Categories
Corruption, Crime and Compliance

2022 FCPA Year in Review Featuring Tom Fox

2022 saw higher numbers of FCPA enforcement actions, settlements, and criminal prosecutions of individuals. One of the most important developments was the update of policy in the Monaco Doctrine, which was elaborated on in the Monaco Memo, providing important guidance for compliance professionals. Tom Fox joins Michael Volkov to discuss some of the more interesting cases from the past year.

Tom Fox is hailed as the Voice of Compliance, serving and evangelizing for the compliance community for over 15 years. He is the founder and creator of the Compliance Podcast Network where he hosts various podcasts, such as Innovation In Compliance and the ESG Report, and the Executive Leader at the C-Suite Network. 

 

Some ideas you’ll hear them explore are:

  • The DOJ is getting better at communicating with the compliance community through resolution documents like DPA, NPA, and, occasionally, declinations. These documents provide insight into the DOJ’s thinking and approach to cases, which compliance professionals can use to gain a better understanding of how to approach compliance issues.
  • In Tom’s upcoming book, “FCPA Year in Review 2022,” he highlights the KT Corp bribery case, which went back to the basics in its old-school rendition of corruption: bags of cash money. The lesson here is that bribery can be as simple as a $50 slipped into a handshake.
  • In the curious case of Glencore, the FCPA enforcement action taken against them reflects the DOJ’s focus on defective cultures within companies. This case involved multiple enforcement agencies across multiple countries and multiple bribery schemes, rounding up fines and penalties totalling up to $1.1 billion, with $700M for FCPA violations, and $441M for price and market manipulation. Glencore had a culture that was committed to profit at any cost, and the company paid over $100M to third parties knowing that some of the money would be used to bribe officials in various countries.
  • The Oracle case involving bribery and corruption involving gifts, travel, and entertainment should serve as a reminder to companies to review their gift, travel, and entertainment policies and ensure they are aware of how their business officials are spending their travel, per diem, and entertainment money.
  • Avoid hiring third-parties recommended by or at the direction of a state-owned official or executive.
  • The Lisa Monaco memorandum emphasizes the need for effective compliance programs and the benefits of voluntary disclosure, full cooperation, and timely and appropriate remediation. 

 

KEY QUOTE

“Internal controls are not simply due diligence, distributors, et cetera. It goes down to your payments, schemes and how you pay your vendors should all be a part of your internal controls.” – Tom Fox

 

Resources

Tom Fox on the Web | LinkedIn | Twitter | Blog

Categories
Blog

The Compliance Handbook, 3rd Edition is Available

As the Compliance Evangelist, I am pleased to announce the release of the Compliance Handbook, Third Edition. It is published by LexisNexis.
This edition is an update of the Compliance Handbook, 3rd edition handbook is a must read for all ethics and compliance professionals.  The Third Edition provides practical and helpful solutions on important ethics and compliance issues.  It is comprehensive, accessible and a must-have for every ethics and compliance professional.
Once again, I have teamed up with the top legal publisher, LexisNexis Legal & Professional, to lead its series of compliance offerings. The Compliance Handbook 3rd edition, is designed to provide the seasoned compliance professionals, and those new to the profession, with practical, actionable guidance and tools needed to design, create, implement and continually enhance a best practices compliance program.
The Compliance Handbook 3rd edition provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:

  • Compliance and business ventures
  • Third party risk management
  • The Board’s Role in Compliance
  • Continuous improvement
  • Compliance innovation
  • And much more

The Compliance Handbook 3rd edition also takes a close look at the role of all professionals with compliance responsibility, from Compliance Officers and Boards of Directors, to Human Resources to Internal Audit and Internal Controls and Communications and Training professionals. Understanding compliance responsibility across the organization continues to be a key theme of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). With this 3rd edition, I expand on the concepts articulated in the original editions of operationalizing your compliance program.
What’s new for the 3rd edition?

  • The role of compliance in ESG
  • Key FCPA enforcement actions from 2022
  • Key innovations in compliance which came out of the Covid-19 pandemic
  • New strategies in training and communications
  • Looking forward to compliance in 2025 and beyond.

The Compliance Handbook 3rd edition incorporates the most current government pronouncements governing best practices compliance programs including the 2019 Evaluation of Corporate Compliance Programs released by the DOJ Fraud Section and its 2020 Update; the updated FCPA Resource Guide 2nd edition; the Framework for OFAC Compliance Commitments; the 2019 DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust and most significantly the speech by Deputy Attorney General Lisa Monaco, reinstituting the requirements from the Yates Memo, the renewed use of monitors, all encapsuled in the Monaco Doctrine.
The Compliance Handbook 3rd edition is available in both print and eBook editions.  LexisNexis Legal & Professional is giving a discount of 20% for any presale purchase. Use the code FOX20 and go here.

Categories
Blog

What’s Next In Compliance

Blog

Ed. Note-I was recently interviewed by Pat McParland for the MetricsStream blog. The interview is presented by the permission of MetricsStream. 
I recently had the privilege to sit down with Tom Fox. Tom is the author of the award-winning FCPA Compliance and Ethics blog, 18 best-selling books on compliance, including the just-published 2nd Edition of the Compliance Handbook, and publisher of the Compliance Podcast Network – the only network of podcasts for compliance leaders. A renowned expert across all aspects of compliance – corporate, regulatory, ESG, you name it – he’s known by the well-earned names “the Compliance Evangelist” and the “Voice of Compliance.”
Tom
As we all contemplate what’s next as we recover from the pandemic, navigate multiple regulations, and adapt to the ever-changing demands of our organizations, I asked Tom his thoughts on what’s trending in compliance today and tomorrow. As always, he had thought-provoking insights to share, including:

  • Nothing matters more than document, document, document – except data, data, data
  • Risk management is business today – and it’s no longer a once-a-year activity
  • ESG is the trend of the year
  • Reputation matters: Remember the court of public opinion!

Here’s a lightly edited transcript of our conversation. Thank you, Tom!
Q. Hi Tom, Great to see you! Let’s start with this idea of what’s next. Obviously, we’re all experiencing unprecedented volatility, a tsunami of change. When you think about what’s next for compliance, what are some of the trends and key things that are on your mind as a compliance professional and expert?
TF: Let’s speak about both compliance and risk management. I started a podcast last year called “Compliance and Coronavirus” because I really wanted to focus on what the COVID-19 pandemic meant for people in our profession and really everyone in the corporate world.
Probably the two most propitious things I learned in that about 50 podcast series were one, a gentleman said, I think in October, “We’ve had five years of change in six months of coronavirus.”
The second was the risk management part, where another guy said, “We’ve gone from disaster recovery to business continuity to businesses as usual.” Now the risk management world is business.
You have to prepare for risks from a worldwide pandemic to the Suez Canal being shut down, to riots at the U.S. Capitol, and everything in between. That’s just business now.
So, the types of services that you and I bring to the compliance community have only become more important in all of the things that we used to talk about. They are exponentially more important now. So that’s part one, but part two is where is all of this going down the road? And that part is largely around data and the use of data.
In June 2020, the Department of Justice released an update to the Evaluation of Corporate Compliance Programs. And for the compliance professional, they specifically said a couple of very important things.

  • Number one, compliance and the chief compliance officer have to have access to all of the data in your corporation. If it’s siloed, if it’s not structured, it doesn’t matter. Compliance has to have access to it. And even more important is that you use that data.
  • Number two, we used to talk about a risk assessment being done every two or three years, and then you plan it out as one, three, and five-year plans to mitigate those risks. But now risk assessment must be conducted not every three years, not even every year, but when your risks change.

And — your risks are going to change. You must put a risk management model in place and then you monitor that risk, all the time. And the data that you garner from that monitoring is looped back into your risk management solution through an ongoing/continuous approach to risk management — risk assessment, continuous monitoring, continuous improvement– all tied by data.
Everyone — from the compliance professional to the risk management professional — now has to utilize data to manage risks. That’s how business is going to survive and thrive going forward.
Q. What about regulations? Are there other specific areas of regulatory compliance or regulations that compliance pros in that area need to be thinking about when it comes to what’s next?
TF: Probably one of the most ubiquitous phrases from 2021 has been ESG. I think that sits directly in the compliance wheelhouse. Also, the chief compliance officer is uniquely suited and situated to lead a corporate ESG effort.
Certainly, for each one of the letters in the ESG — environmental, social, and governance — compliance is well-suited to own it because it’s putting policies and procedures in place. It’s monitoring those policies and it’s getting measurements from that monitoring and reporting.
And that’s just one area from the regulatory sphere. The U.S. Securities and Exchange Commission (SEC) has made it clear that they expect companies to not only have ESG programs in place, but also report on those programs accurately. That is not only a regulatory requirement that could lead to regulatory enforcement, but would also help to meet investor expectations, stakeholder expectations, shareholder lawsuits, and everything in between.
The second perhaps most ubiquitous phrase is SPACs: Special Purpose Acquisition Corporations. Those are utilized to bring a privately held company and make it public. But it’s different than the typical IPO process where you go 12 to 18 months, you have regulatory approval, you have filings with the regulator, you have investors like you, and may have the opportunity to review those filings, to determine if we want to invest in it. And you have an opportunity to put your Sarbanes Oxley or SOX controls in place.
When you’re a SPAC, you don’t have an 18-month run-up. You have “today’s Tuesday, tomorrow’s Wednesday. Go!” You now have all the obligations of a U.S. public company. Are your internal controls in place? Are they effective? Have you tested them? The answer is no.
It’s incredibly important for the risk management professional to think about those things. And if you think you may be acquired by a SPAC you have to be moving towards those.
Those are just a couple of areas that the regulators have made clear that they are going to look at SPACs very closely. If on the day, you become a U.S. public company, you don’t have Sarbanes-Oxley 404 controls in place, the SEC may take a very dim view of that. And certainly, you open yourself up to potential investor and shareholder lawsuits.
But I think that as important as those are, they actually pale beside public opinion. And I think the greatest danger to a corporation now, certainly from a financial perspective, is negative publicity.
The social amplification and speed of social media make it mandatory that you have policies and procedures in place to detect anything and then prevent it. And if not remediate as quickly as possible, then at least be able to communicate that to all of the stakeholders that are now seen as a part of a corporation.
Q. If you had one piece of advice for compliance professionals thinking about what’s next, what would be your summary piece of Tom Fox wisdom?
TF: In the past, I’ve always said the three most important things are: document, document, document.
I’ve amended that out to data, data, data.
You need to have a data expert, a data scientist, or someone who can work with data on your compliance team because either you’re going to have to work with the data or more importantly, have someone who can work with the data. You can help shape the story that the data tells.
As the chief compliance officer, you can certainly see the trends, but you have to be able to work with data. If you don’t have that training and you can’t really pick up those skills in this part of your professional life, you’re going to need to bring those skills into your compliance program.
I see compliance really moving towards a business process and a business function. And that means data and using data to determine if a potential violation is on the horizon and using that same data to tell your story to all of the stakeholders of a corporation–your shareholders, your employees, your third parties, those who you do business with, localities where you may be doing business.
And most importantly, if the government comes knocking, that’s where the “document, document, document” part comes in because you can tell your story to the government as well.
Q. So what are you doing next in your career? You mentioned your book. What’s happening next for Tom?
TF: Well, about a year ago, I was contacted by LexisNexis, the preeminent legal publisher in the United States and the world. I was very honored that they selected me to be their first author to lead their compliance library that they make available. I’m extraordinarily pleased to announce that in June Lexis Nexis published my latest book, the 2nd Edition of Compliance Handbook.
I’m going to continue to grow the Compliance Podcast Network. We’ll have 70 podcasts on the network by the end of summer and I’m looking to grow the network. The thing I love about podcasting is I get to interview the top experts in every form of compliance: IT compliance, HR compliance, anti-corruption compliance, AML compliance, environmental compliance, you name it. I’ve learned so much by interviewing people.
So, I’m going to continue to learn and grow and hopefully be a resource to the compliance community going forward.