Tag: compliance

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Failures

Next, consider a couple of landmark failures at the Board level around bribery and corruption.

VimpelCom Ltd. In 2015 (now Veon Ltd.), the DOJ alleged that Dutch telecom VimpelCom sought to enter the telecom market through the acquisition of a local player, Unitel, as an entrée into the Uzbekistan market. Unitel made clear to VimpelCom that to have access to, obtain, and retain business in the Uzbeki telecom space, VimpelCom would have to, according to the DPA, “regularly pay Foreign Officials millions of dollars” to Gulnara Karimova, the daughter of the then President of the country. VimpelCom also acquired another entity Butzel, that was at least partially owned by an Uzbeki government official, who hid their interest through a shell company, which was known to VimpelCom. VimpelCom did not articulate a legitimate business reason for the deal and paid $60 million for Buztel.

Ultimately, VimpelCom agreed to pay approximately $800 million in fines for these activities in 2016. 

BizJet. Another FCPA enforcement action involved the Tulsa-based company BizJet International Sales and Support Inc. (BizJet), which had four senior executives convicted for their participation in a bribery scheme. But this case also involved the Board of Directions. In the Criminal Information, it stated that in November 2005:

…at a Board of Directors meeting of the BizJet Board, Executive A, and Executive B discussed with the Board that the decision of where an aircraft is sent for maintenance work is generally made by the potential customer’s director of maintenance or chief pilot, that these individuals are demanding $30,000 to $40,000 in commissions, and that BizJet would pay referral fees in order to gain market share.

In both cases, this is where the rubber hits the road. If a company is willing to commit bribery and engage in corruption to secure business, no amount of doing compliance is going to help. If senior management is ready, willing, and able to lie, cheat and steal, the Board is the final backstop to prevent such conduct. Both the VimpelCom and BizJet Boards sorely failed in their compliance duties.  

Three key takeaways:

  1. Board liability will be severe based upon similar conduct going forward.
  2. Board members must critically challenge management on its conduct.
  3. The Board is the ultimate backstop against bribery and corruption.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: A Material Weaknesses Catastrophe

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds!

In this episode, co-hosts Tom Fox and Matt Kelly dissect a disastrous 10k report filed by Ammo Incorporated, exposing the company’s shocking governance and compliance breakdown. The lack of personnel, internal control processes, and proper segregation of duties are just some of the material weaknesses that led to this corporate disaster. The hosts provide insightful lessons on what companies should avoid to maintain internal governance, share tips on approaching remediation, and emphasize the importance of self-awareness among senior management and the board. Tune in to hear how this niche investigative story was uncovered, and how Twitter played a crucial role in the investigation. Don’t miss Compliance into the Weeds – the podcast that will change the way you think about governance and compliance!

 Key Highlights 

·      Material weaknesses in internal governance practices

·      Material weaknesses in operations at Ammo

·      Challenges with Ammo Inc.’s strategic shift and internal controls

·      Remediating Company Failures: Story’s Disclosure

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Key Board Metrics for Compliance

What are metrics for a Board of Directors around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:

  • Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
  • Does the Board maintain a material role in overseeing a company’s overall compliance framework?

These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information has the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?

Three key takeaways:

  1. The DOJ expects active engagement by a Board around compliance.
  2. Does the Board exercise independent review of the compliance program?
  3. The convergence of the Yates Memo, Caldwell’s metrics, the Evaluation, and FCPA Corporate Enforcement Policy mandate Board metrics around compliance.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

What Leads to a Successful Board Investigation?

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic because if a Board of Directors does not get an investigation, which it handles right, the consequences to the company, its reputation, and value can all be quite severe.

In an article in the Corporate Board magazine, entitled “Successful Board Investigations”; David Bayless and Tammy Albarrán, wrote about five key goals that any investigation led by a Board of Directors must meet.

  • Consider whether you need independent outside counsel.
  • Consider hiring an experienced investigator to lead the internal investigation.
  • Consider the need to retain outside experts.
  • Analyze potential conflicts of interest at the outset and during the investigation.
  • Carefully evaluate whistleblower allegations.
  • Request regular updates from outside counsel, without limiting the investigation.
  • Consider whether an oral report at the conclusion of the investigation is sufficient.

The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the Board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the Board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.”

Three key takeaways:

  1. Retain the right counsel. Consider conflicts and appearance.
  2. Carefully evaluate all whistleblower allegations and reject retaliation.
  3. Consider receiving oral reports on an ongoing basis and one lengthy oral report at the end of the investigation.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
Principled Podcast

Principled Podcast – S9 E17 – How Compliance Professionals Can “Send the Elevator Back Down”

What you’ll learn on this podcast episode

There are certain people you meet in your professional career that continue to have an impact on you and your industry, long after that initial meeting. For Principled Podcast host Meredith Hunt, that person is Mary Shirley, the former head of Integrity and Compliance Education at Fresenius Medical Care (now head of compliance for Masimo) and co-host of the Great Women in Compliance podcast. In this episode, the two discuss how ethics and compliance professionals can better amplify their peers and build community, using guidance from Mary’s book Sending the Elevator Back Down. They also explore themes from Mary’s upcoming book on how E&C leaders can make the most impact on their programs with limited resources.

Guest: Mary Shirley

Mary Shirley – Grayscale

Mary Shirley is a New Zealand-qualified lawyer with 18 years of ethics and compliance experience that includes working for data privacy and antitrust regulators, in-house and private practice/consultancy across five countries and four regions of the world.  

Mary co-hosts the Great Women in Compliance Podcast, which aims to create a platform for the outstanding achievements of women in the field and share ideas and provide learning opportunities for everyone in compliance. 

She co-authored the book Sending the Elevator Back Down: What We’ve Learned from Great Women in Compliance (CCI Press, 2020) and has a second book highlighting trailblazing and innovative ideas to level up compliance programs, coming out later in 2023.  

She has been bestowed the honor of being named a Compliance Week Top Mind 2019, Trust Across America 2020 Top Thought Leader in Trust, and Excellence in Compliance Awards 2022 Mentor of the Year. 

Host: Meredith Hunt

Meredith Hunt – Grayscale

Meredith Hunt came to LRN in early 2023 as a formidable compliance generalist, with experience in quality management, project management, regulatory compliance, policy drafting, and compliance program implementation and management. As a self-proclaimed compliance “nerd,” Meredith works as an ethics and compliance specialist on LRN’s Advisory team. In thicapacity, she leads LRN’s code of conduct assessment and benchmarking practice and advises clients on how to incorporate code of conduct best practices. Meredith also manages client projects across a range of industries, including code of conduct development and E&C program evaluations. 

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Governance and Risk Oversight

One of the ongoing questions from members of the Board of Directors is how to resolve the tension between oversight and management. I recently had the opportunity to visit with Joe Howell, former Executive Vice President (EVP) of Workiva, Inc., on this subject. Howell has worked on and with Boards of Directors at various companies, and I wanted to garner his understanding of the role of a Board, senior management, and a Chief Compliance Officer (CCO). Howell’s short response was an excellent starting point for understanding the role; put sand in management’s shoes.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong,” can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer is putting a little bit of sand in the shoe to make sure you’re thinking about things carefully can cause you to step back and focus your resources where they’re needed.”

Howell noted that the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “One perfect example is the reputation of those stakeholders involved in the company, and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell stated, “It’s essential as we go through some ways the Board can help management in that role. I think the things that make a difference to management is when the Board can be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their underlying assumptions and biases.”

A Board is more than just there to be a rubber stamp for senior management. It must exercise independent judgment, action, and oversight. Further, it is the Board’s role to ask hard, difficult, and probing questions to ensure management is doing its job and has considered other risk possibilities.

Three Key Takeaways:

  1. Boards should force management to open up the company to itself.
  2. Boards should be a grain of sand in the shoe of management.
  3. Boards should ensure senior management is aware of and planning for known and unknown risks.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Oversight Role over Internal Controls

Best practices compliance program. The first in Hallmark No. 1 states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources,” which says the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided sufficient information to enable independent judgment?

Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and the compliance function. The Board must ask hard questions and be fully informed of the company’s overall compliance strategy. Lawyers often speak to and advise Boards on their legal obligations and duties. If a Board’s oversight is part of effective financial controls under Sarbanes Oxley (SOX), that includes effective compliance controls. Failure to do either may result in something far worse than bad governance. It may directly lead to an FCPA violation and could even form the basis of an independent FCPA violation. A company must have a corporate compliance program in place and actively oversee that function. A failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Internal controls work together with compliance policies and procedures and are interrelated control mechanisms. There are five general compliance internal controls for a Board or Board subcommittee role for compliance:

Three Key Takeaways:

  1. GTE compliance internal controls are low-hanging fruit. Pick them.
  2. Compliance with internal controls can be both detected and prevented controls.
  3. Good compliance with internal controls is good for business.
Categories
Compliance Into the Weeds

Compliance into the Weeds: PCAOB: Expanding Audit Duties – The Impact and Concerns

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds!

Tom Fox and Matt Kelly are back with another thought-provoking episode discussing the proposed new Audit Standard 2405 by the PCAOB. This new proposal requires auditors to evaluate legal violations and noncompliance that could have a material impact on financial statements. While some people believe this is a good idea, others question the cost and whether audit firms are trained for this task. The discussions covered a range of topics, including internal control evaluations, expanding audit duties, Wells Fargo case study, the potential for increased audit fees, and reporting noncompliance to law enforcement. The hosts urge listeners to read the proposal and provide feedback as the final standard is expected to be approved by the SEC. This is a must-listen for compliance professionals who want to stay up-to-date and think critically about the latest audit news.

 Key Highlights 

·      Auditing Process for Legal and Compliance Issues

·      New Standards for Auditors Beyond Financial Reporting

·      Expanding PCAOB’s Legal Obligations for Auditors

·      Expanding Audit Firm Duties: Impact and Concerns

·      Commenting on Proposed Audit Rule

Notable Quotes:

“This seems like a huge expansion of what auditors have done in the past.”

“Certainly, for example, a large FCPA violation if you’re looking at $1,000,000,000 fine, and that would definitely strike me as material.”

“The proposal to expand the duties of audit firms is a dramatic expansion of what they were previously asked to do, and it is unclear whether they are fully equipped to handle this responsibility.”

“Internal auditors and compliance officers may also have concerns.”

Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: June 14, 2023 – The Digital Nomad Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Why we go into the office now. (Bloomberg)
  • JPMorgan settles with Epstein victims for $290M. (Reuters)
  • Corruption and wildfires. (Eurasianet)
  • The digital nomad goes corporate. (FT)
Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 12 – The Menagerie (Part Two)

In this episode of Trekking Through Compliance, we consider the episode The Menagerie (Part Two), which aired on November 24, 1966, Star Date 3012.4.

This was the original pilot episode presented to NBC. Spock’s trial continues, and the transmitted scene resumes with Pike in 2254 in a cell with a transparent wall. The Talosians begin their “experiment,” which consists of several illusory situations involving Pike and Vina. The Talosians hope that Pike and Vina will mate and find a race of slaves who will reclaim the war-damaged surface of the planet.

That night, Pike can capture the Keeper as he attempts to confiscate the weapons. The captured crew proceeds to the surface. Number One sets her phaser on overload, preferring to die rather than be enslaved. The aliens have found that humans’ “unique hatred of captivity” makes them unsuitable for the Talosians’ plans, which must be abandoned. The crew beams back to the Enterprise.

Back in 2267, the transmission ends as the Enterprise arrives at Talos IV. The court-martial was a ploy to buy time to bring Pike back to Talos IV, where, if willing, he could enjoy the illusion of everyday life. Pike is transported to the planet and rejuvenated Pike.

Compliance Takeaways:

  1. What happens with your counterparty refuses to comply with FCPA requirements?
  2. When the time comes, will you, as a CCO, speak truth to power?
  3. Sometimes failure and being left behind are options.

 Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein for The Menagerie (Part Two)
MissionLogPodcast.com-The Menagerie (Parts 1 & 2)