Categories
Blog

Day 21 of 30 Days to a Better Compliance Program, the Compliance Oversight Committee

Key Takeaways 

  1. Determine an appropriate committee membership.
  2. The committee is there to act as an extra set of eyes for the CCO, not to substitute its judgment.
  3. Determine the scope of items and issues to be reviewed by the committee.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Compliance Oversight Committee provides a second set of eyes for the CCO and compliance department.    ]]>

Categories
Blog

Day 20 of 30 Days to a Better Compliance Program, the Board of Directors’ Compliance Committee

Key Takeaways

  1. This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
  2. This committee should work to hold the CCO accountable to hit appropriate metrics.
  3. This committee is ideal for leading the efforts around strategic planning.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.  ]]>

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.]]>

Categories
Across the Board

Across the Board-Episode 4, Why Wells Fargo Needs Compliance Expertise on the Board

prevent, detect and remediate. In addition to getting its regulatory house in order, Wells Fargo has one very large culture problem which needs compliance expertise. Even for a former Bank president, the issue of compliance is at the absolute forefront of Wells Fargo’s miasma.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3vL” float=”none”]Wells Fargo needs a true compliance expert on its Board of Directors.[/tweet_box]]]>

Categories
Everything Compliance

Everything Compliance-Episode 16, Review of Jesse Eisinger’s book, The Chickenshit Club

The Chickenshit Club by Jesse Eisinger may mean for the compliance practitioner. We consider the internal journey of the Department of Justice from their days of Enron, WorldCom, and Adelphia convictions to the 2008 financial crisis where no senior executives were prosecuted. A series of steps led to this change, and we discuss the key changes in the DoJ’s thinking. The book is a real page-turner, and our discussion reflects this. We believe that every compliance practitioner should read the book and understand its lessons from DOJ prosecution. Every compliance practitioner should read Eisinger’s book The Chickenshit Club. You can purchase a copy of the book The Chickenshit Club by clicking here.]]>

Categories
Blog

Day 1 Of One Month to More Effective Continuous Improvement-Continuous Improvement in a Compliance Program

Continuous improvement requires you to audit and monitor whether employees are staying with the compliance program. In addition to the language in the FCPA Guidance, two of the seven compliance elements in the U.S. Sentencing Guidelines call for companies to monitor, audit, and respond quickly to misconduct allegations. These three activities are vital components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs. The 2012 FCPA Guidance goes on to make clear that each company should assess and manage its risks. It notes that small and medium-sized enterprises likely will have different risk profiles and, therefore, different attendant compliance programs than large multinational corporations.

Moreover, this is something that the DOJ and SEC consider when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ but is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.

Ongoing monitoring is one handy tool often misused or misunderstood in the continuous improvement cycle. This can come from the confusion about the differences between monitoring and auditing. Monitoring involves reviewing and detecting compliance variances in real-time and reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program regularly and consistently across a broad spectrum of data and information. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe to uncover and/or evaluate certain risks, mainly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. Although the protocol is unique, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to investigate the issue further. Your company should establish a regular monitoring system to address problems. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. These ongoing efforts demonstrate that your company is serious about compliance. What should you do with this information? I would suggest that you have a strategic plan in place ready to implement your findings of continuous improvement by using the following:

  • Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
  • Design an Execution Plan. The “Keep it Simple, Sir” or KISS method is best for moving forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
  • Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representative to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
  • Schedule the Next Review of the Plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.

It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will implement a mechanism to demonstrate your company’s commitment to compliance by following through on the intentions outlined in your strategic plan. Continuous improvement through monitoring or other techniques will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based on new and updated best practices specified by regulators. A compliance program is, in many ways, a continuously evolving organism, just as your company is. It would help if you built a way to keep pace with the market and regulatory changes to have a truly effective anti-corruption compliance program. The 2012 FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improve­ment and sustainability.” 

Three Key Takeaways

  1. Your compliance program should be continually evolving.
  2. Monitoring and auditing are different yet complementary tools for continuous improvement.
  3. DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered.

Continuous improvement is a key component of a best practices compliance program. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor, Affiliated Monitors, at www.affiliatedmonitors.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – Episode 343 – James Koukios on Morrison & Foerster’s Top Ten International Anti-Corruption Developments for May 2017

Top Ten International Anti-Corruption Developments for May 2017. Our topics include:

  1. FCPA Assistant Chief BJ Stieglitz has been selected for detail to UK Financial Enforcement Authorities. We discuss how a prosecutor works overseas, what this might mean for prosecutions going forward in the US and UK, and the relationship of the DOJ with its British counterparts.
  2. The DOJ has moved to terminate its DPA over Hewlett-Packard. We discuss what it means to have a DPA terminated and the DOJ’s role in this phase. We also consider the decision-making process if a DPA has to be extended due to continued or new conduct by a company under such an agreement.
  3. Finally, we consider some of the difficulties of the DOJ’s Challenges in Obtaining Foreign Evidence through a recent ruling in the Civil Forfeiture Case. On May 9, 2017, In the case of United States v. Prevezon Holdings Ltd., Southern District of New York Judge William H. Pauley III ruled that certain evidence obtained by prosecutors from foreign sources was admissible in a civil asset forfeiture case, notwithstanding that the documents lacked the requisite certifications under the Federal Rules of Evidence. We consider the process for getting information from overseas; why it takes so long, and what happens if it does not meet US evidentiary or even admissibility standards?

Click here to see a full copy of the firm’s Top Ten International Anti-Corruption Developments publication for May 2017. James Koukios returns to discuss MoFo’s Top Ten International Anti-Corruption Developments for May 2017. 

Categories
Everything Compliance

Everything Compliance-Episode 14

Show Notes for Everything Compliance-Episode 14 

Topics from Matt:

  1. Trump Administration & FCPA enforcement— we have two declinations now; maybe a compare-and-contrast and speculation on what a tough Trump Admin enforcement WOULD look like;
  2. EU’s GDPR— Do EU regulators know what they want to do with the enforcement of this law; if they follow the lead of the anti-competition people whacking Google, it could be a big deal;
  3. Hui Chen’s departure from the Justice Department, both her public rebuke of Trump and the substance of how she believes her guidance has been misinterpreted; and
  4. Ethical leadership and the lack thereof; the menace of abusing perks and privilege, connecting my posts about Uber’s leaders and Chris Christie vacationing on a closed beach.

Topics from Jay:

  1. How do the Campaign Finance Laws mirror/or differ from the FCPA?
  2. Will the Russian Collusion Investigation reveal the ultimate FCPA violation?
  3. Regarding Walter Shaub’s departure from the Office of Governmental Ethics (OGE), does it matter? What is OGE supposed to do, and why did it work for the past 40+ years but fall on deaf ears with the Trump administration?
  4. Dovetailing with Matt’s question about a slow H1 for FCPA enforcement and in light of the just-released Gibson Dunn FCPA Mid-Year Report, does the current climate (and lack of vigorous enforcement) provide a perfect storm for companies to look the other way if they fall off the E&C wagon, or do we think that companies are still being vigilant despite a perception of decreased enforcement?

Rants follow this week’s episode. What do the two declinations in 2017 mean? The Everything Compliance panel of experts weighs in.

Categories
This Week in FCPA

This Week in FCPA-Episode 46, the On the Rode to Prague Edition

  • Why powerful people fail to stop bad behavior by their underlings. Click here for the article.
  • Some policy management lesson, courtesy United Airlines. Click here for Matt Kelly’s article on Radical Compliance.
  • Why you shouldn’t linger too long in the wrong compliance position. See Julie DiMauro’s blog post on the FCPA Blog.
  • Bribe recipient in the Gerald and Patricia Green FCPA case gets 50 years in prison. See article in the FCPA Blog.
  • Using data to operationalize your compliance program. Read Tom’s blog post, by clicking here.
  • What the New York state Department of Financial Services new regulation on cybersecurity for financial services companies means for compliance officers. See Tom’s blog post by clicking here.
  • Jay previews his weekend report.
  • Jay Rosen new contact information:
    Jay Rosen, CCEP
    Vice President, Business Development
    Monitoring Specialist
    Affiliated Monitors, Inc.
    Mobile (310) 729-6746
    Toll Free (866)-201-0903
    JRosen@affiliatedmonitors.com
    [tweet_box design=”default” url=”http://wp.me/p6DnMo-3aD” float=”none”]How can the use of data help to operationalize your compliance program?[/tweet_box]]]>

    Categories
    Compliance Into the Weeds

    Compliance into the Weeds-Episode 28

    Microsoft Cybersecurity Tool May Prompt Compliance” as a starting point to consider the Big Brother implications, two-step security features, AI issues and all of this ties directly into the corporate compliance function.
    [tweet_box design=”default” url=”http://wp.me/p6DnMo-33j” float=”none”]Microsoft’s Secure Score paves the way for better and more efficient compliance.[/tweet_box]]]>