Tag: CCO

Categories
Innovation in Compliance

Making Compliance Training Fun with Andrew Rawson


What if compliance training didn’t have to be boring? Joining us on this episode is Andrew Rawson, the Chief Learning Officer for Traliant, a compliance training company. Today we’re talking about the future of compliance training: how to make it truly effective, useful, and even fun.

The importance of training
The last couple of years have seen the intersection of two seismic forces that have created tremendous demand for quality training. The first was the #MeToo movement, which has brought up the whole topic of compliance training around sexual harassment — so much so that it’s become a need to have instead of a nice to have, even in states where it isn’t required. The second was a change in regulations in different states across the country, now requiring more than 10 million people to be trained.
Effective compliance training
There is a difference between teaching people about the law and teaching them what to do. At Traliant, they wanted to train people how to behave. What do you do when you’re faced with a particular situation? That should be the focus.
The training is also intentionally more modern: well-designed interfaces, interactive videos, professional actors, point systems, getting senior management to record training segments for their peers  — all of which help make learning more engaging.
An important part of making training effective is making sure that people are encouraged to speak up, and that when they do, they’ll be protected. You might not be able to stop bad actors, but you can encourage witnesses to point out the behavior.
Moving away from check-the-box training
Much of compliance training is very check-the-box: a once-a-year thing that companies do to get it over with. But that’s not an effective approach. Traliant has gone from doing one-and-done sessions to creating a more holistic training approach. Examples are 15-20 minute courses for managers involved in investigations and two-minute training videos on dating in the workplace that they call “sparks” — because they’re meant to spark conversations.
Preventing Workplace Sexual Harassment: 4 Top Trends for 2019

  1.  The Equal Employment Opportunity Commission (EEOC) is keeping workplace harassment training front and center, remaining one of its top priorities.
  2. Harassment training continues to evolve, and we’re seeing a shift from helping companies avoid liability to helping people behave properly.
  3. Training is highly state-driven, given their different requirements. So Traliant has built a platform where people can access the training relevant to them, instead of a one-size-fits-all course.
  4. There is a focus on building respectful, inclusive work cultures that embrace compliance training not because they have to, but because they want to.

Resources
Andrew Rawson (LinkedIn)
Traliant (Website)
Preventing Workplace Sexual Harassment: 4 Top Trends for 2019

Categories
Compliance Into the Weeds Daily Compliance News

Compliance into the Weeds: Episode 118-Hotline Metrics

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recently released NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report. We consider the details from the report and ask the following question “are you using all the right intake channels to capture a true sense of misconduct and corporate culture at your organization?” Some of the highlights include:

Some of the highlights include:

  • What are the intake channels available to your organization?
  • If you are only tracking complaints through a formal system, you may well be missing a wider variety and rich source of information.
  • Moving your intake past simply what the law requires will give you a much better accounting of your organization’s culture.
  • How can you improve your intake?
  • Has closure time for reported increase or decrease?
  • What has been the continued impact of #MeToo?

For more reading check out Matt’s blog post “Hotline Metrics-are you missing any?”
To read the full NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report, click here.

Categories
This Week in FCPA

This Week in FCPA-Episode 147 – the Spring has Sprung edition

As the St. Patrick’s Day weekend is past and Spring has sprung all over Tom and Jay are back to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. What are some of the lessons for compliance professionals from the college admissions scandal? Bob Conlin and Carrie Penman lay them out in Navex’s Ethics and Compliance Matters. 
  2. How did the FCPA Corporate Enforcement Policy change for messaging apps? Nate Lankford and Dawn E. Murphy-Johnson spell it out for you in the FCPA Blog.
  3. What’s the difference between concurrent, consecutive and stacked? Sara Kropf explains it all her great blog, Grand Jury Target.
  4. Even the big dogs can be defrauded. Kristen Broughton reports on fraud which cost Google and Facebook over $100MM in the WSJ Risk and Compliance Journal.
  5. Training wheels will continue to be useful in the future. Ken Wielerstein explains in the Analysts Syndicate.
  6. The business response leads to better compliance through FinTech. Matthew Epstein and Robert Werner discuss in NYU’s Compliance and Enforcement Blog. Sonny Singh in Corporate Compliance Insights.
  7. Cyber breach disclosures are a mess. Matt Kelly reports in Radical Compliance.
  8. The Editor speaks on insider threats. Compliance Week Editor Dave Lefort discusses what he learned at Compliance Week West, in Compliance Week. (sub req’d)
  9. Jaclyn Jaeger looks inside the FBI Office of Integrity, in Compliance Week. (sub req’d)
  10. Following up on his blog post series on the MTS FCPA settlement, Tom moves to the audio format for a podcast series on the enforcement action.Check out the following: Part 1-background;Part 2-bribery schemes; Part 3– missed red flags; Part 4-the individual indictments; and Part 5-lessons learned. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotifyand Corporate Compliance Insights.
  11. In Houston on Tuesday? Join Tom and Katie Smith at Convercent’s Roundtable Lunch. Registration and information are here. If you are not in Houston, then join Tom, Louis Sapirman and Katelyn Conlyn for a Convercent webinar on how to better engage with your employees. Registration and information for the webinar found here. Best of all, both events are FREE.
  12. Check out the latest edition of Popcorn and Compliancewhere Tom and Jay looked at Captain Marvel from the compliance perspective.
  13. Join Tom and AMI’s Jesse Caplan next week for a 5-part exploration of emerging issues in healthcare compliance and monitoring. The podcast will be available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply, YouTube, Spotify and Corporate Compliance Insights.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
This Week in FCPA

This Week in FCPA-Episode 146 – Ides of March (formerly St. Patty’s Day) edition

On this Ides of March tAs the St. Patrick’s Day weekend is upon, and we are all Irish at least for a day, Tom and Jay are joined by our favorite Irishman (and the Coolest Guy in Compliance), Matt Kelly to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. Massive corruption scandal rocks college admissions across the country. Dana Goldstein and Jack Healy in the NYT. Douglas Belkin and Jennifer Levitz in the WSJ. Nick Anderson in the Washington Post.
  2. FARA, FARA, FARA. Katie Brenner in the NYT. Dan Packel in Law.com.
  3. Former KPMG national practice leader convicted in PCAOB scandal. Michael Rapaport reports in the Wall Street Journal.
  4. Will the US finally clamp down on shell companies? Matthew Stephenson is cautiously optimistic in the Global Anti-Corruption Blog. General David Petraeus and Sheldon Whitehouse explain why it’s a national security issue in an Op-Ed piece in the Washington Post.
  5. Head coaches behaving badly as LSU head basketball coach suspended indefinitely in NCAA recruiting scandal. Ross Dellenger reports in Sports Illustrated.
  6. DOJ quietly modifies Corporate FCPA Enforcement Policy. Clare Hudson and Adam Dobrik report in GIR. (sub req’d) DOJ policy of self-disclosure making headway. Mingqi Sun in the WSJ Risk and Compliance Journal.
  7. Did Oracle violate the FCPA? (Tech Central)
  8. 1MDB scandal back in the news as former Goldman Sachs banker Timothy Leissner and Roger Ng banned from banking industry for life. David Simpson reports in Law360. (sub req’d) Also-did Jho Low contribute to Trump campaign? Tom Wright and Bradley Hope in the Wall Street Journal.
  9. How can you engage a BOD on cyber risks? Deloitte’s Khalid Kark, Tonie Leatherberry and Debbie McCormack in the Harvard Law School Forum on Corporate Governance.
  10. Tom continues with fan fav podcast series this week, the Adventures in Compliance this week.Check out the following: Part 1-The Red Circle; Part 2-The Abbey Grange; Part 3– The Priory School; Part 4-The Six Napoleons; and Part 5-The Empty House. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply and YouTube. The Compliance Podcast Network is now also on Spotify. It is now on Corporate Compliance Insights.
  11. In a special guest segment, Matt Kelly reports on the highlights from Ethisphere’s Global Business Ethics Summit, which was held this past week in New York.
  12. Check out the latest edition of Popcorn and Compliance where Tom and Jay look at Captain Marvel. It posts Saturday, March 16 on the Compliance Podcast Network.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Blog

