In today’s edition of Sunday Book Review:
Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, we are now less than six months away from a new Revenue Recognition (“new rev rec”) standard, which may significantly impact the compliance profession, compliance programs, and compliance practitioners. I visited with Joe Howell, Executive Vice President (EVP) at Workiva Inc., and asked him if he could walk me through some key changes and how they might impact compliance. FASB recognized that its revenue recognition requirements around the U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new rev rec standard. The implementation will be a massive undertaking. According to Howell, “The accounting standard is 700 pages long, and in the US accounting literature, it replaces over 200 other pieces of accounting guidance on revenue.” The official name is “Revenue from Contracts with Customers,” and Howell noted there are a “lot of surprises, and the thing that is true for almost everybody is that they are going to be facing some level of change in the way they account and report revenue. They will most certainly have to change how they disclose their revenue-related things. Included in the revenue standards are over six pages worth of new disclosure requirements.” One of the key differences in this new rev rec standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. Howell thinks this will pressure auditors “to get comfortable with what the company provided them and which they incorporated into their decision-making process in forming an opinion. This is quite different for disclosure control because the auditor’s typically not relying on those.” This will create risks for auditors adjusting to the new rev rec standard because as they learn more about it and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it. This is important to the compliance profession and the compliance practitioner because internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement it. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation that companies must inform the SEC about the accounting policies that they are changing and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. Howell believes “The SEC is making it clear that this is a real compliance issue.” Moreover, the SEC has indicated that these disclosures are central to the new rev rec standard. Howell said, “typically, if a company has some sort of failure in their disclosures for an accounting standard, they’re treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting.” While disclosure of internal controls might not typically bring Section 404 scrutiny, they may now do so under the new rev rec standard. Howell articulated that when performing a financial audit, an auditor would usually not rely on a disclosure control in the past. However, under the new rev rec standard, if there is a change during the year in how an auditor views a disclosure control, it could require them “to go back and either figure out if the audit work that they did is tainted and they need to go back and do that work in the form of substantive testing, or they need to go back to see if there were mitigating controls that were in place that still allowed them to rely on the internal control processes to get comfortable with what the company provided them and which they incorporated into their decision-making process in forming an opinion. This is quite different for disclosure control because the auditor’s typically not relying on those.” Of course, this is overlaid with the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of materiality standards. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls. Yet there are other tie-ins into compliance that the compliance practitioner needs to understand and prepare for going forward. The prior rev rec standard was rules-based. As a lawyer, that was an approach I was quite comfortable with both from a learning standpoint and communicating with business folks. But now, the standard is much more judgment-based, and when a standard is more judgment based, there can be more room for manipulation. Howell explained the response by compliance is “making sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgments that managers must make as they report their revenue under the new standard; and that those judgments themselves are properly documented.” This final point demonstrates the convergence and overlap between the compliance profession, compliance programs, and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. They can also be used to gather the information that will be presented to auditors under the new rev rec standard. Many professionals are focused on the new rev rec from the auditing and implementation perspective. However, suppose you are a Chief Compliance Officer (CCO). In that case, you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.
Three Key Takeaways
For more information on improving your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The new FASB rev rec standard has significant implications for the compliance practitioner going forward.]]>
As drumheads worldwide mourn the death of Rolling Stones drummer Charlies Watts and Jay goes ‘on the road’; Tom is joined by special guest host, Kristy Grant-Hart to look at some of this week’s top compliance and ethics stories which caught their interest on This Week in FCPA in the Charlie Watts Tribute edition.
Stories
1. Is ESG replacement for government inaction? Lawrence Heim in practicalESG.
2. Why compliance should lead the ESG effort. Kristy Grant-Hart in Compliance Kristy
3. What did the current Freddie Mac CCO learn from the 2008 financial crisis? Mengqi Sun in WSJ Risk and Compliance Journal.
4. What is ‘intentional integrity’? Aly McDevitt in Compliance Week.
5. Defense industry struggles with cybersecurity. Matt Kelly in Radical Compliance.
6. How has the pandemic impacted the ABC fight in Latin America? Geert Aalbers in the FCPA Blog.
7. More oral argument as both sides appeal Hoskins trial verdict. Dylan Tokar in WSJ Risk & Compliance Journal.
8. Debunking attacks on the Business Roundtable’s Statement on the Purpose of a Corporation. Marty Lipton in Harvard Law School Forum on Corporate Governance
9. The Mozambique hidden debt scandal. Rick Messick in GAB.
10. What happens to compliance when you have a fractured C-Suite? Mike Volkov in Corruption Crime and Compliance.
Podcasts and Events
11. On Innovation in Compliance this week I interview Kristy Grant-Hart, Joe Murphy and Kirsten Liston about their latest book, The Compliance Entrepreneur. Check out the show here.
12. On The Compliance Life, in August I visit with Kortney Nordrum CCO at Deluxe. In Episode 1, from Red Wing to Israel. In Episode 2, From Freddie Mac to the law. In Episode 3, how Kortney found her professional passion – Compliance.
13. Compliance Week is having an open house this month as they have dropped their firewall. You can check out the entire publication for no charge. Check it out here.
