Categories
Compliance Into the Weeds

Compliance into the Weeds: Securing Compliance: How CCO’s Can Combat Internal Sabotage

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into some of the nettlesome internal challenges faced by many Chief Compliance Officers (CCOs) in today’s corporate environment.

On Compliance into the Weeds, Tom and Matt discuss the various challenges that CCOs face within organizations. They delve into stories of how senior management, particularly General Counsels (GCs) and Chief Financial Officers (CFOs), can sometimes undermine compliance efforts. The conversation explores issues such as budget cuts, restrictive vendor usage, structural impediments, passive-aggressive behaviors, and direct interference in investigations. They also consider potential solutions and strategies for CCOs to better navigate these struggles and ensure the effectiveness of compliance programs.

Key Highlights:

  • Budgetary Constraints and Sabotage
  • Interference in Investigations
  • Structural Impediments to Compliance
  • Undermining by Engagement and Assignment
  • Advice Going Forward

Resources:

Matt in Radical Compliance

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

CCO Resources, Authority and Expertise Lessons from Star Trek: The Galileo Seven

Last month, I wrote a blog post on the tone at the top, exemplified in Star Trek’s Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a series of blog posts exploring Star Trek: The Original Series episodes as guides to the Hallmarks of an Effective Compliance program set out in the FCPA Resources Guide, 2nd edition. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) outlined 10 characteristics of an effective compliance program in the FCPA Resources Guide, 2nd edition. Today, I’ll continue my two-week series by examining them.

Today, I am looking at the episode The Galileo Seven, which offers valuable lessons for Chief Compliance Officers (CCOs) regarding resources, authority, and expertise. Here’s why this episode stands out and the lessons it provides: In The Galileo Seven, Spock, McCoy, Scott, and four other crew members are on a shuttlecraft mission to study a quasar-like phenomenon when they crash-land on a hostile planet. As they struggle to repair Galileo and survive the planet’s dangers, Spock, as the highest-ranking officer, must lead the group despite internal conflict and limited resources. Meanwhile, Captain Kirk faces pressure to abandon the search for the crew to deliver vital medical supplies on time.

Lesson 1 – Resource Allocation

The crashed crew has limited resources, such as a dwindling fuel supply and basic equipment, to repair the shuttle and defend against hostile creatures. Spock’s logical approach emphasizes the importance of maximizing the use of available resources to ensure survival. The lesson for a CCO is that efficient resource allocation is crucial in compliance. CCOs must prioritize and allocate resources wisely to ensure compliance programs are effective, especially when operating under budget constraints. This involves assessing the most critical areas that require attention and allocating resources to mitigate the highest risks.

Many Star Trek aficionados have long believed the Galileo Seven’s mission was doomed from the start due to insufficient resources. The crew needed to be equipped for the harsh environment, needing proper survival gear and communication systems.   Prioritize resource allocation for critical functions.  The CCO must ensure compliance resources are directed towards high-risk areas and essential functions. This includes adequate staffing, training, and technology.  Finally, you must develop contingency plans for resource shortages. The crew lacked a backup plan when their primary systems failed. CCOs should anticipate potential resource constraints and develop contingency plans to mitigate risks.

Lesson 2 – Authority

As the ranking officer, Spock must assert his authority and lead the crew despite skepticism and resistance from others. His team’s emotional and survival-driven needs put his leadership style, based on logic and reason, to the test. The lesson for a CCO is that authority and leadership are vital for implementing and enforcing compliance policies effectively. CCOs must assert their authority to influence and guide the organization toward ethical practices. Balancing logical decision-making with emotional intelligence can help gain buy-in from employees and management.

Regarding authority, this episode highlights the need for clearly defined roles and responsibilities and a transparent chain of command. The crew’s lack of clear leadership contributed to their downfall. Your CCO should be able to make independent decisions and take necessary actions to ensure compliance. Finally, there must be accountability, as the crew’s failure to hold each other accountable for their actions led to a cascade of errors. CCOs should cultivate a culture where everyone understands their responsibilities and the consequences of non-compliance.

