Tag: compliance programs

Categories
This Week in FCPA

This Week in FCPA-Episode 147 – the Spring has Sprung edition

As the St. Patrick’s Day weekend is past and Spring has sprung all over Tom and Jay are back to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. What are some of the lessons for compliance professionals from the college admissions scandal? Bob Conlin and Carrie Penman lay them out in Navex’s Ethics and Compliance Matters. 
  2. How did the FCPA Corporate Enforcement Policy change for messaging apps? Nate Lankford and Dawn E. Murphy-Johnson spell it out for you in the FCPA Blog.
  3. What’s the difference between concurrent, consecutive and stacked? Sara Kropf explains it all her great blog, Grand Jury Target.
  4. Even the big dogs can be defrauded. Kristen Broughton reports on fraud which cost Google and Facebook over $100MM in the WSJ Risk and Compliance Journal.
  5. Training wheels will continue to be useful in the future. Ken Wielerstein explains in the Analysts Syndicate.
  6. The business response leads to better compliance through FinTech. Matthew Epstein and Robert Werner discuss in NYU’s Compliance and Enforcement Blog. Sonny Singh in Corporate Compliance Insights.
  7. Cyber breach disclosures are a mess. Matt Kelly reports in Radical Compliance.
  8. The Editor speaks on insider threats. Compliance Week Editor Dave Lefort discusses what he learned at Compliance Week West, in Compliance Week. (sub req’d)
  9. Jaclyn Jaeger looks inside the FBI Office of Integrity, in Compliance Week. (sub req’d)
  10. Following up on his blog post series on the MTS FCPA settlement, Tom moves to the audio format for a podcast series on the enforcement action.Check out the following: Part 1-background;Part 2-bribery schemes; Part 3– missed red flags; Part 4-the individual indictments; and Part 5-lessons learned. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotifyand Corporate Compliance Insights.
  11. In Houston on Tuesday? Join Tom and Katie Smith at Convercent’s Roundtable Lunch. Registration and information are here. If you are not in Houston, then join Tom, Louis Sapirman and Katelyn Conlyn for a Convercent webinar on how to better engage with your employees. Registration and information for the webinar found here. Best of all, both events are FREE.
  12. Check out the latest edition of Popcorn and Compliancewhere Tom and Jay looked at Captain Marvel from the compliance perspective.
  13. Join Tom and AMI’s Jesse Caplan next week for a 5-part exploration of emerging issues in healthcare compliance and monitoring. The podcast will be available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply, YouTube, Spotify and Corporate Compliance Insights.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 422, Vera Cherepanova

In this episode I visit with Vera Cherepanova author of the book, “Compliance Program of an Organisation”. We visit about her recent article on the FCPA Blog and its implications. Some of the highlights from the podcast include:

  1. Cherepanova’s unique professional background.
  2. What led to her to pen the recent article in the FCPA Blog, “Who’s to blame? The bad apple or the barrel?
  3. What are the differences in the ‘situation perspective’ and the ‘personality perspective’?
  4. How do group dynamics inform corporate decision making?
  5. How can a compliance program be designed to prevent nefarious group think which might lead to bribery and corruption?
  6. Why is the myth of the rogue employee just that, a myth?

Resources:
FCPA Blog post “Who’s to blame? The bad apple or the barrel?
Studio Etica website
LinkedIn Profile

