Tag: compliance

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 3

What happens when two top compliance commentators get together? They talk compliance, of course. Join Kristy Grant-Hart and Tom Fox for their new podcast, 2 Gurus Talk Compliance! But it is not simply Kristy and Tom talking about compliance. In this podcast series, Kristy and Tom also review other top commentators in compliance. In this podcast, we discuss the recent jail time for a Wells Fargo executive, the UK government’s plan to enforcement of anti-corruption and AML violations, due diligence before acquiring a company, and the recent charges against the co-founder of FTX. They also touch on the shift towards valuing a healthier relationship with work and the potential of the Metaverse in the compliance industry. Tune in to hear Tom and Kristy break down the latest compliance news and provide valuable insight into the industry that will keep you ahead of the curve.

 Highlights Include

·      Corporate Ethics and Compliance

·      The Wells Fargo Scandal and Criminal Accountability

·      Uncertainty surrounding CCO certification

·      UK Government’s Fight Against Corporate Crimes

·      COVID and the Future of Work

·      The Importance of Due Diligence in Acquisitions

·      Move into the compliance profession

·      Indictment of Samuel Bankman Fried

 Notable Quotes

1.      “If you buy a company engaging in bribery corruption, you’re not responsible for that. But when you take title and ownership, they are not engaging in broader corruption. It is you are engaging in broader corruption.”

2.     “I just think that flat banning of CHAT GPD is taking away hugely useful business tools to the Italian business sector.”

3.     “It is incredibly rare for a bank officer to be held criminally accountable.

4.     I think we’ll start to see that now move from becoming an extraordinary practice to a best practice to a regular practice to table stakes.

Resources 

1.     Italy Bans ChatGPT

2.     Why have workers given up the office

3.     CCO certifications

4.     Getting your first job in compliance

5.     SBF and the FCPA

6.     Carrie Tolstedt pleads guilty

7.     UK to invest in economic crime enforcement

8.     What is happening to the Metaverse

9.     Flutter settles FCPA enforcement action

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Connect with Tom Fox on Linkedin

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Questionnaire

The next step in the five-step process is the questionnaire. The term ‘questionnaire’ is mentioned several times in the 2020 FCPA Resource Guide. It is generally recognized as one of the tools that a company should complete in its investigation to understand better with whom it is doing business. The questionnaire should be mandatory for any third party that desires to work with your company as it mandates the proposed business partner commit to the required information in writing before beginning the due diligence process. Remember, if a third party does not want to fill out the questionnaire or will not fill it out completely, you should not walk but run away from doing business with such a party.

One of the key requirements of any successful compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter, as small businesses can face significant risks and will need more extensive procedures than other businesses facing limited threats. The level of risk that companies face will also vary with the type and nature of the third parties with which they may have business relationships. For example, a company that appropriately assesses that there is no risk of bribery on the part of one group of its third parties will require nothing in the way of procedures to prevent corruption in the context of those relationships. By the same token, the bribery risks associated with reliance on a third-party agent representing a company in negotiations with foreign government officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks.
The questionnaire fills several vital roles in your overall management of third parties. It provides key information you need to know about who you are doing business with and whether they can fulfill your commercial needs. Just as important is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, U.K. Bribery Act, or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.

Three key takeaways:

  1. You must have enough information to fully identify the owners, UBOs, and related parties to determine if there is foreign official involvement.
  2. All commentary on best practices compliance programs requires questionnaires.
  3. If a third party refuses to fully respond to your questionnaire, run and don’t walk away from the proposed relationship.
Categories
Compliance Man Chooses the Target

Compliance Man Takes a EuroTrip – Tim Moves to The Netherlands

Compliance Man is back for a new season! Get ready for a EuroTrip with Tom Fox and Tim Khasanov-Batirov on their hit podcast, Compliance Man! In the latest season, the dynamic duo will give you an exclusive look into Europe’s top 5 areas of compliance perspective, featuring GDPR compliance as a priority. Want to join the podcast? Be an active listener and pay close attention! The hosts break down the key challenges faced by compliance professionals in Europe and the US, including anti-corruption, ethical business practices, ESG frameworks, and much more! Don’t miss the chance to engage in a global conversation on ethics and compliance. Tune in now to Compliance Man!

