Tag: compliance

Categories
Great Women in Compliance

SCCE Roundup with Lisa and Mary

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

The 2022 Society of Corporate Compliance and Ethics, Compliance and Ethics Institute took place last week in Phoenix, Arizona.  There was a mix of both in person and virtual attendees with a person presence significantly bolstered compared with the 2021 crowd, the first in person ECI since the pandemic hit.  In 2023 it really felt like things were back and the Great Women in Compliance podcast hosts, Lisa Fine and Mary Shirley, debrief listeners with a roundup of highlights and musings from the conference, as well as handing out a few prized GWICies.

 Lisa and Mary both critically analyze some aspects of the conference and sessions, as well as take their usual lighthearted and informal approach to discussing what they thought went well, where there were areas of opportunity, surprises and how they each dealt with unforeseen challenges – from the beginning of the conference and throughout – including Lisa’s hangry misfortune and Mary nearly causing an international incident at a piano bar.

 Join us for this special joint episode and re-live the conference for those that attended and cure your FOMO for those who were unable to make it.

 The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Lafarge and the Cost of Moral Bankruptcy

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the recent guilty plea by Lafarge, the French cement giant now owned by Holcim, for paying bribes and protection money to ISIS and doing business in Syria with ISIS. Highlights include:

  • What are the background facts?
  • What were the bribery and payment schemes?
  • What are the compliance lessons learned?
  • How will the victim status play out?
  • Who will guarantee compliance of Lafarge with the Plea Agreement?

 Resources

Tom in the FCPA Compliance and Ethics Blog

Categories
The Compliance Life

Bridget Abraham-Reflections on a Non-Traditional Compliance Career Path

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

In this concluding episode, Bridget reflected on her non-traditional path to the CCO chair. She also discussed the compliance challenges of moving money around the globe and doing so with less friction. She recalled some of the key mentors who had helped her career path and concluded with thoughts on how and why a corporate compliance program needs to use data to tell its story.

Resources

Bridget Abraham LinkedIn Profile

Categories
Role of the Board of Compliance

Episode 02: Marchand (Blue Bell Ice Cream) with Tom Fox and Jonathan Marks

Understanding risk means understanding your business.

Tom Fox and Jonathan Marks discuss the Blue Bell Ice Cream case, what went wrong, the lessons that compliance officers and board members can learn and apply, suggest how to improve your business’s governance, and how to be wary of red flags.

▶️ Marchand (Blue Bell Ice Cream) with Tom Fox and Jonathan Marks

Key points discussed in the episode:

✔Tom Fox lays out the facts of the Blue Bell Ice Cream case.

✔Jonathan Marks emphasizes the importance of enterprise-wide risk management and identifying key risks by deeply understanding your business.

✔Members of boards and committees should be carefully considered, must be conscious of the laws and regulations, and proactively ask questions to ensure safe products and services.

✔Jonathan Marks shares his opinions on the court verdict on Blue Bell’s CEO Paul Kruse’s responsibility for the listeria outbreak.

✔ Jonathan Marks highlights the gravity of disclosing red flags earlier so they can be corrected, preventing further damage, and continuing enterprise risk management programs, taking the shame out of it.

✔Tom Fox presents what the Delaware Supreme Court said about the case.

✔When safety issues arise, assess the situation quickly and communicate it among those responsible. Be prepared and have a crisis management plan in place if there isn’t any. 

✔Risk drives compliance. Ensure the board is informed. Risk assessment is the foundation of any compliance program.

—————————————————————————-

Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

 

Categories
Greetings and Felicitations

Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this special series, I consider many structural engineering concepts are apt descriptors for an anti-corruption compliance program. In this episode 1, I consider the Roman architect Vitruvius and what makes a structure great. Highlights include:

·      The Vitruvius Triad.

·      Compliance Program formulations.

·      What are form, function, and structure

·      Continuous risk and continuous risk management.

·      Risks assessments after Covid 19.

Resources

Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity,” taught by Professor Stephen Ressler from The Teaching Company.

Categories
The ESG Report

Supply Chain & ESG: Scope 3 Emissions Reporting Strategy with Devin O’Herron and Jared Connors

 

In this episode of the ESG Report,Tom Fox is joined by Devin O’Herron and Jared Connors of Assent to discuss Scope 3 emissions reporting as the key to disclosure success. They talk about the importance of accounting for Scope 3 in your emissions strategy.

