Categories
Compliance Tip of the Day

Compliance Tip of the Day: Protecting Against Pre – taliation

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, we provide 6 steps to help you remediate your contracts to remove illegal retaliation language and prevent such language from being inserted going forward.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids on Amazon.com.

Categories
Blog

Addressing Pre-taliation

One of the most talked about subjects in corporate compliance is the issue of pre-taliation—an increasingly common enforcement target by the U.S. Securities and Exchange Commission (SEC). Matt Kelly and I did a recent podcast on the topic, and you can check out the recent episode of Compliance Into the Weeds for an audio discussion of the topic. Matt has blogged on the topic of Radical Compliance. This post will deeply dive into this issue and show why pre-taliation clauses in contracts, which inhibit whistleblowers from claiming financial rewards, are illegal and how compliance officers can effectively address this recurring problem.

What Is Pre-Taliation?

Pre-taliation refers to contract provisions that prevent or discourage employees from reporting potential misconduct to regulators. Typically, these clauses claim an employee forfeits the right to financial rewards associated with whistleblowing. While companies cannot directly prohibit employees from reporting wrongdoing, they attempt to introduce barriers that dissuade individuals from taking the financial risk of blowing the whistle. These clauses have a “chilling effect” on potential whistleblowers and are, quite simply, illegal under SEC rules.

The SEC’s recent enforcement actions against several corporations show that despite being a known violation, many businesses continue to use these clauses in their employment contracts. The fines may be relatively small, but the impact of these enforcement actions is clear: companies must remove pre-taliation language from all contracts, or they will face the consequences.

Recent SEC Enforcement Actions on Pre-Taliation

Last week, the SEC sanctioned seven companies for including pre-taliation language in their employment contracts. One major violator, Acadia Healthcare Corporation, was fined $1.4 million, while others, including TransUnion and IDEX Corporation, paid penalties ranging from $19,000 to $690,000. While these fines may seem minor compared to other enforcement actions, the real issue lies in the recurring use of these illegal clauses.

For the compliance professional, the key is that these contracts stated that employees were free to report potential violations to regulators. Still, they included an additional clause that employees had to forfeit any right to claim whistleblower rewards. This approach violates SEC whistleblower provisions designed to incentivize whistleblowers with financial rewards for bringing misconduct to light.

Why Do Companies Use Pre-Taliation Clauses?

Companies continue to use such clauses to prevent them from going to the SEC or other regulators. Including pre-taliation language is an intentional tactic designed to scare employees into silence. These clauses are legally dubious, but they can effectively discourage employees from whistleblowing if they are unaware of their legal rights. The logic is simple: why risk your career and financial livelihood to report misconduct without potential financial reward?

In some cases, these companies may also be testing the boundaries of the law if regulators do not prioritize enforcement. However, as the SEC’s actions have shown, this is a serious miscalculation, as it is clear that using such clauses is intentionally trying to prevent employees from exercising their federal rights.

Addressing Pre-Taliation: A Compliance Officer’s Roadmap

How can compliance officers avoid falling into the same trap as Acadia Healthcare and others? Here’s a practical roadmap for compliance professionals tasked with eliminating pre-taliation clauses from their companies’ contracts:

  • Conduct a Contract Review

The first step is to conduct a comprehensive review of all employment contracts, both current and historical. This is easier said than done, particularly for large organizations with decentralized operations. As Matt Kelly pointed out, the challenge lies in the sheer volume of contracts and the number of people involved in drafting and approving them. Contracts may come from various teams—HR, legal, commercial, and even procurement—so identifying all instances of pre-taliation language requires a coordinated effort across multiple departments.

  • Establish Clear Contract Policies

The next step is establishing clear and enforceable policies about what can and cannot be included in contracts. This policy should be enterprise-wide and include specific language that prohibits the inclusion of pre-taliation clauses. Not only does this create a standard for new contracts, but it also sets a clear precedent for remediating older contracts that may still contain illegal language.

This policy should also include specific guidelines for all contracts, not just employment agreements, as pre-taliation clauses can sometimes slip into customer contracts, vendor agreements, and third-party relationships. For instance, earlier this year,  J.P. Morgan was penalized for including pre-taliation language in its customer contracts, which stipulated that customers had to notify the company before reporting misconduct to regulators.

  • Collaborate with Legal and HR Teams

A cross-functional approach is critical to solving this issue. Compliance officers must work closely with the legal and HR teams to implement contract policies correctly. HR plays a key role in drafting employment contracts, while the legal department ensures the language complies with regulatory standards. Without close collaboration, tracking down all the contracts that need to be updated or ensuring that future contracts are compliant will be nearly impossible. The idea that there is a magical person in the company who can fix this problem is a myth. Addressing pre-taliation requires a team effort involving multiple functions and a strong commitment to enterprise-wide remediation.

  • Provide Employee Education

Another important step is to educate employees about their rights under whistleblower laws. Pre-taliation language works best when employees do not understand that these clauses are illegal. By informing employees of their rights, compliance officers can undermine the chilling effect these clauses are designed to create. Employees should know they are legally entitled to report misconduct to regulators and cannot be penalized.

  • Establish a Remediation Plan for Older Contracts

Once all pre-taliation clauses have been identified, the next step is to establish a remediation plan. This may involve contacting former employees who signed contracts with illegal language and current employees who must be informed that their contracts have been updated. While this can be a complex process, it is essential for maintaining the integrity of the company’s compliance program.

  • Monitor for Future Violations

Finally, compliance officers should establish ongoing monitoring to ensure that pre-taliation language doesn’t slip into future contracts. This can be done by including contract reviews as part of regular compliance audits or by implementing automated tools to flag problematic language. By proactively monitoring contract language, compliance officers can prevent future violations and ensure that their company complies with SEC regulations.

A Simple Fix but a Complex Process

Addressing pre-taliation clauses may seem straightforward, but as Matt Kelly pointed out, it can be highly complex. With multiple stakeholders involved and various contracts to review, it truly takes a coordinated, enterprise-wide effort to eliminate these illegal provisions.

For compliance officers, the message is clear: do not wait for the SEC to come knocking. Review contracts, establish clear policies, and educate employees about their rights. By taking these steps, compliance officers can ensure that their companies are compliant and foster a culture where whistleblowers feel empowered to come forward. With the new DOJ Whistleblower Financial Incentive Program, it is only a matter of time before the DOJ comes knocking.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Podcasting for Compliance Training

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we explore how you can use the audio podcast format to facilitate your compliance training regime.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids on Amazon.com.

Categories
Blog

The Case for Automation: Why Compliance Professionals Must Embrace the Future

In 2024, compliance is no longer just a check-the-box function but a vital component of risk management, corporate governance, and business strategy. As companies scale and regulations become more complex, the traditional methods of managing compliance—using spreadsheets, SharePoint, and manual processes—are proving inadequate. In a recent episode of the Innovation in Compliance podcast, Travis Howerton, Co-Founder and CEO of RegScale, emphasized the importance of automation in compliance, mainly through the lens of cybersecurity, digital transformation, and the growing regulatory burden. Their conversation sheds light on why compliance professionals need to embrace automation now more than ever.

Compliance and Digital Transformation: A Necessary Partnership

Compliance is often seen as the enemy of innovation, a cost center, and a roadblock to business development. Howerton recalls a time when cyber and compliance were usually viewed as the “no” force in an organization, blocking new initiatives due to concerns over risk. But times have changed. Compliance is no longer a hindrance to business growth but an enabler, especially when integrated into a company’s digital transformation efforts.

Howerton strongly advocates for compliance professionals to rethink their approach and adopt a more proactive stance. Rather than being the department that says no, compliance can empower businesses to move faster and innovate more effectively—provided they have the right systems in place.

Automation is key to this transformation. RegScale aims to digitize regulatory requirements into code, moving away from cumbersome and static processes like filling out spreadsheets and chasing paper trails. Automation makes compliance a “free outcome” of operational excellence, enabling businesses to focus on innovation without sacrificing their risk posture.

Why Continuous Monitoring Matters

The importance of continuous compliance monitoring is evident as regulatory frameworks become increasingly complex. Regulations evolve, not just in scope but also in speed, and a one-time audit or annual review is no longer sufficient. Continuous monitoring ensures compliance is not reactive but an ongoing activity that adapts as risks emerge and regulatory requirements change.