 Key Highlights

·      Tim Moves to The Netherlands

·      Compliance in Europe

·      Top Compliance Priorities in Europe and US

·      Ethical Business Conduct and ESG

·      European Businesses’ ESG Prioritization

 Notable Quotes

“In this season of Compliance Man, we entitled EuroTrip, and we’re going to focus on hot topics for Europe from the compliance practitioner point of view.

“You probably can think of the following as the most important pieces of legislation or compliance areas from the European perspective.”

“Pay big attention to data privacy.”

“In the EU, we have almost regulatory-driven ESG.”

Resources

Tim Khasanov-Batirov on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – 3rd Party Risk Management Process

As every compliance practitioner knows, third parties still present the highest risk under the FCPA. The 2020 Update devotes an entire prong to third-party management. It begins with the following:
 Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials. For example, a prosecutor should analyze whether the company has ensured that contract terms with third parties specifically describe the services to be performed, that the third party is performing the work, and that its compensation is commensurate with the work provided in that industry and geographical region.   Prosecutors should further assess whether the company engaged in ongoing monitoring of the third-party relationships through updated due diligence, training, audits, and/or annual compliance certifications by the third party.

This specifies that the DOJ expects an integrated approach operationalized throughout the company. This means you must have a process for the full third-party risk management life cycle. Five steps in the life cycle of third-party risk management will fulfill the DOJ requirements in the 2020 FCPA Resource Guide and the Hallmarks of an Effective Compliance Program. The five steps in the lifecycle of third-party management are:

  1. Business Justification by the Business Sponsor;
  2. Questionnaire to Third-party;
  3. Due Diligence on Third-party, including triage of results;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

Three key takeaways:

  1. Use the entire 5-step process for third-party management.
  2. Make sure you have business development involvement and buy-in.
  3. Operationalize all steps going forward by including business unit representatives.
Categories
Principled Podcast

S9 E7 – What are FAR Requirements? Reviewing Federal Acquisition Regulation Compliance

What you’ll learn on this podcast episode

The Federal Acquisition Regulation, or FAR, is the primary guidance followed by federal agencies—including NASA, the Department of Defense, the General Services Administration, and all others when acquiring goods and services. It’s also a regulation with its own set of compliance requirements for government contractors. How does FAR differ from other regulatory guidance, and what do government contractors need to know to ensure they have an effective program in place? On the Principled Podcast, host Jen Üner talks with LRN colleague Eric Morehead about why the FAR compliance program requirements matter to broader E&C program effectiveness, and how government contractors can implement those requirements in practical ways.

31

Guest: Eric Morehead

Headshot_Principled Podcast_Eric Morehead

Eric Morehead is a member of LRN’s Advisory Services team and has over 20 years of experience working with organizations seeking to address compliance issues and build effective compliance and ethics programs. Eric conducts program assessments and examines specific compliance risks, he drafts compliance policies and codes of conduct, works with organizations to build and improve their compliance processes and tools, and provides live training for Boards of Directors, executives, managers, and employees.

Eric ran his own consultancy for six years where he advised clients on compliance program enhancements and assisted in creating effective compliance solutions.

Eric was formally the Head of Advisory Services for NYSE Governance Services, a leading compliance training organization, where he was responsible for all aspects of NYSE Governance Services’ compliance consulting arm.

Prior to joining NYSE, Eric was an Assistant General Counsel of the United States Sentencing Commission in Washington, DC. Eric served as the chair of the policy team that amended the Organizational Sentencing Guidelines in 2010.

Eric also spent nearly a decade as a litigation attorney in Houston, Texas where he focused on white-collar and regulatory cases and represented clients at trial and before various agencies including SEC, OSHA and CFTC.

