Tag: compliance

Categories
SBR - Authors' Podcast

SBR Authors Podcast: Mary Shirley – Living Your Best Compliance Life: Hacks for Engaging Compliance Programs

Mary Shirley’s conversational and authentic writing style is the focus of this podcast episode. As a compliance officer, she strives to make compliance topics more engaging and relatable. The episode delves into important aspects of compliance, such as program assessment, team building, culture and communications, and enhancing compliance programs. Mary’s book, “Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Ethics and Compliance Program,” offers practical tips and “hacks” for improving compliance programs. The conversation also highlights the value of Compliance Week as a tool for engagement and feedback. Overall, the episode emphasizes the importance of authenticity, engagement, and continuous improvement in compliance functions.

Key Highlights Include

·      Mary’s Writing Style

·      Compliance Program Assessment

·      Enhancing Compliance Programs

·      Utilizing Compliance Week

·      Compliance Week Insights

·      Putting Advice into Practice

Resources

Mary Shirley on Linkedin

Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Compliance Program

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Key Highlights Include

·      Mary’s Writing Style

·      Compliance Program Assessment

·      Enhancing Compliance Programs

·      Utilizing Compliance Week

·      Compliance Week Insights

·      Putting Advice into Practice

Resources

Mary Shirley on Linkedin

Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Compliance Program

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 16 – The Exit Interview

Today, we’re diving into the significance of exit interviews in fully operationalizing a best practices compliance program. Exit interviews provide a valuable opportunity to gather unfiltered insights from departing employees, allowing organizations to enhance motivation, efficiency, and effectiveness. In this blog post, we’ll explore the practical benefits of conducting exit interviews and how they can transform departing employees into lifelong advocates for your organization.

The exit interview can be a further mechanism to operationalize compliance. This type of interview is used when someone voluntarily departs from a company, as opposed to a lay-off or reduction in force exercise. Typically departing employees are more willing to share about their experiences, concerns and issues which led to their employment departure.

Exit interviews are a powerful tool for fully operationalizing a best practices compliance program. They provide organizations with invaluable insights into employee perceptions, job design, and culture. By treating departing employees with dignity and respect, organizations can transform them into lifelong advocates, defending the organization’s reputation and recommending it to potential employees. Compliance ambassadors play a crucial role in strengthening compliance efforts, providing additional resources and support in regulatory issues. By asking detailed questions and fostering collaboration between compliance and HR, organizations can harness the power of exit interviews to enhance motivation, efficiency, and effectiveness in their compliance programs.

Three key takeaways:

  1. The exit interview is an excellent opportunity to obtain information to inform your compliance program.
  2. Use the exit interview to create advocates from departing employees.
  3. Use the exit interview for probing and insightful questions around compliance.

For more information, check out The Compliance Handbook, 4th edition here.

Categories
Innovation in Compliance

Innovation in Compliance – Chris Lehman on Navigating the Wild West: Digital Compliance Strategies

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Chris Lehman, CEO at Safeguard Cyber who visits with me to discuss the challenges and importance of managing risk in digital compliance.

The conversation focuses on the shift in communication channels from email to platforms like Slack and social media, highlighting the human factor as the biggest risk in compliance strategies. Lehman emphasizes the need for companies to prioritize compliance and good corporate governance in these new communication channels. To manage risk, companies should treat digital compliance as a risk management process, gaining visibility into employee communication tools, establishing policies, training employees, and utilizing technology.

We also highlight the tension between compliance teams and line of business teams, emphasizing the need for compliance teams to be enablers and strategic partners. The conversation references recent SEC enforcement actions and the importance of taking action to enforce compliance. Overall, digital compliance and governance are crucial in the modern business landscape, and utilizing technologies like monitoring tools and natural language understanding can help businesses stay secure and compliant in the digital age.

Highlights Include:

·      Safeguard Cyber: Securing Digital Communications

·      Managing Risk in Digital Compliance

·      Managing Risk in Compliance

·      Digital Compliance and Governance

 Resources

Chris Lehman on LinkedIn

Safeguard Cyber

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 15 – Employment Separation Issues and Compliance

Employment separation and layoffs can present some unique challenges for the compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several ways that operationalization will help to protect your company as much as possible.
The reasons for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However, it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you lay off the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also, if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Three key takeaways:

  1. Treat departing employees with dignity.
  2. Make sure your separation documents meet SEC requirements regarding disclosures re: whistleblowing.
  3. You must check your hotline and anonymous reporting systems to make sure you do not lay off a whistleblower.

For more information, check out The Compliance Handbook, 4th edition here.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending August 19, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

·       Ukraine ABC lessons from Afghanistan. (NPR)

·       Paxton allegedly created fake Uber account to engage in corruption.  (Texas Tribune)

·       Inotiv facing FCPA issues around importing monkeys for research. (WSJ)

·       BNSF tries to settle massive data privacy claim.  (Reuters)

·       Federal corruption investigation heating up in Ohio. (Ohio Capital Journal)

·       SEC Whistleblower Program growing pains.  (WSJ)

·       African Development Bank not using ABC funds. (FT)

·       Aide to Madagascar leader arrested for corruption.  (FT)

·       Grupo Aval settles FCPA enforcement action. (WSJ)

·       Health care corruption sweep in China. (South China Morning Post)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance and AI

Compliance and AI-Julie Myers Wood on Navigating the AI Compliance Landscape: Mitigating Risks

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this exciting new podcast series, Compliance and AI. Hosted by Tom Fox, the award-winning Voice of Compliance, this podcast will look at how AI will impact compliance programs into the next decade and beyond. If you want to find out why the future is now, join Tom Fox on this journey to the frontiers of AI.

Welcome back to another exciting episode of our podcast, where we delve into the fascinating world of compliance and artificial intelligence (AI). Today, we have the pleasure of hosting Julie Myers Wood, CEO of Guidepost Solutions. With her extensive background in law and government positions, Julie brings a wealth of knowledge and insights to our discussion on the challenges and considerations of incorporating AI into compliance programs.

As compliance professionals, we play a vital role in ensuring the safety and security of our businesses. The integration of AI into compliance programs presents both challenges and opportunities. By understanding the tools, risks, and solutions associated with AI, we can adapt to the changing landscape and make informed decisions.

Let’s embrace this exciting era of AI while staying vigilant and proactive. The world is changing, and compliance professionals need to stay up to date to ensure the safety and security of our businesses. Thank you, Julie Myers Wood, for sharing your valuable insights, and we look forward to more enlightening discussions in the future!

Remember, compliance professionals are the co-pilots of our businesses, guiding us through the complexities of the AI revolution. Let’s not wait too long between podcasts and continue this journey together!

Key Highlights

  • Key Considerations for Compliance and AI
  • Importance of Inventorying Tools and Managing Risks
  • AI and Intellectual Property Protection
  • Challenges of Implementing AI
  • AI and Compliance

 Resources

Julie Myers Wood on LinkedIn

Guidepost Solutions

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Julie Myers Wood on Navigating the AI Compliance Landscape: Mitigating Risks

I recently had the opportunity to visit with Julie Myers Wood, CEO at Guidepost Solutions. With her extensive background in law and government positions, Julie brings a wealth of knowledge and insights to our discussion on the challenges and considerations of incorporating AI into compliance programs. We took a deep dive into the intersection of compliance and artificial intelligence (AI).

With generative AI is coming at us with light speed, there are so many things a compliance professional to think about. Julie began with the first key thing is to take a high level perspective to step back and reflect on all the ways that AI can affect your company. You should ask several questions, including some of the following. What AI tools is the company using internally? What tools is the company using internally to help its operations or its capacity know about those tools? What is your company selling? Is your company selling tools that incorporate deep learning, generative AI or other sorts of machine learning?

Equally importantly what is the compliance part that each of your team is performing? What compliance tools are being used? Do you have individuals who are freelancing at your company trying to reduce their work using GPT or something else without telling you and maybe exposing some of the code? And finally, how are criminals using generative AI to get into your work? It all entails that , from a high-level perspective, what are various ways that AI can affect you.

Next it is important to think about is do you know what all these tools are that the company is using? You need to obtain an inventory of tools your employees are using. Compliance professionals need to have a comprehensive inventory of the tools being used within the company and fully comprehend their capabilities and limitations. This may not be easy, particularly if your organization is using a mix of homegrown tools as well as tools that are available for sale on the open market. Your compliance team must understand what are the tools that each part of the company is using because only then can you fully understand the privacy or other regulatory risks that may be involved.

In this inventory, you also need to understand who owns the software tools. When do they expire, how many seats to you have for your organization? Who owns the license keys and does the software legacy out?  This understanding is crucial for effectively managing compliance and mitigating potential risks. It is also a very good business practice.

Generative AI is rapidly advancing, and compliance professionals must stay informed and proactive in addressing its implications. Julie highlights the need to be aware of the risks related to generative AI, export compliance, and other potential problems. By staying updated on the latest developments, compliance professionals can adapt to the changing landscape and make informed decisions.

There are potential dangers of integrating AI into businesses and offers solutions to mitigate them. One key solution involves retraining or supplementing the training of employees. Companies need to educate their workforce on the rules of the road and provide a safe environment for exploring and experimenting with generative AI. Julie pointed to PwC’s billion-dollar investment in AI, including retraining and proprietary platforms, showcases the importance of investing in employee development. However, smaller companies may face challenges in investing in generative AI and effectively implementing it.

AI is revolutionizing compliance by enabling effective analysis and interpretation of large amounts of data. Compliance professionals are excited about the potential of AI for predictive analytics and identifying trends and patterns. However, choosing the right tools for compliance is crucial, as market winners and losers can impact success. A key for success for the compliance team is the need for collaboration between operations and compliance teams when considering the use of AI.

Clear policies defining what can and cannot be done with AI are essential to protect intellectual property and ensure compliance. But it is not simply policies and procedures, it is targeted and effective training, coupled with ongoing communications. All of this should be aimed at educating employees about the risks and consequences of using AI improperly is crucial. Compliance professionals should encourage caution when downloading AI tools from the web and carefully review terms and conditions to avoid unintended consequences.

As compliance professionals, we play a vital role in ensuring the safety and security of our businesses. The integration of AI into compliance programs presents both challenges and opportunities. By understanding the tools, risks, and solutions associated with AI, we can adapt to the changing landscape and make informed decisions.

For the full podcast with Julie Myers Wood, check out Compliance and AI here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 14 – Hiring A CCO: Developing The Job Profile

What should a company do when it desires to hire a CCO? To do so, a company needs to fully understand and appreciate what it needs from such a position going forward. Unfortunately, many companies do not have this insight at the beginning of the recruitment process. The key company stakeholders need to understand the full hiring process. Obviously, this will include HR and others involved in the hiring process for a CCO for the company. It could include the CEO, COO, CFO, CISO, Head of IA and others. They may need to rethink their approach to focus on what they will ask the new hire to accomplish because typically there is a disconnect between what the company thinks it needs and what it really needs.

Tom highlights the importance of developing a comprehensive job profile. Maurice Gilbert provides insights on the topic, emphasizing the need for companies to understand their specific needs and risks when creating a job profile for the CCO position. The podcast also discusses the importance of involving key stakeholders, setting realistic expectations, and considering professional growth opportunities and an attractive package for potential candidates. By involving key stakeholders in defining the role of the CCO and seeking the assistance of a professional executive recruiter, companies can find the right fit for their compliance program’s success.

Three key takeaways:

  1. Bring in your key stakeholders to flesh out the job description.
  2. Consider the top four things you would like a new CCO to accomplish in the first year.
  3. For a new CCO to succeed, the company must have a realistic expectation developed before the process begins.

For more information, check out The Compliance Handbook, 4th edition here.

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Mary Releases A Book Edition

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

In this episode, Tom and Kristy cover a range of topics including new anti-money laundering rules, India’s requirement for auditors to report suspected fraud, FCPA enforcement, messaging app compliance, compliance budget challenges, the settlement of an FCPA case, changing work dynamics, the purpose of a corporation, and the impact of ESG factors on corporate governance. They discuss the American Bar Association’s delayed support for anti-money laundering efforts, India’s significant change in auditor reporting rules, SEC enforcement of messaging app compliance, and the potential settlement of an FCPA case. They also emphasize the need for businesses to adapt to changing work styles and values and the benefits of incorporating ESG factors into corporate decision-making.

Highlights Include

  1. ABA agrees to new client due diligence rules.
  2. Mary Shirley releases a new book.
  3. More messaging app non-compliance fines.
  4. Albemarle makes FCPA settlement reserve.
  5. Capitalism at an Inflection Point?
  6. New India rules require auditors to report suspected bribery and kickbacks to the government.
  7. Grupo Aval FCPA Settlement.
  8. Stretching Your Compliance Budget.
  9. Leaving the Office at 5 Is Not a Moral Failing.
  10. Florida woman doused herself in Diet Mountain Dew to erase DNA after killing roommate, 79.

 Resources 

  1. WSJ
  2. Amazon
  3. WSJ
  4. FCPA Blog
  5. CCI
  6. WSJ
  7. Radical Compliance
  8. NYT
  9. NY Post
  10. Corruption, Crime and Compliance

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Executive Compliance Comp and Compliance: From Incentives to Clawbacks

There are two problems that every company must deal with at the intersection of executive compensation and compliance. The first is the presence of perverse incentives within organizations, where executives are often encouraged to take excessive risks because they personally profit from them. This misalignment of incentives can lead to unethical behavior and non-compliance, ultimately harming the organization and its stakeholders. The second is both the Securities and Exchange Commission (SEC) and Department of Justice (DOJ) mandates for executive clawbacks.

Incentives

To address this issue, companies need to tie positive incentives directly to senior executives. By holding them accountable for compliance failures, we can align their compensation with compliance objectives. This approach ensures that executives have a personal stake in maintaining ethical practices within the organization. What makes this approach unique is that it is a business response to a legal problem, rather than a government mandate. A business response is always a better way to go, as it allows organizations to take ownership of their compliance programs and tailor them to their specific needs.

Various proposals are discussed in the podcast to ensure senior executives are held personally accountable for compliance failures. One solution, suggested by William Dudley, former president of the Federal Reserve Bank of New York, is for senior management and material risk takers to forfeit their performance bond in the case of large fines. This not only disciplines individual behavior and decision-making but also incentivizes individuals to flag issues when problems arise.

Another approach, outlined in an article titled “Ties That Bind Codes of Conduct,” recommends automatic reduction of pay for officers, directors, and advisors for failures of corporate governance. Executives would agree to pay back a portion of their gross compensation for a set period before the beginning of any improprieties, regardless of their knowledge of misdeeds within the company.

While corporate leaders may not be enthusiastic about being held accountable, these proposals offer a business solution to a legal problem. Holding senior executives responsible for the conduct of others aligns with their obligations under Sarbanes-Oxley and ensures that they are not shielded from the consequences of non-compliance. Shareholders are also becoming less accepting of the argument that leaders should not be responsible for the actions of their employees.

Data from an article by Gretchen Morgenson titled “Ways to Put Your Boss’s Skin in the Game” further supports the need for accountability in executive compensation. The article explores how to make senior executives more responsible for corporate malfeasance, with implications that apply to compliance programs and compensation tied to compliance.  Creating accountability in executive compensation is a critical step towards promoting ethical business practices and compliance within organizations. By tying positive incentives to senior executives, we can ensure that they have a personal stake in maintaining compliance objectives. The proposals discussed in the podcast, such as forfeiting performance bonds and enforcing pay reductions for failures of corporate governance, offer practical solutions to address perverse incentives and drive ethical behavior.

Clawbacks

Clawbacks, often seen as a form of guarantee for businesses, play a vital role in addressing employee misconduct. These provisions, typically included in written contracts, serve as a deterrent and allow organizations to reclaim incentive or bonus funds from employees engaged in wrongful activities. It is important to note that clawbacks apply to compensation received as incentives or bonuses, rather than salary.

The SEC has provided guidance on constructing effective clawback provisions. In their final rule titled “Listing Standards for Recovery of Erroneously Awarded Compensation,” (the Rule) the SEC directs National Securities Exchanges and Associations to establish listing standards for issuers to develop and implement policies for recovering incentive-based compensation in the event of required accounting restatements.

The DOJ has also weighed in on subject of clawbacks, most recently in the 2023 Evaluation of Corporate Compliance Programs (ECCP), it stated “Are the terms of bonus and deferred compensation subject to cancellation or recoupment, to the extent available under applicable law, in the event that non-compliant or unethical behavior is exposed before or after the award was issued? Does the company have a policy for recouping compensation that has been paid, where there has been misconduct? Have there been specific examples of actions taken (e.g., promotions or awards denied, compensation recouped or deferred compensation cancelled) as a result of compliance and ethics considerations?

In summary, both the SEC and DOJ have now laid out the foundations for both incentives and consequence management.

SEC: The SEC Rule encompasses a wide range of scenarios. Companies are required to claw back incentive compensation erroneously received by current or former executives during the three-year period preceding the required restatement date. The definition of “received” is broad, considering incentive compensation earned even if not yet paid. The recoverable amount may differ from what executives would have received based on the required restatement. The SEC rule prohibits companies from obtaining indemnity insurance to protect executives from clawbacks. This step ensures that executives are held personally accountable for their actions and fosters a culture of compliance within organizations.

DOJ: In the ECCP has emphasized the significance of clawbacks in compliance programs. The ECCP directs companies to develop and apply compensation and clawback policies, shifting the burden of financial penalties away from innocent shareholders. The clear intent to prevent companies from shielding employees involved in illegal and unethical conduct. The DOJ will consider whether a company has incentivized compliance by designing compensation systems that defer or escrow certain compensation tied to conduct consistent with company values and policies. Enforcement of a contract provisions that permit the company to recoup previously awarded compensation if the recipient of such compensation is found to have engaged in or to be otherwise responsible for corporate wrongdoing is now a critical metric that prosecutors will consider. Finally, prosecutors may consider whether provisions for recoupment or reduction of compensation due to compliance violations or misconduct are maintained and enforced in accordance with company policy and applicable laws.

 Practical Steps

To create a robust compliance program that promotes ethical behavior and compliance, companies should consider the following practical advice:

  1. Documented Policies and Procedures: It is crucial for companies to document and reflect clawback policies and procedures in their compensation agreements. This documentation showcases a commitment to compliance and serves as a deterrent for potential misconduct.
  1. Clear Disciplinary Procedures: Companies should have appropriate and clear disciplinary procedures in place when enforcing a compliance program. Publicizing disciplinary actions internally and under local law can have a deterrent effect on employees, emphasizing the consequences of engaging in unlawful or unethical behavior.
  1. Personal Accountability: The DOJ and SEC prioritize holding individuals accountable for misconduct. Prosecutors evaluate whether a corporation’s compensation agreements incorporate clawback provisions that enable penalties to be levied against employees, executives, or directors involved in criminal conduct.

 Conclusion

Clawback provisions have become a crucial element in compliance programs, promoting ethical behavior and ensuring accountability within organizations. The SEC Rule, along with the DOJ’s emphasis on clawbacks from the Monaco Memo to the ECCP, highlights the significance of these provisions in the business world. By implementing well-documented clawback policies, companies can create a culture of compliance that rewards ethical behavior and protects innocent shareholders. Both initiatives prioritize ethical practices and compliance to build a better business environment for all stakeholders.