Lesson 3 – Expertise

The crew relies on Spock’s science and engineering expertise to solve technical problems, such as repairing the shuttle and navigating off the planet. Spock’s analytical approach enables them to overcome obstacles, even as unexpected challenges arise. The lesson for a CCO is that expertise in compliance with regulations and industry standards is essential. A strong foundation in compliance knowledge enables CCOs to identify risks, develop effective policies, and respond to challenges efficiently. Continuous learning and staying updated on regulatory changes enhance a CCO’s ability to solve complex compliance issues.

This episode emphasized the value of diverse expertise. The crew needed to gain the necessary knowledge in survival, navigation, and alien biology. CCOs should assemble a team with diverse expertise to address various compliance challenges. There must be an investment in ongoing training and development. The crew’s lack of training in survival techniques proved fatal. CCOs should prioritize continuing training and development so that their team stays current with evolving regulations and best practices. There are times when a CCO must go outside and seek external expertise. The crew could have benefited from consulting with experts in alien environments.  CCOs should not hesitate to seek external expertise when facing complex compliance issues.

This episode emphasized the value of diverse expertise. The crew needed to gain the necessary knowledge in survival, navigation, and alien biology. CCOs should assemble a team with diverse expertise to address various compliance challenges. There must be an investment in ongoing training and development. The crew’s lack of training in survival techniques proved fatal. CCOs should prioritize continuing training and development so that their team stays current with evolving regulations and best practices. There are times when a CCO must go outside and seek external expertise. The crew could have benefited from consulting with experts in alien environments.  CCOs should not hesitate to seek external expertise when facing complex compliance issues.

The Galileo Seven reminds CCOs that insufficient resources, unclear authority, and inadequate expertise can lead to disastrous consequences. By learning from the crew’s mistakes, CCOs can build robust compliance programs that mitigate risks and ensure long-term success. It also highlights key aspects of resource management, authority, expertise, decision-making, and communication that directly apply to the Chief Compliance Officer role. By drawing lessons from Spock’s leadership under challenging circumstances, CCOs can better navigate their complex responsibilities, ensuring their organizations uphold the highest standards of compliance and integrity.

Join us tomorrow as we consider the lessons on risk assessments from the Star Trek episode Balance of Terror.

Categories
Into the Chair - Tales from Chief Compliance Officers

Into The Chair, Tales from Chief Compliance Officers: The Journey of Maria D’Avanzo

Welcome to the latest edition of the Compliance Podcast Network: Into the Chair: Tales from Chief Compliance Officers, which details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Into the Chair: Tales from Chief Compliance Officers is a COMPLY podcast hosted by Tom Fox and is a production of the Compliance Podcast Network. In this inaugural episode, I visit with Maria D’Avanzo.

Maria D’Avanzo is a seasoned professional in the legal and compliance field, with a career that has spanned from litigation to estate work to compliance. Maria’s perspective on adaptability and continuous learning in legal and compliance roles is rooted in her own career trajectory, which has seen her successfully transition from being a litigator to opening her own law practice, and eventually becoming a compliance officer. She believes the key to success in these roles is the willingness to learn new skills and take on new challenges, even outside one’s comfort zone.

Maria also underscores the importance of transferable skills such as analytical and research abilities, critical thinking, and the capacity for advocacy and persuasion, which she honed as a trial lawyer and have been instrumental in her compliance career. Join Tom Fox and Maria D’Avanzo in this episode of the Into the Chair podcast as they delve deeper into the importance of adaptability and continuous learning in legal and compliance roles.

