Tag: compliance

Categories
Principled Podcast

Principled Podcast – S9 E17 – How Compliance Professionals Can “Send the Elevator Back Down”

What you’ll learn on this podcast episode

There are certain people you meet in your professional career that continue to have an impact on you and your industry, long after that initial meeting. For Principled Podcast host Meredith Hunt, that person is Mary Shirley, the former head of Integrity and Compliance Education at Fresenius Medical Care (now head of compliance for Masimo) and co-host of the Great Women in Compliance podcast. In this episode, the two discuss how ethics and compliance professionals can better amplify their peers and build community, using guidance from Mary’s book Sending the Elevator Back Down. They also explore themes from Mary’s upcoming book on how E&C leaders can make the most impact on their programs with limited resources.

Guest: Mary Shirley

Mary Shirley – Grayscale

Mary Shirley is a New Zealand-qualified lawyer with 18 years of ethics and compliance experience that includes working for data privacy and antitrust regulators, in-house and private practice/consultancy across five countries and four regions of the world.  

Mary co-hosts the Great Women in Compliance Podcast, which aims to create a platform for the outstanding achievements of women in the field and share ideas and provide learning opportunities for everyone in compliance. 

She co-authored the book Sending the Elevator Back Down: What We’ve Learned from Great Women in Compliance (CCI Press, 2020) and has a second book highlighting trailblazing and innovative ideas to level up compliance programs, coming out later in 2023.  

She has been bestowed the honor of being named a Compliance Week Top Mind 2019, Trust Across America 2020 Top Thought Leader in Trust, and Excellence in Compliance Awards 2022 Mentor of the Year. 

Host: Meredith Hunt

Meredith Hunt – Grayscale

Meredith Hunt came to LRN in early 2023 as a formidable compliance generalist, with experience in quality management, project management, regulatory compliance, policy drafting, and compliance program implementation and management. As a self-proclaimed compliance “nerd,” Meredith works as an ethics and compliance specialist on LRN’s Advisory team. In thicapacity, she leads LRN’s code of conduct assessment and benchmarking practice and advises clients on how to incorporate code of conduct best practices. Meredith also manages client projects across a range of industries, including code of conduct development and E&C program evaluations. 

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Governance and Risk Oversight

One of the ongoing questions from members of the Board of Directors is how to resolve the tension between oversight and management. I recently had the opportunity to visit with Joe Howell, former Executive Vice President (EVP) of Workiva, Inc., on this subject. Howell has worked on and with Boards of Directors at various companies, and I wanted to garner his understanding of the role of a Board, senior management, and a Chief Compliance Officer (CCO). Howell’s short response was an excellent starting point for understanding the role; put sand in management’s shoes.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong,” can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer is putting a little bit of sand in the shoe to make sure you’re thinking about things carefully can cause you to step back and focus your resources where they’re needed.”

Howell noted that the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “One perfect example is the reputation of those stakeholders involved in the company, and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell stated, “It’s essential as we go through some ways the Board can help management in that role. I think the things that make a difference to management is when the Board can be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their underlying assumptions and biases.”

A Board is more than just there to be a rubber stamp for senior management. It must exercise independent judgment, action, and oversight. Further, it is the Board’s role to ask hard, difficult, and probing questions to ensure management is doing its job and has considered other risk possibilities.

Three Key Takeaways:

  1. Boards should force management to open up the company to itself.
  2. Boards should be a grain of sand in the shoe of management.
  3. Boards should ensure senior management is aware of and planning for known and unknown risks.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Oversight Role over Internal Controls

Best practices compliance program. The first in Hallmark No. 1 states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources,” which says the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided sufficient information to enable independent judgment?

Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and the compliance function. The Board must ask hard questions and be fully informed of the company’s overall compliance strategy. Lawyers often speak to and advise Boards on their legal obligations and duties. If a Board’s oversight is part of effective financial controls under Sarbanes Oxley (SOX), that includes effective compliance controls. Failure to do either may result in something far worse than bad governance. It may directly lead to an FCPA violation and could even form the basis of an independent FCPA violation. A company must have a corporate compliance program in place and actively oversee that function. A failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Internal controls work together with compliance policies and procedures and are interrelated control mechanisms. There are five general compliance internal controls for a Board or Board subcommittee role for compliance:

Three Key Takeaways:

  1. GTE compliance internal controls are low-hanging fruit. Pick them.
  2. Compliance with internal controls can be both detected and prevented controls.
  3. Good compliance with internal controls is good for business.
Categories
Compliance Into the Weeds

Compliance into the Weeds: PCAOB: Expanding Audit Duties – The Impact and Concerns

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds!

Tom Fox and Matt Kelly are back with another thought-provoking episode discussing the proposed new Audit Standard 2405 by the PCAOB. This new proposal requires auditors to evaluate legal violations and noncompliance that could have a material impact on financial statements. While some people believe this is a good idea, others question the cost and whether audit firms are trained for this task. The discussions covered a range of topics, including internal control evaluations, expanding audit duties, Wells Fargo case study, the potential for increased audit fees, and reporting noncompliance to law enforcement. The hosts urge listeners to read the proposal and provide feedback as the final standard is expected to be approved by the SEC. This is a must-listen for compliance professionals who want to stay up-to-date and think critically about the latest audit news.

 Key Highlights 

·      Auditing Process for Legal and Compliance Issues

·      New Standards for Auditors Beyond Financial Reporting

·      Expanding PCAOB’s Legal Obligations for Auditors

·      Expanding Audit Firm Duties: Impact and Concerns

·      Commenting on Proposed Audit Rule

Notable Quotes:

“This seems like a huge expansion of what auditors have done in the past.”

“Certainly, for example, a large FCPA violation if you’re looking at $1,000,000,000 fine, and that would definitely strike me as material.”

“The proposal to expand the duties of audit firms is a dramatic expansion of what they were previously asked to do, and it is unclear whether they are fully equipped to handle this responsibility.”

“Internal auditors and compliance officers may also have concerns.”

Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: June 14, 2023 – The Digital Nomad Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Why we go into the office now. (Bloomberg)
  • JPMorgan settles with Epstein victims for $290M. (Reuters)
  • Corruption and wildfires. (Eurasianet)
  • The digital nomad goes corporate. (FT)
Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 12 – The Menagerie (Part Two)

In this episode of Trekking Through Compliance, we consider the episode The Menagerie (Part Two), which aired on November 24, 1966, Star Date 3012.4.

This was the original pilot episode presented to NBC. Spock’s trial continues, and the transmitted scene resumes with Pike in 2254 in a cell with a transparent wall. The Talosians begin their “experiment,” which consists of several illusory situations involving Pike and Vina. The Talosians hope that Pike and Vina will mate and find a race of slaves who will reclaim the war-damaged surface of the planet.

That night, Pike can capture the Keeper as he attempts to confiscate the weapons. The captured crew proceeds to the surface. Number One sets her phaser on overload, preferring to die rather than be enslaved. The aliens have found that humans’ “unique hatred of captivity” makes them unsuitable for the Talosians’ plans, which must be abandoned. The crew beams back to the Enterprise.

Back in 2267, the transmission ends as the Enterprise arrives at Talos IV. The court-martial was a ploy to buy time to bring Pike back to Talos IV, where, if willing, he could enjoy the illusion of everyday life. Pike is transported to the planet and rejuvenated Pike.

Compliance Takeaways:

  1. What happens with your counterparty refuses to comply with FCPA requirements?
  2. When the time comes, will you, as a CCO, speak truth to power?
  3. Sometimes failure and being left behind are options.

 Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein for The Menagerie (Part Two)
MissionLogPodcast.com-The Menagerie (Parts 1 & 2)

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board as an Internal Control

James Doty, former Commissioner of the Public Company Accounting Oversight Board (PCAOB) was once asked if the Board or its sub-committee which handles audits was a part of a company’s internal financial controls. He answered that yes, he believed that was one of the roles of an Audit Committee or full Board. I had never thought of the Board as an internal control but the more I thought about it, the more I realized it was an important insight for any Chief Compliance Officer or compliance practitioner as it also applies to compliance internal control.
In the FCPA Resource Guide, 2nd edition, in the Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is in Hallmark No. 1, which states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Doty’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.

A Board’s oversight is part of effective compliance controls, then the failure to do so may result in something far worse than bad governance. Such inattention could directly lead to a FCPA violation and could even form the basis of an independent SOX violation as to the Board.
Three Key Takeaways

  1. A Board must engage in active oversight.
  2. A Board should review the design of internal controls on a regular basis.
  3. Failure to do so could form the basis for an independent legal violation under SOX.
Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 11 – The Menagerie (Part One)

In this episode of Trekking Through Compliance, we consider the episode The Menagerie (Part One), which aired on November 17, 1966, Star Date 3012.4.

This was the original pilot episode presented to NBC. Set in 2267, and the Enterprise arrives at Starbase 11 in response to a subspace call Spock reported receiving from the former captain of the Enterprise, Christopher Pike, under whom Spock had served. Pike cannot move or communicate other than answering yes/no questions with a device operated by his brainwaves. Pike refuses to communicate with anyone except Spock.

Spock, meanwhile, commandeers the Enterprise by means of falsified recordings of Kirk’s voice and orders the ship to depart under the computer’s control. After several hours, upon learning from the computer that the shuttlecraft does not have enough fuel to return to the starbase, Spock brings them aboard and then gives himself up, confessing to mutiny. Mendez convenes a hearing, at which Spock requests immediate court-martial, which requires three command officers. The tribunal begins, and Spock offers as his testimony what seems to be video footage of the Enterprise’s earlier visit to Talos IV in 2254.

In 2267, the scene is interrupted by a message from Starfleet Command, which reveals that the images they have been viewing are transmitted from Talos IV. Mendez is placed in command of the Enterprise, but Spock begs Kirk to see the rest of the transmission.

Compliance Takeaways:

  1. Leaders must take care of themselves as well as their crew.
  2. What does it mean if a deal is too good to be true?
  3. Trust but verify.

 Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein for The Menagerie (Part One)
MissionLogPodcast.com-The Menagerie (Parts 1 & 2)

Categories
FCPA Compliance Report

FCPA Compliance Report – Scott Solomon on Managing Cash Risk Through Compliance

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Join Tom Fox on the FCPA Compliance Report as he discusses with Scott Solomon, the CEO of Operational Security Solutions (OSS), how they manage compliance and ethical considerations around cash management, particularly for high-risk customers.

In this episode, they talk about the importance of compliance in the financial industry and how OSS helps financial institutions manage their portfolio through best practices. The podcast also touches on the challenges faced by legal cannabis businesses and the gaming industry regarding compliance and cash operations. Listeners will get insights into boutique cash and transit providers’ role in navigating licensing and permitting requirements for cannabis-related cash operations. This informative podcast concludes with contact information and an eagerness to continue the conversation. Don’t miss out on the insights shared in this episode. Tune in now to FCPA Compliance Report with Tom Fox and Scott Solomon.

 Key Highlights:

  • Challenges of Compliance in Handling Cash Transactions
  • Challenges of Compliance in Regulated Industries
  • Cash delivery in the legal cannabis industry
  • Risk Management for Financial Businesses

Notable Quotes

“Our primary customer or partner is a financial institution. So when you look at secure cash management and logistics, it boils down to our specialty is moving cash, and we have the ability in the compliance background to help financial institutions support their high-risk customers.”

“OSS was founded around compliance. A group of former law enforcement personnel, special military operators, and federal regulators got together and saw an opportunity to initially start by consulting.”

“We work with the customer. It doesn’t help us, and it doesn’t help the bank if the customer goes off the rails and becomes non-compliant. So, we want to educate them.”

“I come out of the anti-corruption compliance space; we’ve always looked to the casino world as one of the leaders around AML work simply because it was in their business interest to do.”

Resources

Scott Solomon on LinkedIn

Operational Security Solutions

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Boards Inquiring Up and Down

Where does “tone at the top” start? It is with public and most private U.S. companies at the Board of Directors. But what is the role of a company’s Board in compliance? First, a Board should not engage in management but oversee a CEO and senior management. The Board asks hard questions, risk assessment, and identification.

These factors can be easily adapted to compliance and ethics risk management oversight. Initially, it must be necessary that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive regular reports on the company’s compliance program’s structure, actions, and self-evaluations. From this information, the Board can oversee any modifications to managing FCPA risk that should be implemented.

Three key takeaways:

  1. A Board Compliance Committee should provide oversight, not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and profitable.