Tag: compliance

Categories
Into the Chair - Tales from Chief Compliance Officers

Into The Chair, Tales from Chief Compliance Officers: The Journey of Maria D’Avanzo

Welcome to the latest edition of the Compliance Podcast Network: Into the Chair: Tales from Chief Compliance Officers, which details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Into the Chair: Tales from Chief Compliance Officers is a COMPLY podcast hosted by Tom Fox and is a production of the Compliance Podcast Network. In this inaugural episode, I visit with Maria D’Avanzo.

Maria D’Avanzo is a seasoned professional in the legal and compliance field, with a career that has spanned from litigation to estate work to compliance. Maria’s perspective on adaptability and continuous learning in legal and compliance roles is rooted in her own career trajectory, which has seen her successfully transition from being a litigator to opening her own law practice, and eventually becoming a compliance officer. She believes the key to success in these roles is the willingness to learn new skills and take on new challenges, even outside one’s comfort zone.

Maria also underscores the importance of transferable skills such as analytical and research abilities, critical thinking, and the capacity for advocacy and persuasion, which she honed as a trial lawyer and have been instrumental in her compliance career. Join Tom Fox and Maria D’Avanzo in this episode of the Into the Chair podcast as they delve deeper into the importance of adaptability and continuous learning in legal and compliance roles.

Key Highlights:

·      Maria’s transformation into a compliance officer

·      Navigating the Legal Field: Learning and Advocacy

·      Advocacy skills and the value of compliance

·      Navigating Compliance Challenges in Regulated and Non-Regulated Corporate Sectors

Resources:

Maria D’Avanzo on LinkedIn

COMPLY

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Episode 123, Shout Outs and Rants – The Spanish Kiss Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Matt Kelly and Karen Woody, with Tom Fox hosting on this episode of our fan fav Shout Outs and Rants section.

1. Matt Kelly rants about the US Federal Courts not allowing television cameras and says we need the Trump trials televised in federal courts.

2. Karen Woody shouts out to the Barbie movie.

3. Tom Fox shouts out to Megan Rapinoe for great professional career and her social activism while a member of the USWNT.

4. Jay Rosen shouts out SOCAR, the South Orange County Compliance and Ethics Roundtable.

5. Jonathan Armstrong shouts out Sgt. Graham Saville lost his life helping a person in distress.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks can be reached at jtmarks@gmail.com.

•       Special Guest Kristy Grant-Hart is the founder of Spark Consulting.

The host and producer, ranter of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending September 2, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

·       280K Euros seized from MEP son’s apartment. (TVP World)

·       Businesses need Chinese predictability. (NYT)

·       Gensler unleased regulatory blitz. (FT)

·       Goldman Sanctioned for ephemeral messaging compliance failures. (WSJ)

·       China crackdowns rips through health care industry corruption. (FT)

·       Switzerland unveils money-laundering crackdown. (FT)

·       3M settles FCPA action. (WSJ)

·       Imprisoned Kazakh tycoon may be released. (RFE/RL)

·       Do you really need incentives to operate safely? (Reuters)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Protecting Personal Data in the Banking Industry: Lessons from the Farage Controversy

Today I want to consider a burgeoning imbroglio in the UK involving Nigel Farage. While you might not think of Farage as a candidate for the FCPA Compliance Blog, it turns out that his current banking situation has some very interesting data privacy issues, shedding light on the data protection risks faced by banks and the importance of compliance with GDPR regulations. So in this blog post, we will explore the lessons learned from this incident and provide practical advice for financial institutions to ensure the security and privacy of customer information.

The recent episode surrounding Nigel Farage’s banking situation has sparked concerns about data protection and compliance within the banking industry. Farage, a prominent figure in the Brexit movement, had his bank account with Coutts, a high-end bank owned by NatWest, closed and was offered an account with another associated bank. The alleged reason was that he did not have a high enough net worth to merit the account with Coutts. It turned out the real reason was his right-wing politics, particularly around leading the charge for Brexit.

