Tag: compliance

Categories
Blog

Leadership’s Conduct at the Top

The 2022 Monaco Memo emphasized the basic point that the key to every company is culture. The bottom line is that corporate culture matters and corporate culture that fails to hold individuals accountable, or fails to invest in compliance—or worse, that thumbs its nose at compliance—leads to bad results.

From the enforcement perspective, the DOJ will be assessing companies for the ethical cultures. From the compliance perspective, the ethical tone of a company and accountability all starts at the top and, most specifically, senior management. The 2020 FCPA Resource Guide, 2nd edition, stated, “Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.” To assist companies in understanding this requirement the 2023 ECCP sets out the following inquiries.

Conduct at the TopHow have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How have they modelled proper behavior to subordinates? Have managers tolerated greater compliance risks in pursuit of new business or greater revenues? Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?

These requirements are more than simply the ubiquitous “tone-at-the-top,” as they focus on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values and finally, how is such conduct monitored in an organization?

This means you must document corporate decisions where a compliance solution was proposed but rejected. In other words, is there a business justification for moving forward with the action. If this action occurs, how was the compliance risk managed going forward? Similarly, compliance techniques used should be documented to demonstrate that your compliance function has met the requirements of the final question.

Senior management must share these same values through operationalizing compliance going forward. Lynn Paine, in her seminal article, Managing for Organizational Integrity, laid out five factors, which can be used as guideposts to not only to set the right tone from senior management on doing business ethically and in compliance, but it can also lay the groundwork for senior management to model appropriate behavior and then have it monitored by the company going forward.

1. The guiding values of a company must make sense and be clearly communicated by senior management in a variety of settings, to the entire company workforce.

2. The company’s leader must be personally committed and willing to act on the values. This means that management must not simply ‘overlook’ the transgressions of top producers.

3. A company’s systems and structures must support its guiding principles and these internal systems and structures cannot be over-ridden by senior management without both justification and Board approval.

4. A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions. Sometimes a company must turn down business if there are too many red flags present or by engaging in such behavior the company’s value and ethics will be violated.

5. Managers must be empowered to make ethically sound decisions on a day-to-day basis. This means senior management must fully support and back-up such decisions.

I once had a Chief Executive Officer (CEO), observe the following, “You want me to be the ambassador for compliance.” I immediately said yes, that is exactly what I need you to do. A CEO, as an “Ambassador of Compliance”, can fully model the conduct that senior management engage in going forward. Another area a CEO can forcefully engage an entire company is through a powerful video message about doing business the right way and in compliance. A great example was a CenterPoint Energy video put out in 2015 after the Volkswagen (VW) emissions-testing scandal became public. The video featured Scott Prochazka, former CenterPoint Energy President and CEO. He used the VW scandal to proactively address culture and values at the company and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with an additional resource, entitled Manager’s Toolkit—What does Integrity mean to you? that managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, the cost for the video was quite reasonable as it was produced internally.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 9 – Continuous Monitoring and Continuous Improvement

Continuous monitoring and continuous improvement are two of the most important phrases for any compliance program. These twin concepts were further enshrined in the 2023 Update to the Evaluation of Corporate Compliance Programs (2023 ECCP). In 2023, all companies’ risks changed as we moved from Working From Home to Return To Office and, now, a hybrid model. In addition to this straight-forward change in risk due to working locations, new risks in the form of geopolitical, supply chain, and export control, as well as increased risk due to social media, continue to impact compliance programs.  Your compliance program must be ready to respond to whatever those risks might be going forward.

Continuous improvement runs the gamut in a best practices compliance program, from risk assessments to policies and procedures to periodic testing and review.

Three key takeaways:

1. How have your company’s risks changed over the past year, and how will they change in 2024?

2. What is your process for continuous monitoring and improvement?

3. What sources of information do you use that come from outside your organization?

Categories
Innovation in Compliance

Innovation in Compliance – Caroline Shleifer: Revolutionizing Regulatory Intelligence with Technology

Innovation comes in many forms, and compliance professionals need to not only be ready for it but also embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Caroline Shleifer, founder and CEO of RegAsk. Caroline Shleifer is a seasoned professional with a rich background in healthcare, law, and regulatory affairs, boasting a PharmD PhD and a health law degree. Her perspective on “emerging technologies enhancing regulatory intelligence and compliance” is shaped by her extensive experience in the EU, US, and Asia and her role as the founder of RegAsk, a company that leverages technology to address compliance challenges. She believes that technologies such as AI, machine learning, blockchain, and data analytics are revolutionizing regulatory monitoring, enabling faster and more accurate interpretation of regulatory information, and fostering a more proactive approach to compliance. Her goal with RegAsk is to digitize and streamline the regulatory intelligence process, reducing the risk of non-compliance and fostering innovation. Join Tom Fox and Caroline Shleifer as they delve deeper into this topic on this episode of Innovation in Compliance.

Key Highlights:

• Proactive Compliance through Regulatory Intelligence Automation

• Streamlining Regulatory Compliance with AI

• Leveraging Data Analytics for Proactive Compliance

• Revolutionizing Compliance with Emerging Technologies

Resources:

Caroline Shleifer on LinkedIn

RegAsk

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Compliance Program Use of Data Analytics

Matt Galvin, Counsel, Compliance & Data Analytics at the DOJ and one of the experts leading the DOJ’s data analytics initiative, highlighted in another talk, the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning. The DOJ expects companies to adopt a similar data-driven approach to compliance. In her speech, Argentieri speech where she stated, “just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

This means that  while due diligence and background checks are essential, the real risk of fraud occurs during the actual business transactions with third parties. Companies need to go beyond initial checks and continuously monitor high-risk vendors, contract terms, and other relevant data sources. By mapping risks to data sources and implementing effective tests, companies can identify and prioritize risky transactions. The increasing accessibility and cost-effectiveness of data analytics have made it a viable option for companies of all sizes. It can help companies demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency. The importance of continuous data analysis in compliance programs was highlighted by the Bank of America CFPB enforcement action.

However, implementing a data-driven compliance program comes with its own set of challenges. There is still confusion among the compliance community regarding what data analytics entails and how it should be applied. Data-analytics should be seen as a process-oriented approach rather than treating it as a one-time project. Data analytics should be integrated into the compliance program as a continuous business process, similar to third-party due diligence.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of the use of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained.

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

The Argentieri speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.

The DOJ’s increasing use of data analytics for proactive enforcement has far-reaching implications. Companies must recognize the importance of adopting a data-driven approach to compliance and invest in the necessary resources and technology. By doing so, they can not only meet the DOJ’s expectations but also improve the effectiveness of their compliance programs and mitigate the risk of fraud.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 8 – Operationalizing Compliance Through Payroll

One of the areas articulated in the 2023 ECCP was around payments and payroll. For both the compliance professional and the corporate payroll function, there is a significant role to play in the operationalization of a corporate compliance program. The 2023 ECCP was replete with references to payment and its critical nature to any best practices compliance program. This includes references to payments to foreign officials, payments to third parties, and hiding bribes in payments to distributors. The 2023 ECCP begins with an admonition to stop wasting time on low-hanging fruit when there are much higher risks in your business operations.

The role of payroll in compliance is not often considered in operationalizing your compliance program, yet the monies to fund bribes must come from somewhere. Unfortunately, one of those places is out of payroll. All CCOs need to sit down with their head of payroll, have them explain the role of payroll, and then review the internal controls in place to see how they facilitate compliance goals. From that review, you can then determine how to use payroll to help operationalize your compliance program.

The DOJ has now provided its clearest statement on how it expects a company to actually comply going forward. Long gone are the days where the DOJ simply considered the inputs of a written program as sufficient to protect companies from compliance violations. Yet the mandate to operationalize a corporate compliance program drives home the concept that compliance is a business process that should be administered by the appropriate business unit with the requisite SME. When it comes to following the money, payroll is the most well-suited corporate discipline to provide this first level of oversight and control.

Three key takeaways:

  1. Payroll can be a key to preventing and detecting control
  2. The 2020 Update specified the tie between the corporate compliance function and the corporate payroll function.
  3. Offshore payments remain a key indicator of a red flag.
Categories
FCPA Compliance Report

FCPA Compliance Report – Frank Orlowski on Navigating Challenges in Operating in Emerging Markets

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Frank Orlowski.

Frank Orlowski is a seasoned professional with a wealth of experience in managing emerging markets in the pharmaceutical industry, having spent over 25 years at Pfizer Pharmaceuticals. His extensive knowledge, particularly in South America, Middle East Asia, and Eastern Europe, where he faced difficulties in compliance, controls, and adhering to US accounting regulations, has shaped his perspective on managing emerging markets. Orlowski emphasizes the importance of understanding different cultures, regulations, and geopolitical issues when working in these markets. After retiring from Pfizer, he founded the Ation Advisory Group, where he leverages his expertise to assist companies in commercializing products in the life science industry. Join Tom Fox and Frank Orlowski on this episode of the FCPA Compliance Report podcast to gain more insights into managing emerging markets in the pharmaceutical industry.

Key Highlight:

  • Frank Orlowski’s Global Financial Expertise
  • Navigating Unique Obstacles in Emerging Markets
  • Navigating Cultural Differences in Emerging Market Compliance
  • Creative Employee Rewards and Engagement Strategies
  • Enhancing Healthcare Through Medtech Innovations
  • The Integrated Legal Division at Pfizer

Resources:

Frank Orlowski on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Adventures in Compliance

The Memoirs of Sherlock Holmes – The Final Problem

Welcome to a review of all the Sherlock Holmes stories that are collected in the work “The Memoirs of Sherlock Holmes.” They appeared in Strand Magazine from December 1892 to December 1893. Over the past 12 episodes, I have reviewed each story and mined them for leadership, compliance, and ethical lessons.  In this, we begin a two-part series looking at the last story from The Memoirs of Sherlock Holmes.

The intriguing concept of applying Sherlock Holmes’ methods to the work of compliance professionals is the focus of our discussion today. Tom Fox, a seasoned compliance professional, believes that the principles embodied by the iconic detective, such as ethical behavior, problem-solving abilities, continuous learning, and persistence, can greatly enhance the effectiveness of compliance professionals. Fox’s perspective is shaped by his extensive experience in the field, where he has seen the value of attention to detail, deductive reasoning, thorough research, collaboration, risk assessment, and discretion. Join Tom Fox in this episode of the Adventures in Compliance podcast as he delves deeper into how the methods of Sherlock Holmes can be applied to uphold ethical and legal standards in the world of compliance.

Key Highlights:

  • The Story
  • Reichenbach Falls Showdown
  • Lessons for Compliance Professionals

Resources:

The New Annotated Sherlock Holmes

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 7 – Compliance Program Use of Data Analytics

Matt Galvin, Counsel, Compliance & Data Analytics at the DOJ and one of the experts leading the DOJ’s data analytics initiative, highlighted in another talk the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning. The DOJ expects companies to adopt a similar data-driven approach to compliance. In her speech, Argentieri stated, “Just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

Three key takeaways:

1. This also means that data analytics in the compliance function has moved from cutting edge to best practice. It soon may simply mean table stakes for compliance.

2. The DOJ is seeking to incentivize an acquiring company to timely disclose misconduct uncovered during the M&A process.

3. The DOJ has made it clear that under this new Mergers & Acquisitions Safe Harbor Policy, organizations that do not perform effective due diligence or self-disclose misconduct at an acquired entity will be subject to full successor liability.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 3 – 2023 Evaluation of Compliance Programs: Messaging Apps, Internal Controls and Adequate Compensation

Messaging Apps

There was a significant addition to the language around messaging apps. The ECCP opened this section by noting, “Messaging applications have become ubiquitous in many markets and offer important platforms for companies to achieve growth and facilitate communication.” For any company under investigation or in a FCPA enforcement action, the DOJ will evaluate its “policies and mechanisms for identifying, reporting, investigating, and remediating potential misconduct and violations of law governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications.”

Internal Compliance Controls

Under Section II, entitled Is the Corporation’s Compliance Program Adequately Resourced and Empowered to Function Effectively?  We find the new language, “In this regard, prosecutors should evaluate a corporation’s method for assessing and addressing applicable risks and designing appropriate controls to manage these risks.” This simple sentence packs quite a punch as it requires both appropriate internal compliance controls and then monitoring of those controls to see if they are managing the risks identified in the risk assessment.

Adequate Compensation and Salary/Bonus Review for Compliance

Under Section III, there is a significant new addition to the ECCP. It forces a company to adequately compensate those employees who investigate and pass judgment on misconduct. But it is more than simply adequate compensation, as it also requires a company not to retaliate via low salaries, limited raises, or other compensation for doing their jobs as compliance officers. In other words, if the CEO is being investigated by compliance, that same CEO should not be setting or reviewing the salary of the CCO or those doing the investigation. This mandates that the DOJ review the entire corporate organization on these issues.

Three key takeaways:

1. Communications compliance will be a key issue for compliance professionals going forward in 2024.

2. You must have both appropriate internal controls and ensure they are functioning.

3. In addition to adequate resources, a compliance function must be shown to adequately pay, promote, and protect those involved in compliance investigations.

Categories
Daily Compliance News

Daily Compliance News: January 3, 2024 The Ungovernable Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • More trouble ahead on the return-to-work front? (WaPo)
  • Senator Menendez draws more charges. (CNN)
  • Political protests are a compliance risk. (WSJ)
  • Can the Big 4 ever govern themselves? (FT)