Categories
This Week in FCPA

This Week in FCPA-Episode 146 – Ides of March (formerly St. Patty’s Day) edition

On this Ides of March tAs the St. Patrick’s Day weekend is upon, and we are all Irish at least for a day, Tom and Jay are joined by our favorite Irishman (and the Coolest Guy in Compliance), Matt Kelly to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. Massive corruption scandal rocks college admissions across the country. Dana Goldstein and Jack Healy in the NYT. Douglas Belkin and Jennifer Levitz in the WSJ. Nick Anderson in the Washington Post.
  2. FARA, FARA, FARA. Katie Brenner in the NYT. Dan Packel in Law.com.
  3. Former KPMG national practice leader convicted in PCAOB scandal. Michael Rapaport reports in the Wall Street Journal.
  4. Will the US finally clamp down on shell companies? Matthew Stephenson is cautiously optimistic in the Global Anti-Corruption Blog. General David Petraeus and Sheldon Whitehouse explain why it’s a national security issue in an Op-Ed piece in the Washington Post.
  5. Head coaches behaving badly as LSU head basketball coach suspended indefinitely in NCAA recruiting scandal. Ross Dellenger reports in Sports Illustrated.
  6. DOJ quietly modifies Corporate FCPA Enforcement Policy. Clare Hudson and Adam Dobrik report in GIR. (sub req’d) DOJ policy of self-disclosure making headway. Mingqi Sun in the WSJ Risk and Compliance Journal.
  7. Did Oracle violate the FCPA? (Tech Central)
  8. 1MDB scandal back in the news as former Goldman Sachs banker Timothy Leissner and Roger Ng banned from banking industry for life. David Simpson reports in Law360. (sub req’d) Also-did Jho Low contribute to Trump campaign? Tom Wright and Bradley Hope in the Wall Street Journal.
  9. How can you engage a BOD on cyber risks? Deloitte’s Khalid Kark, Tonie Leatherberry and Debbie McCormack in the Harvard Law School Forum on Corporate Governance.
  10. Tom continues with fan fav podcast series this week, the Adventures in Compliance this week.Check out the following: Part 1-The Red Circle; Part 2-The Abbey Grange; Part 3– The Priory School; Part 4-The Six Napoleons; and Part 5-The Empty House. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply and YouTube. The Compliance Podcast Network is now also on Spotify. It is now on Corporate Compliance Insights.
  11. In a special guest segment, Matt Kelly reports on the highlights from Ethisphere’s Global Business Ethics Summit, which was held this past week in New York.
  12. Check out the latest edition of Popcorn and Compliance where Tom and Jay look at Captain Marvel. It posts Saturday, March 16 on the Compliance Podcast Network.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
This Week in FCPA

This Week in FCPA-Episode 145 – Conferencing in America edition

Tom and Jay were both conferencing this week, albeit in different disciplines. Tom at Podfest Expo and Jay at the ABA White Collar Crime conference. In between they discussed some of this week’s top compliance and ethics stories which caught their collective eyes.

  1. MTS has massive FCPA resolution. Harry Cassin breaks the story in the FCPA Blog. See DOJ Press Release. See SEC Cease and Desist Order.
  2. CTFT to follow DOJ lead on enforcement and SEC lead on Whistleblowers. Dick Cassin reports in the FCPA Blog. See CTFT Press Release.
  3. Hacienda Healthcare is one of the worst corporate governance failures ever. Matt Kelly writes about it in Radical Compliance. Tom and Matt take a deep dive in Episode 113 of Compliance into the Weeds.
  4. Gulnara Karimova charged with conspiracy to commit money laundering in the whooping amount of $866MM. Harry Cassin reports in the FCPA Blog. See DOJ Press Release.
  5. Are consumers the new regulators of global business practices? Richard Young explores in the Navex Global’s Ethics and Compliance Matters
  6. Are Boards getting sufficient information on risk? Kristin Broughton reports in the WSJ Risk and Compliance Journal. Matt Kelly says compliance professionals can help in Navex Global’s Ethics and Compliance Matters.
  7. Is Baker MacKenzie in deep trouble over JBF bribery settlement? Former partner to be deposed over hire of Brazilian prosecutor. Michael Macagnone reports in Law360. The same partner left the firm to join Peirce Bainbridge, Clara Hudson reports in GIR. (sub req’d on both)
  8. Dutch prosecutors have told Shell the company will be criminally indicted over its role in obtain drilling rights in Nigeria. Chloe Taylor reports in CNBC.com.
  9. Jay begins a new role as a Featured Columnist on Corporate Compliance Insights. Check out CCI’s cool new look. (Interview with CCI’s new EIC Sarah Haddon next week).
  10. Rod Rosenstein says farewell to the compliance community. Text of Rosenstein speech here.
  11. Tom returns his periodic podcast series the Opinion Release Papers, with a five-part offering this week. Check out the following: Part 1-Opinion Release 10-03 on charitable donations under the FCPA; Part 2-Opinion Release 10-02 on hiring foreign officials as agents; Part 3– Opinion Release 07-01, travel for foreign officials; Part 4-Opinion Release 07-02, travel for and entertainment of foreign officials; Part 5-Opinion Release 11-01, why should you use the process. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotify. It is now also on Corporate Compliance Insights.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Blog

Day 22 of 30 Days to a Better Compliance Program, the Regional Compliance Committee

The Regional Compliance Committee operationalizes compliance into the Company’s Regional operations where the business operates. This approach follows the Department of Justice mandate, articulated in the Department’s FCPA Pilot Program for companies to move the doing of compliance down into the business of the organization. The make-up of the Regional Compliance Committee, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization, which allows a fuller, richer and more holistic approach to compliance advice. It adds a dimension not often seen or even discussed in the compliance profession. The accountability and oversight down to the Regional level and the compliance monitoring, reviewing, assessing and recommending that is deemed to be necessary will provide additional endorsements up through the organization that it is actually doing compliance. The Regional Compliance Committee can provide a unique structure to perform these functions. Key Takeaways

  1. A regional compliance committee can work to drive more efficient and more robust compliance into the region.
  2. All regional leaders should be on the committee.
  3. The regional compliance committee should liaise with other compliance committees.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Regional Compliance Committee is uniquely suited to drive compliance down into the fabric and DNA of an organization.  ]]>

Categories
Blog

Day 21 of One Month to More Effective Internal Controls-Revenue Recognition, Internal Controls and Compliance

Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, we are now less than six months away from a new Revenue Recognition (“new rev rec”) standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. I visited with Joe Howell, Executive Vice President (EVP) at Workiva Inc. and asked him if he could walk me through some of the key changes and how it might impact compliance going forward. FASB recognized that its revenue recognition requirements around U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new rev rec standard. The implementation will be a massive undertaking. According to Howell, “The accounting standard itself is 700 pages long, and in the US accounting literature it replaces over 200 other pieces of accounting guidance on revenue.” The official name is “Revenue from Contracts with Customers” and Howell noted there are “lot of surprises, and the things that is true for almost everybody is that they are going to be facing some level of change in the way they account and report revenue. They will most certainly have to change the way they disclose things related to their revenue. There are, included in the revenue standards, over six pages worth of new disclosure requirements.” One of the key differences in this new rev rec standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. Howell thinks this will put pressure on auditors “to get comfortable with what the company provided them and which they incorporated into their decision- making process in forming an opinion. For disclosure control this is something quite different, because the auditor’s typically not relying on those.” This will create risks for auditors adjusting to the new rev rec standard because as they learn more about the new standard and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it. The reason this is important to the compliance profession and the compliance practitioner is internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation, that companies must inform the SEC about the accounting policies that they are changing, and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. Howell believes “The SEC is making it perfectly clear that this is a real compliance issue.” Moreover, the SEC has indicated that these disclosures are central to the new rev rec standard. Howell said, “typically, if a company has some sort of failure in their disclosures for an accounting standard, they’re treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting.” While disclosure of internal controls might not typically bring Section 404 scrutiny, under the new rev rec standard, they may now do so. Howell articulated that usually when performing a financial audit, an auditor would not rely on a disclosure control in the past. However under the new rev rec standard, if there is a change during the year in how an auditor views a disclosure control, it could require them “to go back and either figure out if the audit work that they did is tainted and they need to go back and do that work in the form of a substantive testing, or they need to go back to see if there were mitigating controls that were in place that still allowed them to rely on the internal control processes to get comfortable with what the company provided them and which they incorporated into their decision making process in forming an opinion. For disclosure control this is something quite different, because the auditor’s typically not relying on those.” Of course, this is overlaid on the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of any materiality standard. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls. Yet there are other tie-ins into compliance which the compliance practitioner needs to understand and prepare for going forward. The prior rev rec standard was rules based. As a lawyer, that was an approach I was quite comfortable with both from a learning stand point and communicating to business folks. But now the standard is much more judgment based and when a standard is more judgment based, there can be more room for manipulation. Howell explained the response by compliance is “making sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgements that managers must make as they report their revenue under the new standard; and that those judgements themselves are properly documented.” This final point demonstrates the convergence and overlap between the compliance profession, compliance programs and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. Now they can also be used to gather the information which will be presented to auditors under the new rev rec standard. Many professional are focused on the new rev rec from the auditing and implementation perspective. However, if you are a Chief Compliance Officer (CCO), you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.

Three Key Takeaways

  1. An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.
  2. There are two over-arching requirements for effective internal controls. First, each of the five components are present and function. Second, are the five components operating together in an integrated approach.
  3. For an anti-corruption compliance program you can use the Tem Hallmarks of an Effective Compliance Program as your guide to test against.

For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The new FASB rev rec standard has significant implications for the compliance practitioner going forward.]]>

Categories
Blog

Day 21 of 30 Days to a Better Compliance Program, the Compliance Oversight Committee

Key Takeaways 

  1. Determine an appropriate committee membership.
  2. The committee is there to act as an extra set of eyes for the CCO, not to substitute its judgment.
  3. Determine the scope of items and issues to be reviewed by the committee.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Compliance Oversight Committee provides a second set of eyes for the CCO and compliance department.    ]]>

Categories
Blog

Day 20 of 30 Days to a Better Compliance Program, the Board of Directors’ Compliance Committee

Key Takeaways

  1. This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
  2. This committee should work to hold the CCO accountable to hit appropriate metrics.
  3. This committee is ideal for leading the efforts around strategic planning.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.  ]]>

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.]]>

Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 350, Linda Justice and Her Nancy Drew Approach