Tag: compliance

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Risk Ranking in the Supply Chain

One of the areas many companies do not focus on enough is possible corruption in their supply chain for goods and services provided on a company’s behalf. The FCPA risks can be just as great through those entry points as they can be through the sales side of an organization. You need to know whom your company is doing business with through this channel as much as you need to know your agents seeking business opportunities on your behalf. Most companies have exponentially more vendors than sales agents, so this task may seem daunting. However, a well-thought-out plan to risk rank your company’s third parties on the supply chain side can go a long way toward ameliorating this issue. The key is setting reasonable parameters and then managing those third parties that present real corruption risk to your organization.

This determination of the level of due diligence and categorization of a supplier should depend on a variety of factors, including such factors as whether the supplier is (1) located or will operate in a high-risk country; (2) associated, or recommended, or required by, a government official; (3) currently under corruption investigation, or has been recently convicted of any form of corruption; (4) a multinational publicly traded corporation with a recognized exemplary system of compliance and internal controls; or (5) a provider of widely available services and products that are not industry specific. You should note that any supplier with foreign government touchpoints should move up to a higher level of scrutiny.

I suggest that you create a three-tiered risk matrix consisting of (1) high-risk suppliers, (2) low-risk suppliers, and (3) minimal-risk suppliers. Below this final category is another category for providers of goods that are commonly available and pose almost no corruption risk.

It would be best to risk ranking the third parties your supply chain might engage with for FCPA exposure. It should be based on your company’s experience and risk going forward. As with all third-party risk management issues, you must “Document, Document, and Document.”

Three key takeaways:

  1. Risk rank your supply chain based on well-conceived strata.
  2. Consider not only the compliance risk but also your business risk.
  3. Only manage those suppliers who present a corruption risk.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties- Freight Forwarders

The FCPA world is littered with cases involving freight forwarders, brokers and agents in the shipping and express delivery arena. Both the DOJ and SEC have aggressively pursued third-party business relationships where bribery and corruption have been found. This is particularly true where companies are required to deliver goods into a foreign country through the assistance of a freight forwarder or express delivery service.
If you utilize the services of a third-party for as a freight forwarders, brokers and agents in the shipping and express delivery arena, that company’s actions will go a long way in determining your company’s FCPA liability. You must have a thoughtful process and document that process.

Three key takeaways:

  1. Express delivery services and freight forwarders present unique compliance risks.
  2. There must be a business justification to bring on new express delivery services or freight forwarders in high risk jurisdictions.
  3. Consider constructing a risk matrix in this area.
Categories
Great Women in Compliance

Great Women in Compliance – Joe Murphy as the Great Waltzer in Compliance

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine.

A #GWIC can be lots of things – which is one of the best parts of this community. Today’s guest is a true advocate and supporter of women while also being one of the architects of this profession and one of our best.  It’s Joe Murphy, who co-authored the first book ever written on compliance, and is currently the Editor of Compliance and Ethics: Ideas and Answers.

Getting to know Joe is an honor and a privilege, and if you do, you will immediately learn about his passion for dance. He’s a #CCO and #GWIC in his role as Chief Cha-Cha Officer at Haddonfield Dance, and a Great Waltzer in Compliance.

Lisa was lucky to speak with this about and a number of other topics, including the genesis of Compliance and Ethics: Ideas and Answers. They also speak about what Joe sees as the best design for a CECO role to set them up for success, and about the power dynamics that are inherent in roles.

Just as the waltz can be done in a circle, we end with a discussion of what Joe has enjoyed and learned from dance that can be great lessons for life and life in compliance. Lisa and Mary are so grateful that Joe has spent some time with us.

You can find the Great Women in Compliance Podcast on the Compliance Podcast Network where you can find several other resources and podcasts to keep you up to date in the Ethics and Compliance world. You can also find the GWIC podcast on Corporate Compliance Insights where you can learn more about the podcast, stream prior episodes and catch up on Mary’s monthly column “Living Your Best Compliance Life.”

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Distributor Compensation

One of the issues in any compliance program is the compensation paid to a third party, as FCPA exposure arises when companies pay money, either directly or indirectly, to fund bribe payments. Another area that leads to exposure from third parties is with distributors. In a distributor relationship, the distributor purchases a product, taking the risk of loss and title, at a discount from a manufacturer. The distributor resells at an uplift, and that spread between the purchase price and sales price is the distributor’s income. If a product is purchased at an inflated discounted rate and sold, the difference between the purchase price and resale value could be used for corrupt purposes. Commission payments and excessive distributor discounts can be channeled to pay bribes.