Key Highlights:

·      Maria’s transformation into a compliance officer

·      Navigating the Legal Field: Learning and Advocacy

·      Advocacy skills and the value of compliance

·      Navigating Compliance Challenges in Regulated and Non-Regulated Corporate Sectors

Resources:

Maria D’Avanzo on LinkedIn

COMPLY

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 4

Over the past year, the role of the Chief Compliance Officer (CCO) has shifted in some very dramatic ways. The shifts have been from disparate groups and for a variety of reasons. Yet when put together, one can see a clear and bright line expanding and elevating the role of the CCO in the corporate world. From the announcement of the requirement for CCO Certification last year up to the announcement of the Delaware Court of Chancery’s decision in the case of In re McDonald’s Corporation Stockholder Derivative Litigation, it is now clear that the CCO has as wide a remit and responsibility as any corporate officer, other than the Chief Executive Officer (CEO) of a company.

I think the following announcements, changes in DOJ and SEC focus on Foreign Corrupt Practices Act (FCPA) enforcement and now a court case out of Delaware will change the role of the CCO forever.

CCO Certification

This shift began with the speech by Kenneth Polite, Assistant Attorney General for the Criminal Division speech on May 17, 2022, at Compliance Week 2022; announcing the new requirement for CCO Certification of compliance programs for companies going through a Deferred Prosecution Agreement (DPA). This CCO Certification required the Glencore CCO to certify Glencore compliance program “is reasonably designed to detect and prevent violations of the FCPA and other anti-corruption laws” at the conclusion of the DPA.  Who is the only other person required to make a similar certification at the conclusion of a DPA? The CEO of the company.

This means the CCO (and CEO) are certifying the entire compliance program meets the standards of not simply best practices but also all the enhanced requirements set out in Attachment C of any DPA. While many have focused on the question of whether this would bring criminal liability to a long-gone (or even current) CCO; this question now seems to miss the mark. Recall what Polite said when announcing the new requirement “It is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has an ethical and compliance focused environment.”

Monaco Memo and Changes in the Corporate Enforcement Policy

The 2022 Monaco Memo and 2023 announced changes in the DOJ’s Corporate Enforcement Policy (CEP) are bookends of a series of changes which began as far back as October 2021 when Deputy Attorney General Lisa Monaco first announced the revisions which would eventually be incorporated into the Monaco Memo and CEP. In many ways the Monaco Memo laid out the sticks while the CEP provided the carrots for current FCPA and other white-collar enforcements.

The Monaco Memo directed prosecutors to evaluate a corporation’s compliance program as a factor in determining the appropriate terms for a corporate resolution; as prosecutors should now assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision.  Kenneth Polite further defined the effectiveness of a compliance program at the time of the offense as “At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal accounting controls that allowed the identification of the misconduct and led to the company’s self-disclosure.” This is the first time the DOJ has said that it is the detection of wrongdoing which defines the effectiveness of a compliance program. This means a company’s investment in a compliance program, CCO and corporate compliance team are all elevated in importance. This prong does not simply get you a discount, but it can put you on the road to the default position of the DOJ for a FCPA violation, a declination.

Moreover, when you couple the ABB FCPA resolution to the Monaco Memo, you see the carrots which appeared in the new CEP. ABB was the first, three-time FCPA recidivist yet was able to get an excellent resolution with the government and a fine of only $315 million despite clear aggravating factors including corruption up to and in the corporate office. From the ABB resolution, you begin to see how the role of the CCO increases dramatically.

Duty of Oversight

These trends were brought together in the Delaware Court of Chancery’s decision in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst in the case In re McDonald’s Corporation Stockholder Derivative Litigation, where for the first time, a Delaware court formally recognized the oversight duties of officers of Delaware corporations.

As I have previously noted, one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a prime reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

The court noted that the CCO has a broad scope within an organization. The court stated “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority.” The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

What Does It Mean?

This is the part where it gets interesting. Under the CCO Certification and the Delaware court’s ruling, it is the CCO who is 1B to the CEO’s 1A. The first step every company must make it to put the CCO in position to report up directly to the Board of Directors. It also means that the days of a CCO reporting to a Chief Legal Officer (CLO) or General Counsel (GC) are certainly numbered. The Delaware Court drove this point home by specifically naming  a CLO/GC as a person “responsible for legal oversight and for making a good faith effort to establish reasonable information systems to cover that area.” In other words, not responsible for the company wide remit such as the CCO.