Day 21 of 30 Days to a Better Compliance Program, the Compliance Oversight Committee

Key Takeaways 

  1. Determine an appropriate committee membership.
  2. The committee is there to act as an extra set of eyes for the CCO, not to substitute its judgment.
  3. Determine the scope of items and issues to be reviewed by the committee.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Compliance Oversight Committee provides a second set of eyes for the CCO and compliance department.    ]]>

Categories
Blog

Day 20 of 30 Days to a Better Compliance Program, the Board of Directors’ Compliance Committee

Key Takeaways

  1. This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
  2. This committee should work to hold the CCO accountable to hit appropriate metrics.
  3. This committee is ideal for leading the efforts around strategic planning.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.  ]]>

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.]]>

Categories
Across the Board

Across the Board-Episode 4, Why Wells Fargo Needs Compliance Expertise on the Board

prevent, detect and remediate. In addition to getting its regulatory house in order, Wells Fargo has one very large culture problem which needs compliance expertise. Even for a former Bank president, the issue of compliance is at the absolute forefront of Wells Fargo’s miasma.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3vL” float=”none”]Wells Fargo needs a true compliance expert on its Board of Directors.[/tweet_box]]]>

Categories
Everything Compliance

Everything Compliance-Episode 16, Review of Jesse Eisinger’s book, The Chickenshit Club

The Chickenshit Club by Jesse Eisinger may mean for the compliance practitioner. We consider the internal journey of the Department of Justice from their days of Enron, WorldCom, and Adelphia convictions to the 2008 financial crisis where no senior executives were prosecuted. A series of steps led to this change, and we discuss the key changes in the DoJ’s thinking. The book is a real page-turner, and our discussion reflects this. We believe that every compliance practitioner should read the book and understand its lessons from DOJ prosecution. Every compliance practitioner should read Eisinger’s book The Chickenshit Club. You can purchase a copy of the book The Chickenshit Club by clicking here.]]>

Categories
Blog

Day 1 Of One Month to More Effective Continuous Improvement-Continuous Improvement in a Compliance Program

Continuous improvement requires you to audit and monitor whether employees are staying with the compliance program. In addition to the language in the FCPA Guidance, two of the seven compliance elements in the U.S. Sentencing Guidelines call for companies to monitor, audit, and respond quickly to misconduct allegations. These three activities are vital components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs. The 2012 FCPA Guidance goes on to make clear that each company should assess and manage its risks. It notes that small and medium-sized enterprises likely will have different risk profiles and, therefore, different attendant compliance programs than large multinational corporations.

Moreover, this is something that the DOJ and SEC consider when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ but is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.

Ongoing monitoring is one handy tool often misused or misunderstood in the continuous improvement cycle. This can come from the confusion about the differences between monitoring and auditing. Monitoring involves reviewing and detecting compliance variances in real-time and reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program regularly and consistently across a broad spectrum of data and information. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe to uncover and/or evaluate certain risks, mainly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. Although the protocol is unique, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to investigate the issue further. Your company should establish a regular monitoring system to address problems. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. These ongoing efforts demonstrate that your company is serious about compliance. What should you do with this information? I would suggest that you have a strategic plan in place ready to implement your findings of continuous improvement by using the following:

  • Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
  • Design an Execution Plan. The “Keep it Simple, Sir” or KISS method is best for moving forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
  • Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representative to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
  • Schedule the Next Review of the Plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.

It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will implement a mechanism to demonstrate your company’s commitment to compliance by following through on the intentions outlined in your strategic plan. Continuous improvement through monitoring or other techniques will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based on new and updated best practices specified by regulators. A compliance program is, in many ways, a continuously evolving organism, just as your company is. It would help if you built a way to keep pace with the market and regulatory changes to have a truly effective anti-corruption compliance program. The 2012 FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improve­ment and sustainability.” 

Three Key Takeaways

  1. Your compliance program should be continually evolving.
  2. Monitoring and auditing are different yet complementary tools for continuous improvement.
  3. DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered.

Continuous improvement is a key component of a best practices compliance program. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor, Affiliated Monitors, at www.affiliatedmonitors.com.