 

 

There are three scope levels within the emissions reporting strategy: Scope 1 refers to things like your vehicle or things you’re doing around your facility; Scope 2 is the purchased heat or electricity powering your facility; and Scope 3 is all those variables outside your four walls. The most important aspect of Scope 3 is purchased goods. This has a large impact on organizations that may not necessarily take in raw materials and directly manufacture those raw materials into a finished good. “Even if your organization designs products and influences those products, you typically will obtain your raw materials components through your supply chain,” Jared says. The supply chain is a very significant factor to consider when coming up with the emissions strategy as a company.

 

A recent study found that Scope 3 emissions are typically 11 times larger than an organization’s Scope 1 and 2 emissions combined. As mandatory climate disclosure legislation progresses into the future, the overall emissions strategy needs to start accounting for Scope 3 as much as possible. “When it comes to Scope 3 emissions in particular, as we think about things like carbon taxes, risk in terms of risk, if you don’t understand what exactly that applies to your organization, you are missing a big opportunity,” Devin stresses. Organizations need to get a handle on their total emissions footprint. You cannot manage what you do not measure. 

 

Resources

Devin O’Herron on LinkedIn

Jared Connors | LinkedIn

Tom Fox’s email

Assent website

 

Categories
Blog

Great Structures Week V – The Tacoma Narrows Bridge Failure and Preventing Failure in Your Compliance Program

I conclude my Great Structures Week with a focus on structural engineering failures: suspension bridges and the challenges of wind in their construction and maintenance. I am drawing these posts from The Great Courses offering, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. In his chapter on suspension bridges he notes that the “Tacoma Narrows Bridge was the third longest span in the world when it opened to the world, this month of July in 1940.” Yet it collapsed only four months later, in one of the most famous visual images of a bridge’s collapsing. This is due to the “inherent flexibility of cable as a structural form”. A bridge can move in longitudinal vibration, that is up and down and in torsion, where it twists from side-to-side.

Most people recognize unstiffened suspension bridges as old as man and engineering itself. It was not until the 1820s that serious study was brought to bear on the issue of wind-related collapse of suspension bridges. The initial solution was to simply use more weight to reinforce the span. However, while that solution did bring some stability, it reinforced damage as the structure became a textbook example of Newton’s Second Law of Motion, which states that the acceleration of an object is dependent upon two variables – the net force acting upon the object and the mass of the object; meaning that once a heavy weight is in motion, it is more resistant to deceleration.

Yet it was scientific methodology that led to the disaster with the Tacoma Narrows Bridge. An engineer named Leon Moisseiff had developed a theory that long spanned suspension bridges were heavy enough that they did not require stiffening trusses because “their mass stabilized them against wind-induced vibrations.” However, this theory failed to take into account how air flows around a bridge and the “dynamic response of the structural system.” Ressler concludes this section by stating, “this case has become a classic symbol of the dangers of arrogance born of overconfidence in science-based design methods, and belt-and-suspenders engineering has made a bit of a comeback.”

I thought about the catastrophic failure of the Tacoma Narrows Bridge in the context of one of the greatest risks in Foreign Corrupt Practices Act (FCPA) compliance; that being third parties. Many non-compliance corporate employees assume that if a third party passes due diligence muster; they are in the clear. After all, you cannot stop a third party from making a bribe or other corrupt payment. Fortunately, the Department of Justice (DOJ) does not take such a myopic view as many business types. Under the FCPA, a company is responsible for the actions of its third-party representatives.

The real work around your third-party compliance program begins after the contract is signed and it is in the management of the third-party relationship. While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, in “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

Carol Switzer, writing in the Compliance Week magazine, set out a five-step process for managing corruption risks, which I have adapted for third parties.

  1. Screen – Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit – Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Additionally, there several different functions in a company that play a role in the ongoing monitoring of the third party. While there is overlap, I believe that each role fulfills a critical function in any best practices compliance program.

Relationship Manager

There should be a Relationship Manager for every third party which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party.

Compliance Professional

Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. This role can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party.