The next area would come from the Hallmarks of an Effective Compliance Program as laid out in the FCPA Resource Guide, 2nd edition. In that document it states “In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.” That means financial resources and head count.

I would add, a level of professionalism and expertise in compliance means more than simply ‘being a lawyer’. Under Chapter 9, Section 47 of the US Attorney’s Manual, the DOJ is mandated to evaluate “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk.”  Finally, the DOJ will also evaluate other factors such as CCO compensataion as commiserate with the position of being second in importance to the CEO.

The Delaware Court decision creating the Duty of Oversight was not designed to increase the scope, reach and importance of a CCO but the more I look at the case I believe that will be its most lasting legacy. When you look back over the past 12 months, you see that the CCO has more stature and responsibility than it has ever had before.

With a converse nod to Uncle Ben from Spiderman, with great responsibility must come great power.

Categories
Everything Compliance

Episode 88, the CCO Edition


Welcome to the only roundtable podcast in compliance. Today, we are joined by our newest panelist Karen Woody join us as a permanent panelist. The entire gang was also thrilled to be honored by W3 as a top talk show in podcasting. In the context of several different stories, the full gang takes a deep dive into the role, status and potential liability of the CCO. We end with a veritable mélange of shouts outs and rants.

  1. Karen Woody talks about a 2018 SEC enforcement action which held a CCO personally liable and its implications going forward. Karen has a shout out WeWork going public via a SPAC.
  2. Jay Rosen discusses how monitors evaluate corporate whistleblowing programs. Rosen has a melancholy rant about shooting victims on movie sets.
  3. Matt Kelly discusses the enforcement action involving Credit Suisse and tuna bonds. Kelly has an extended rant about the ongoing debt crisis.
  4. Jonathan Armstrong looks the recent CMA fine in the UK against Facebook for changing CCOs twice without informing the CMA. He shouts out to the graduating class of 2021 and all they went through during Covid-19 to obtain their degrees.
  5. Jonathan Marks talks about the role of internal audit, the Board and whether the termination of a CCO should be an 8K event. He rants about hotels charging full prices while cutting back on their services.
  6. Tom Fox shouts out to Houston Astros who are in the World Series for the 3rd time in 5 years. 

The members of the Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Coffee and Regs

Digital Assets: Trading & Compliance for Cryptocurrency

Categories
Coffee and Regs

Preparing Private Funds for the Marketing Rule

Categories
Coffee and Regs

Code of Ethics: A Win-Win-Win for Compliance, Employees and the SEC

Categories
Coffee and Regs

Expanding Your Compliance Program Through Trade Surveillance

Expanding Your Compliance Program Through Trade Surveillance

 
In this episode, CSS’s former CCOs Allison Fraser and Matt Calabro sit down to discuss trade surveillance and how CCOs can mitigate the risk factors through the trade lifecycle – from pre-trade to trade execution and post-trade. They’ll also dive into how compliance together with operations and third parties can build out a robust and automated trade surveillance program.
 

 

About Our Guest Speakers:

Allison Fraser provides compliance consulting services to investment advisers, registered investment companies and private investment funds, including conducting annual compliance program reviews and testing, developing risk assessments and preparing for SEC examinations. She also assists clients with drafting policies and procedures and preparing regulatory filings. On behalf of, the Compliance Services division of CSS, Allison served as the Chief Compliance Officer for a family of alternative funds registered under the Investment Company Act of 1940. Prior to joining CSS, Allison served as a Senior Vice President of Compliance at Northern Trust Investments, Inc. (“NTI”), the asset management subsidiary of The Northern Trust Company. In this capacity, she managed and administered the compliance due diligence program for NTI’s Multi-Manager Solutions and Outsourced Chief Investment Officer businesses. Allison also was the Chief Compliance Officer of two registered funds of hedge funds advised by NTI as well as a member of the funds’ Pricing and Disclosure Committees. Before joining NTI, Allison served as the Compliance Director for General Motors Asset Management, where she assisted with the administration of the compliance program for this registered investment adviser.



Matt Calabro is an experienced Chief Compliance Officer, having served as CCO for registered mutual funds, investment advisers and a family of UCITS funds. Before joining CSS, Matt was Deputy CCO at Delaware Investments, where he led the daily activities of the firm’s compliance department covering advisory, fund and distribution activity. Under his leadership, Delaware implemented specific improvements in its guideline compliance, advertising review and Code of Ethics programs. Prior to Delaware, Matt spent 20 years in Raymond James’ investment advisory business, where he led mutual fund operations. While there, Matt implemented and upgraded controls, processes and technology and also served as the first full-time CCO to the mutual funds following the adoption of the Compliance Rule. Matt leverages his compliance and operations experience in the investment management industry to assist advisers and investment companies in advancing the effectiveness of their compliance programs.

 
 

Categories
Coffee and Regs

The Facts on FINRA & Capital Acquisition Brokers

The Facts on FINRA & Capital Acquisition Brokers

 
In this episode, CSS’s Director of Broker-Dealer Services and a former regulator, John Gentile and Executive Director, Jackie Hallihan sit down to discuss FINRA’s rule book regarding capital acquisition brokers. These are broker-dealers that limit their business to certain capital raising, mergers and acquisitions and corporate financing activities, so before you go down that regulatory path, it’s important to understand the rules and the benefits of CAB registration.

 

About Our Guest Speakers:

John Gentile is responsible for overseeing various types of broker-dealer and investment adviser consulting engagements, including conducting SEC/FINRA internal control reviews, anti-money laundering testing, written supervisory policy and procedures testing, and other consultation services. John is a frequent speaker at industry conferences on various compliance topics, including “Effective Supervision,” “Large Firm Testing,” FINRA Supervisory Control Rules” and “Anti Money Laundering Requirements for Broker Dealers under the PATRIOT Act.” In 1987 John joined the SEC as a Securities Compliance Examiner, becoming a Branch Chief in 1991. He became Assistant Regional Director in 1993, supervising a team of 20 broker-dealer managers and examiners. He also planned and conducted financial, operational, and sales practice examinations of the largest broker dealers and was among those responsible for a review of hedge funds’ impact on broker dealer internal controls. Before joining the SEC, John was a Financial Damage Analyst with PaineWebber Inc. Most recently from 2000-2007 John was an Executive Consultant, Broker-Dealer Services, at National Regulatory Services. John has an MBA from Fordham University and a BS in Finance from Central Connecticut State University. From 1995 to 2002, John was also a member of the Securities Industry Continuing Education East Coast Content Committee.
 


 

Jackie Hallihan is the Co-Executive Director of CSS’s Compliance Services team and has over 25 years’ regulatory and risk management experience. She was the founder of National Regulatory Services (NRS) which started the compliance resource business and served as its President for over 20 years. She also founded the National Society of Compliance Professionals (NSCP), a non-profit organization for compliance officers, staff and lawyers serving the compliance industry. It now boasts over 2000 memberships. Jackie has been a leading speaker to compliance professionals, including in-house training programs and various other industry association conferences, and has received numerous industry awards. Jackie also serves as Director, Clerk of the New England Broker Dealer Investment Adviser Association (NEBDIAA), a non-profit organization, incorporated in 1997. The purpose of NEBDIAA is to provide a forum for the professional exchange of information among investment advisers, broker dealers, and persons who provide services to investment advisers and broker dealers, and to direct communication among its members which will improve their ability to serve the needs of their respective clients. The forum will help NEBDIAA’s members meet the increased regulatory demands placed on investment advisers, broker dealers, and persons who provide services to investment advisers and broker-dealers.