Tag: compliance

Categories
Blog

Day 21 of One Month to Better Compliance Through HR-Human Resources Gap Analysis for Compliance Issues

  • Does the HR department have an inventory of policies, procedures, laws and regulations covering employees and employment-related matters applicable to the company’s business?
  • If yes, do you have a specified person who is in charge of updating the inventory?
  • If no, what system does the HR department utilize to ensure that it is aware of the various compliance laws and regulations and has a process to comply with them?
  • What evidence would the HR department be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
  • What types of compliance training are mandatory for all employees, which are optional and how does HR track and document completion? How is the training performed? Is it provided in the native language of the employee or only in English?
  • What types of enforcement actions predominate in the compliance arena for your industry or where your organization does business? How is such data tracked in your company?
  • Are employees within the HR department specifically trained to understand compliance requirements applicable to your organization?
  • Does the HR department provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within HR?
  • Has the HR department established some type of escalation criteria to ensure that high-risk compliance issues are reviewed at the corporate level?
  • Does the HR department have compliance monitoring standards in place?
  • Does the HR department perform periodic audits to ensure that the policies and procedures are being complied with?

These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company. My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and document, document, and document. Three Key Takeaways

  1. A gap analysis is a key component in the risk assessment process.
  2. The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
  3. The role of the compliance department is to oversee, provide subject matter expertise and coordinate.

[tweet_box design=”default” url=”http://wp.me/p6DnMo-3iM” float=”none”] How a gap analysis can help you to operationalize your compliance program. [/tweet_box] This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.  ]]>

Categories
Blog

Day 21 of 30 Days to a Better Compliance Program, the Compliance Oversight Committee

Key Takeaways 

  1. Determine an appropriate committee membership.
  2. The committee is there to act as an extra set of eyes for the CCO, not to substitute its judgment.
  3. Determine the scope of items and issues to be reviewed by the committee.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Compliance Oversight Committee provides a second set of eyes for the CCO and compliance department.    ]]>

Categories
Blog

Day 20 of 30 Days to a Better Compliance Program, the Board of Directors’ Compliance Committee

Key Takeaways

  1. This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
  2. This committee should work to hold the CCO accountable to hit appropriate metrics.
  3. This committee is ideal for leading the efforts around strategic planning.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.  ]]>

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC begin to require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise at the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.]]>

Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 350, Linda Justice and Her Nancy Drew Approach

Categories
Across the Board

Across the Board-Episode 4, Why Wells Fargo Needs Compliance Expertise on the Board

prevent, detect and remediate. In addition to getting its regulatory house in order, Wells Fargo has one very large culture problem which needs compliance expertise. Even for a former Bank president, the issue of compliance is at the absolute forefront of Wells Fargo’s miasma.
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3vL” float=”none”]Wells Fargo needs a true compliance expert on its Board of Directors.[/tweet_box]]]>

Categories
Everything Compliance

Everything Compliance-Episode 16, Review of Jesse Eisinger’s book, The Chickenshit Club

The Chickenshit Club by Jesse Eisinger may mean for the compliance practitioner. We consider the internal journey of the Department of Justice from their days of Enron, WorldCom, and Adelphia convictions to the 2008 financial crisis where no senior executives were prosecuted. A series of steps led to this change, and we discuss the key changes in the DoJ’s thinking. The book is a real page-turner, and our discussion reflects this. We believe that every compliance practitioner should read the book and understand its lessons from DOJ prosecution. Every compliance practitioner should read Eisinger’s book The Chickenshit Club. You can purchase a copy of the book The Chickenshit Club by clicking here.]]>

Categories
FCPA Compliance Report - International Edition

Compliance Report-International Edition-Tim Khasanov on Compliance in post Soviet states

Integrity Corp. 50 Tips for Your Compliance Program in the Post-Soviet States.  Timur has worked in compliance, legal, consulting, and corporate governance roles in Russia, Uzbekistan, the United States, Kazakhstan, and Ukraine.  He has successfully launched and supervised execution of compliance programs for global and local businesses in the mining, energy, and pharmaceutical industries.
Tim has also recently released the first two installment of Compliance Man the first graphic novel of a compliance practitioner. You can find out more about Tim on his firm’s website, Complianceinpostussr.com.
We look at the former Soviet Union states, one of the most interesting region for Compliance professionals. we will touch 10 hot questions on corporate ethics in this region. Tim answers the following questions
1: Can we define this region as a single territory for the Compliance program structuring?
2: What regulatory trends should be taken in consideration by compliance practitioners in charge of this geography?
3: What is the biggest challenge in embedding corporate Compliance program in this region?
4:  Do you have any practical recommendations as to “dissemination of integrity” among personnel locally?
5: Is it legally permissible to deploy our FCPA/UKBA programmes in the countries of the region?
6: What is the most effective way to deliver training in this part of the world?
7: If there are any important things to remember when imposing penalties for misconduct on local personnel?
8: Do people on the ground appreciate compliance & ethics efforts?
 
[tweet_box design=”default” url=”http://wp.me/p6DnMo-3tv” float=”none”]
What are some key compliance considerations in post-Soviet states?
[/tweet_box]
 ]]>

Categories
Blog

Day 2 of One Month to More Effective Continuous Improvement-the Compliance Audit

Internal Audit – What types of audits would have identified issues relevant to the misconduct? Did those audits occur, and what were the findings? What types of relevant audit findings and remediation progress have been reported to management and the board regularly? How have management and the board followed up? How often has internal audit generally conducted assessments in high-risk areas?

Interestingly, Foreign Corrupt Practices Act (FCPA) compliance follows some of the paths laid out by corporate safety departments some 20-30 years ago when safety became much more high profile in US corporations. The safety committee and safety audits became the mainstays of any company’s best practices in the area of safety. These techniques inform any anti-corruption best practices compliance program under the FCPA, UK Bribery Act, or any other anti-corruption regime. Indeed, audits are delineated explicitly in the 2012 FCPA Guidance to assist in continuously monitoring your compliance regime. Such an audit can be thought of as a systematic, independent, and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the compliance criteria are fulfilled. Three factors are critical for a compliance audit to have a chance for success: (1) an effective audit program that specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited. Auditing can take several different forms in an anti-compliance program. Of course, you should audit the compliance program in your organization. A forensic audit can collect and analyze accounting and internal-control evidence in your compliance regime. This information can produce a fact-based report informing the decision-making process in inquiries, investigations, and dispute resolution. The by-products of a forensic audit can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur.

Further, an internal audit can review compliance processes to determine if employees follow prescribed procedures or internal controls. In addition to collecting and analyzing evidence, an auditor’s objective is to attest to the credibility of assertions under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. One of the functions of such an audit is to determine if further investigation is warranted. Once again, this situation points out the difference between having a paper compliance program and the actual doing of compliance. Even with an appropriate oversight structure, you must do the work in the future. Another area ripe for audit in your compliance program is your third parties. While there is no one specific list of transactions or other items which should be audited when it comes to your third parties, below are some of the areas you may wish to consider reviewing:

  • Contracts with third parties to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party.
  • Review the compliance training program for any third party, both the substance of the program and attendance records.
  • Does the third party have a hotline or any other reporting mechanism for allegations of compliance violations? If so, how are such reports maintained? Review any reports of compliance violations or issues that arose through an anonymous hotline or any other reporting mechanism.
  • Does the third party have written employee discipline procedures? If so, have any employees been disciplined for any compliance violations? If yes, review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review expense reports for employees in high-risk positions or high-risk countries.
  • Testing for gifts, travel, and entertainment that were provided to or for foreign governmental officials.
  • Review the overall structure of the third party’s compliance program. If the company has a designated compliance officer, to whom, and how does that compliance officer report? How is the third-party vendor’s compliance program designed to identify risks, and what has resulted from any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party.
  • Concerning any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and use analytical procedures and testing.

Auditing is a more limited review that targets a specific business component, region, or market sector during a timeframe to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. In other words, the protocol is simple, and everyone understands you need to audit, but try and cut costs or corners and you will pay for it in the long run.

Three Key Takeaways

  1. Auditing takes a deep dive into your high-risk compliance areas.
  2. Internal audits should test your key FCPA risk areas as a part of their regular auditor rotation.
  3. The findings uncovered in an audit must be used in your compliance regime.

The compliance audit is a key component in the continuous improvement of a compliance program. [/tweet_box] For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor, Affiliated Monitors, at www.affiliatedmonitors.com.

Categories
Blog

Day 1 Of One Month to More Effective Continuous Improvement-Continuous Improvement in a Compliance Program

Continuous improvement requires you to audit and monitor whether employees are staying with the compliance program. In addition to the language in the FCPA Guidance, two of the seven compliance elements in the U.S. Sentencing Guidelines call for companies to monitor, audit, and respond quickly to misconduct allegations. These three activities are vital components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs. The 2012 FCPA Guidance goes on to make clear that each company should assess and manage its risks. It notes that small and medium-sized enterprises likely will have different risk profiles and, therefore, different attendant compliance programs than large multinational corporations.

Moreover, this is something that the DOJ and SEC consider when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ but is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.

Ongoing monitoring is one handy tool often misused or misunderstood in the continuous improvement cycle. This can come from the confusion about the differences between monitoring and auditing. Monitoring involves reviewing and detecting compliance variances in real-time and reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program regularly and consistently across a broad spectrum of data and information. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe to uncover and/or evaluate certain risks, mainly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. Although the protocol is unique, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to investigate the issue further. Your company should establish a regular monitoring system to address problems. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. These ongoing efforts demonstrate that your company is serious about compliance. What should you do with this information? I would suggest that you have a strategic plan in place ready to implement your findings of continuous improvement by using the following:

  • Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
  • Design an Execution Plan. The “Keep it Simple, Sir” or KISS method is best for moving forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
  • Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representative to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
  • Schedule the Next Review of the Plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.

It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will implement a mechanism to demonstrate your company’s commitment to compliance by following through on the intentions outlined in your strategic plan. Continuous improvement through monitoring or other techniques will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based on new and updated best practices specified by regulators. A compliance program is, in many ways, a continuously evolving organism, just as your company is. It would help if you built a way to keep pace with the market and regulatory changes to have a truly effective anti-corruption compliance program. The 2012 FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improve­ment and sustainability.” 

Three Key Takeaways

  1. Your compliance program should be continually evolving.
  2. Monitoring and auditing are different yet complementary tools for continuous improvement.
  3. DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered.

Continuous improvement is a key component of a best practices compliance program. For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor, Affiliated Monitors, at www.affiliatedmonitors.com.