Host: Jen Üner

Episode_Card_Jen_Uner_2

Jen Üner is the Strategic Communications Director for LRN, where she captains programs for both internal and external audiences. She has an insatiable curiosity and an overdeveloped sense of right and wrong which she challenges each day through her study of ethics, compliance, and the value of values-based behavior in corporate governance. Prior to joining LRN, Jen led marketing communications for innovative technology companies operating in Europe and the US, and for media and marketplaces in California. She has won recognition for her work in brand development and experiential design, earned placements in leading news publications, and hosted a closing bell ceremony of the NASDAQ in honor of the California fashion industry as founder of the LA Fashion Awards. Jen holds a B.A. degree from Claremont McKenna College.

Categories
Coming Conflict with China

Coming Conflict with China: Part 5-Good Compliance Is Good Business

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably towards a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? In this special 5-part series, Tom Fox and Brandon Daniels, CEO of Exiger, a global leading third-party and supply chain management software company, explore issues diverse as real danger, supply chain, exports, cyber-attacks and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In concluding Part V, we consider the roles of governments, businesses and thought leaders in leading the US business efforts in this coming conflict.

After uncovering a “constellation of disconnected issues” that are actually interconnected, Brandon Daniels must use regulation, funding and evangelism to incentivize public markets, combat the cyber threat and prevent conflict with China in order to protect national security. We discuss the importance of good compliance to good business; explore the government’s role in regulating cyber security, funding infrastructure upgrades, and incentivizing public markets and the role of businessmen and thought leaders. He also noted how conflicts with China can put companies out of business and the essential role of compliance in weathering the storm. His ultimate conclusion was that “good compliance is good business.”

Key Highlights
1. How has the government’s role changed in responding to the constellation of interconnected business and legal issues present today?

  1. What role do the public markets play in incentivizing investments in new technology and alternative energy?
  2. How can a company ensure good compliance to ensure good business?

Notable Quote

“Good compliance is good business – we saw that so unbelievably clearly during the pandemic, and I think we could learn something from an old adage and renew that view that good compliance process is good business process.”

Resources

Exiger

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Other episodes in this Series:
Episode 1-From Potential Conflict to Real Danger

Episode 2-Supply Chain Issues

Episode 3-Exports and Rebalancing the Global Economy

Episode 4-Cyber Spying and IP Theft

Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Good Compliance is Good Business

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In concluding Part V, we lay out the business response to the coming conflict with China-good compliance.

In the face of rising tensions with China, it’s essential for businesses to take proactive steps to protect themselves. In the fifth and final episode of our five-part series on the coming conflict with China, we outline the integral roles of government, public companies, businesses, think tanks, consultants, product providers, and service providers in addressing the challenge. The  importance of compliance as good business practice cannot be overstated. We also discuss the strategies of risk assessment and risk management necessary to weather the coming storm.

Here are the steps you need to follow to create good compliance in your organization to help you meet the China challenge.:

  1. Identify risks
  2. Assess risks
  3. Implement a risk management strategy
  1. Identify risks

 The first step in addressing the upcoming conflict with China is to identify risks. This can be done by looking at the transcript and thinking about what risks are present in the context of the conversation. For example, the transcript mentions potential conflict with China, cyber intrusions, human rights abuses, national security threats, and IP theft. All of these topics should be considered potential risks that need to be assessed.

One of the main risks is the economic and national security threat that comes from insider threats. This includes cyber intrusions, credential theft, and other malicious activities. Additionally, public companies need to be aware of the potential for IP theft, human rights abuses, and other forms of economic sabotage. It is also important to understand the need for investment in cyber hardening, diversification away from China, and incentives for public markets. Finally, businesses must be aware of the need for risk assessment and risk management strategies, as well as the need to monitor and upgrade those strategies as necessary. All of these risks must be identified in order to effectively address the coming conflict with China.