3rd Party Oversight Committee

A company can have a Third-Party Oversight Committee review documents relating to the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group, but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.

After the commercial relationship has begun the Third-Party Oversight Committee should monitor the third-party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Third-Party  Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Third-Party Oversight Committee should review all payments requested by the third party to assure such payment is within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Third-Party Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.

 Audit

A key tool in managing the relationship with a third-party post-contract is auditing the relationship. I hope that you will have secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed.

Perhaps now you will understand why I say that managing the relationship of your third party’s is where the real work of your FCPA compliance program comes to the fore. It also demonstrates a key difference in having a paper compliance program and doing compliance. Having a paper compliance program is simple but doing compliance is not always easy; you have to work at it to maintain an effective program.

I hope that you have enjoyed this week’s offering based around some of the world’s greatest structures, their engineering concepts and innovations and how they all related to a best practices compliance program. I am a huge fan of The Great Courses offerings and if you are interested in learning in a great many areas it is one of the best resources available to you.

Categories
Blog

Great Structures Week IV –  Gothic Cathedral and Compliance Incentives

I continue my Great Structures Week with focus on great structural engineering and its innovations in the medieval world – that being the Gothic Cathedral. I am drawing these posts from The Great Course offering, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. When it comes to Gothic Cathedrals, Ressler notes that they are a rich case study in the development of “architecture and the limits of empirical design, literally written into the walls of the buildings.”

The innovation of the Gothic Cathedral was to use elements of the Roman basilica but to add “height and light, featuring ever taller naves, pierced by ever-larger clerestory windows, and delineated by ever-more-slender engaged columns”. The first innovation came with the pointed arch followed by ribbing on the columns to help stiffen and strength them more effectively. However, the truly dynamic innovation was the creation of flying buttresses, which were huge additional columns outside the structure yet were designed to become load-bearing members so the highest point inside the cathedrals could be filled by light through ornately stained glass windows. Two of the finest examples of these Gothic Cathedrals are both found in France. They are the Cathedral of Our Lady at Chartres and Cathedral of St. Stephens at Bourges.

Just as the medieval world built up the structural engineering techniques from their forebears, as your compliance regime matures you can implement more sophisticated strategies to make your Foreign Corrupt Practices Act (FCPA) compliance program a part of the way your company does business. Using an article from the MIT Sloan Management Review, “Combining Purpose with Profits, as a basis, I have developed six core principles for incentives, for the compliance function in a best practices compliance program.

  1. Compliance incentives don’t have to be elaborate or novel. The first point is that there are only a limited number of compliance incentives that a company can meaningfully target. Evidence suggests the successful companies are the ones that were able to translate pedestrian-sounding compliance incentive goals into consistent and committed action.
  2. Compliance incentives need supporting systems if they are to stick. People take cues from those around them, but people are fickle and easily confused, and gain and hedonic goals can quickly drive out compliance incentives. This means that you will need to construct a compliance function that provides a support system to help them operationalize their pro-incentives at different levels, and thereby make them stick. The specific systems which support incentives can be created specifically to your company but the key point is that they are delivered consistently because it signals that management is sincere.
  3. Support systems are needed to reinforce compliance incentives. One important form of a supporting system for compliance incentives “Is to incorporate tangible manifestations of the company’s pro-social goals into the day-to-day work of employees.” Make the rewards visible. As stated in the FCPA Resource Guide 2nd edition, “Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.”
  4. Compliance incentives need a “counterweight” to endure. Goal-framing theory shows how easy it is for compliance incentives to be driven out by gain or hedonic goals, so even with the types of supporting systems it is quite common to see executives bowing to short-term financial pressures. Thus, a key factor in creating enduring compliance incentives is a “counterweight”; that is, any institutional mechanism that exists to enforce a continued focus on a nonfinancial goal. This means that in any financial downturn compliance incentives are not the first thing that gets thrown out the window and if my oft-cited hypothetical foreign Regional Manager misses his number for two quarters, he does not get fired. The key is that the counterweight has real influence; it must hold the leader to account.
  5. Compliance incentive alignment works in an oblique, not linear, way. The authors state, “In most companies, there is an implicit belief that all activities should be aligned in a linear and logical way, from a clear end point back to the starting point. The language used — from cascading goals to key performance indicators — is designed to reinforce this notion of alignment. But goal-framing theory suggests that the most successful companies are balancing multiple objectives (pro-social goals, gain goals, hedonic goals) that are not entirely compatible with one another, which makes a simple linear approach very hard to sustain.” What does this mean in practical terms for your compliance program? If you want your employees to align around compliance incentives, your company will have to “eschew narrow, linear thinking, and instead provide more scope for them to choose their own oblique pathway.” This means emphasizing compliance as part of your company’s DNA on a consistent basis — “the intention being that by encouraging individuals to do “good,” their collective effort leads, seemingly as a side-effect, to better financial results. The logic of “[compliance first], profitability second” needs to find its way deeply into the collective psyche of the company.”
  6. Compliance incentive initiatives can be implemented at all levels. Who at your company is responsible for pursuing compliance incentives? If you head up a division or business unit, it is clearly your job to define what your pro-social goals are and to put in place the supporting structures and systems described here. But what if you are lower in the corporate hierarchy? It is tempting to think this is “someone else’s problem,” but there is no reason why you cannot follow your own version of the same process.

