Tag: compliance

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Key Board Metrics for Compliance

What are metrics for a Board of Directors around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:

  • Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
  • Does the Board maintain a material role in overseeing a company’s overall compliance framework?

These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information has the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?

Three key takeaways:

  1. The DOJ expects active engagement by a Board around compliance.
  2. Does the Board exercise independent review of the compliance program?
  3. The convergence of the Yates Memo, Caldwell’s metrics, the Evaluation, and FCPA Corporate Enforcement Policy mandate Board metrics around compliance.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

What Leads to a Successful Board Investigation?

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic because if a Board of Directors does not get an investigation, which it handles right, the consequences to the company, its reputation, and value can all be quite severe.

In an article in the Corporate Board magazine, entitled “Successful Board Investigations”; David Bayless and Tammy Albarrán, wrote about five key goals that any investigation led by a Board of Directors must meet.

  • Consider whether you need independent outside counsel.
  • Consider hiring an experienced investigator to lead the internal investigation.
  • Consider the need to retain outside experts.
  • Analyze potential conflicts of interest at the outset and during the investigation.
  • Carefully evaluate whistleblower allegations.
  • Request regular updates from outside counsel, without limiting the investigation.
  • Consider whether an oral report at the conclusion of the investigation is sufficient.

The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the Board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the Board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.”

Three key takeaways:

  1. Retain the right counsel. Consider conflicts and appearance.
  2. Carefully evaluate all whistleblower allegations and reject retaliation.
  3. Consider receiving oral reports on an ongoing basis and one lengthy oral report at the end of the investigation.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
Principled Podcast

Principled Podcast – S9 E17 – How Compliance Professionals Can “Send the Elevator Back Down”

What you’ll learn on this podcast episode

There are certain people you meet in your professional career that continue to have an impact on you and your industry, long after that initial meeting. For Principled Podcast host Meredith Hunt, that person is Mary Shirley, the former head of Integrity and Compliance Education at Fresenius Medical Care (now head of compliance for Masimo) and co-host of the Great Women in Compliance podcast. In this episode, the two discuss how ethics and compliance professionals can better amplify their peers and build community, using guidance from Mary’s book Sending the Elevator Back Down. They also explore themes from Mary’s upcoming book on how E&C leaders can make the most impact on their programs with limited resources.

Guest: Mary Shirley

Mary Shirley – Grayscale

Mary Shirley is a New Zealand-qualified lawyer with 18 years of ethics and compliance experience that includes working for data privacy and antitrust regulators, in-house and private practice/consultancy across five countries and four regions of the world.  

Mary co-hosts the Great Women in Compliance Podcast, which aims to create a platform for the outstanding achievements of women in the field and share ideas and provide learning opportunities for everyone in compliance. 

She co-authored the book Sending the Elevator Back Down: What We’ve Learned from Great Women in Compliance (CCI Press, 2020) and has a second book highlighting trailblazing and innovative ideas to level up compliance programs, coming out later in 2023.  

She has been bestowed the honor of being named a Compliance Week Top Mind 2019, Trust Across America 2020 Top Thought Leader in Trust, and Excellence in Compliance Awards 2022 Mentor of the Year. 

Host: Meredith Hunt

Meredith Hunt – Grayscale

Meredith Hunt came to LRN in early 2023 as a formidable compliance generalist, with experience in quality management, project management, regulatory compliance, policy drafting, and compliance program implementation and management. As a self-proclaimed compliance “nerd,” Meredith works as an ethics and compliance specialist on LRN’s Advisory team. In thicapacity, she leads LRN’s code of conduct assessment and benchmarking practice and advises clients on how to incorporate code of conduct best practices. Meredith also manages client projects across a range of industries, including code of conduct development and E&C program evaluations. 

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Governance and Risk Oversight

One of the ongoing questions from members of the Board of Directors is how to resolve the tension between oversight and management. I recently had the opportunity to visit with Joe Howell, former Executive Vice President (EVP) of Workiva, Inc., on this subject. Howell has worked on and with Boards of Directors at various companies, and I wanted to garner his understanding of the role of a Board, senior management, and a Chief Compliance Officer (CCO). Howell’s short response was an excellent starting point for understanding the role; put sand in management’s shoes.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong,” can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer is putting a little bit of sand in the shoe to make sure you’re thinking about things carefully can cause you to step back and focus your resources where they’re needed.”

Howell noted that the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “One perfect example is the reputation of those stakeholders involved in the company, and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell stated, “It’s essential as we go through some ways the Board can help management in that role. I think the things that make a difference to management is when the Board can be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their underlying assumptions and biases.”

A Board is more than just there to be a rubber stamp for senior management. It must exercise independent judgment, action, and oversight. Further, it is the Board’s role to ask hard, difficult, and probing questions to ensure management is doing its job and has considered other risk possibilities.

Three Key Takeaways:

  1. Boards should force management to open up the company to itself.
  2. Boards should be a grain of sand in the shoe of management.
  3. Boards should ensure senior management is aware of and planning for known and unknown risks.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Oversight Role over Internal Controls

Best practices compliance program. The first in Hallmark No. 1 states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources,” which says the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided sufficient information to enable independent judgment?

Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and the compliance function. The Board must ask hard questions and be fully informed of the company’s overall compliance strategy. Lawyers often speak to and advise Boards on their legal obligations and duties. If a Board’s oversight is part of effective financial controls under Sarbanes Oxley (SOX), that includes effective compliance controls. Failure to do either may result in something far worse than bad governance. It may directly lead to an FCPA violation and could even form the basis of an independent FCPA violation. A company must have a corporate compliance program in place and actively oversee that function. A failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Internal controls work together with compliance policies and procedures and are interrelated control mechanisms. There are five general compliance internal controls for a Board or Board subcommittee role for compliance:

Three Key Takeaways:

  1. GTE compliance internal controls are low-hanging fruit. Pick them.
  2. Compliance with internal controls can be both detected and prevented controls.
  3. Good compliance with internal controls is good for business.
Categories
Compliance Into the Weeds

Compliance into the Weeds: PCAOB: Expanding Audit Duties – The Impact and Concerns

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds!

Tom Fox and Matt Kelly are back with another thought-provoking episode discussing the proposed new Audit Standard 2405 by the PCAOB. This new proposal requires auditors to evaluate legal violations and noncompliance that could have a material impact on financial statements. While some people believe this is a good idea, others question the cost and whether audit firms are trained for this task. The discussions covered a range of topics, including internal control evaluations, expanding audit duties, Wells Fargo case study, the potential for increased audit fees, and reporting noncompliance to law enforcement. The hosts urge listeners to read the proposal and provide feedback as the final standard is expected to be approved by the SEC. This is a must-listen for compliance professionals who want to stay up-to-date and think critically about the latest audit news.

 Key Highlights 

·      Auditing Process for Legal and Compliance Issues

·      New Standards for Auditors Beyond Financial Reporting

·      Expanding PCAOB’s Legal Obligations for Auditors

·      Expanding Audit Firm Duties: Impact and Concerns

·      Commenting on Proposed Audit Rule

Notable Quotes:

“This seems like a huge expansion of what auditors have done in the past.”

“Certainly, for example, a large FCPA violation if you’re looking at $1,000,000,000 fine, and that would definitely strike me as material.”

“The proposal to expand the duties of audit firms is a dramatic expansion of what they were previously asked to do, and it is unclear whether they are fully equipped to handle this responsibility.”

“Internal auditors and compliance officers may also have concerns.”

Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: June 14, 2023 – The Digital Nomad Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Why we go into the office now. (Bloomberg)
  • JPMorgan settles with Epstein victims for $290M. (Reuters)
  • Corruption and wildfires. (Eurasianet)
  • The digital nomad goes corporate. (FT)
Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 12 – The Menagerie (Part Two)

In this episode of Trekking Through Compliance, we consider the episode The Menagerie (Part Two), which aired on November 24, 1966, Star Date 3012.4.

This was the original pilot episode presented to NBC. Spock’s trial continues, and the transmitted scene resumes with Pike in 2254 in a cell with a transparent wall. The Talosians begin their “experiment,” which consists of several illusory situations involving Pike and Vina. The Talosians hope that Pike and Vina will mate and find a race of slaves who will reclaim the war-damaged surface of the planet.

That night, Pike can capture the Keeper as he attempts to confiscate the weapons. The captured crew proceeds to the surface. Number One sets her phaser on overload, preferring to die rather than be enslaved. The aliens have found that humans’ “unique hatred of captivity” makes them unsuitable for the Talosians’ plans, which must be abandoned. The crew beams back to the Enterprise.

Back in 2267, the transmission ends as the Enterprise arrives at Talos IV. The court-martial was a ploy to buy time to bring Pike back to Talos IV, where, if willing, he could enjoy the illusion of everyday life. Pike is transported to the planet and rejuvenated Pike.

Compliance Takeaways:

  1. What happens with your counterparty refuses to comply with FCPA requirements?
  2. When the time comes, will you, as a CCO, speak truth to power?
  3. Sometimes failure and being left behind are options.

 Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein for The Menagerie (Part Two)
MissionLogPodcast.com-The Menagerie (Parts 1 & 2)

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board as an Internal Control

James Doty, former Commissioner of the Public Company Accounting Oversight Board (PCAOB) was once asked if the Board or its sub-committee which handles audits was a part of a company’s internal financial controls. He answered that yes, he believed that was one of the roles of an Audit Committee or full Board. I had never thought of the Board as an internal control but the more I thought about it, the more I realized it was an important insight for any Chief Compliance Officer or compliance practitioner as it also applies to compliance internal control.
In the FCPA Resource Guide, 2nd edition, in the Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is in Hallmark No. 1, which states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Doty’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.

A Board’s oversight is part of effective compliance controls, then the failure to do so may result in something far worse than bad governance. Such inattention could directly lead to a FCPA violation and could even form the basis of an independent SOX violation as to the Board.
Three Key Takeaways

  1. A Board must engage in active oversight.
  2. A Board should review the design of internal controls on a regular basis.
  3. Failure to do so could form the basis for an independent legal violation under SOX.
Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 11 – The Menagerie (Part One)

In this episode of Trekking Through Compliance, we consider the episode The Menagerie (Part One), which aired on November 17, 1966, Star Date 3012.4.

This was the original pilot episode presented to NBC. Set in 2267, and the Enterprise arrives at Starbase 11 in response to a subspace call Spock reported receiving from the former captain of the Enterprise, Christopher Pike, under whom Spock had served. Pike cannot move or communicate other than answering yes/no questions with a device operated by his brainwaves. Pike refuses to communicate with anyone except Spock.

Spock, meanwhile, commandeers the Enterprise by means of falsified recordings of Kirk’s voice and orders the ship to depart under the computer’s control. After several hours, upon learning from the computer that the shuttlecraft does not have enough fuel to return to the starbase, Spock brings them aboard and then gives himself up, confessing to mutiny. Mendez convenes a hearing, at which Spock requests immediate court-martial, which requires three command officers. The tribunal begins, and Spock offers as his testimony what seems to be video footage of the Enterprise’s earlier visit to Talos IV in 2254.

In 2267, the scene is interrupted by a message from Starfleet Command, which reveals that the images they have been viewing are transmitted from Talos IV. Mendez is placed in command of the Enterprise, but Spock begs Kirk to see the rest of the transmission.

Compliance Takeaways:

  1. Leaders must take care of themselves as well as their crew.
  2. What does it mean if a deal is too good to be true?
  3. Trust but verify.

 Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein for The Menagerie (Part One)
MissionLogPodcast.com-The Menagerie (Parts 1 & 2)