NatWest then compounded its problem by leaking a story to the BBC, that Farage had been dropped because, as reported in the Guardian, the CEO of NatWest, Dame Alison Rose had been the source of the leak to the BBC of this false information. All of this raised concerns about a potential data breach. Coutts had closed his account after lengthy discussions over the reputational risk that his political views posed for the bank.

Rose tried to apologize to Farage but as the New York Times reported, “The apology and a promise to review the bank’s policies were not enough to ease the pressure on Ms. Rose. Reports late Tuesday that the government, which has a 39 percent stake in the bank, was “significantly concerned” about Ms. Rose’s leadership seemed to seal her fate. Before dawn, the bank announced her immediate departure” in late July. Peter Flavel, the boss of its private bank, Coutts was also sent packing.

From the regulatory, data privacy and GDPR responses, NatWest is in severe trouble. Not only had the Bank violated its own data privacy regulations in providing the information to the now former CEO but it also released that same information to the BBC. The consequences of non-compliance with GDPR regulations can be severe, particularly in regulated industries like financial services. Banks may face potential violations and internal policy breaches, which could lead to legal action and impact their banking license and fit and proper provisions. CEOs can be held liable for consent and connivance in data protection cases, emphasizing the importance of understanding data protection laws and potential criminal offenses associated with them.

The controversy surrounding Nigel Farage’s banking situation serves as a wake-up call for the banking industry to prioritize data protection and compliance. Financial institutions cannot afford to overlook these issues, as the consequences in the era of GDPR can be significant. It is crucial to establish proper policies and procedures, provide training and education for top-level management, and ensure a compliance culture is embedded throughout the organization.

There are multiple lessons to be learned from this controversy and several key takeaways that can help banks navigate the complexities of data protection and compliance:

1.Be cautious with written communication: The incident underscores the importance of being mindful of what is written in emails, as subject access requests can expose them. Consider whether a controversial email would be better discussed through a phone call or read aloud before sending.

2. Learn from previous compliance issues: NatWest had previous issues with data protection compliance, leading to the resignation of CEO Dame Allison Rose. This highlights the need for organizations to build a compliance culture at all levels, including those in top positions.

3. Allocate resources for subject access requests: The bank’s CFO has provided extra resources to handle subject access requests, as the cost of non-compliance is usually higher than the cost of compliance. It is estimated that it takes a six-figure sum for a bank to respond to a subject access request.

4. Scrutinize politically exposed persons and connections to Russian individuals: Financial institutions have an obligation to carefully scrutinize politically exposed persons and individuals with connections to Russian individuals. Balancing legitimate activities with obeying the law is crucial.

This affair provides valuable insights into the importance of data protection and compliance in the banking industry. The Farage controversy serves as a reminder that the security and privacy of customer information should be paramount for financial institutions. By learning from past incidents, allocating resources for subject access requests, and adhering to GDPR obligations, banks can safeguard their reputation, avoid legal repercussions, and build trust with their customers.

Categories
Report from IMPACT 2023

Report from IMPACT 2023: Katie Smith on Unleashing the Power of Ethics and Compliance Community

ECI’s IMPACT 2023 was one of the leading compliance events in 2023. At this conference, Tom Fox, the Voice of Compliance, was able to visit with several of the speakers, exhibitors, participants and one group of ethically minded Girl Scout Troop. In this limited podcast series, Report from IMPACT 2023, Tom explores many of the most cutting-edge topics in ethics and compliance through short podcast episodes. Check out the full series of interviews. You will be enlightened, informed and come away with a fuller and more thorough understanding of the most cutting-edge topics in ethics and compliance. In this episode, Tom visits with Katie Smith is a distinguished ethics and compliance professional who has devoted her career to pioneering a new path for ESG and ethics in compliance.

As the Vice Chair on the Board of Directors of ECI, she has been instrumental in shaping the organization’s future role and mission. Katie’s unique perspective on “Charting a New Course: ESG and Ethics in Compliance” is that she views it as a chance for the ethics and compliance community to unite and make a positive impact on the world. She emphasizes that there are currently no established rules in this new societal inflection point, which presents a tremendous opportunity for the ethics and compliance community to shape the future of ESG and ethics in compliance. Her enthusiasm and optimism for the beginning of this new journey are palpable. Join Tom Fox and Katie Smith on this episode of the Report from Impact podcast as they delve deeper into this fascinating topic.

 Highlights Include 

·      Conference Themes

·      Re-invigoration by the Keynote Speakers

·      What are the rules of the road now.

 Resources 

Katie Smith on LinkedIn

Categories
Compliance Into the Weeds

Compliance into the Weeds: 3M FCPA Enforcement Action

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent FCPA enforcement action involving the Chinese business unit of 3M.

The importance of post-event documentation and monitoring in preventing fraud and corruption cannot be overstated, as highlighted by the recent FCPA incident involving 3M China. Tom believes that while training and control environment adjustments are crucial, they may not be enough to prevent misconduct if individuals are determined to commit such acts. He emphasizes the need for hard evidence, such as post-event documentation, and recommends looking to the heavily regulated pharmaceutical sector for guidance.

Matt stresses the importance of rigorous post-event documentation to ensure the legitimacy of business activities. Both Fox and Kelly gained these insights from their extensive experience in the field of compliance and their analysis of various fraud cases. To learn more about their unique perspectives on post-event documentation and monitoring, join them on this episode of the Compliance into the Weeds podcast. 

Key Highlights

·      Background facts

·      GTE in FCPA enforcement actions

·      What happens when conduct is done secretly

·      Concerns over the use of messaging apps

·      Lessons Learned

 Resources

Matt in LinkedIn

Tom –blog post on the FCPA Compliance and Ethics Blog

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 21 – Ten Compliance Questions To Pose To HR

As we end this month on the intersection of HR and compliance, I have developed a series of goals and objectives which you might want to use as a starting point for operationalizing your compliance initiatives through your corporate HR function.

  1. How are compliance goals cascaded down to individual workers?
  2. Does anyone complain that your compliance targets are too complex?
  3. How do you deal with repeated compliance failures in a specific business segment or compliance program area?
  4. How does your company show that attracting and developing talent who will engage in ethical business conduct is a top priority?
  5. How long is compliance underperforming tolerated?
  6. What makes it distinctive to work at your company?
  7. How do compliance programs that are not working typically get exposed and remediated?
  8. What key compliance indicators do you use for compliance tracking?
  9. For a given compliance problem, how do you identify the root cause?
  10. What are you doing to retain your top employees from the compliance perspective?

Compliance practitioners continually face the challenge of keeping up with the ever-evolving compliance best practices with little or no budget increase. By asking yourself and of your compliance program these questions you may create a road map to more fully operationalize your compliance regime.

Three key takeaways:

  1. What are the unique compliance targets you have set and how interconnected are they to your business unit goals?
  2. Use a root cause analysis to determine why compliance initiatives are not successful.
  3. Retraining employees in compliance is an under-utilized tool.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Blog

3M in China-Where Secret Travel = FCPA Violations

You know that when the Securities Exchange Commission (SEC) uses the word ‘secretly’ when discussing a corporate program, it is a seriously not good look. That is certainly the case in the recently announced Foreign Corrupt Practices Act (FCPA) enforcement action involving 3M’s Chinese business unit. In an Order, outlining the facts and FCPA violations it stated, “During the Relevant Period, a former 3M-China marketing manager (the “Marketing Manager”) colluded with two China-based travel agencies (the “China Travel Agencies”) to secretly provide Tourism Activities for Chinese Government Officials during Educational Events. The Marketing Manager was aided in the scheme by several employees in 3M-China’s sales, marketing and professional services departments.” [emphasis supplied] For its ‘secret’ scheme without admitting or denying the SEC’s findings, 3M agreed to pay $4.5 million in prejudgment interest and disgorgement and a civil penalty of $2 million or a total of $6.5 million.