Manual processes have problems, and Howerton was quite candid about their limitations. Relying on spreadsheets, while familiar and easy to set up, often results in outdated or incomplete data. Compliance professionals who still rely on these methods work in a reactive mode, responding to issues only after they become serious. Worse, the inefficiencies of manual tracking can lead to missed deadlines, incomplete audits, and a false sense of security.

With automation, companies can continuously monitor compliance, ensuring they meet today’s standards and are prepared for tomorrow’s changes. Automated tools also reduce the risk of human error and can flag issues in real time, allowing compliance teams to address risks before they escalate.

How Automation Enhances Cybersecurity Compliance

Automation is not simply a nice-to-have for highly regulated industries like finance, healthcare, and national security; it is essential to doing business. Compliance in these sectors is about meeting external regulatory requirements and protecting the business’s core assets—its data, infrastructure, and, ultimately, reputation.

Howerton noted that cybersecurity has become a board-level concern for organizations across industries. No matter which party is in power or how political landscapes shift, cybersecurity will continue to be a top priority for businesses. A breach can lead to massive financial losses, reputational damage, and legal liabilities. Yet, cybersecurity compliance is notoriously difficult to manage, especially when relying on manual processes.

Automated compliance solutions can integrate cybersecurity frameworks into operational processes. Instead of requiring constant manual updates and reviews, these systems can continuously monitor for threats and ensure the necessary protections are in place.

Moreover, compliance officers can shift from reactive to proactive by digitizing regulations and automating reporting. They can focus on managing actual risks rather than spending time maintaining paperwork. This approach transforms compliance from a burdensome process into a critical driver of business value.

Overcoming Resistance to Automation

Despite the clear benefits, there is still resistance to automation in many compliance departments. Howerton acknowledges that much of this resistance is cultural. The introduction of automation may threaten some professionals, especially those with legal or non-technical backgrounds who worry that it will eliminate their roles. Others may believe that their current manual systems are “good enough.”

However, as Howerton explains, the pace of regulatory change and the speed at which new risks emerge mean manual processes are no longer sustainable. “Software is eating the world,” he says, and compliance is no exception. The complexity of managing compliance in a digital world will overwhelm businesses that need to adapt.

How can compliance professionals overcome this reluctance? By reframing the conversation. Automation doesn’t eliminate jobs; it enhances them. By taking over the repetitive, time-consuming tasks that no one enjoys—like chasing down documentation or managing endless spreadsheets—automation allows compliance professionals to focus on the higher-level strategic work that truly matters: managing risk, advising the business, and ensuring long-term compliance.

The Cost of Inaction

The most compelling reason to embrace automation is the cost of inaction. Compliance breaches can be devastating, both financially and reputationally. A breach or failed audit does not simply result in fines; it can lead to a loss of trust among customers, investors, and stakeholders.

In the long term, the organizations that thrive will have seamless, scalable, and sustainable integrated compliance into their business processes. Manual processes may have worked in the past, but as we approach 2030 and beyond, they will not be enough to keep up with the pace of change.

Howerton closes the discussion with a powerful analogy: “You don’t have brakes on a car to slow down; you have brakes so you can drive fast.” Compliance allows businesses to move faster, innovate more, and confidently explore new opportunities when done right. By embedding automation into their compliance programs, companies can protect themselves from risk while driving forward into new markets and opportunities.

The Future of Compliance is Automated

As we look to the future, one thing is clear: automation is no longer optional for compliance professionals. The growing complexity of regulations, the need for real-time monitoring, and the increasing importance of cybersecurity make it only possible for companies to rely on manual processes. Continuous monitoring, powered by automation, will be the key to managing these challenges effectively.

For compliance professionals, the time to embrace automation is now. The future is coming faster than ever, and those who fail to adapt risk being left behind.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Measuring Compliance Training Effectiveness

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the why of and how to measure compliance training effectiveness.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Compliance Training Frequency

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how often you should put out compliance training.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids on Amazon.com.

Categories
Innovation in Compliance

Innovation in Compliance: Travis Howerton on Revolutionizing Compliance – Integrating Automation for Digital Transformation

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast.

In this episode, Tom welcomes back, Travis Howerton, a co-founder of RegScale, the sponsor for this episode, to take a deep dive into automating compliance solutions for the digital transformation of compliance.

Howerton advocates for the integration of automation in compliance to keep pace with rapid technological advancements, thereby maintaining competitiveness and efficiency. Through digitizing regulations by using the latest standards and forming strategic partnerships, Howerton and RegScale are transforming traditional compliance from a manual, burdensome task into an automated, streamlined process, thereby redefining the role of compliance professionals as key contributors to secure and innovative operations.

We discuss the three pillars of cybersecurity: confidentiality, integrity, and availability. While much focus is placed on safeguarding confidentiality to protect sensitive information, the speaker highlights that integrity issues pose a significant threat, particularly in sensitive industries like healthcare and critical infrastructure. Compromised integrity can lead to dire physical consequences, making it the most concerning aspect of cybersecurity.

Key Highlights:

  • Introduction to Cybersecurity’s Three-Legged Stool
  • Focus on Confidentiality in Cybersecurity
  • The Critical Importance of Data Integrity
  • Real-World Implications of Integrity Issues
  • The Sleepless Nights of a Cybersecurity Analyst

Resources:

Travis Howerton on LinkedIn

RegScale

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The Bre-X Mining Scandal: Part 6 – A Guide for the 2024 Compliance Professional (Part 2)

Today, we conclude a multipart blog post series exploring one of the biggest corporate scandals of the 1990s, the Bre-X mining scandal. Our most recent blog post explored the foundational lessons from the Bre-X scandal for today’s compliance professionals, focusing on due diligence, transparency, corporate governance, and more. In today’s concluding blog post,  we focus on additional critical areas where compliance officers can play a pivotal role in ensuring organizational integrity. From fostering a strong whistleblowing culture to leveraging modern technologies for continuous monitoring, these strategies will help prevent financial fraud, uphold ethical standards, and do business in compliance into 2024 and beyond.

The Role of Whistleblowing and Ethics Programs

A lack of transparency and accountability within Bre-X contributed to the persistence of fraud for years. If a robust whistleblowing mechanism had been in place, the red flags might have been raised earlier, potentially preventing the massive fallout.

  • Encouraging Whistleblowing. One of the most critical aspects of modern compliance is creating a culture where employees feel empowered to speak up without fear of retaliation. Compliance officers should focus on building and maintaining secure, confidential channels where employees can report unethical or suspicious activities. A strong whistleblowing framework protects the organization from reputational damage and demonstrates to employees that integrity is a top priority.
  • Ethics Training. In addition to promoting whistleblowing, regular ethics training can help build a culture of transparency and accountability. Employees must be educated on the importance of ethical decision-making and how their actions contribute to the company’s long-term success. Compliance teams can reinforce the core values of honesty and integrity across the organization through frequent workshops, case studies (including Bre-X), and clear guidance on ethical behavior.

Risk Management and Scenario Planning

The Bre-X scandal is a stark reminder of the importance of comprehensive risk management. The ability to foresee potential risks and prepare accordingly can be the difference between averting a disaster or getting caught in one.

  • Assessing and Mitigating Risk. Risk management is central to the work of a compliance officer. Rigid risk assessments are non-negotiable in industries like mining—where speculation, large financial stakes, and geographical challenges intersect. Compliance professionals must develop strategies that identify, assess, and mitigate potential risks early, whether they stem from operational, financial, or reputational sources. For instance, resource overestimation, as seen in Bre-X, could have been mitigated with proper checks on geological data and third-party verification.
  • Scenario Planning. Preparing for various fraud scenarios, including “what if” situations similar to Bre-X, is a valuable exercise. Scenario planning enables organizations to consider how they would respond in the event of fraud or a major compliance breach. Companies should develop detailed crisis management plans, identify key decision-makers, and outline steps for navigating potential crises. In the event of another large-scale scandal, having these contingency plans in place will reduce the organization’s response time and limit damage.

Continuous Controls Monitoring and Auditing

The importance of continuous monitoring cannot be overstated, particularly in industries prone to high levels of fraud, such as mining, finance, or healthcare. Compliance professionals must champion ongoing oversight to ensure early detection of potential issues.

  • Ongoing Oversight. Continuous auditing of processes and transactions is an effective way to catch problems before they escalate. In the Bre-X case, regular audits of geological sample reporting and financial disclosures could have flagged discrepancies early on. Compliance teams today should implement robust monitoring programs that examine critical areas like financial performance, regulatory adherence, and ethical behavior. Routine audits of key operational processes, especially in high-risk industries, can prevent fraudulent behavior from going undetected.
  • Use of Technology. The rise of data analytics and artificial intelligence (AI) has transformed the compliance landscape. In 2024, compliance professionals must embrace technology that enhances real-time monitoring capabilities. By leveraging AI and big data, companies can detect anomalies or suspicious activities before they evolve into significant problems. For example, automated systems can track financial reporting patterns or identify irregular resource estimates, helping compliance teams intervene before major fraud occurs.

Global Considerations and Jurisdictional Awareness

In today’s globalized business environment, companies often operate in multiple countries, each with its regulatory requirements. Compliance professionals must stay abreast of international standards and ensure the organization complies with all regions.

  • Navigating International Regulations. The Bre-X scandal highlighted the complexities of operating in different jurisdictions. While Bre-X was a Canadian company, much of its fraudulent activities occurred in Indonesia, and the regulatory landscape vastly differed between the two countries. In 2024, compliance officers must develop an in-depth understanding of the regulatory environments in each jurisdiction where their company operates. This includes legal compliance and cultural and business norms that could impact operations and risk management strategies.
  • Cross-Border Cooperation. In an interconnected world, no company is an island. Regulatory bodies across countries are increasingly cooperating on compliance and enforcement efforts, especially in mining, finance, and pharmaceuticals. Building relationships with regulatory agencies in different jurisdictions is vital for compliance professionals. These partnerships can help organizations navigate complex international regulations and stay on top of emerging global compliance trends.

The Bre-X scandal was a watershed moment for the mining industry and for compliance professionals across sectors. The lessons from this case are invaluable in shaping how compliance is approached in 2024. Compliance officers can safeguard their organizations from the devastating consequences of fraud by encouraging a culture of whistleblowing, implementing comprehensive risk management practices, leveraging technology for continuous monitoring, and understanding global regulatory landscapes.

Fraud prevention is a continuous journey that requires vigilance, transparency, and a proactive mindset. Today’s compliance professional’s responsibility is not just to respond to incidents but to anticipate them, fostering a corporate culture prioritizing ethics and accountability at every level. This concludes our series on the Bre-X scandal. By learning from the past, compliance professionals can build a more resilient, transparent future for their organizations.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Compliance Training Governance Committee

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how a Compliance Training Governance Committee can facilitate your overall compliance training regime.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids on Amazon.com.

Categories
Adventures in Compliance

Adventures in Compliance: The Last Bow – Compliance Lessons from Sherlock Holmes’ War Service

Welcome to a review of all the Sherlock Holmes stories which are collected in the work, “The Last Bow“. It is a collection of eight detective stories written by Sir Arthur Conan Doyle, from 1908 to 1917. The collection spans some of the most intriguing cases and mysteries that Holmes and his loyal friend Dr. John Watson tackle.

Today we take up The Story of Sherlock Holmes War Service, which appeared in Strand Magazine in December 1917, as we consider the compliance lessons from the story Sherlock Holmes War Service.

In this episode, Tom Fox delves into the final story from Arthur Conan Doyle’s 1917 collection ‘His Last Bow,’ focusing on Sherlock Holmes’ wartime espionage activities. The story transitions from detective work to spycraft, exemplifying key compliance lessons such as monitoring, risk management, collaboration, confidentiality, adaptability, leadership, and thorough investigations. Tom draws parallels between Holmes’ strategies and modern compliance practices.

Key Highlights:

  • Introduction to the Final Story: Sherlock Holmes War Service
  • Key Compliance Lessons from the Story
  • Upcoming new episodes 

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.