14. Breaking News features The Compliance Handbook, 2nd edition. Check out the Breaking News feature here. Purchase The Compliance Handbook, 2nd edition here. Find out more about The Compliance Handbook, 2nd edition in an upcoming Zoom webinar, on Wednesday, September 1 at 8:30 AM ET; hosted by the Azevedo Sette law firm and Charles River Associates. To RSVP email tcintra@azevedosette.br
15. Join K2 Integrity September 15 for a round-table discussion as we reflect on the 20th Anniversary of September 11 and consider its impact on countering terrorist financing and illicit financing, and the continuing risks to national security. The roundtable will include members of the team that spearheaded the post-9/11 counter illicit finance regime: Juan Zarate, Chip Poncy, Danny McGlynn, moderated by Dr. Michele L. Malvesti. Information and Registration here.
16. The week of 9/11, Tom will run a 6-part special podcast series on Looking Back on 9/11. In this series he will visit with professionals from a variety of compliance perspectives who will discuss how 9/11 changed our profession, including three who were in NYC during the attacks. Check it out on the Compliance Podcast Network.
17. Tom pays tribute to Charlie Watts.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Special guest host Kristy Grant-Hart can be reached at kgranthart@sparkcompliance.com.
In this episode, CSS’s Executive Director, Jackie Hallihan and Senior Consultant, Adam DiPaolo discuss observations on the mood of compliance, with predictions of heavy regulatory activity, and key areas of focus including enforcement, ESG, cryptocurrency, whistleblowers and cybersecurity.
Jackie Hallihan is the Co-Executive Director of CSS’s Compliance Services team and has over 25 years’ regulatory and risk management experience. She was the founder of National Regulatory Services (NRS) which started the compliance resource business and served as its President for over 20 years. She also founded the National Society of Compliance Professionals (NSCP), a non-profit organization for compliance officers, staff and lawyers serving the compliance industry. It now boasts over 2000 memberships. Jackie has been a leading speaker to compliance professionals, including in-house training programs and various other industry association conferences, and has received numerous industry awards. Jackie also serves as Director, Clerk of the New England Broker Dealer Investment Adviser Association (NEBDIAA), a non-profit organization, incorporated in 1997. The purpose of NEBDIAA is to provide a forum for the professional exchange of information among investment advisers, broker dealers, and persons who provide services to investment advisers and broker dealers, and to direct communication among its members which will improve their ability to serve the needs of their respective clients. The forum will help NEBDIAA’s members meet the increased regulatory demands placed on investment advisers, broker dealers, and persons who provide services to investment advisers and broker-dealers.
The Regional Compliance Committee operationalizes compliance into the Company’s Regional operations where the business operates. This approach follows the Department of Justice mandate, articulated in the Department’s FCPA Pilot Program, for companies to move the doing of compliance down into the organization’s business. The make-up of the Regional Compliance Committee, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization, which allows a fuller, richer, and more holistic approach to compliance advice. It adds a dimension not often seen or discussed in the compliance profession. The accountability and oversight down to the Regional level and the compliance monitoring, reviewing, assessing, and recommending deemed necessary will provide additional endorsements to the organization that it is doing compliance. The Regional Compliance Committee can provide a unique structure to perform these functions.
Key Takeaways:
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Regional Compliance Committee is uniquely suited to drive compliance down into the fabric and DNA of an organization.
These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company. My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance, and document, document, and document.
Three Key Takeaways
This month’s series is sponsored by Advanced Compliance Solutions and its new service offering, the “Compliance Alliance,” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes an FCPA and compliance boot camp, a one-month podcast series sponsorship, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision-makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.
Key Takeaways
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
As Texas’ Governor-Mr. Personal Responsibility-himself comes down with Covid after refusing to engage in ‘personal responsibility’, Tom and Jay are back to look at some of this week’s top compliance and ethics stories which caught their interest on This Week in FCPA in the Personal Responsibility edition.
Stories
Podcasts and Events
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
The Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board could raise its level of substantive expertise concerning regulatory and compliance matters by adding a compliance member to the Board. Such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective. He stated, “I have witnessed firsthand that companies with a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is, they typically point to a lawyer, auditor, risk manager, or ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.
Key Takeaways
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.
In this episode, CSS’s Director of Retail Wealth Manager Services, Korrine Kohm and Founder of Transition To RIA, Brad Wales discuss the path to becoming an independent registered investment adviser, best practices to get started on your journey and compliance pitfalls to avoid.
Korrine Kohm is CSS’s Director of Retail Wealth Manager Services. Prior to CSS, Korrine was the Chief Compliance Officer and Head of Operations at Estabrook Capital Management where she was responsible for all compliance functions of this SEC-registered, $2.1B investment advisory firm. Korrine began her regulatory career while working at Allied Irish Bank (NY) in the Operations Department where she was a key member of AIB’s Compliance Committee, responsible for ensuring compliance with Federal and State regulations. An active member of the National Society of Compliance Professionals for over 10 years, Korrine earned her Investment Adviser Certified Compliance Professional (IACCPTM ) designation in 2006, is a member of the Association of Certified Fraud Examiners, and obtained her Certified Fraud Examiner designation. In addition to her experience in compliance and banking, Korrine began the 16-week intensive training course in Quantico, Virginia, to become a Special Agent with the Federal Bureau of Investigation. She has particular experience in crafting customized policies and procedures, developing and implementing compliance programs, conducting on-site compliance reviews, acquisition due diligence reviews, risk assessments and mock SEC examinations. She routinely counsels clients on various regulatory matters, including SEC registration issues, social media and advertising, policies related to diminished financial capacity, disclosures and the annual review process.
