Tag: compliance

Categories
Coming Conflict with China

Coming Conflict with China: Part 5-Good Compliance Is Good Business

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably towards a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? In this special 5-part series, Tom Fox and Brandon Daniels, CEO of Exiger, a global leading third-party and supply chain management software company, explore issues diverse as real danger, supply chain, exports, cyber-attacks and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In concluding Part V, we consider the roles of governments, businesses and thought leaders in leading the US business efforts in this coming conflict.

After uncovering a “constellation of disconnected issues” that are actually interconnected, Brandon Daniels must use regulation, funding and evangelism to incentivize public markets, combat the cyber threat and prevent conflict with China in order to protect national security. We discuss the importance of good compliance to good business; explore the government’s role in regulating cyber security, funding infrastructure upgrades, and incentivizing public markets and the role of businessmen and thought leaders. He also noted how conflicts with China can put companies out of business and the essential role of compliance in weathering the storm. His ultimate conclusion was that “good compliance is good business.”

Key Highlights
1. How has the government’s role changed in responding to the constellation of interconnected business and legal issues present today?

  1. What role do the public markets play in incentivizing investments in new technology and alternative energy?
  2. How can a company ensure good compliance to ensure good business?

Notable Quote

“Good compliance is good business – we saw that so unbelievably clearly during the pandemic, and I think we could learn something from an old adage and renew that view that good compliance process is good business process.”

Resources

Exiger

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Other episodes in this Series:
Episode 1-From Potential Conflict to Real Danger

Episode 2-Supply Chain Issues

Episode 3-Exports and Rebalancing the Global Economy

Episode 4-Cyber Spying and IP Theft

Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Good Compliance is Good Business

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In concluding Part V, we lay out the business response to the coming conflict with China-good compliance.

In the face of rising tensions with China, it’s essential for businesses to take proactive steps to protect themselves. In the fifth and final episode of our five-part series on the coming conflict with China, we outline the integral roles of government, public companies, businesses, think tanks, consultants, product providers, and service providers in addressing the challenge. The  importance of compliance as good business practice cannot be overstated. We also discuss the strategies of risk assessment and risk management necessary to weather the coming storm.

Here are the steps you need to follow to create good compliance in your organization to help you meet the China challenge.:

  1. Identify risks
  2. Assess risks
  3. Implement a risk management strategy
  1. Identify risks

 The first step in addressing the upcoming conflict with China is to identify risks. This can be done by looking at the transcript and thinking about what risks are present in the context of the conversation. For example, the transcript mentions potential conflict with China, cyber intrusions, human rights abuses, national security threats, and IP theft. All of these topics should be considered potential risks that need to be assessed.

One of the main risks is the economic and national security threat that comes from insider threats. This includes cyber intrusions, credential theft, and other malicious activities. Additionally, public companies need to be aware of the potential for IP theft, human rights abuses, and other forms of economic sabotage. It is also important to understand the need for investment in cyber hardening, diversification away from China, and incentives for public markets. Finally, businesses must be aware of the need for risk assessment and risk management strategies, as well as the need to monitor and upgrade those strategies as necessary. All of these risks must be identified in order to effectively address the coming conflict with China.

  1. Assess risks

Once the potential risks have been identified, the next step is to assess the likelihood of the risks and their potential impacts. This can be done by looking at past experiences and current trends. It is also important to consider the potential of the risks, as well as the severity of the impacts. For example, if a risk involves cyber intrusions, it is important to consider the potential for data theft, as well as the impact of a data breach on the company’s reputation.

Finally, it is important to look at the potential solutions for the identified risks. This can be done by looking at the solutions that have been suggested in the transcript, such as regulation, funding, and raising awareness. It is also important to consider the potential costs and benefits of each solution, as well as the potential for implementation. By assessing the risks, the solutions, and their potential impacts, businesses can develop an effective risk management strategy.

 3. Implement a risk management strategy

A risk management strategy is essential for preparing for a potential conflict with China. This strategy should involve identifying risks, assessing the potential impact of each risk, creating a plan to manage each risk, and monitoring the implementation of the risk management plan. Government regulators can lead this effort by raising awareness of the interconnected issues and prioritizing the expenditure of resources to mitigate risk. Additionally, incentives can be provided to public companies to invest in risk mitigation strategies. Businesses should also take the initiative to assess their own risks and create plans to reduce them. This can be done through utilizing existing technology to make processes more efficient and cost effective. Finally, raising awareness is essential to ensure that everyone is aware of the potential risks posed by the conflict with China. This can be done through education and providing resources to help people understand the risks and how to mitigate them.

The coming conflict with China presents numerous risks to businesses, governments, and the public at large. It is essential to assess the risks, create a risk management strategy, and implement it. By taking the initiative to identify, assess, and manage risks, businesses can protect themselves and stay competitive in this ever-changing landscape. The bottom line is good compliance is good business because good compliance is good business process. With the right knowledge, tools, and strategies, you too can be prepared for the coming conflict with China and protect your company from potential risks.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures-Why Business Ventures are Different than 3rd Parties

Business ventures, whether JVs, partnerships, franchises, team agreements, strategic alliances or one of the myriad types of business relationships a U.S. company can form outside the U.S., are different than the usual risk presented by third-parties under compliance requirements such as those mandated by the FCPA. The problems for companies is that they tend to treat business venture risk the same as third-party risk. They are different and must be managed differently.

The bottom line is that may compliance practitioners have not thought through the specific risks of business ventures such as JVs, franchises, strategic alliances, teaming partner or others as opposed to sales agents or representatives on the sales side of the business. I hope that this will help facilitate a discussion that maybe people will begin to think about more of the issues, more of the risk parameters and perhaps put a better risk management strategy in place.
Three key takeaways:

  1. Business ventures bring different FCPA risks from third-parties.
  2. JVs have both external compliance risks and corporate governance risks.
  3. Use your full compliance tool kit for business ventures in managing the FCPA risk for franchises.
Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Cyber Spying and IP Theft

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, President of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part III, we consider export issues of US companies and rebalancing the global economy.

As tensions between the US and China continue to grow, so too does the threat of cyber espionage and intellectual property theft. According to the Pentagon, China-linked economic espionage cases have jumped 1300% over the past decade, and nearly half of all counterintelligence cases now involve China. Daniels sheds light on how China is stealing American Intellectual Property (IP) through intelligence services, nontraditional developers, academic partnerships, and hidden ownership of companies in the supply chain.

We not only consider the extent of China’s IP theft but provide some concrete steps for American companies to protect their crown jewels and seek recourse if they become the victim of cyber espionage. With trillions of dollars at stake, the US companies can no longer afford to be unprepared.

Here are some steps you can take for protection.:

  1. Protecting crown jewels by having stricter, more active and proactive containment of technologies that are subject to export control laws.
  2. Monitoring and identifying where there could be IP leakage through better due diligence of vendor and customer ecosystems.
  3. Taking aggressive action to show China that any IP theft will be discouraged and the company will be remunerated for it.
  1. More active and proactive containment of technologies

The first step to protecting your organization’s crown jewels from China’s non-kinetic warfare is to have stricter, more active, and proactive containment of technologies subject to export control laws. This means that public companies need to understand what are their “crown jewels” and how to protect them. They should be more aware of who their suppliers and customers are, and where those technologies are going. Your organization needs to be willing to call out and enforce international trade violations. This requires better due diligence when it comes to their vendor ecosystems, customer ecosystems, and where your organization is buying their technology from. Companies also need to ensure that they have contractual clauses around confidentiality and exposing information so that they can have legal recourse if their intellectual property is stolen. Finally, they should be willing to get serious and aggressive to show China that they will be remunerated for taking their IP.

  1. Monitoring and identifying IP leakage

Monitoring and identifying where there could be IP leakage through better due diligence of vendor and customer ecosystems is a critical step in protecting intellectual property (IP) from theft. To begin this process, companies must understand their supply chain and customer ecosystem(s) to identify any potential areas of vulnerability. Companies should consider conducting background checks on their vendors, as well as tracking and monitoring the movements of their customer data and products. Additionally, companies should be aware of any suspicious activity in their customer and vendor ecosystems and take steps to protect against any potential IP theft.

Companies should be aware of any trade regulations or laws that could be applicable to their products, and take the necessary steps to ensure they are compliant. Additionally, they should consider utilizing insurance or other risk mitigation methods to reduce the potential of IP leakage or theft. Finally, companies should be prepared to take legal action to enforce their IP rights if necessary. This could involve filing lawsuits or engaging in international trade court proceedings to seek remedies for any IP violations. By monitoring and identifying areas of potential IP leakage, companies can better protect their IP and ensure that it is not stolen or misused.

  1. Take aggressive action

Taking aggressive action to show China that any IP theft will be discouraged and the company will be remunerated for it. In other words, use the Rule of Law to not only protect your IP but also aggressively go after any IP theft through civil litigation. This all starts with protecting your crown jewels, which means having stricter containment of technologies that are subject to export control laws, and specifically doing this with regard to China. Companies should also monitor and identify potential areas of IP leakage, such as suppliers, customers and vendors, and perform better due diligence to ensure that the technology is not falling into the wrong hands. Finally, companies should not be afraid to take their cases to court. For example, Tang Energy Group successfully sued Aviation Industry Corp. of China, or AVIC for stealing their wind turbine technology and won a settlement in the tens of millions of dollars. By taking legal action, companies can demonstrate to China that any IP theft will not be tolerated and that they will be held accountable for their actions.

The threat of cyber espionage and intellectual property theft from China is real, and companies need to be aware of the implications and take action to protect their crown jewels. Companies should consider a three-step plan for protecting their IP and seeking recourse if it is stolen, including stricter containment of technologies that are subject to export control laws, monitoring and identifying potential areas of IP leakage, and taking aggressive action to show China that any IP theft will not be tolerated and will be remunerated. With the right steps in place, companies can protect their IP and ensure it is not stolen or misused. Take control of your IP today!

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures – Distributor Liability Under the FCPA

Three enforcement actions made clear that there were no distinctions between agents and distributors. They were the Smith & Nephew, Inc., Oracle (2012 and 2022), and Eli Lilly and Company. Each of these enforcement actions had different FCPA violations, and they each revealed separate steps a company should take to prevent and detect FCPA violations in their company.

These three separate bribery schemes call for three different but overlapping responses. The Lilly enforcement action also makes clear the need for internal audits to follow up with ongoing monitoring and auditing. Internal audit can help determine the reasonableness of a commission rate outside the accepted corporate norm. The 2012 and 2022 Oracle enforcement actions demonstrated that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Smith & Nephew did not perform sufficient due diligence on these distributors, nor did they document any.

Further, the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose the company wished to hide from Greek authorities. While it is true that a distributor might sell products in a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

Three Key Takeaways:

  1. Use auditing and monitoring.
  2. Distributors will be treated the same as other business ventures.
  3. Robust due diligence must be performed.
Categories
Coming Conflict with China

Coming Conflict with China: Part 3 – Exports and Rebalancing the Global Economy

In the short span of the 21st Century, the world’s top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? In this special 5-part series, Tom Fox and Brandon Daniels, CEO of Exiger, a leading global third-party and supply chain management software company, explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part III, we consider issues related to US exports to China and markets for US products if the China market is closed off to US companies.

The US-China conflict is intensifying, and as a result, businesses that export to China are feeling the strain. US companies exported nearly $149 billion worth of goods to China, but China still exports over $400 billion to the US. Do these trade deficits still matter? What happens when your biggest customer is no longer available? How do you go about finding new markets and reshoring customers? Join us as we explore this and other export issues in Part 3 of this special five-part series.

Key Highlights:

1. The importance of balancing the US-China economic relationship in light of the current crisis.
2. How does a business consider customer location an existential risk?
3. The potential for global economic rebalancing through collaboration between democracies.