Background

The Order recited that certain 3M-China Employees targeted influential officials of Chinese state-owned enterprises and Chinese Government Officials for attendance at overseas Educational Events and, in collusion with the China Travel Agencies. To facilitate this scheme, 3M-China Employees would create a travel itinerary that included various legitimate business, training and marketing activities for submission to 3M-China’s compliance personnel for approval. However there were “alternate itineraries (the “Alternate Itineraries”)” planned which consisted of various Tourism Activities at or near the location of the Educational Events. There were free travel and lodging provided which “were designed to improperly induce the Officials to purchase 3M products, and violated company policy.”

Interestingly, the 3M-China Employees circulated the Alternate Itineraries through hand delivery or personal WeChat accounts or ephemeral messaging. The 3M-China Employees asked the participants to keep the agenda hidden, and falsified internal compliance documents so that the Tourism Activities were not shown to be planned as part of the overseas trip.

There were several indicia which demonstrated the travel was not for business purposes but for recreational purposes. From the Order it stated

(a) Tourism Activities were scheduled at the same time as the Educational Event activities;

(b) the ostensibly Educational Events were in English, and the trips included Chinese Government Officials who neither understood English nor had adequate translation services;

(c) at times Chinese Government Officials missed whole days of the Educational Event or simply never attended at all; and

(d) Certain Chinese Government Officials also requested Tourism Activities as part of the overseas trip.

To fund these illegal activities, 3M-China Employees would at times work with the collusive China Travel Agencies to inflate their billing invoices for ostensibly legitimate expenses such as  travel costs. In other instances, the 3M-China Employees submitted unpermitted invoices directly to the China Travel Agencies for reimbursement rather than to 3M China. Finally, the China Travel Agencies, with the support of the 3M-China Employees, at times directed that 3M-China’s distributors pay for portions of the non-reimbursable expenses. Rather stupidly from a legal and compliance perspective, 3M China employees measured the impact that this corruption had on sales. They tracked the effect of providing overseas travel on 3M-China’s sales to SOE Customers. One 3M-China Employee tracked post-trip sales “to ensure they were consistent with 3M-China’s sales goals. Most amazingly “3M-China management asked for the “return on investment” from an Educational Event (i.e. the effect of providing health care officials with overseas travel on sales to the SOE Customer) by comparing sales figures before and after an Educational Event.”

Finally, “from at least 2014 through 2017, 3M-China paid nearly $1 million to fund at least 24 trips for Chinese Government Officials that included Tourism Activities. The costs of these trips were improperly recorded in 3M’s books and records as legitimate business expenses, without any indication that they included Tourism Activities. As a result of the above conduct, 3M improperly benefited by at least $3.5 million from increased sales.”

Discussion

There are several key lessons to be garnered from this FCPA enforcement action. One key lesson from this case is that if your organization is paying for attendance at educational events, the value of rigorous post-event documentation, such as sign-in sheets and attendance verification is critical. By ensuring that officials were present at the events they are paid for, transparency is enhanced, and corruption can be prevented as your employee base will know that compliance is providing oversight and monitoring. This approach draws from the pharmaceutical sector, which has implemented stringent event monitoring practices.

The importance of post-event documentation and monitoring extends beyond coruption prevention. It also plays a crucial role in compliance efforts. By thoroughly documenting events and activities, companies can demonstrate their commitment to ethical business practices and compliance with regulations. This documentation serves as evidence of due diligence and can be invaluable in audits and investigations.

However, compliance professionals must strike a balance between the level of control and the resources required for documentation. While it is essential to have robust controls in place, excessive bureaucracy can hinder efficiency and productivity. Finding the right balance is crucial to ensure compliance without impeding business operations.

Another challenge lies in the use of ephemeral messaging, as seen in the Three M China case. Ephemeral messaging platforms, which automatically delete messages after a certain period, can raise concerns about transparency and compliance. While these platforms may have legitimate uses in private communications, their use in a corporate setting can be seen as a less than transparent attempt to conduct business ethically. Compliance professionals should carefully consider the implications of using such platforms and evaluate whether they align with their organization’s compliance objectives.

Data analytics also play a significant role in post-event documentation and monitoring. By leveraging advanced analytics tools, companies can detect patterns and anomalies that may indicate fraudulent activities. For example, multiple payments to the same vendor by different entities within the extended enterprise can be a red flag worth investigating. Implementing robust data analytics capabilities can enhance the effectiveness of post-event monitoring and help identify potential compliance risks.

In conclusion, the 3M China FCPA enforcement action underscores the importance of post-event documentation and monitoring in fraud prevention and compliance efforts. Rigorous documentation practices, inspired by the pharmaceutical sector’s approach, can enhance transparency and prevent corruption. However, finding the right balance between control and efficiency, addressing challenges associated with ephemeral messaging, and leveraging data analytics are crucial for effective post-event documentation and monitoring. By prioritizing these factors, companies can strengthen their compliance programs and mitigate the risks associated with fraudulent activities.

Categories
Innovation in Compliance

Innovation in Compliance – Oshri Cohen on the Role of a CTO in Compliance

The role of a Chief Technology Officer (CTO) in compliance and data governance is explored in this podcast episode between Tom Fox and Oshri Cohen. They discuss the varying responsibilities of a CTO based on company size, with larger organizations focusing on strategic planning while smaller organizations have the CTO as the head engineer. The importance of the CTO in managing risks, particularly in industries like healthcare and finance, is emphasized, along with the role of the board in providing oversight. The conversation also delves into the significance of data strategy, compliance, and data governance, emphasizing the need for collaboration between the CTO and the Chief Compliance Officer (CCO). Technical due diligence and the establishment of a data commission within organizations are suggested as strategies for effective data governance. Overall, the conversation highlights the crucial role of the CTO in ensuring compliance and protecting sensitive information.

  • The Role of a CTO in Compliance
  • Data Strategy and Compliance
  • Data Governance Challenges
  • Data Governance and Startups
  • Risks in System Audits

 Resources:

Oshri Cohen on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 20 – Gap Analysis for HR

Join Tom Fox in this episode of the 31 Days to a More Effective Compliance Program podcast to delve deeper into the significant role of HR in implementing compliance programs. Hopefully you now understand that many of the traditional functions of Human Resources (HR) can be seen as compliance internal controls. At every touchpoint in the lifecycle of the employment relationship there is a HR touchpoint. Fulfilling those touchpoints can be controls for compliance. If you think of multiple HR functions as compliance internal controls, one of the questions becomes how can you determine if HR is meeting the standards of a best practices compliance program? One place to start is with a gap analysis to determine what HR has in place that can facilitate your company’s compliance program.

The role of HR in implementing compliance programs is a critical aspect of maintaining best practices within an organization. Traditional HR functions can serve as compliance internal controls, and that every touch point in the employment relationship can serve as a control for compliance. Fox’s insights are derived from his extensive experience and deep understanding of the compliance and HR environment. He emphasizes the importance of conducting a comprehensive gap analysis and fostering collaboration between HR and business units to enhance the compliance program.

Finally, work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and “Document, Document, and Document”.

 Three key takeaways:

  1. A gap analysis is a key component in the risk assessment process.
  2. The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
  3. The role of the compliance department is to oversee, provide subject matter expertise and coordinate.

 

For more information, check out The Compliance Handbook, 4th edition, here.