examined in their exercise of oversight in the area in which the misconduct occurred?

To facilitate the answers to these questions, consider this list of 20 questions to reflect the oversight role of directors. These are questions the Board should ask of both senior management and the Board should ask itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.

Part I: Understanding the Role and Value of the Compliance Committee

1. What are the Compliance Committee’s responsibilities and what value does it bring to the Board?

2. How can the Compliance Committee help the Board enhance its relationship with management?

3. What is the role of the Compliance Committee?

Part II: Building an Effective Compliance Committee

4. What skill sets does the Compliance Committee require?

5. Who should sit on the Compliance Committee?

6. Who should chair the Compliance Committee?

Part III: Directed to the Board

7. What is the Compliance Committee’s role in building an effective compliance program within the company? How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?

8. How long should directors serve on the Compliance Committee?

9. How can the Compliance Committee assist directors in retiring from the Board?

Part IV: Enhancing the Board’s Performance Effectiveness

10. How can the Compliance Committee assist in director development?

11. How can the Compliance Committee help the Board chair sharpen the Board’s overall performance focus?

12. What is the Compliance Committee’s role in Board evaluation and feedback?

13. What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?

14. Should the Compliance Committee have a role in chair succession?

15. How can the Compliance Committee help the Board keep its mandates, policies and practices up-to-date?

Part V: Merging Roles of the Compliance Committee

16. How can the Compliance Committee enhance the Board’s relationship with institutional shareholders and other stakeholders?

17. What is the Compliance Committee role in CCO succession?

18. How can the Compliance Committee foster great technical impact for compliance function?

19. What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?

20. How can the Compliance Committee help the Board in deciding CCO pay, bonus and resources made available to the corporate compliance function?

 Three key takeaways:

1. The DOJ Evaluation requires active Board of Director engagement around compliance.

2. Board communication on compliance is a two-way street; both inbound and outbound.

3. Has the Board built an effective Compliance Committee for itself?

Categories
Compliance Into the Weeds

Compliance into the Weeds: What is Driving Compliance Engagement at the Board?

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

In this episode, co-hosts Tom Fox and Matt Kelly dissect the Navex 2023 State of Risk and Compliance Report. Tom and Matt delve into Navex’s annual benchmarking report, which surveyed 1,300 compliance professionals. The report revealed that 53% of respondents described their compliance programs as mature. Matt and Tom question whether the board is driving the conversation or if compliance officers request updates due to potential liability. The report’s findings on cybersecurity and privacy concerns, survey results on where compliance should reside in a company, and the importance of having a mature anti-bribery anti-corruption compliance program are all discussed. Tune in to hear more about how compliance officers can address pressing concerns such as cybersecurity breaches and attacks.

Key Highlights:

  • Navex’s benchmark report on compliance programs
  • Board-Compliance Officer Relationship & Cybersecurity in Compliance
  • The necessity of Dedicated Compliance Committees
  • Survey Finds Diverse Views on Compliance Placement in Companies
  • The Importance of Anti-Bribery Compliance for Cybersecurity
  • Compliance Officer Reporting to CISO Dynamics

 Resources:

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Tribute to Cormac McCarthy-Lessons for the Compliance Professional

Cormac McCarthy died last week. According to his New York Times (NYT) obituary, he was “the formidable and reclusive writer of Appalachia and the American Southwest, whose raggedly ornate early novels about misfits and grotesques gave way to the lush taciturnity of “All the Pretty Horses” and the apocalyptic minimalism of “The Road,” died on Tuesday at his home in Santa Fe, N.M. He was 89.” I came to McCarthy through his work All The Pretty Horses and it was one of the seminal books I have ever read. The only book I can compare it to is Now Let’s Us Praise Famous Men by James Agee and photographer Walker Evans. (Evan’s photos are as spectacular and as equally famous as Agee’s prose.) So today, as my tribute to McCarty, I wanted to take a deep dive into All The Pretty Horses and mine it for leadership lessons for the compliance professional. 

Story Synopsis

All the Pretty Horses was published in 1992. It’s the first book in McCarthy’s Border Trilogy. The story begins in 1949 and is centered around the life of John Grady Cole, a 16-year-old who grew up on his grandfather’s ranch in San Angelo, Texas. After his grandfather’s death, his mother decides to sell the ranch, leaving John Grady, a born and bred cowboy, deeply affected.

Instead of giving in to the changing times, John Grady and his best friend, Lacey Rawlins, decide to head south to Mexico, looking for work as ranch hands. On their way, they encounter a volatile and troubled teenager, Jimmy Blevins, who despite their reservations, joins them. In Mexico, they find work on a vast ranch owned by Don Héctor Rocha y Villareal. John Grady becomes an accomplished horse breaker and falls in love with Don Hector’s daughter, Alejandra, which is forbidden given their different social classes.

However, their peaceful existence is disrupted when Blevins’ past catches up with them. Blevins is accused of horse theft and murder, and John Grady and Rawlins are arrested as his accomplices. Blevins is executed without a trial, while John Grady and Rawlins spend time in a harsh Mexican prison. After enduring the brutal prison conditions, they are released due to the efforts of Alejandra’s great aunt. However, Alejandra, under pressure from her family, ends her relationship with John Grady, which leaves him heartbroken.

John Grady returns to Texas and finds that the world he once knew has changed irreversibly. The novel ends with him setting off into the sunset, uncertain about his future, but with an unbroken spirit and love for the cowboy way of life.

The novel is a coming-of-age story that explores themes of loss, love, and the tension between the old world and the new. McCarthy’s unique narrative style, characterized by minimal punctuation and lyrical prose, underscores the raw beauty and harsh realities of life in the American Southwest and northern Mexico.

Leadership Lessons

All the Pretty Horses presents leadership lessons for the compliance professional through its protagonist John Grady Cole and his experiences. Here are some key leadership lessons we can glean for the compliance professional include:

Decision-Making: John Grady often must make tough decisions, like when he decides to leave his hometown to find a life that suits him better. His choice to help Blevins, despite the risk, also shows a lot about his character. Compliance leadership lesson– compliance professionals must understand that leadership often involves making difficult decisions, with both immediate and long-term consequences.

Responsibility: John Grady takes responsibility for his actions and their consequences. He faces up to his punishments and doesn’t shy away from difficult tasks. Compliance leadership lesson-every compliance professional must accept responsibility for their decisions, good or bad.

Courage: Throughout his journey, John Grady consistently shows courage, whether it’s dealing with the harsh conditions in the Mexican prison or standing up for his values. Compliance leadership lesson– every compliance professional needs to have courage to face adversity, take risks, and stand up for what they believe in. Sometimes you must speak truth to power and be willing to accept the consequences.

Perseverance: John Grady’s determination to survive and maintain his dignity, even in the harshest circumstances, reflects a crucial quality of a leader. Compliance leadership lesson-every compliance professional needs to show determination and the ability to bounce back from setbacks.

Respect and Empathy: John Grady respects the individuals he interacts with, from his fellow cowboys to the horses he works with. Compliance leadership lesson-every compliance professional must respect your colleagues and demonstrate empathy for their challenges in doing business going forward, which are qualities that are critical for a leader to have when dealing with their team.

Integrity: John Grady has a strong sense of moral integrity, sticking to his principles even when faced with challenging situations. Compliance leadership lesson-every compliance professional must always demonstrate integrity in all aspects of your professional life. This is a key trait for leaders, who must maintain integrity and honesty.

Adaptability: Even though John Grady faces a world that is changing around him, he learns to adapt while staying true to his values. Compliance leadership lesson-every compliance professional must adapt to new risks your business meets; whether through new business initiatives or a global pandemic. In short, compliance leaders must demonstrate the ability to adapt to changing circumstances while maintaining core values is crucial.

Failure: Through his relationship with Alejandra, John Grady learns about love, loss, and sacrifice. These experiences, though painful, help him grow and mature as a leader. Compliance leadership lesson-every compliance professional will have failures. How you learn from them will be a key to your development. Compliance professionals need to understand that personal growth often comes through fighting through difficulty.

If you have never done so, I would urge you to read All The Pretty Horses and I hope you find it as moving as I did.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Governance and Risk Oversight

One of the ongoing questions from members of the Board of Directors is how to resolve the tension between oversight and management. I recently had the opportunity to visit with Joe Howell, former Executive Vice President (EVP) of Workiva, Inc., on this subject. Howell has worked on and with Boards of Directors at various companies, and I wanted to garner his understanding of the role of a Board, senior management, and a Chief Compliance Officer (CCO). Howell’s short response was an excellent starting point for understanding the role; put sand in management’s shoes.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong,” can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer is putting a little bit of sand in the shoe to make sure you’re thinking about things carefully can cause you to step back and focus your resources where they’re needed.”

Howell noted that the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “One perfect example is the reputation of those stakeholders involved in the company, and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell stated, “It’s essential as we go through some ways the Board can help management in that role. I think the things that make a difference to management is when the Board can be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their underlying assumptions and biases.”

A Board is more than just there to be a rubber stamp for senior management. It must exercise independent judgment, action, and oversight. Further, it is the Board’s role to ask hard, difficult, and probing questions to ensure management is doing its job and has considered other risk possibilities.

Three Key Takeaways:

  1. Boards should force management to open up the company to itself.
  2. Boards should be a grain of sand in the shoe of management.
  3. Boards should ensure senior management is aware of and planning for known and unknown risks.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board as an Internal Control

James Doty, former Commissioner of the Public Company Accounting Oversight Board (PCAOB) was once asked if the Board or its sub-committee which handles audits was a part of a company’s internal financial controls. He answered that yes, he believed that was one of the roles of an Audit Committee or full Board. I had never thought of the Board as an internal control but the more I thought about it, the more I realized it was an important insight for any Chief Compliance Officer or compliance practitioner as it also applies to compliance internal control.
In the FCPA Resource Guide, 2nd edition, in the Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is in Hallmark No. 1, which states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Doty’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.

A Board’s oversight is part of effective compliance controls, then the failure to do so may result in something far worse than bad governance. Such inattention could directly lead to a FCPA violation and could even form the basis of an independent SOX violation as to the Board.
Three Key Takeaways

  1. A Board must engage in active oversight.
  2. A Board should review the design of internal controls on a regular basis.
  3. Failure to do so could form the basis for an independent legal violation under SOX.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Boards Inquiring Up and Down

Where does “tone at the top” start? It is with public and most private U.S. companies at the Board of Directors. But what is the role of a company’s Board in compliance? First, a Board should not engage in management but oversee a CEO and senior management. The Board asks hard questions, risk assessment, and identification.

These factors can be easily adapted to compliance and ethics risk management oversight. Initially, it must be necessary that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive regular reports on the company’s compliance program’s structure, actions, and self-evaluations. From this information, the Board can oversee any modifications to managing FCPA risk that should be implemented.

Three key takeaways:

  1. A Board Compliance Committee should provide oversight, not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and profitable.
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Once A Con, Always A Con

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in their podcast, 2 Gurus Talk Compliance, as they dive into hot compliance topics. In this episode, they cover the Elizabeth Holmes goes to prison, the current office imbroglios, a record whistleblower award, the perils of using ChatGPT, cyber breach reporting, Gartner and trust and lightening and compliance. With their unique insights and engaging storytelling, this podcast is a must-listen for anyone in the compliance field. Don’t miss the latest episode of 2 Gurus Talk Compliance and stay ahead of the curve!

Highlights Include

·      Racial Justice at the Board

·      Gartner FCPA enforcement action

·      Cyber Incident Reporting

·      AI and Corporate Governance

·      Once a con, always a con

·      Record whistleblower award

·      WFH, RTW and Hybrid-Work

·      CCO Comp

·      Using ChatGPT

·      Penalties low, benefits high

 Resources 

  1. Racial Justice Initiative
  2. Gartner FCPA enforcement action
  3. FSB Report on Cyber Incident Reporting
  4. AI and Corporate Governance
  5. What the Hell Happened Here?.
  6. Record $279 Million Whistleblower Award
  7. Thank Goodness We Didn’t Get Struck by Lightening
  8. 3 Tips for Adapting to the Post-Pandemic Culture Shock at Work
  9. CCO Compensation Up 8%
  10. Here’s What Happens when Your Lawyer Uses ChatGPT

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn