Tag: compliance

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 3 – The Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in the regulator’s face during an enforcement action as proof of overall ethical behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in creating your company’s Code of Conduct?

Indeed violation of your Code of Conduct can form the basis of a domestic FCPA enforcement action. In an enforcement action involving United Airlines, Inc., a breach of the Code of Conduct by the Company CEO was determined to be an FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey. This public government entity has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, NJ.
Your Code of Conduct should be tailored to your company’s culture, industry, and corporate identity. It should provide a mechanism by which employees trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used for employee review and evaluation. It should certainly be invoked if there is a violation. Your company’s disciplinary procedures must be stated in the Code. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code. Further, your company’s Code should emphasize it will comply with all applicable laws and regulations wherever it does business. The code must be written in plain English and translated into other languages so all applicable persons can understand it.

Three key takeaways:

1  A Code of Conduct is a foundational document in any compliance regime.
2  The substance of your Code of Conduct should be tailored to the company’s culture, industry, and corporate identity.
3  “Document, Document, and Document” your training and communication efforts regarding your Code of Conduct.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
The ESG Report

The ESG Report – Tommy Linstroth on Building for a Sustainable Future: The Role of ESG in Construction

The ESG Report podcast is hosted by Tom Fox. Looking for innovative solutions to tackle climate change? Look no further than The ESG Report! In this episode, Tom speaks with Tommy Linstroth founder and CEO at Green Badger about the role and opportunity for the construction industry in the ESG arena.

The podcast episode discusses the increasing importance of incorporating ESG practices in the construction industry. Tommy Linstroth, an expert in the field, emphasizes the need for companies to embrace ESG to remain competitive and attract talent. Linstroth highlights the demand for ESG compliance from customers, regulators, and financiers. He emphasizes the need for companies to measure and integrate various ESG factors, breaking down silos within organizations. The conversation also emphasizes the role of safety in ESG and the potential benefits of ESG in improving efficiency, talent attraction, and transparency. Overall, the episode underscores the significance of ESG integration in the construction industry and the importance of a strategic approach to its implementation.

Key Highlights

·       The Intersection of Construction and ESG

·       ESG Integration in Construction Industry

·       ESG and Business Efficiency

·       Getting Started with ESG

·       ESG Implementation and Continuous Improvement

Resources

Tommy Linstroth on LinkedIn

Green Badger

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Operationalizing Compliance With 10 Questions for HR

Operationalizing compliance is the crucial step in creating an effective compliance program within an organization. It involves cascading compliance goals to all levels of the organization and fostering a culture of compliance. This process requires clarity and comparability of goals, focusing on high-risk areas first, and gradually expanding initiatives. Ethical business conduct should be a top priority, with HR playing a key role in attracting and developing talent. Continuous improvement and performance tracking are also crucial for identifying gaps and developing key compliance indicators.

Root cause analysis is a key process in identifying the reasons behind compliance failures and implementing effective solutions. It involves understanding what allowed the compliance issue to arise, rather than simply assigning blame, and addressing the core issues to prevent future compliance failures. It goes beyond assigning blame and focuses on finding solutions to prevent future failures. Understanding the root cause allows organizations to address the core issues and implement effective measures to ensure compliance.

To operationalize compliance effectively, organizations need to consider several key factors. One of the first factors is the interconnectedness of targets. Compliance goals should be cascaded down to individual workers, ensuring that everyone understands their role in achieving compliance objectives. While tone at the top is important, it is equally crucial to establish an appropriate tone in the middle and at the bottom of the organization.

Clarity and comparability of goals is another important factor. Compliance targets should be clearly communicated and understood by all employees. Complex goals can lead to confusion and hinder the operationalization process. Focusing on high-risk areas first and gradually expanding initiatives can help manage risks effectively and ensure a systematic approach to compliance.

The role of HR in operationalizing compliance cannot be overstated. HR should take the lead in showing that attracting and developing talent who will engage in ethical business conduct is a top priority. By creating the appropriate mindset of doing business the right way throughout the organization, HR can contribute to the successful operationalization of compliance.

Continuous improvement and performance tracking are essential for identifying gaps in the compliance program. Monitoring compliance programs in real-time and reacting quickly to remediate them is crucial. Auditing and monitoring should work in tandem to uncover and evaluate risks. Key compliance indicators, such as hotline or helpline reports, can provide valuable insights into the effectiveness of the compliance program.

While operationalizing compliance is essential, organizations must also consider the impact on employees. Talent acquisition and retention is a critical business function. Retaining top employees who engage in ethical business conduct is crucial for the long-term success of the compliance program. By promoting and rewarding employees who adhere to the code of conduct, organizations can create a culture of compliance and operationalize it fully.

Balancing these factors can be challenging. Organizations must weigh the tradeoffs involved in cascading compliance goals, clarifying goals, and addressing high-risk areas. They must also consider the challenges associated with monitoring and auditing, as well as the importance of root cause analysis and employee retention.

What are the 10 questions you should ask to test, monitor and improve these issues?

  1. How are compliance goals cascaded down to individual workers?
  2. Does anyone complain that your compliance targets are too complex?
  3. How do you deal with repeated compliance failures in a specific business segment or compliance program area?
  4. How does your company show that attracting and developing talent who will engage in ethical business conduct is a top priority?
  5. How long is compliance underperforming tolerated?
  6. What makes it distinctive to work at your company?
  7. How do compliance programs that are not working typically get exposed and remediated?
  8. What key compliance indicators do you use for compliance tracking?
  9. For a given compliance problem, how do you identify the root cause?
  10. What are you doing to retain your top employees from the compliance perspective?

In conclusion, operationalizing compliance is a key component of an effective compliance program. By considering the interconnectedness of targets, clarity and comparability of goals, the role of HR, continuous improvement and performance tracking, root cause analysis, and employee retention, organizations can successfully operationalize compliance and prevent future compliance failures. It is crucial to strike a balance between these factors and consider the impact on employees when making decisions about operationalizing compliance and root cause analysis.

Categories
Into the Chair - Tales from Chief Compliance Officers

Into The Chair, Tales from Chief Compliance Officers: The Journey of Maria D’Avanzo

Welcome to the latest edition of the Compliance Podcast Network: Into the Chair: Tales from Chief Compliance Officers, which details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Into the Chair: Tales from Chief Compliance Officers is a COMPLY podcast hosted by Tom Fox and is a production of the Compliance Podcast Network. In this inaugural episode, I visit with Maria D’Avanzo.

Maria D’Avanzo is a seasoned professional in the legal and compliance field, with a career that has spanned from litigation to estate work to compliance. Maria’s perspective on adaptability and continuous learning in legal and compliance roles is rooted in her own career trajectory, which has seen her successfully transition from being a litigator to opening her own law practice, and eventually becoming a compliance officer. She believes the key to success in these roles is the willingness to learn new skills and take on new challenges, even outside one’s comfort zone.

Maria also underscores the importance of transferable skills such as analytical and research abilities, critical thinking, and the capacity for advocacy and persuasion, which she honed as a trial lawyer and have been instrumental in her compliance career. Join Tom Fox and Maria D’Avanzo in this episode of the Into the Chair podcast as they delve deeper into the importance of adaptability and continuous learning in legal and compliance roles.

Key Highlights:

·      Maria’s transformation into a compliance officer

·      Navigating the Legal Field: Learning and Advocacy

·      Advocacy skills and the value of compliance

·      Navigating Compliance Challenges in Regulated and Non-Regulated Corporate Sectors

Resources:

Maria D’Avanzo on LinkedIn

COMPLY

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Episode 123, Shout Outs and Rants – The Spanish Kiss Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Matt Kelly and Karen Woody, with Tom Fox hosting on this episode of our fan fav Shout Outs and Rants section.

1. Matt Kelly rants about the US Federal Courts not allowing television cameras and says we need the Trump trials televised in federal courts.

2. Karen Woody shouts out to the Barbie movie.

3. Tom Fox shouts out to Megan Rapinoe for great professional career and her social activism while a member of the USWNT.

4. Jay Rosen shouts out SOCAR, the South Orange County Compliance and Ethics Roundtable.

5. Jonathan Armstrong shouts out Sgt. Graham Saville lost his life helping a person in distress.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks can be reached at jtmarks@gmail.com.

•       Special Guest Kristy Grant-Hart is the founder of Spark Consulting.

The host and producer, ranter of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending September 2, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

·       280K Euros seized from MEP son’s apartment. (TVP World)

·       Businesses need Chinese predictability. (NYT)

·       Gensler unleased regulatory blitz. (FT)

·       Goldman Sanctioned for ephemeral messaging compliance failures. (WSJ)

·       China crackdowns rips through health care industry corruption. (FT)

·       Switzerland unveils money-laundering crackdown. (FT)

·       3M settles FCPA action. (WSJ)

·       Imprisoned Kazakh tycoon may be released. (RFE/RL)

·       Do you really need incentives to operate safely? (Reuters)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Protecting Personal Data in the Banking Industry: Lessons from the Farage Controversy

Today I want to consider a burgeoning imbroglio in the UK involving Nigel Farage. While you might not think of Farage as a candidate for the FCPA Compliance Blog, it turns out that his current banking situation has some very interesting data privacy issues, shedding light on the data protection risks faced by banks and the importance of compliance with GDPR regulations. So in this blog post, we will explore the lessons learned from this incident and provide practical advice for financial institutions to ensure the security and privacy of customer information.

The recent episode surrounding Nigel Farage’s banking situation has sparked concerns about data protection and compliance within the banking industry. Farage, a prominent figure in the Brexit movement, had his bank account with Coutts, a high-end bank owned by NatWest, closed and was offered an account with another associated bank. The alleged reason was that he did not have a high enough net worth to merit the account with Coutts. It turned out the real reason was his right-wing politics, particularly around leading the charge for Brexit.

NatWest then compounded its problem by leaking a story to the BBC, that Farage had been dropped because, as reported in the Guardian, the CEO of NatWest, Dame Alison Rose had been the source of the leak to the BBC of this false information. All of this raised concerns about a potential data breach. Coutts had closed his account after lengthy discussions over the reputational risk that his political views posed for the bank.

Rose tried to apologize to Farage but as the New York Times reported, “The apology and a promise to review the bank’s policies were not enough to ease the pressure on Ms. Rose. Reports late Tuesday that the government, which has a 39 percent stake in the bank, was “significantly concerned” about Ms. Rose’s leadership seemed to seal her fate. Before dawn, the bank announced her immediate departure” in late July. Peter Flavel, the boss of its private bank, Coutts was also sent packing.

From the regulatory, data privacy and GDPR responses, NatWest is in severe trouble. Not only had the Bank violated its own data privacy regulations in providing the information to the now former CEO but it also released that same information to the BBC. The consequences of non-compliance with GDPR regulations can be severe, particularly in regulated industries like financial services. Banks may face potential violations and internal policy breaches, which could lead to legal action and impact their banking license and fit and proper provisions. CEOs can be held liable for consent and connivance in data protection cases, emphasizing the importance of understanding data protection laws and potential criminal offenses associated with them.

The controversy surrounding Nigel Farage’s banking situation serves as a wake-up call for the banking industry to prioritize data protection and compliance. Financial institutions cannot afford to overlook these issues, as the consequences in the era of GDPR can be significant. It is crucial to establish proper policies and procedures, provide training and education for top-level management, and ensure a compliance culture is embedded throughout the organization.

There are multiple lessons to be learned from this controversy and several key takeaways that can help banks navigate the complexities of data protection and compliance:

1.Be cautious with written communication: The incident underscores the importance of being mindful of what is written in emails, as subject access requests can expose them. Consider whether a controversial email would be better discussed through a phone call or read aloud before sending.

2. Learn from previous compliance issues: NatWest had previous issues with data protection compliance, leading to the resignation of CEO Dame Allison Rose. This highlights the need for organizations to build a compliance culture at all levels, including those in top positions.

3. Allocate resources for subject access requests: The bank’s CFO has provided extra resources to handle subject access requests, as the cost of non-compliance is usually higher than the cost of compliance. It is estimated that it takes a six-figure sum for a bank to respond to a subject access request.

4. Scrutinize politically exposed persons and connections to Russian individuals: Financial institutions have an obligation to carefully scrutinize politically exposed persons and individuals with connections to Russian individuals. Balancing legitimate activities with obeying the law is crucial.

This affair provides valuable insights into the importance of data protection and compliance in the banking industry. The Farage controversy serves as a reminder that the security and privacy of customer information should be paramount for financial institutions. By learning from past incidents, allocating resources for subject access requests, and adhering to GDPR obligations, banks can safeguard their reputation, avoid legal repercussions, and build trust with their customers.

Categories
Report from IMPACT 2023

Report from IMPACT 2023: Katie Smith on Unleashing the Power of Ethics and Compliance Community

ECI’s IMPACT 2023 was one of the leading compliance events in 2023. At this conference, Tom Fox, the Voice of Compliance, was able to visit with several of the speakers, exhibitors, participants and one group of ethically minded Girl Scout Troop. In this limited podcast series, Report from IMPACT 2023, Tom explores many of the most cutting-edge topics in ethics and compliance through short podcast episodes. Check out the full series of interviews. You will be enlightened, informed and come away with a fuller and more thorough understanding of the most cutting-edge topics in ethics and compliance. In this episode, Tom visits with Katie Smith is a distinguished ethics and compliance professional who has devoted her career to pioneering a new path for ESG and ethics in compliance.

As the Vice Chair on the Board of Directors of ECI, she has been instrumental in shaping the organization’s future role and mission. Katie’s unique perspective on “Charting a New Course: ESG and Ethics in Compliance” is that she views it as a chance for the ethics and compliance community to unite and make a positive impact on the world. She emphasizes that there are currently no established rules in this new societal inflection point, which presents a tremendous opportunity for the ethics and compliance community to shape the future of ESG and ethics in compliance. Her enthusiasm and optimism for the beginning of this new journey are palpable. Join Tom Fox and Katie Smith on this episode of the Report from Impact podcast as they delve deeper into this fascinating topic.

 Highlights Include 

·      Conference Themes

·      Re-invigoration by the Keynote Speakers

·      What are the rules of the road now.

 Resources 

Katie Smith on LinkedIn

Categories
Compliance Into the Weeds

Compliance into the Weeds: 3M FCPA Enforcement Action

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent FCPA enforcement action involving the Chinese business unit of 3M.

The importance of post-event documentation and monitoring in preventing fraud and corruption cannot be overstated, as highlighted by the recent FCPA incident involving 3M China. Tom believes that while training and control environment adjustments are crucial, they may not be enough to prevent misconduct if individuals are determined to commit such acts. He emphasizes the need for hard evidence, such as post-event documentation, and recommends looking to the heavily regulated pharmaceutical sector for guidance.

Matt stresses the importance of rigorous post-event documentation to ensure the legitimacy of business activities. Both Fox and Kelly gained these insights from their extensive experience in the field of compliance and their analysis of various fraud cases. To learn more about their unique perspectives on post-event documentation and monitoring, join them on this episode of the Compliance into the Weeds podcast. 

Key Highlights

·      Background facts

·      GTE in FCPA enforcement actions

·      What happens when conduct is done secretly

·      Concerns over the use of messaging apps

·      Lessons Learned

 Resources

Matt in LinkedIn

Tom –blog post on the FCPA Compliance and Ethics Blog

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 21 – Ten Compliance Questions To Pose To HR

As we end this month on the intersection of HR and compliance, I have developed a series of goals and objectives which you might want to use as a starting point for operationalizing your compliance initiatives through your corporate HR function.

  1. How are compliance goals cascaded down to individual workers?
  2. Does anyone complain that your compliance targets are too complex?
  3. How do you deal with repeated compliance failures in a specific business segment or compliance program area?
  4. How does your company show that attracting and developing talent who will engage in ethical business conduct is a top priority?
  5. How long is compliance underperforming tolerated?
  6. What makes it distinctive to work at your company?
  7. How do compliance programs that are not working typically get exposed and remediated?
  8. What key compliance indicators do you use for compliance tracking?
  9. For a given compliance problem, how do you identify the root cause?
  10. What are you doing to retain your top employees from the compliance perspective?

Compliance practitioners continually face the challenge of keeping up with the ever-evolving compliance best practices with little or no budget increase. By asking yourself and of your compliance program these questions you may create a road map to more fully operationalize your compliance regime.

Three key takeaways:

  1. What are the unique compliance targets you have set and how interconnected are they to your business unit goals?
  2. Use a root cause analysis to determine why compliance initiatives are not successful.
  3. Retraining employees in compliance is an under-utilized tool.

For more information, check out The Compliance Handbook, 4th edition, here.