prevent, detect and remediate. In addition to getting its regulatory house in order, Wells Fargo has one very large culture problem which needs compliance expertise. Even for a former Bank president, the issue of compliance is at the absolute forefront of Wells Fargo’s miasma.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3vL” float=”none”]Wells Fargo needs a true compliance expert on its Board of Directors.[/tweet_box]]]>
Tag: CCO
The Chickenshit Club by Jesse Eisinger may mean for the compliance practitioner. We consider the internal journey of the Department of Justice from their days of Enron, WorldCom, and Adelphia convictions to the 2008 financial crisis where no senior executives were prosecuted. A series of steps led to this change, and we discuss the key changes in the DoJ’s thinking. The book is a real page-turner, and our discussion reflects this. We believe that every compliance practitioner should read the book and understand its lessons from DOJ prosecution. Every compliance practitioner should read Eisinger’s book The Chickenshit Club. You can purchase a copy of the book The Chickenshit Club by clicking here.]]>
Continuous improvement requires you to audit and monitor whether employees are staying with the compliance program. In addition to the language in the FCPA Guidance, two of the seven compliance elements in the U.S. Sentencing Guidelines call for companies to monitor, audit, and respond quickly to misconduct allegations. These three activities are vital components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs. The 2012 FCPA Guidance goes on to make clear that each company should assess and manage its risks. It notes that small and medium-sized enterprises likely will have different risk profiles and, therefore, different attendant compliance programs than large multinational corporations.
Moreover, this is something that the DOJ and SEC consider when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ but is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.
Ongoing monitoring is one handy tool often misused or misunderstood in the continuous improvement cycle. This can come from the confusion about the differences between monitoring and auditing. Monitoring involves reviewing and detecting compliance variances in real-time and reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program regularly and consistently across a broad spectrum of data and information. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe to uncover and/or evaluate certain risks, mainly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. Although the protocol is unique, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to investigate the issue further. Your company should establish a regular monitoring system to address problems. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. These ongoing efforts demonstrate that your company is serious about compliance. What should you do with this information? I would suggest that you have a strategic plan in place ready to implement your findings of continuous improvement by using the following:
- Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
- Design an Execution Plan. The “Keep it Simple, Sir” or KISS method is best for moving forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
- Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representative to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
- Schedule the Next Review of the Plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.
It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will implement a mechanism to demonstrate your company’s commitment to compliance by following through on the intentions outlined in your strategic plan. Continuous improvement through monitoring or other techniques will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based on new and updated best practices specified by regulators. A compliance program is, in many ways, a continuously evolving organism, just as your company is. It would help if you built a way to keep pace with the market and regulatory changes to have a truly effective anti-corruption compliance program. The 2012 FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.”
Three Key Takeaways
- Your compliance program should be continually evolving.
- Monitoring and auditing are different yet complementary tools for continuous improvement.
- DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered.
Continuous improvement is a key component of a best practices compliance program. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor, Affiliated Monitors, at www.affiliatedmonitors.com.
Top Ten International Anti-Corruption Developments for May 2017. Our topics include:
- FCPA Assistant Chief BJ Stieglitz has been selected for detail to UK Financial Enforcement Authorities. We discuss how a prosecutor works overseas, what this might mean for prosecutions going forward in the US and UK, and the relationship of the DOJ with its British counterparts.
- The DOJ has moved to terminate its DPA over Hewlett-Packard. We discuss what it means to have a DPA terminated and the DOJ’s role in this phase. We also consider the decision-making process if a DPA has to be extended due to continued or new conduct by a company under such an agreement.
- Finally, we consider some of the difficulties of the DOJ’s Challenges in Obtaining Foreign Evidence through a recent ruling in the Civil Forfeiture Case. On May 9, 2017, In the case of United States v. Prevezon Holdings Ltd., Southern District of New York Judge William H. Pauley III ruled that certain evidence obtained by prosecutors from foreign sources was admissible in a civil asset forfeiture case, notwithstanding that the documents lacked the requisite certifications under the Federal Rules of Evidence. We consider the process for getting information from overseas; why it takes so long, and what happens if it does not meet US evidentiary or even admissibility standards?