  1. Assess risks

Once the potential risks have been identified, the next step is to assess the likelihood of the risks and their potential impacts. This can be done by looking at past experiences and current trends. It is also important to consider the potential of the risks, as well as the severity of the impacts. For example, if a risk involves cyber intrusions, it is important to consider the potential for data theft, as well as the impact of a data breach on the company’s reputation.

Finally, it is important to look at the potential solutions for the identified risks. This can be done by looking at the solutions that have been suggested in the transcript, such as regulation, funding, and raising awareness. It is also important to consider the potential costs and benefits of each solution, as well as the potential for implementation. By assessing the risks, the solutions, and their potential impacts, businesses can develop an effective risk management strategy.

 3. Implement a risk management strategy

A risk management strategy is essential for preparing for a potential conflict with China. This strategy should involve identifying risks, assessing the potential impact of each risk, creating a plan to manage each risk, and monitoring the implementation of the risk management plan. Government regulators can lead this effort by raising awareness of the interconnected issues and prioritizing the expenditure of resources to mitigate risk. Additionally, incentives can be provided to public companies to invest in risk mitigation strategies. Businesses should also take the initiative to assess their own risks and create plans to reduce them. This can be done through utilizing existing technology to make processes more efficient and cost effective. Finally, raising awareness is essential to ensure that everyone is aware of the potential risks posed by the conflict with China. This can be done through education and providing resources to help people understand the risks and how to mitigate them.

The coming conflict with China presents numerous risks to businesses, governments, and the public at large. It is essential to assess the risks, create a risk management strategy, and implement it. By taking the initiative to identify, assess, and manage risks, businesses can protect themselves and stay competitive in this ever-changing landscape. The bottom line is good compliance is good business because good compliance is good business process. With the right knowledge, tools, and strategies, you too can be prepared for the coming conflict with China and protect your company from potential risks.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures-Why Business Ventures are Different than 3rd Parties

Business ventures, whether JVs, partnerships, franchises, team agreements, strategic alliances or one of the myriad types of business relationships a U.S. company can form outside the U.S., are different than the usual risk presented by third-parties under compliance requirements such as those mandated by the FCPA. The problems for companies is that they tend to treat business venture risk the same as third-party risk. They are different and must be managed differently.

The bottom line is that may compliance practitioners have not thought through the specific risks of business ventures such as JVs, franchises, strategic alliances, teaming partner or others as opposed to sales agents or representatives on the sales side of the business. I hope that this will help facilitate a discussion that maybe people will begin to think about more of the issues, more of the risk parameters and perhaps put a better risk management strategy in place.
Three key takeaways:

  1. Business ventures bring different FCPA risks from third-parties.
  2. JVs have both external compliance risks and corporate governance risks.
  3. Use your full compliance tool kit for business ventures in managing the FCPA risk for franchises.
Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Cyber Spying and IP Theft

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, President of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part III, we consider export issues of US companies and rebalancing the global economy.

As tensions between the US and China continue to grow, so too does the threat of cyber espionage and intellectual property theft. According to the Pentagon, China-linked economic espionage cases have jumped 1300% over the past decade, and nearly half of all counterintelligence cases now involve China. Daniels sheds light on how China is stealing American Intellectual Property (IP) through intelligence services, nontraditional developers, academic partnerships, and hidden ownership of companies in the supply chain.

We not only consider the extent of China’s IP theft but provide some concrete steps for American companies to protect their crown jewels and seek recourse if they become the victim of cyber espionage. With trillions of dollars at stake, the US companies can no longer afford to be unprepared.

Here are some steps you can take for protection.:

  1. Protecting crown jewels by having stricter, more active and proactive containment of technologies that are subject to export control laws.
  2. Monitoring and identifying where there could be IP leakage through better due diligence of vendor and customer ecosystems.
  3. Taking aggressive action to show China that any IP theft will be discouraged and the company will be remunerated for it.
  1. More active and proactive containment of technologies

The first step to protecting your organization’s crown jewels from China’s non-kinetic warfare is to have stricter, more active, and proactive containment of technologies subject to export control laws. This means that public companies need to understand what are their “crown jewels” and how to protect them. They should be more aware of who their suppliers and customers are, and where those technologies are going. Your organization needs to be willing to call out and enforce international trade violations. This requires better due diligence when it comes to their vendor ecosystems, customer ecosystems, and where your organization is buying their technology from. Companies also need to ensure that they have contractual clauses around confidentiality and exposing information so that they can have legal recourse if their intellectual property is stolen. Finally, they should be willing to get serious and aggressive to show China that they will be remunerated for taking their IP.

  1. Monitoring and identifying IP leakage

Monitoring and identifying where there could be IP leakage through better due diligence of vendor and customer ecosystems is a critical step in protecting intellectual property (IP) from theft. To begin this process, companies must understand their supply chain and customer ecosystem(s) to identify any potential areas of vulnerability. Companies should consider conducting background checks on their vendors, as well as tracking and monitoring the movements of their customer data and products. Additionally, companies should be aware of any suspicious activity in their customer and vendor ecosystems and take steps to protect against any potential IP theft.

Companies should be aware of any trade regulations or laws that could be applicable to their products, and take the necessary steps to ensure they are compliant. Additionally, they should consider utilizing insurance or other risk mitigation methods to reduce the potential of IP leakage or theft. Finally, companies should be prepared to take legal action to enforce their IP rights if necessary. This could involve filing lawsuits or engaging in international trade court proceedings to seek remedies for any IP violations. By monitoring and identifying areas of potential IP leakage, companies can better protect their IP and ensure that it is not stolen or misused.

  1. Take aggressive action

Taking aggressive action to show China that any IP theft will be discouraged and the company will be remunerated for it. In other words, use the Rule of Law to not only protect your IP but also aggressively go after any IP theft through civil litigation. This all starts with protecting your crown jewels, which means having stricter containment of technologies that are subject to export control laws, and specifically doing this with regard to China. Companies should also monitor and identify potential areas of IP leakage, such as suppliers, customers and vendors, and perform better due diligence to ensure that the technology is not falling into the wrong hands. Finally, companies should not be afraid to take their cases to court. For example, Tang Energy Group successfully sued Aviation Industry Corp. of China, or AVIC for stealing their wind turbine technology and won a settlement in the tens of millions of dollars. By taking legal action, companies can demonstrate to China that any IP theft will not be tolerated and that they will be held accountable for their actions.

The threat of cyber espionage and intellectual property theft from China is real, and companies need to be aware of the implications and take action to protect their crown jewels. Companies should consider a three-step plan for protecting their IP and seeking recourse if it is stolen, including stricter containment of technologies that are subject to export control laws, monitoring and identifying potential areas of IP leakage, and taking aggressive action to show China that any IP theft will not be tolerated and will be remunerated. With the right steps in place, companies can protect their IP and ensure it is not stolen or misused. Take control of your IP today!

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures – Distributor Liability Under the FCPA

Three enforcement actions made clear that there were no distinctions between agents and distributors. They were the Smith & Nephew, Inc., Oracle (2012 and 2022), and Eli Lilly and Company. Each of these enforcement actions had different FCPA violations, and they each revealed separate steps a company should take to prevent and detect FCPA violations in their company.

These three separate bribery schemes call for three different but overlapping responses. The Lilly enforcement action also makes clear the need for internal audits to follow up with ongoing monitoring and auditing. Internal audit can help determine the reasonableness of a commission rate outside the accepted corporate norm. The 2012 and 2022 Oracle enforcement actions demonstrated that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Smith & Nephew did not perform sufficient due diligence on these distributors, nor did they document any.

Further, the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose the company wished to hide from Greek authorities. While it is true that a distributor might sell products in a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

Three Key Takeaways:

  1. Use auditing and monitoring.
  2. Distributors will be treated the same as other business ventures.
  3. Robust due diligence must be performed.