Tag: compliance

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Legal Requirements of the Board Regarding Compliance

As to the specific role of best practices in general compliance and ethics, one can look to Delaware corporate law for guidance. The case of In Re Caremark International Inc., 698 A.2d 959 (Del. S. Ct. 1996) was the first case to hold that a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.”

In the case of Stone v. Ritter, the Supreme Court of Delaware expanded on the Caremark decision by establishing two important principles. First, the Court held that the Caremark standard is the appropriate standard for director duties concerning corporate compliance issues. Second, the Court found that no duty of good faith forms a basis for director liability, independent of the duties of care and loyalty. Rather, Stone v. Ritter 911 A.2d 362 (‎Del. S. Ct. 2006) holds that the question of director liability turns on whether there is a “sustained or systematic failure of the board to exercise oversight—such as an utter failure to attempt to assure a reasonable information and reporting system exists.”

The Board has the role of monitoring the performance of the compliance function, including monitoring the performance of it using standard economic metrics and overseeing compliance with applicable laws and regulations. While the Board is not responsible for auditing or ferreting out compliance problems, it is responsible for determining that the company has an appropriate system of internal controls. The Board should also monitor company policies and practices that address compliance and matters affecting the public perception and reputation of the company. Every company should ensure that it conducts appropriate compliance training for employees and conducts regular compliance assessments. Finally, the Board must take appropriate action if and when it becomes aware of a material problem it believes management is not properly handling. The Delaware Supreme Court has expanded this obligation in the cases of Marchand v. Barnhill (the “Blue Bell” case),  Clovis Oncology, Hughes, and Boeing.

From the Delaware cases, a Board must have a corporate compliance program in place and actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, additional oversight should exist. In other words, there is an affirmative duty to ask tough questions. However, there has been a significant expansion of the Board’s Caremark obligation.  Delaware courts will be much more scrutinizing of Caremark claims going forward. The evolution of decisions from Marchand to Boeing shows that a company must have robust compliance and risk management oversight but, more importantly, engage in oversight for the company’s signature risk(s). Boards must do so aggressively, not passively.

As Mike Volkov has noted, “At the bottom, the Chancery Court is raising the stakes on board member accountability.”

 Three key takeaways:

  1. The Delaware courts have led the way with the Caremark and Stone v. Ritter decisions.
  2. Boards must have compliance expertise and exercise it.
  3. In a series of recent decisions, the Delaware courts are expanding the Caremark obligations, most recently.

For more information check out The Compliance Handbook, 3rd edition, available from LexisNexis here.

Categories
Trekking Through Compliance

Trekking Through Compliance Episode 3 – Compliance Lessons from Where No Man Has Gone Before

In this episode of Trekking Through Compliance, we consider Where No Man Had Gone Before, which aired on September 22, 1966, Star Date 1312.4. The first Star Trek episode was made (not counting the pilot episode, The Cage), although not the first aired. It differs from subsequent episodes in that there is no “Space, the final frontier” voice-over during the theme song at the beginning.

Story

The Enterprise discovers a 200-year-old ship recorder from the SS Valiant near the galaxy’s edge. Shortly after, the Enterprise passes through an unknown phenomenon that causes major damage and knocks out navigators Gary Mitchell and Dr. Elizabeth Dehner (both of whom have high ESP ratings). When Gary recovers, he begins to acquire telepathic and telekinetic powers. Kirk alarmed at the prospect of having his ship taken over by an increasingly powerful and tyrannical Mitchell, is convinced by Spock to maroon Mitchell at the lithium cracking plant of Delta Vega. Dr. Piper has no explanation for what is happening. Gary kills Lee Kelso and escapes from his imprisonment. Kirk follows him and can destroy him with the help of Dr. Dehner, who is also beginning to acquire the power but kills herself in the process.

Commentary

We take a deep dive into into compliance lessons drawn from the episode’s plot, emphasizing the importance of root cause analysis, risk management, adaptability, ethical leadership, monitoring and controls, balancing innovation with safety, effective team communication, and understanding human behavior in the context of compliance. These lessons are crucial for building and maintaining effective compliance programs in any organization.

Key Highlights

·       Plot Summary of Where No Man Has Gone Before

·       Key Compliance Takeaways

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

 

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 2 – Charlie X

In this episode of Trekking Through Compliance, we consider Charlie X, which aired on September 15, 1966, Star Date 1533.6.

The USS Enterprise meets the merchant vessel Antares to take charge of Charlie Evans, the sole survivor of a transport ship that crashed on Thasus. For fourteen years, 17-year-old Charlie grew up alone, stranded in the wreckage, learning to talk from the ship’s computer systems, which remained intact.

Despite his eagerness to please, Charlie becomes obnoxious since his lack of upbringing has left him with no knowledge of social norms or control of his emotions. He latches on to Captain Kirk as a father figure and develops an infatuation with Yeoman Janice Rand. He demonstrates extraordinary powers of telepathy and matter transmutation. When the Antares is nearly out of sensor range, it transmits a message to the Enterprise. The message is cut off before it can convey a warning. Scanners show the Antares has been reduced to debris.

Realizing Charlie’s powers are too great to be controlled, and Kirk opts to divert from Alpha V to at least keep Charlie away from a civilized world where he would wreak havoc. Charlie discovers Kirk’s plans and takes control of the Enterprise.

A Thasian ship approaches and restores the Enterprise and its crew to their proper forms. The Thasian commander says that his race gave Charlie his powers so he could survive in their world, but these powers (which they can’t remove from him) make him too dangerous to live among humans. Charlie begs Kirk not to let the aliens have him since the Thasians lack any physical form or capacity for love. However, the Thasians reject Kirk’s argument that Charlie belongs with his kind, with a final echoing wail of “I wanna stay!

Compliance Takeaways:

  1. Ask more of your front-line employee, and they will respond positively.
  2. Compliance is like a multi-dimensional chess match.
  3. As a compliance professional, who are you mentoring?

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein for CharlieX
MissionLogPodcast.com-Charlie X

Categories
Principled Podcast

Principled Podcast – S9 E14 – From Basic to Best in Class: Evolving Hexcel’s Compliance Program

What you’ll learn on this podcast episode

How do you move your ethics and compliance program along the journey from basic to best in class? How do you keep momentum amid a major business disruption and downturn? And how do you make progress on the holy grail of compliance objectives—a speak-up culture?  In this episode of LRN’s Principled Podcast, host Emily Miner is joined by Gail Lehman, the EVP, general counsel, and secretary at Hexcel Corporation. Listen in as Gail shares how this high-tech materials manufacturing company has evolved its compliance program over the past five years and what that’s meant for the company’s culture.

Guest: Gail Lehman

Gail Lehman – Grayscale

Gail Lehman is the executive vice president, general counsel, and corporate secretary at Hexcel Corporation, having joined Hexcel in January of 2017. Hexcel is headquartered in Stamford, Connecticut. Gail oversees the legal and trade compliance functions for this NYSE public company, a leading global producer of advanced composites for commercial aerospace, space and defense, and various industrial markets. She is also the leader of Hexcel’s Sustainability program at a corporate level. Gail serves as a trusted strategic advisor to the board, chief executive officer, and business teams. Upon joining the company, Gail restructured the legal and trade functions to align with Hexcel’s business teams and operational objectives. She re-engineered the Code of Business Conduct program, redrafting the code and rolling out specially tailored “speak up” ethics training and messaging across all global locations. She collaborates with other senior leaders and teams to drive Hexcel’s sustainability efforts and major growth, strategic and commercial activities, including mergers and acquisitions, cyber incident readiness, and contracting with the company’s critical customers and suppliers.  

Prior to joining Hexcel, Gail served as chief administrative officer, general counsel, and corporate secretary at Noranda Aluminum Holding Corporation. Prior to Noranda, Gail was vice president, general counsel, and corporate secretary at both Hawker Beechcraft Corporation and Covalence Specialty Materials Corporation. Earlier she rose through the ranks of the law department at Honeywell International. She began her career at the law firm of Lowenstein, Sandler in Roseland, NJ after serving a federal judicial clerkship in the District Court in New Jersey. 

Gail has a degree in psychology from Rutgers College, a graduate degree in educational psychology from Rutgers Graduate School of Education, and a law degree with high honors from Rutgers University School of Law. She has served on several non-profit boards, including currently for the Women’s Business Development Council in Stamford, Connecticut. 

Host: Emily Miner

Episode_Card_Emily_Miner

Emily Miner is a vice president in LRN’s ethics and compliance Advisory practice. She counsels executive leadership teams on how to actively shape and manage their ethical culture through deep quantitative and qualitative understanding and engagement. A skilled facilitator, Emily emphasizes co-creative, bottom-up, and data-driven approaches to foster ethical behavior and inform program strategy. Emily has led engagements with organizations in the healthcare, technology, manufacturing, energy, professional services, and education industries. Emily co-leads LRN’s ongoing flagship research on E&C program effectiveness and is a thought leader in the areas of organizational culture, leadership, and E&C program impact.

Prior to joining LRN, Emily applied her behavioral science expertise in the environmental sustainability sector, working with non-profits and several New England municipalities; facilitated earth science research in academia; and contributed to drafting and advancing international climate policy goals. Emily has a Master of Public Administration in Environmental Science and Policy from Columbia University and graduated summa cum laude from the University of Florida with a degree in Anthropology.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Measuring Compliance Training Effectiveness

Since at least 2017, the DOJ has emphasized the need to determine compliance training effectiveness. In the 2020 Update, it stated under the section entitled “Form/Content/Effectiveness of Training” the following questions, How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated how much the training impacts employee behavior or operations?

The DOJ enshrined the importance of determining the effectiveness of your compliance program in its 2020 Evaluation. The 2020 Evaluation demonstrates that the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many CCOs and compliance professionals still need help to determine. Both the simple guidelines suggested herein, the more robust assessment, and the results provide you with a start to fulfill the precepts set out in the 2020 Evaluation, but you will eventually need to demonstrate the effectiveness of your compliance training in the future.

Three key takeaways:

  1. You must demonstrate that you have measured the effectiveness of your compliance training.
  2. The DOJ is moving into requiring a demonstration of the effectiveness of compliance training.
  3. You should be moving towards a model of demonstrating compliance training ROI to validate the full operationalization of your compliance training.
Categories
Compliance Into the Weeds

Compliance into the Weeds: A Compliance Response on Messaging Apps

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

Join Tom Fox and Matt Kelly on “Compliance into the Weeds” as they delve into the recent SEC crackdown on messaging apps and improper employee use. The hosts explore the challenges of regulating messaging app use and provide solutions emphasizing the importance of corporate culture and risk management strategies. Hear from experts like the DOJ representative who spoke at Compliance Week 2023 and a defense contractor who offers tech solutions to monitor messaging apps on employees’ phones. With GDPR and FINRA regulations to consider, the podcast presents a comprehensive plan for compliance officers that focuses on effective controls, processes, and consequences for policy infractions. Don’t miss out on this informative podcast highlighting the importance of cultivating relationships with internal audit teams, IT teams, and other control departments to ensure proper compliance measures.

 Key Highlights: 

  • Risk management of employee messaging app usage
  • Tech solution for monitoring employees’ messaging
  • Corporate Culture Approach to Compliance in Financial Firms
  • Compliance Challenges in Monitoring Employee Communications
  • Building Relationships for Effective Compliance Management

 Notable Quotes:

“Assess your risks, put a risk management strategy in place, execute that strategy, train your employees, monitor the effectiveness, and remediate as appropriate.”

“And the tech company CEO said it is in his mind, People the policies, procedures, people and processes a more culture compliance strategy could work, but you would need to convince employees.”

“If they are also violating the policy, that’s bad. And that shows you have a corporate culture problem.”

“If it’s corporate culture, how is this any different than any difficult issue we’ve seen in compliance over the past 15 years?”

Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Frequency

What should be your organization’s compliance training frequency? How can the amount of training positively or negatively impact an overall training strategy? Unfortunately, the 2020 Update or the 2020 FCPA Resource Guide did not answer these questions. Still every company should have a “well-designed compliance program is appropriately tailored training and communications.”

Compliance professionals often think compliance training needs to be conducted very frequently, even if it means repeating the same training courses every year. Compliance training expert Shawn Rogers analogizes compliance training to an automobile’s windshield wiper system in discussing how frequently compliance training should be administered. He explained, “It would not make any sense to run your wipers constantly, even when it is not raining. First, it would be extremely annoying to the passengers. And second, eventually, it would wear out both the wiper blades and the wiper motor. It would simply be nonsensical.” Requiring overly repetitive training is like running your windshield wipers in clear weather. The learners will be annoyed; the training will be viewed as a waste of time and energy. Finally, your employees will not take training as seriously when addressing a specific situation, as the compliance training will be viewed literally and figuratively as a “check-the-box” exercise.

 Three key takeaways: 

  1. Have a well-reasoned approach to training frequency.
  2. Lengthier, more full-bodied training can be given once every three years.
  3. Shorter, more frequent compliance refreshers or reminders can be used to keep the risk top-of-mind.
Categories
Great Women in Compliance

Great Women in Compliance – Nicole Di Schino – The Compliance Education Fanatic

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine.

Most E&C professionals know that you can have the best practices and policies, but if they are not understood by your employees and teams, they cannot be effective. And some of us, like today’s guest, Nicole Di Schino, help us with that next step in our training programs. She calls herself the “Compliance Education Fanatic,” and you will understand why after hearing this episode. Nicole discusses the importance of having creative and interactive training, and also how using training with a choice of a “best” answer is better than letting people pick a clear right answer.

Nicole and Lisa also talk about how different ways to communicate with and provide training for those in different generations, particularly with Gen Z.

You can find the Great Women in Compliance Podcast on the Compliance Podcast Network where you can find several other resources and podcasts to keep you up to date in the Ethics and Compliance world. You can also find the GWIC podcast on Corporate Compliance Insights where you can learn more about the podcast, stream prior episodes, and catch up on Mary’s monthly column “Living Your Best Compliance Life.”

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Governance Committee

One issue that needs to be considered by compliance professionals around compliance training is compliance training governance. Yet a multinational organization subject to the FCPA faces many legal and regulatory risks, and often many of those risks are “owned” by organizations outside the compliance function. How can your organization create a comprehensive compliance training program covering its risk profile?

Every multinational organization will have a broad risk portfolio typically owned across the organization. Consider compliance risk, fraud risk, reputational risk, financial accounting risk, and discrimination risk. These are a small sample of risks; many will not be “owned” by the corporate compliance function. This presents a real challenge when creating a comprehensive compliance training program covering a company’s legal, regulatory, compliance, and reputational risks. Well-know compliance training maven Shawn Rogers suggests “establishing a corporate Compliance Training Governance Committee that looks at the company’s overall risk profile and builds a cross-functional and comprehensive multi-year training plan that effectively addresses all of the risks in a company’s risk portfolio.”

A Compliance Training Governance Committee will allow your organization to effectively establish a multi-year training plan, help in vendor selection and engage in course creation. Rogers said, “One of the biggest benefits has been its predictability to the compliance training program. Every stakeholder from a risk-owning organization knows exactly when their function will have their course deployed over the three-year calendar. They can plan resources, they have a long lead-time to develop the courses, and during their off-years, they can do communications campaigns and events to keep their risk top-of-mind.”

Three key takeaways: 

  1. Why your organization should create a Compliance Training Governance Committee.
  2. Who should be on the Compliance Training Governance Committee?
  3. How should the Compliance Training Governance Committee work going forward?
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – 10 Compliance Training Program Design Objectives

Well-known compliance training guru Shawn Rogers has developed ten design objectives for establishing your compliance program training design objectives. It would be best if you considered doing the same for your organization. Your organization may value other objectives. What the government has told us since the original FCPA Resource Guide back in 2012 is that it expects a well throughout the approach. If you consider your design objectives early in the planning phase, it will not only meet this requirement but also become a roadmap for your program implementation easier. Finally, you can pivot more quickly in this new era as new compliance risks emerge.

Three key takeaways:

  1. What are your design objectives?
  2. They should be dynamic, not static.
  3. You should use them as touchpoints going forward.