Tag: compliance programs

Categories
Compliance Into the Weeds

DOJ Expectations for Compliance & CCOs


Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recent speech by Kenneth Polite, the Assistant Attorney General for the Criminal Division. Every compliance professional needs to read his remarks in-depth as they give significant insight into what the DOJ expects in compliance programs and CCOs involved in enforcement actions. Highlights include:

  • It all starts with a risk assessment.
  • The importance of culture.
  • Continuous testing and continuous improvement.
  • The role of monitors.
  • CCO certification going forward.

Resources
Matt in Radical Compliance

Categories
Compliance Week Conference Podcast

Andy Powell on Introducing Interactivity and Behavioral Science to Your Ethics & Compliance Program


In this episode of the Compliance Week 2022 Preview Podcasts series, Andy will discuss some of his presentations at Compliance Week 2022, “Introducing Interactivity and Behavioral Science to Your Ethics & Compliance Program.” Some of the issues he will discuss in this podcast, and his presentations are:

  • Learn how to transform your code of conduct from static to dynamic and interactive, featuring practices from behavioral science that help employees retain information.
  • Discover the latest best practices for ethics and compliance training and how to make it more effective, engaging, and “sticky,” with examples.
  • Find out how to use interactivity data from your code of conduct, helpline, disclosures, and training to increase risk visibility and identify trends and hotspots.

In this first full compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is simply first-rate, with some of the top ethics and compliance practitioners around.
Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs And many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners, gain insights into the agency’s enforcement areas, and walk away with guidance on remaining compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways back to your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, to listen, learn and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount off the registration price, and enter discount code TFLAW $200 OFF.

Categories
Compliance Week Conference Podcast

Ellen Hunt on Introducing Interactivity and Behavioral Science to Your Ethics & Compliance Program

In this episode of the Compliance Week 2022 Preview Podcasts series, Ellen will discuss some of her presentations at Compliance Week 2022, “Introducing Interactivity and Behavioral Science to Your Ethics & Compliance Program.” Some of the issues she will discuss in this podcast and her presentations are:

  • Learn how to transform your code of conduct from static to dynamic and interactive, featuring practices from behavioral science that help employees retain information
  • Discover the latest best practices for ethics and compliance training and how to make it more effective, engaging, and “sticky,” with examples
  • Find out how to use interactivity data from your code of conduct, helpline, disclosures, and training to increase risk visibility and identify trends and hotspots.

In this first entire compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is the first-rate with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance compliance programs and many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners and gain insights into the agency’s enforcement areas and walk away with guidance on how to remain compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways back to your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, for you to listen, learn and share.
  • The goal of Compliance Week is to arm you with information, strategy, and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount on the registration price, and enter discount code TFLAW $200 OFF.

Categories
Compliance Into the Weeds

Company Size and State of Their Compliance Programs

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a look at the recent ECI report on the Differences Between Small, Medium And Large Enterprises E&C Programs. Highlights include:

·      Where did this ECI report derive its data?

·      Why are middle sized companies in such bad condition regarding compliance program?

·      Why are middle sized companies having the most issues?

·       When is the time for compliance SME at a company?

·      When should a company institute robust internal controls?

Resources 
Matt in Radical Compliance
ECI Report – Differences Between Small, Medium And Large Enterprises E&C Programs

Categories
The Compliance Life

Audrey Harris-Back to Private Practice in Compliance


The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Audrey Harris, who handled FCPA cases prior the explosion of FCPA enforcement actions in the early 2000’s, sat in the CCO Chair, led compliance program work back in private practice and now is Managing Director for Global Anti-corruption, Compliance, Ethics & Non-Financial Risk at Affiliated Monitors Inc.

In 2018, Audrey moved back into private practice, utilizing many of the skill sets she learned in the CCO chair. She understood that the business folks in any company needed answers not legal Memos so she worked to create compliance programs tailored to how business works. She helped to identify emerging risks company’s did not see and helped not simply solve compliance issues but also solve business problems with the same or similar solutions.

Resources

 Audrey Harris on LinkedIn

Audrey Harris on Affiliated Monitors, Inc.

Categories
Greetings and Felicitations

Macbeth and Transformation of Your Compliance Program


Welcome to the Greetings and Felicitations, a podcast where I explore topics which might not seem to be directly related to compliance but clearly influence our profession. In this episode, I discuss the recently released Tragedy of Macbethand a Harvard Business Review article.  I use both of these different types of media to explore transformation in your corporate compliance program. Highlights include:

  1. Macbeth and descent into madness.
  2. Coen production of Macbeth.
  3. Transforming your compliance program through ‘you’.
  4. Why the user experience is so critical.
  5. The 3-step process to transform you compliance program.

Resources
The “New You” Business: How to compete on personal transformations by Lance A. Bettencourt, B. Joseph Pine II, James H. Gilmore, and David W. Norton

Categories
Blog

Macbeth and Transformation of Your Compliance Program

Over the weekend I saw Joel Coen’s The Tragedy of Macbeth on Apple TV. To say it blew me away would be putting it mildly. David Sims, writing in The Atlantic, said, “Shot in stark black-and-white by the cinematographer Bruno Delbonnel and staged on abstract, minimalist sets designed by Stefan Dechant, the film feels like a foggy memory of a story told a hundred times…With The Tragedy of Macbeth, Coen is stripping away that scenery, zeroing in on the essential details of Shakespeare’s tale of how a hunger for power can curdle into madness and death.”
It felt like I was watching madness descend in a German expressionist movie. I have always thought of Macbeth as exactly that; a descent into madness due to the murderous machinations of both Macbeth and Lady Macbeth, who were, in this treatment, played by Denzel Washington and Francis McDormand respectively. Both performances were Oscar worthy. Both actors, in their 60s, played the roles with a slightly different focus, which was succession. Not the great HBO show Succession but more what is their next succession. Over this week I am going to use Coen’s version of Macbeth to explore the questions of succession and what is next in compliance. Today, I want to take up the topic of transformation of your compliance program focusing on the ‘You’ in compliance as in the user.
In a recent Harvard Business Review (HBR) article, entitled “The “New You” Business: How to compete on personal transformations”, authors Lance A. Bettencourt, B. Joseph Pine II, James H. Gilmore, and David W. Norton posited that when companies “do promote what they sell in relation to consumers’ aspirations, they rarely design solutions that allow people to realize them. Instead, individuals must cobble together what they think they need to achieve their goals—for example, a trainer, a particular diet, and a support network to lose weight. Enterprises should recognize the economic opportunity offered by a transformation business, in which consumers come to them with a desire to improve some fundamental aspect of their lives.” It struck me that many compliance programs suffer from the same fate; that is, they do not focus on what the employee really needs. This also sounds very much like a Design Thinking approach for compliance which I wholeheartedly embrace. (Check out my podcast, Design Thinking in Compliancewith co-host Carsten Tams for a sampling.)
The first thing a compliance function needs to do is to have a solutions mindset. From there move to providing compliance transformations which help the business use the corporate compliance program to generate positive outcomes that your employees, whether business development folks or others, need to succeed. Compliance services will then be viewed in another light, as a way to help employees achieve both their and the company’s desired results. Employees have a role in this process and through engagement between the compliance function and employees in the design process, your compliance function will have more back-end engagement after the design process is implemented.
The authors have a three-step process which I have adapted for the compliance professional and corporate compliance function. The first is defining a successful transformation. The second is to ascertain the jobs to be accomplished and third, to define your success as the design and implementation proceed.
Defining a successful transformation means that you must understand what your employees are trying to achieve. The authors further break this done into four categories. A Functional job is one which represents a goal an employee is trying to accomplish or a problem they are trying to solve. Functional jobs tend to center on specific tasks leading to specific solutions. Emotional jobs address the feelings desire in the employment setting. It can be empowerment or simply being appreciated for a job well done. Social jobs concern how employees desire to be perceived or relate to others, such as with encouragement or empathy. Finally, there are Aspirational jobs, which the authors believe “sit at the highest level of what motivates people. They involve becoming who an individual wants to be: living life to the fullest, financially secure, successful careerwise, and so on.” The conclusion should be that there are several methods a corporate compliance function can use to understand employees’ jobs, including interviews, observation, and ethnography. The authors also caution, “Data alone won’t uncover what motivates people, what goals they have, or what problems they want resolved.”
Next, a compliance function must define success along the way. Here your compliance team “must spend time interacting with [employees] to understand what success looks like at every point along the transformation journey. You should consider what new understandings, decisions, and tasks are required for an individual to prepare, make progress, and sustain the desired compliance results. Here the authors suggest asking such questions as: “What would you like to see happen quickly? What problems or inconsistencies would you like to avoid? What does success look like?” By asking these questions you not only have employees engaged but you, as the compliance professional, garner a better understanding of the outcomes the business folks are trying to achieve. This in turn will facilitate your design. It could be something as simple as where and how employees can submit confidential issues to a corporate compliance function. It could be as involved in how to keep employees informed about the progress anytime they engage in “speak up.”
Finally, the compliance function must identify the barriers involved, “why they may stand in the way and figuring out how to assist in overcoming them.” These barriers exist in three primary domains which include resources, such as offerings, time, budget; employee readiness, focusing on skills, motivation, clarity; and the context of both when and where things are done. Here a corporate compliance function can and should consult their internal experts, “to understand what hinders success” and external specialists, who have studied particular challenges. These resources can also help identify deficiencies in the goods, services, and compliance experiences.
The bottom line is that compliance transformations are not produced solely by a corporate compliance function, “they are achieved in partnership with the person being transformed.” This means compliance must determine what expectations, know-how, and motivation employees need at every stage of their employment cycle and experience. The answers translate into solutions designed to guide the journey, equip employees thoroughly for their role in a transformation, and strengthen their resolve to persist in doing business ethically in the face of difficulty and challenge.

Categories
Blog

Day 21 of One Month to More Effective Internal Controls-Revenue Recognition, Internal Controls and Compliance

Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, we are now less than six months away from a new Revenue Recognition (“new rev rec”) standard, which may significantly impact the compliance profession, compliance programs, and compliance practitioners. I visited with Joe Howell, Executive Vice President (EVP) at Workiva Inc., and asked him if he could walk me through some key changes and how they might impact compliance. FASB recognized that its revenue recognition requirements around the U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new rev rec standard. The implementation will be a massive undertaking. According to Howell, “The accounting standard is 700 pages long, and in the US accounting literature, it replaces over 200 other pieces of accounting guidance on revenue.” The official name is “Revenue from Contracts with Customers,” and Howell noted there are a “lot of surprises, and the thing that is true for almost everybody is that they are going to be facing some level of change in the way they account and report revenue. They will most certainly have to change how they disclose their revenue-related things. Included in the revenue standards are over six pages worth of new disclosure requirements.” One of the key differences in this new rev rec standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. Howell thinks this will pressure auditors “to get comfortable with what the company provided them and which they incorporated into their decision-making process in forming an opinion. This is quite different for disclosure control because the auditor’s typically not relying on those.” This will create risks for auditors adjusting to the new rev rec standard because as they learn more about it and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it. This is important to the compliance profession and the compliance practitioner because internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement it. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation that companies must inform the SEC about the accounting policies that they are changing and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. Howell believes “The SEC is making it clear that this is a real compliance issue.” Moreover, the SEC has indicated that these disclosures are central to the new rev rec standard. Howell said, “typically, if a company has some sort of failure in their disclosures for an accounting standard, they’re treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting.” While disclosure of internal controls might not typically bring Section 404 scrutiny, they may now do so under the new rev rec standard. Howell articulated that when performing a financial audit, an auditor would usually not rely on a disclosure control in the past. However, under the new rev rec standard, if there is a change during the year in how an auditor views a disclosure control, it could require them “to go back and either figure out if the audit work that they did is tainted and they need to go back and do that work in the form of substantive testing, or they need to go back to see if there were mitigating controls that were in place that still allowed them to rely on the internal control processes to get comfortable with what the company provided them and which they incorporated into their decision-making process in forming an opinion. This is quite different for disclosure control because the auditor’s typically not relying on those.” Of course, this is overlaid with the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of materiality standards. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls. Yet there are other tie-ins into compliance that the compliance practitioner needs to understand and prepare for going forward. The prior rev rec standard was rules-based. As a lawyer, that was an approach I was quite comfortable with both from a learning standpoint and communicating with business folks. But now, the standard is much more judgment-based, and when a standard is more judgment based, there can be more room for manipulation. Howell explained the response by compliance is “making sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgments that managers must make as they report their revenue under the new standard; and that those judgments themselves are properly documented.” This final point demonstrates the convergence and overlap between the compliance profession, compliance programs, and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. They can also be used to gather the information that will be presented to auditors under the new rev rec standard. Many professionals are focused on the new rev rec from the auditing and implementation perspective. However, suppose you are a Chief Compliance Officer (CCO). In that case, you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.

Three Key Takeaways

  1. An effective internal controls system provides reasonable assurance of the entity’s objectives relating to operations, reporting, and compliance.
  2. There are two over-arching requirements for effective internal controls. First, each of the five components is present and functional. Second are the five components operating together in an integrated approach.
  3. You can use the Tem Hallmarks of an Effective Compliance Program for an anti-corruption compliance program as your guide to testing against.

For more information on improving your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The new FASB rev rec standard has significant implications for the compliance practitioner going forward.]]>

Categories
Blog

Day 22 of 30 Days to a Better Compliance Program, the Regional Compliance Committee

The Regional Compliance Committee operationalizes compliance into the Company’s Regional operations where the business operates. This approach follows the Department of Justice mandate, articulated in the Department’s FCPA Pilot Program, for companies to move the doing of compliance down into the organization’s business. The make-up of the Regional Compliance Committee, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization, which allows a fuller, richer, and more holistic approach to compliance advice. It adds a dimension not often seen or discussed in the compliance profession. The accountability and oversight down to the Regional level and the compliance monitoring, reviewing, assessing, and recommending deemed necessary will provide additional endorsements to the organization that it is doing compliance. The Regional Compliance Committee can provide a unique structure to perform these functions.

Key Takeaways:

  1. A regional compliance committee can work to drive more efficient and robust compliance into the region.
  2. All regional leaders should be on the committee.
  3. The regional compliance committee should liaise with other compliance committees.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Regional Compliance Committee is uniquely suited to drive compliance down into the fabric and DNA of an organization.

Categories
Blog

Day 20 of 30 Days to a Better Compliance Program, the Board of Directors’ Compliance Committee

Key Takeaways

  1. This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
  2. This committee should work to hold the CCO accountable to hit appropriate metrics.
  3. This committee is ideal for leading the efforts around strategic planning.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.