Tag: compliance

Categories
Blog

3M in China-Where Secret Travel = FCPA Violations

You know that when the Securities Exchange Commission (SEC) uses the word ‘secretly’ when discussing a corporate program, it is a seriously not good look. That is certainly the case in the recently announced Foreign Corrupt Practices Act (FCPA) enforcement action involving 3M’s Chinese business unit. In an Order, outlining the facts and FCPA violations it stated, “During the Relevant Period, a former 3M-China marketing manager (the “Marketing Manager”) colluded with two China-based travel agencies (the “China Travel Agencies”) to secretly provide Tourism Activities for Chinese Government Officials during Educational Events. The Marketing Manager was aided in the scheme by several employees in 3M-China’s sales, marketing and professional services departments.” [emphasis supplied] For its ‘secret’ scheme without admitting or denying the SEC’s findings, 3M agreed to pay $4.5 million in prejudgment interest and disgorgement and a civil penalty of $2 million or a total of $6.5 million.

Background

The Order recited that certain 3M-China Employees targeted influential officials of Chinese state-owned enterprises and Chinese Government Officials for attendance at overseas Educational Events and, in collusion with the China Travel Agencies. To facilitate this scheme, 3M-China Employees would create a travel itinerary that included various legitimate business, training and marketing activities for submission to 3M-China’s compliance personnel for approval. However there were “alternate itineraries (the “Alternate Itineraries”)” planned which consisted of various Tourism Activities at or near the location of the Educational Events. There were free travel and lodging provided which “were designed to improperly induce the Officials to purchase 3M products, and violated company policy.”

Interestingly, the 3M-China Employees circulated the Alternate Itineraries through hand delivery or personal WeChat accounts or ephemeral messaging. The 3M-China Employees asked the participants to keep the agenda hidden, and falsified internal compliance documents so that the Tourism Activities were not shown to be planned as part of the overseas trip.

There were several indicia which demonstrated the travel was not for business purposes but for recreational purposes. From the Order it stated

(a) Tourism Activities were scheduled at the same time as the Educational Event activities;

(b) the ostensibly Educational Events were in English, and the trips included Chinese Government Officials who neither understood English nor had adequate translation services;

(c) at times Chinese Government Officials missed whole days of the Educational Event or simply never attended at all; and

(d) Certain Chinese Government Officials also requested Tourism Activities as part of the overseas trip.

To fund these illegal activities, 3M-China Employees would at times work with the collusive China Travel Agencies to inflate their billing invoices for ostensibly legitimate expenses such as  travel costs. In other instances, the 3M-China Employees submitted unpermitted invoices directly to the China Travel Agencies for reimbursement rather than to 3M China. Finally, the China Travel Agencies, with the support of the 3M-China Employees, at times directed that 3M-China’s distributors pay for portions of the non-reimbursable expenses. Rather stupidly from a legal and compliance perspective, 3M China employees measured the impact that this corruption had on sales. They tracked the effect of providing overseas travel on 3M-China’s sales to SOE Customers. One 3M-China Employee tracked post-trip sales “to ensure they were consistent with 3M-China’s sales goals. Most amazingly “3M-China management asked for the “return on investment” from an Educational Event (i.e. the effect of providing health care officials with overseas travel on sales to the SOE Customer) by comparing sales figures before and after an Educational Event.”

Finally, “from at least 2014 through 2017, 3M-China paid nearly $1 million to fund at least 24 trips for Chinese Government Officials that included Tourism Activities. The costs of these trips were improperly recorded in 3M’s books and records as legitimate business expenses, without any indication that they included Tourism Activities. As a result of the above conduct, 3M improperly benefited by at least $3.5 million from increased sales.”

Discussion

There are several key lessons to be garnered from this FCPA enforcement action. One key lesson from this case is that if your organization is paying for attendance at educational events, the value of rigorous post-event documentation, such as sign-in sheets and attendance verification is critical. By ensuring that officials were present at the events they are paid for, transparency is enhanced, and corruption can be prevented as your employee base will know that compliance is providing oversight and monitoring. This approach draws from the pharmaceutical sector, which has implemented stringent event monitoring practices.

The importance of post-event documentation and monitoring extends beyond coruption prevention. It also plays a crucial role in compliance efforts. By thoroughly documenting events and activities, companies can demonstrate their commitment to ethical business practices and compliance with regulations. This documentation serves as evidence of due diligence and can be invaluable in audits and investigations.

However, compliance professionals must strike a balance between the level of control and the resources required for documentation. While it is essential to have robust controls in place, excessive bureaucracy can hinder efficiency and productivity. Finding the right balance is crucial to ensure compliance without impeding business operations.

Another challenge lies in the use of ephemeral messaging, as seen in the Three M China case. Ephemeral messaging platforms, which automatically delete messages after a certain period, can raise concerns about transparency and compliance. While these platforms may have legitimate uses in private communications, their use in a corporate setting can be seen as a less than transparent attempt to conduct business ethically. Compliance professionals should carefully consider the implications of using such platforms and evaluate whether they align with their organization’s compliance objectives.

Data analytics also play a significant role in post-event documentation and monitoring. By leveraging advanced analytics tools, companies can detect patterns and anomalies that may indicate fraudulent activities. For example, multiple payments to the same vendor by different entities within the extended enterprise can be a red flag worth investigating. Implementing robust data analytics capabilities can enhance the effectiveness of post-event monitoring and help identify potential compliance risks.

In conclusion, the 3M China FCPA enforcement action underscores the importance of post-event documentation and monitoring in fraud prevention and compliance efforts. Rigorous documentation practices, inspired by the pharmaceutical sector’s approach, can enhance transparency and prevent corruption. However, finding the right balance between control and efficiency, addressing challenges associated with ephemeral messaging, and leveraging data analytics are crucial for effective post-event documentation and monitoring. By prioritizing these factors, companies can strengthen their compliance programs and mitigate the risks associated with fraudulent activities.

Categories
Innovation in Compliance

Innovation in Compliance – Oshri Cohen on the Role of a CTO in Compliance

The role of a Chief Technology Officer (CTO) in compliance and data governance is explored in this podcast episode between Tom Fox and Oshri Cohen. They discuss the varying responsibilities of a CTO based on company size, with larger organizations focusing on strategic planning while smaller organizations have the CTO as the head engineer. The importance of the CTO in managing risks, particularly in industries like healthcare and finance, is emphasized, along with the role of the board in providing oversight. The conversation also delves into the significance of data strategy, compliance, and data governance, emphasizing the need for collaboration between the CTO and the Chief Compliance Officer (CCO). Technical due diligence and the establishment of a data commission within organizations are suggested as strategies for effective data governance. Overall, the conversation highlights the crucial role of the CTO in ensuring compliance and protecting sensitive information.

  • The Role of a CTO in Compliance
  • Data Strategy and Compliance
  • Data Governance Challenges
  • Data Governance and Startups
  • Risks in System Audits

 Resources:

Oshri Cohen on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 20 – Gap Analysis for HR

Join Tom Fox in this episode of the 31 Days to a More Effective Compliance Program podcast to delve deeper into the significant role of HR in implementing compliance programs. Hopefully you now understand that many of the traditional functions of Human Resources (HR) can be seen as compliance internal controls. At every touchpoint in the lifecycle of the employment relationship there is a HR touchpoint. Fulfilling those touchpoints can be controls for compliance. If you think of multiple HR functions as compliance internal controls, one of the questions becomes how can you determine if HR is meeting the standards of a best practices compliance program? One place to start is with a gap analysis to determine what HR has in place that can facilitate your company’s compliance program.

The role of HR in implementing compliance programs is a critical aspect of maintaining best practices within an organization. Traditional HR functions can serve as compliance internal controls, and that every touch point in the employment relationship can serve as a control for compliance. Fox’s insights are derived from his extensive experience and deep understanding of the compliance and HR environment. He emphasizes the importance of conducting a comprehensive gap analysis and fostering collaboration between HR and business units to enhance the compliance program.

Finally, work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and “Document, Document, and Document”.

 Three key takeaways:

  1. A gap analysis is a key component in the risk assessment process.
  2. The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
  3. The role of the compliance department is to oversee, provide subject matter expertise and coordinate.

 

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Corruption, Crime and Compliance

Board Oversight and Monitoring of AI Risks

As companies rapidly adopt artificial intelligence (AI), it becomes paramount to have robust governance frameworks in place. Not only can AI bring about vast business benefits, but it also carries significant risks—such as spreading disinformation, racial discrimination, and potential privacy invasions. In this episode of Corruption, Crime and Compliance, Michael Volkov dives deep into the urgent need for corporate boards to monitor, address, and incorporate AI into their compliance programs, and the many facets that this entails.

You’ll hear Michael talk about:

  • AI is spreading like wildfire across industries, and with it comes a whole new set of risks. Many boards don’t fully understand these risks. It’s important to make sure that boards are educated about the potential and pitfalls of AI, and that they actively oversee the risks. This includes understanding their obligations under Caremark, which requires them to exercise diligent oversight and monitoring.
  • AI is a tantalizing prospect for businesses: faster, more accurate processes that can revolutionize operations. But with great power comes great responsibility. AI also comes with risks, like disinformation, bias, privacy invasion, and even mass layoffs. It’s a delicate balancing act that businesses need to get right.
  • Companies can’t just use AI, they have to be ready for it. That means adjusting their compliance policies and procedures to their specific AI risk profile, actively identifying and assessing those risks, and staying up-to-date on potential regulatory changes related to AI. As AI grows, the need for strong risk mitigation strategies before implementation becomes even more important.
  • The Caremark framework requires corporate boards to ensure that their companies comply with AI regulations. Recent cases, such as the Boeing safety oversight, demonstrate the severity of the consequences when boards fail to fulfill their responsibilities. As a result, boards must be proactive: ensure that board members have the technical expertise necessary, brief them on AI deployments, designate senior executives to be responsible for AI compliance, and ensure that there are clear channels for individuals to report issues.

 

KEY QUOTES

“Board members usually ask the Chief Information Security Officer or whoever is responsible for technology [at board meetings], ‘Are we doing okay?’ They don’t want to hear or get into all of the details, and then they move on. That model has got to change.”

 

“In this uncertain environment, stakeholders are quickly discovering the real and significant risks generated by artificial intelligence, and companies have to develop risk mitigation strategies before implementing artificial intelligence tools and solutions.”

 

“Board members should be briefed on existing and planned artificial intelligence deployments to support the company’s business and or support functions. In other words, they’ve got to be notified, brought along that this is going to be a new tool that we’re using, ‘Here are the risks, here are the mitigation techniques.’”

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Blog

Speaking Up is Awesome

We are on a run of some great, informative and incredibly useful books by some super star compliance professionals. A couple of weeks ago Mary Shirley released Level Up. In her book, Mary shared forward-thinking hacks and ideas to improve the effectiveness of your Ethics and Compliance program to build a stronger, winning function, honoring psychological safety. Her manifesto for Living Your Best Compliance life contained carefully curated tips and takeaways for optimum impact and immediate action, at low or no investment, because the typical Compliance Officer is not always flush with funds and tends to make do like a corporate MacGyver.

Next week Adam Balfour’s Ethics and Compliance for Humans will be released. (It is available for presale here.) In his book, Balfour, a well-known corporate compliance expert writes why ethics and compliance departments, HR and business leaders must keep people top of mind when designing and implementing ethics and compliance programs. The human-centric programs Balfour espouses resonate with and are highly relevant to their audiences. They not only consider the human experience, but also protect those who are—or might otherwise be—harmed by wrongdoing. Or as Carsten Tams might say, it’s all about the UX.

I am thrilled to be sitting between two such compliance luminaries with the release of my second children’s book on compliance Speaking Up is Awesome. This is the second in my three-book series about compliance for children. The first Being a Compliance Officer is Awesome was released last December and within its first week was a best-selling book for children on Amazon.com. Both books were published and illustrated by Dinosaur House.

Many years ago, when my daughter was a teenager, I asked her if she knew what a whistleblower was. I told her that when I person raised their hand and spoke up after they saw something wrong, that was being a whistleblower. Her response was “That’s what we call a rat.” I have long thought about her response (and she is long past being a teenager). I have wanted to try and change the narrative for teenagers and I feel like in this book Speaking Up is Awesome I have created a way to do so.

The book is the story of our intrepid crew traveling across the galaxy to Planet Pawtastic Friends, the dog rescue planet. On Planet Pawtastic Friends, dogs receive enrichment training so they can be adopted and move to their Fur-ever homes. In enrichment training, dogs train work with rescue dogs to make them ‘super-adoptable’. On their journey, one of the crew discovers something wrong with the engine but as she is not an engineer, she is worried the ship’s engineers will be mad at her; call her a rat and punish her by not letting her come to Thanksgiving Dinner. But she listens to her gut and decided she must tell the Captain about the problem.

It turns out the problem with the engine was quite serious and her speaking up saved the ship. She listened to her gut and she learned that by doing so, it can pay big dividends when you speak up. Not only did she potentially save the ship, but her suggestion made the spaceship run more efficiently and they were able to go farther by savings on fuel. Her example led the Captain to install an anonymous hotline so that other crew members could make reports of unsafe situations or even make suggestions on how to make the spaceship run better. Everyone on the spaceship learned that speaking up is awesome.

Just like my first book, this new book, Speaking Up is Awesome is aimed for the children, families and friends of compliance professionals. Or perhaps you could take hold of the suggestion of Carsten Tams who said that my first children’s book was an excellent guide for other corporate executives who might not fully understand the role of compliance in an organization. Whoever you might want to purchase my book for; it is designed to change the narrative about how children think about whistleblowers. If we can get a generational change in this dynamic, it will make companies better about doing business in compliance and with greater ethics. Moreover,  it will allow many companies to take their speak up culture to another level.

Kyle Welch, in his seminal work Evidence on the Use of and Efficacy of Internal Reporting Systems found that when companies had a culture of speaking up, they not only sustained material cost savings but they became better run companies. The reason was simple; engaged employees felt safe in raising their hands and speaking up. When they did so with such safety, these companies became better run. It seems straight-forward and Welch’s research affirmed this.

I hope you will check out and purchase a copy of Speaking Up is Awesome and we can all change the narrative for today’s kids. Just imagine a galaxy where kids felt like they could speak up and what it would mean for corporate America when they get into the workforce.

There is yet one more reason to purchase this book. Profits go to Pawtastic Friends, the dogs enrichment center founded by my good friends Michael and Melissa Novelli. They are literally changing dogs lives with enrichment training. Pawtastic Friends is the specified non-profit partner of the Compliance Podcast Networkand also check out their podcast, The Paw Talk which appears on the CPN. In this podcast, Mike and Melissa talk about dogs available for adoption and some dogs who have found their fur-ever homes. I hope you will consider a donation to Pawtastic Friends.

Categories
Sunday Book Review

Sunday Book Review: August 27, 2023 The Internal Audit Edition

In the Sunday Book Review, I consider books that would interest the compliance professional, the business executive or anyone who might be curious. It could be books about business, compliance, history, leadership, current events or anything else that might interest me. In today’s edition of the Sunday Book Review, I continue my summer exploration of books on crime. Today, look at some of the top books on auditing, both for the audit professional and the compliance professional.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending August 26, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • Venezuela makes last ditch appeal re: CITGO. (Reuters)
  • SFO drops ENRC investigation. (FT)
  • Poverty a direct result of corruption. (Time)
  • Is due diligence over in China? (FCPABlog)
  • Ukraine institutes whistleblower bounty program. (BusinessInsider)
  • Nigerian ex-Energy Minister arrested for corruption by FCA. (Reuters)
  • Ex-Vitol employee to face FCPA charges. (WSJ)
  • ABC ex-prosecutor surges in Guatemalan Presidential race. (WaPo)
  • Lithium batteries scrutinized under UFLPA. (Reuters)
  • More Odebrecht indictments coming. (WSJ)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 19 – Compliance Culture At The Bottom

One of the most important focuses of the DOJ’s 2023 ECCP was around culture. This means how far has the culture of compliance been driven down into an organization. The 2019 Guidance posed the following:
Culture of Compliance – How often and how does the company measure its culture of compliance? Does the company seek input from all levels of employees to determine whether they perceive senior and middle management’s commitment to compliance? What steps has the company taken in response to its measurement of the compliance culture?
These questions point to a CCO or compliance practitioner demonstrating how a culture of compliance is being burned into the very fabric of an organization. While leadership at and from the top has long been considered by both the DOJ and compliance professionals as a key element to move compliance forward, the 2019 Evaluation has also crystalized thinking around compliance culture throughout the organization, including at the bottom
Too often, strategies to move a compliance program or even an initiative come from the top of an organization and are pushed down. To fully operationalize compliance, you must have leadership in compliance further down the organization which (hopefully) has been a part of the design process and can lead the implementation throughout an organization.

Three key takeaways:

  1. While tone at the top is critical, the tone at the bottom can work to more fully operationalize compliance.
  2. 95% of the work is done at this bottom level.
  3. Use HR to come up with a strategy to move compliance into the bottom for more complete operationalization.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 18 – Operationalizing Compliance in the Middle

The DOJ has made it clear that middle management is critical to any compliance program’s success. While it does all start at the top, with the Board of Directors and senior executives setting the tone for the rest of the company, prosecutors are mandated, under the 2023 Evaluation of Corporate Compliance Programs (ECCP), to show how middle management, in turn, has reinforced those standards and encouraged employees to abide by them. Moreover, the ECCP posed several questions to middle management, including the following: What actions have middle-management stakeholders taken to demonstrate their commitment to compliance or compliance personnel, including their remediation efforts? Have they persisted in that commitment in the face of competing interests or business objectives?

The DOJ expects compliance to be operationalized down to the middle management level. Further experience has shown that employees prefer to speak to their direct supervisors about issues or potential compliance violations they become aware of. The question is: how can a corporate compliance function reach middle management? This is a key area of assistance that Human Resources can provide, as one of the ways that HR can help to operationalize compliance is to assist each level of an organization to have a proper tone, specifically the middle of an organization.
You must think about your communication lines and communication skills when conveying your message of compliance from the top into the middle of your organization.

Three key takeaways:

  1. While the tone at the top is critical, the middle tone can work to operationalize compliance more fully.
  2. How do you train middle managers?
  3. What compliance tool kit do you provide to middle managers?

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 17 – Promotions to Operationalize Compliance

Welcome back as we dive into the role of HR in compliance and ethics. Today, we will explore the significant role of HR in operationalizing compliance within organizations. Join us as we uncover practical advice and data-driven insights on how HR can promote ethical behavior and create effective internal controls. According to the Department of Justice, promotions demonstrate a company’s commitment to compliance and ethics. By using advertisements to reinforce these values, organizations can showcase their dedication to fostering a culture of integrity and accountability.

The role of HR in corporate compliance programs should be more recognized. Suppose your company has a culture where compliance is perceived to compete or, worse yet, antithetical to HR. In that case, the company must hit all cylinders and may be moving towards dysfunction. Another way you can operationalize compliance is through HR’s involvement in employee promotion. Such compliance embedded into the promotion process can also be considered an internal compliance control. By doing so, your compliance may work to create an effective internal controls regime as mandated by the FCPA and other anti-corruption laws.

Three key takeaways:

  1. Denying a promotion or award due to an employee’s ethical lapses.
  2. Use promotions to reinforce your company’s commitment to compliance and ethics.
  3. Should you wait for great?

For more information, check out The Compliance Handbook, 4th edition here.