Click here to see a full copy of the firm’s Top Ten International Anti-Corruption Developments publication for May 2017. James Koukios returns to discuss MoFo’s Top Ten International Anti-Corruption Developments for May 2017.
Show Notes for Everything Compliance-Episode 14
Topics from Matt:
- Trump Administration & FCPA enforcement— we have two declinations now; maybe a compare-and-contrast and speculation on what a tough Trump Admin enforcement WOULD look like;
- EU’s GDPR— Do EU regulators know what they want to do with the enforcement of this law; if they follow the lead of the anti-competition people whacking Google, it could be a big deal;
- Hui Chen’s departure from the Justice Department, both her public rebuke of Trump and the substance of how she believes her guidance has been misinterpreted; and
- Ethical leadership and the lack thereof; the menace of abusing perks and privilege, connecting my posts about Uber’s leaders and Chris Christie vacationing on a closed beach.
Topics from Jay:
- How do the Campaign Finance Laws mirror/or differ from the FCPA?
- Will the Russian Collusion Investigation reveal the ultimate FCPA violation?
- Regarding Walter Shaub’s departure from the Office of Governmental Ethics (OGE), does it matter? What is OGE supposed to do, and why did it work for the past 40+ years but fall on deaf ears with the Trump administration?
- Dovetailing with Matt’s question about a slow H1 for FCPA enforcement and in light of the just-released Gibson Dunn FCPA Mid-Year Report, does the current climate (and lack of vigorous enforcement) provide a perfect storm for companies to look the other way if they fall off the E&C wagon, or do we think that companies are still being vigilant despite a perception of decreased enforcement?
Rants follow this week’s episode. What do the two declinations in 2017 mean? The Everything Compliance panel of experts weighs in.
Jay Rosen new contact information:
Jay Rosen, CCEP
Vice President, Business Development
Monitoring Specialist
Affiliated Monitors, Inc.
Mobile (310) 729-6746
Toll Free (866)-201-0903
JRosen@affiliatedmonitors.com
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3aD” float=”none”]How can the use of data help to operationalize your compliance program?[/tweet_box]]]>
Microsoft Cybersecurity Tool May Prompt Compliance” as a starting point to consider the Big Brother implications, two-step security features, AI issues and all of this ties directly into the corporate compliance function.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-33j” float=”none”]Microsoft’s Secure Score paves the way for better and more efficient compliance.[/tweet_box]]]>
Show Notes for Episode 38, for the week ending February 3, the M&M edition:
- January a month for the FCPA record books. See article in the FCPA Blog.
- Are hunting trips a FCPA violation? How about in Sweden? See article in by Tom Fox in Compliance Week.
- VW update-what the former CEO knew and when did he know it and CCO ‘departs’. What does it all mean? See Tom Fox articles in Compliance Week on the former CEO and the departure of the CCO.
- New Tom Fox series on One Month to a Better Board, FCPA Compliance Report.
- Everything Compliance-Episode 6 is out. It is dedicated exclusively to Rolls-Royce.
- Jay Rosen Weekend Report preview.
- Super Bowl predictions.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-31q” float=”none”]What were the week’s top FCPA, compliance and ethics stories? Check out This Week in FCPA to find out. [/tweet_box]]]>
In this episode Jay Rosen and I take a dive into the General Cable FCPA enforcement action, consider the ‘Invisible Hand’ of Justice Department Compliance Counsel Hui Chen and greater regulatory enforcement, corporate response and innovation. We explain how these three factors combine in an ‘Invisible Hand’ to form a continuous improvement loop of compliance program innovation. It leads developments from cutting edge to best practices to becoming a routine part of an effective compliance program. We discuss the upcoming NFL divisional round of playoffs and conclude with Jay previewing the Jay Rosen Weekend Report. For more information on the General Cable FCPA enforcement action, check out my three-part blog post series:
Part I-the Bribery Schemes
Part II-the Comeback
Part III-the Denouement
[tweet_box design=”default” url=”http://wp.me/p6DnMo-2W9″ float=”none”]How does the invisible hand impact continuous improvement of compliance programs?[/tweet_box]]]>