Notable Quote

“We have to figure out how to make this a global market and ensure that this doesn’t just become some sort of nationalistic retrenchment.”
Resources

Exiger

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Other episodes in this Series:
Episode 1-From Potential Conflict to Real Danger

Episode 2-Supply Chain Issues

Categories
FCPA Compliance Report

Khayot Salijanov – Compliance in Uzbekistan

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Khayot Salijanov, a Master’s Degree candidate at the University of Pittsburgh. He is originally from Uzbekistan, and we discuss compliance in emerging markets. We discussed the history of compliance and corruption in Uzbekistan and the government’s steps to increase compliance through laws like public procurement and creating an anti-corruption agency. Khayot then provides insight into the two biggest challenges faced in 2020, communication and conducting effective investigations, as well as emphasizing the importance of leadership buy-in. Finally, Khayot suggests that to start a management consulting career; one should focus on creating relationships and ownership, creating value, and gaining leadership buy-in. 

Key Highlights

·      The History of Compliance In Uzbekistan

·      Protecting Yourself When Doing Business in Uzbekistan

·      The Importance of Leadership Involvement in Creating a Robust Compliance Program

·      Creating Business Value Through Compliance Programs

 Notable Quotes

·      “And also it has a good program, a good tailored program, including ethics and risk management also sustainable business issues, which I’m interested in because I think sustainable business is part of compliance.”

·      “It’s essential to create family-based ownership to achieve success.”

·      “The government’s anti-corruption and anti-bribery policy has changed drastically.”

·      “Absolutely. Thank you for inviting and having me, Thomas. I have a lot of things to tell our listeners about Uzbekistan, specifically about compliance.”

·      “These events mark the beginning of designing and implementing corporate compliance standards in the private sector.”

Resources

Khayot Salijanov on LinkedIn

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

Following the Money Through Distributors

Polycom came to FCPA grief in China, as have many other US companies. The bribery scheme was long running, occurring from 2006-2014. They included the creation of an off-the books accounting and recordation system for corrupt payments made by or on behalf of Polycom China. The money to fund these bribes came through variations of the basic bribery scheme. There would be a discount between the price reported to Polycom and that paid by the buyer. These discounts were not passed on to the end customer, but instead were intended to cover the cost of the payments the distributors made to the Chinese government officials.

In other words, this discount would form the basis of the pot of money to pay the bribe.
The Chinese business unit was equally creative with the reasons for the discounts, which were listed in the CRM. Polycom China usually cited competition with one or more vendors was required to give discounts on pricing. They also claimed that some end-using customers refused to pay full price. However these were all false excuses entered into the CRM to hide the truth from auditors and others charged with reviewing and approving the discounts.
Three Key Takeaways

  1. Channel your inner Woodward and Bernstein and follow the money.
  2. Simply because some type of compliance oversight is difficult or requires extra effort, it is no excuse not to monitor.
  3. Channel you inner Ronnie Reagan as well and ‘trust but verify.
Categories
Blog

Coming Conflict with China-Business Challenges and Responses: From Potential Conflict to Real Danger

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO and President of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part I, from potential conflict to real danger.

It is time to ask some tough questions and come up with robust responses to the challenges. With China’s increasing attempts to subvert the US economy, decrease transparency of its business practices, and the use of its blocking statutes that protect its companies from US laws, the situation is becoming increasingly challenging. What steps can you take to safeguard yourself and your business? Join us to explore these questions and more in this special series.

Here are the steps you should follow to begin to think your organization’s business and operational security.:

  1. Identifying potential threats and risks in the global business and commerce ecosystem.
  2. Developing a strategy to diversify the global supply chain to mitigate risks and increase security.
  3. Finding alternate sources of supply and production in different countries to create redundancy and increase diversity.

1.Identifying potential threats and risks

Identifying potential threats and risks in the global business and commerce ecosystem requires an understanding of how geopolitical tensions and economic coercion can impact businesses and markets. When looking at the arrests of Mintz’s Group employees in Beijing and the potential for China to subvert our global free market, it is important to consider how Chinese investments in critical technologies, like battery plants, and their control of resources, like cobalt and copper, could be used to manipulate the market. It is also important to be aware of China’s attempts to restrict access to economic policies, like tariffs, that make it cheaper to manufacture in China than in Vietnam or Malaysia. It is important to consider the impact of China’s annexing of other countries, their blocking statutes, and their potential to use Uighur forced labor in their garment industry, all of which could lead to human rights issues. By understanding the potential threats and risks, businesses can be better prepared to put appropriate measures in place to protect their data, their people, and their customers.

  1. Developing a strategy to diversify your global supply chain 

Developing a strategy to diversify the global supply chain to mitigate risks and increase security is a crucial step in mitigating potential risks associated with China’s increasing adversarial activity. To ensure the safety and security of a company’s supply chain, it is important to diversify its sources of supply, especially for critical infrastructure such as logic bearing circuitry and pharmaceutical ingredients. Your organization should think twice before accepting a cheap bid from a Chinese company and instead diversifying to sources from countries such as Japan, South Korea, the United Kingdom, and the United States. By diversifying supply chain sources, companies can ensure that they are not over-dependent on any one country, and can also take advantage of premium pricing that comes with diversity, security and redundancy in their commerce.

  1. Finding alternate sources of supply and production

Finding alternate sources of supply and production in different countries to create redundancy and increase diversity is an important step in mitigating risk in a highly unpredictable geopolitical environment. To do this, you should start by looking into local manufacturing capabilities and taking the opportunity to support companies from other countries, such as Japan, Korea, the UK, the US, Mexico, and Canada. These countries may be more reliable in their political stability and may offer a premium for the security that comes with diversity. Additionally, it is important to investigate the state of the industries in these countries and what investments they are making. For example, Japan is investing heavily in their electronics sector, Korea in semiconductors, and the US and Canada in AI. To ensure your business is protected, you should also consider investing in a backup plan in case of disruption from your current source. This could involve researching other suppliers, negotiating contracts with them, and training staff and operations to use them. By investing in these alternate sources and plans, you will be able to create redundancy and increase diversity in your supply chain, ultimately making your business more secure.

The importance of identifying potential threats and risks in the global business and commerce ecosystem and developing a strategy to diversify the global supply chain to mitigate risks and increase security cannot be overstated. You should be working to find alternate sources of supply in different countries to create redundancy and increase diversity. By taking the necessary steps to understand the potential risks of doing business with China, businesses can be better prepared to protect their data, their people, and their customers. Opaqueness is the foe of transparency.  With the right knowledge and strategy, you too can ensure the safety and security of your business.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
FCPA Compliance Report

Erica Salmon Byrne on 2023 World’s Most Ethical Companies

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined Erica Salmon Byrne, President of Ethisphere, to discuss the World’s Most Ethical Companies awards. Byrne explains the evaluation process and what types of areas are investigated. She highlights how the list has fluctuated over the years and the importance of a company’s people practices. Through the cross functional scorecard, companies can measure their performance compared to a global index.

We discuss the importance of “ethics premium” and the scorecard process. To measure the value of a company’s people practices, the survey demonstrated an outperformance of 13.6% against a comparable global index. Byrne also gives information to listeners on where to find more information on the world’s most ethical companies. Tune into this episode of the FCPA Compliance Report and learn more about the World’s Most Ethical Companies. 

Key Highlights

  1. What is the World’s Most Ethical Companies® recognition?
  2. How long has Ethisphere recognized the World’s Most Ethical Companies?
  3. What are criteria Ethisphere considers during the evaluation process? What is the evaluation framework.
  4. What are the benefits of applying for the World’s Most Ethical Companies?
  5. Even if a company is not selected, what are some of the benefits?
  6. What is the Ethics Premium and what was the 2023 Ethics Premium? 

 Notable Quotes

“What does the recognition itself mean? So, you know, it’s  really interesting, Tom. Because I I’ve asked a lot of honorary companies about that. And I  particularly liked the way 1 company phrased it to me when I was talking to them last week, and they said, look, there are lots and lots of times that companies get recognized for messing up.”

“We’re looking at the ways you are thinking about, your impact on the communities in which you operate. We are looking at your ethics and compliance program initiatives. We’re looking at the way you are governing your programs both at the board level and at the C suite level. We’re looking at your leadership and your reputation.”

“I’ve had multiple compliance officers tell me that their best self-assessment work is just reading the red line of our survey every year and asking themselves would I answer this new question from Ethisphere?”

“Are there questions on this survey I can’t answer without going and speaking to somebody else? Do I know who that person is? And if not, why not? Because all of those relationships are critical relationships to operating your program well.”

 Episode Links

World’s Most Ethical Companies