Looking for some specific compliance obligations to measure against? You could start with the following examples of compliance obligations that are measured and evaluated.

 For Senior Management

  • Lead by example in your own conduct and in the decisions you take, to the resources and time you commit to compliance.
  • Facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally.
  • Support specific initiatives from the Chief Executive Officer (CEO), legal and compliance functions. 

 For Middle Management

  • Demonstrate, facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally.
  • Support specific initiatives from the legal and compliance functions.
  • Ensure that all employees, agents and contractors directly or indirectly reporting to you fully complete all required training and communications in a timely manner.
  • Provide full cooperation with investigations conducted by the compliance or legal functions of any alleged violation of compliance policies.
  • Include the Chief Compliance Officer (CCO) or another legal or compliance function representative in your management meetings at least twice per year, per geography.
  • Identify instances of non-compliance and support compliance monitoring and reporting systems. Partner with compliance in resolving compliance issues.

 For Business Development or Company Sales Representatives

  • Certify that all employees, agents and contractors directly or indirectly reporting to you have fully reported all sales and marketing interactions with all government officials in a timely manner.
  • Certify that all employees, agents and contractors directly or indirectly reporting to you have fully, promptly and accurately reported all expenses with third party sales representatives have occurred.

The Gothic Cathedral is one of the greatest structural engineering feats mankind has ever created. It combined a dimension of height not surpassed for nearly 1000 years with an ingress of light not previous seen in structures. This use of light facilitated the development of the artistry of stained-glass windows and directly led to the continued beauty and relevance of these magnificent structures.

Join us tomorrow as we conclude our series by looking at the Tacoma Narrows Bridge Failure and preventing failure in your compliance program.

Categories
Great Women in Compliance

GWIC x The Ethics Experts-Lisa’s Episode

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

As Lisa and Mary prepare for the end of 2022 with their fall hiatus, they thought they would mix it up by posting their Ethics Experts episodes.  We’ve heard from Mary, and now it’s Lisa’s turn.  In 2021, Lisa finally met Nick Gallo in person at the SCCE conference, and they talk about how they became “conference BFFs.”  In the episode, they talk about the importance of ethical decision-making and how to empower employees to do that.  In particular, they also discuss how to grow and stretch yourself by doing things that scare you, and that’s where Lisa committed to her annual solo episode.

The release date is also the last day of the 2022 SCCE CEI, and Mary and Lisa will be back next week with their joint episode which will include some event highlights.

The Great Women in Compliance podcast is excited to look at topics like this one, and we are always open to suggestions for guests.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.

You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

External Auditors, Fraud Risks and Compliance

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the recent statement by Paul Munter, the SEC’s acting chief accountant, who urged auditors to assess fraud risk among their clients better. Highlights include:

  • Why did the SEC raise these points in the first place? What are they trying to tell auditors that they’re doing wrong?
  • Are auditors equipped to be more aggressive in fraud risk assessment and investigation?
  • What should compliance officers think about vis-a-vis the SEC’s statement?
  • What is the role of compliance in anti-fraud?
  • How will this impact compliance audits by external auditors and fraud examiners?

 Resources

Matt in Radical Compliance