The FCPA Resource Guide, 2nd edition, noted that common red flags associated with third parties include “unreasonably large discounts to third-party distributors.” When companies grant distributors uncommonly steep discounts, bribes can result either: 1) because the company instructs the distributor to use the excess amounts to fund corrupt payments; or 2) because the distributor pays bribes on its own, without the express direction or implicit suggestion from the company, to gain some business advantage.

Three key takeaways:

  1. Creating a well-thought-out process that operationalizes your compliance program around distributor compensation in a manner that documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out-of-range distributor discount.
  3. Tracking distributor discounts globally make your company more efficient.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-Terminating 3rd Parties

At some point, you will be required to terminate a third party and there will be multiple legal, compliance and business issues to navigate through. If you are stuck doing it in the middle of a FCPA or U.K. Bribery Act investigation, there may well be some tension to do so and do so quickly. If you have not thought through this issue and created a process to follow before a crisis occurs, you may well be in for a very tough road. Yet the 2023 ECCP specifically asked that question in the section entitled, Real Actions and Consequences, when it posed the query: Has a similar third party been suspended, terminated, or audited as a result of compliance issues?

The key theme in termination is planning. The Office of Comptroller of the Currency (OCC), OCC Bulletin 2013-29, said that regarding third-party termination, a bank should develop a “contingency plan to ensure that the bank can transition the activities to another third party, bring the activities in-house, or discontinue the activities when a contract expires, the terms of the contract have been satisfied, in response to contract default, or in response to changes to the bank’s or third party’s business strategy.”

Although rarely considered, the termination of a third-party relationship can be as important a step as any other in the management of the third-party lifecycle. While having the contractual right to terminate is a good starting point, it is only the starting point. You not only need to have a compliance and legal plan in place but a business plan as well. If you do not, the cost in both monetary and potential business reputation can be quite high.

 Three key takeaways:

1. Termination of third parties is an oft-neglected part of the third-party risk management process.

2. Make certain you have the contractual right to terminate third parties written into your compliance terms and conditions.

3. Have a strategy in place for termination before a crisis arises.

Categories
Compliance Week Conference Podcast

Ellen Hunt on The Intersection of ESG & Compliance – Tactical Insights for Compliance and Risk Professionals

In this episode of the Compliance Week 2023 Speaker Preview Podcasts series, Ellen Hunt discusses some of her presentations at Compliance Week 2023, “The Intersection of ESG & Compliance-Tactical Insights for Compliance and Risk Professionals” and “A Career in Compliance.” Some of the issues she will discuss in her presentations are:

  • The Role of Compliance in ESG
  • The right way to choose your career path to reach your full potential while navigating roadblocks and dead ends 
  • Insights into various structures within the organization, with takeaways on the type of organization that may be best suited for your skillset

I hope you can join me at Compliance Week 2023. This year’s event will be May 15-17 at the JW Marriott in Washington, DC. The line-up of this year’s event is simply first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 18th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. And many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners, gain insights into the agency’s enforcement areas, and walk away with guidance on remaining compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways from your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, for you to listen, learn and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link here.

Categories
31 Days to More Effective Compliance Programs

Third-Parties as Compliance Innovation Partners

It is universally recognized that third parties are your highest FCPA risk. Could you turn your third party from liability under the FCPA to an innovation partner for your compliance program? This is an area that only a few compliance professionals have mined, but once again, in compliance, you are only limited by your imagination. In a Supply Chain Management Review article by Jennifer Blackhurst, Pam Manhart, and Emily Kohnke, entitled “The Five Key Components for Supply Chain Innovation,” the authors identified five components common to the most successful innovation partnerships. They are:

Don’t settle for the status quo. This means you should not settle for simply the status quo in compliance.

Hit the road to hit your metrics. To understand your compliance risk from third parties, you must get out of the ivory tower and hit the road.

Send prospectors, not auditors. While an audit clause is critical in any third-party contract, from a commercial and FCPA compliance perspective, you can establish a “point of contact as an innovation manager for your third parties.”

Show and tell. As with all relationships, trust plays an important role in third-party compliance innovation, as “Firms in successful innovations discussed a willingness to share resources and rewards and to develop their partners’ capabilities.”

Who’s running the show? This means “who is doing what, but also what each firm is bringing to the relationship regarding resources and capabilities.”

Three key takeaways:

  1. Use your third parties as innovators to assist your compliance program.
  2. Change your thinking about third parties and make them your partners.
  3. Do not settle for the status quo.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – ROI for 3rd Party Risk Management

A study by Forrester Research Inc. compared the user experience, which led to a positive ROI for the technology user around third-party risk management. I found the approach and methodology used persuasive and valuable for the compliance professional to consider evaluating such a process in your organization. Some of the key findings readily translate for the compliance practitioner. The first area was in risk assessments of third parties. If you provide a technological platform, you can enhance the speed and efficiency of your risk assessments on an ongoing basis. This decrease in time, both in terms of length and person-hours, will yield an immediate cost saving for your compliance function.

 

Various other factors could increase your ROI, as detailed in the Forrester report, which includes renewal assessments, ongoing monitoring, and increased business efficiencies for both your organization and the third parties, which would all work to increase ROI. Most critically, you would demonstrate the operationalization of your compliance program into the very fabric of your organization.

Three key takeaways:

1. Why is demonstrating ROI on your third-party risk management program important?

2. Determining ROI helps to demonstrate operationalizing your compliance program.

3. Determining third-party management program ROI can help to tear down compliance siloes.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Ongoing Monitoring of 3rd Parties

One of the key themes in the Evaluation of Corporate Compliance Programs is the use of data and data analytics in a best practices compliance program. This has specific application to third-parties. In the section entitled, Risk-Tailored Resource Allocation, the following question was posed, Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas, such as questionable payments to third-party consultants, suspicious trading activity, or excessive discounts to resellers and distributors? Under the section entitled, Control Testing, the following question was posed, Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake? Finally, under the section entitled, Payment Systems was the following query, How was the misconduct in question funded (e.g., purchase orders, employee reimbursements, discounts, petty cash)? What processes could have prevented or detected improper access to these funds? Have those processes been improved?

All of these questions make clear that the DOJ expects data analytics to be used to help detect or prevent bribery and corruption where the primary sales force used by a company is third-parties. A clear majority of FCPA violations and related enforcement actions have come from the use of third-parties. While sham contracting (i.e., using a third-party to channel the payment of a bribe) has lessened in recent years, there are related data analysis that can be performed to ascertain whether a third-party is likely performing legitimate services for your company and is not a sham. There are several more complex analytics that can be run in combination to identify suspicious third-parties, and some of the simplest can be to look for duplicate or erroneous payments. This final concept of finding patterns that can be discerned through the aggregation of huge amounts of transactions, is the next step for compliance functions. Yet data analysis does far more than simply allowing you to follow the money. It can be a part of your third-party ongoing monitoring as well by allowing you to partner the information on third-parties who might come into your company where there was no proper compliance vetting. Such capabilities are clearly where you need to be heading.

Three key takeaways:

  1. Always remember to follow the money to see where a pot of money could be created to fund a bribe.
  2. Transaction monitoring techniques around fraud monitoring translate to data analysis for compliance.
  3. Do not forget to check names against known PEP and SDN lists.
Categories
FCPA Compliance Report

Incorporating EHS and Safety in an ESG Program

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Are you interested in learning about the overlooked importance of safety in ESG? Host Tom Fox and his guests from Traliant, Andrea Foster Mack and Maria D’Avanzo delve into this topic in the latest episode of the FCPA Compliance Report. Learn how prioritizing safety can lead to cost savings and become a major differentiator for corporations in talent acquisition and retention. The trio also discusses how EHS professionals can reduce risk by implementing hazard awareness training and preventing discrimination. Furthermore, they emphasize the value-add that safety can offer to organizations in terms of corporate governance and brand recognition. Tune in to hear the experts share their insights on how ESG and EHS align under the sustainability cause and how innovative business and management decisions can lead to environmental sustainability.

 Key Highlights

·      ESG and Safety Culture within Organizations

·      The Importance of Safety in Talent Retention

·      Corporate Governance and Safety in Organizations

·      The Importance of “E” in ESG Reporting

·      ESG and its Role in Elevating Brands

·      Managing Chemical Hazards and ESG Standards

 Here are three tips to consider when incorporating safety into your ESG strategy:

1. Communicate safety policies and performance to stakeholders, such as investors and customers, to build trust and enhance reputation.

2. Use safety data to identify improvement opportunities, mitigate risks, and promote continuous learning and innovation.

3. Develop partnerships and collaborations with other organizations and industries to address safety challenges and share best practices.

Resources

Andrea Foster Mack on LinkedIn

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn