Tag: compliance

Categories
Coming Conflict with China

Coming Conflict with China: Part 3 – Exports and Rebalancing the Global Economy

In the short span of the 21st Century, the world’s top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? In this special 5-part series, Tom Fox and Brandon Daniels, CEO of Exiger, a leading global third-party and supply chain management software company, explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part III, we consider issues related to US exports to China and markets for US products if the China market is closed off to US companies.

The US-China conflict is intensifying, and as a result, businesses that export to China are feeling the strain. US companies exported nearly $149 billion worth of goods to China, but China still exports over $400 billion to the US. Do these trade deficits still matter? What happens when your biggest customer is no longer available? How do you go about finding new markets and reshoring customers? Join us as we explore this and other export issues in Part 3 of this special five-part series.

Key Highlights:

1. The importance of balancing the US-China economic relationship in light of the current crisis.
2. How does a business consider customer location an existential risk?
3. The potential for global economic rebalancing through collaboration between democracies.

Notable Quote

“We have to figure out how to make this a global market and ensure that this doesn’t just become some sort of nationalistic retrenchment.”
Resources

Exiger

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Other episodes in this Series:
Episode 1-From Potential Conflict to Real Danger

Episode 2-Supply Chain Issues

Categories
FCPA Compliance Report

Khayot Salijanov – Compliance in Uzbekistan

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Khayot Salijanov, a Master’s Degree candidate at the University of Pittsburgh. He is originally from Uzbekistan, and we discuss compliance in emerging markets. We discussed the history of compliance and corruption in Uzbekistan and the government’s steps to increase compliance through laws like public procurement and creating an anti-corruption agency. Khayot then provides insight into the two biggest challenges faced in 2020, communication and conducting effective investigations, as well as emphasizing the importance of leadership buy-in. Finally, Khayot suggests that to start a management consulting career; one should focus on creating relationships and ownership, creating value, and gaining leadership buy-in. 

Key Highlights

·      The History of Compliance In Uzbekistan

·      Protecting Yourself When Doing Business in Uzbekistan

·      The Importance of Leadership Involvement in Creating a Robust Compliance Program

·      Creating Business Value Through Compliance Programs

 Notable Quotes

·      “And also it has a good program, a good tailored program, including ethics and risk management also sustainable business issues, which I’m interested in because I think sustainable business is part of compliance.”

·      “It’s essential to create family-based ownership to achieve success.”

·      “The government’s anti-corruption and anti-bribery policy has changed drastically.”

·      “Absolutely. Thank you for inviting and having me, Thomas. I have a lot of things to tell our listeners about Uzbekistan, specifically about compliance.”

·      “These events mark the beginning of designing and implementing corporate compliance standards in the private sector.”

Resources

Khayot Salijanov on LinkedIn

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

Following the Money Through Distributors

Polycom came to FCPA grief in China, as have many other US companies. The bribery scheme was long running, occurring from 2006-2014. They included the creation of an off-the books accounting and recordation system for corrupt payments made by or on behalf of Polycom China. The money to fund these bribes came through variations of the basic bribery scheme. There would be a discount between the price reported to Polycom and that paid by the buyer. These discounts were not passed on to the end customer, but instead were intended to cover the cost of the payments the distributors made to the Chinese government officials.

In other words, this discount would form the basis of the pot of money to pay the bribe.
The Chinese business unit was equally creative with the reasons for the discounts, which were listed in the CRM. Polycom China usually cited competition with one or more vendors was required to give discounts on pricing. They also claimed that some end-using customers refused to pay full price. However these were all false excuses entered into the CRM to hide the truth from auditors and others charged with reviewing and approving the discounts.
Three Key Takeaways

  1. Channel your inner Woodward and Bernstein and follow the money.
  2. Simply because some type of compliance oversight is difficult or requires extra effort, it is no excuse not to monitor.
  3. Channel you inner Ronnie Reagan as well and ‘trust but verify.
Categories
Blog

Coming Conflict with China-Business Challenges and Responses: From Potential Conflict to Real Danger

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO and President of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part I, from potential conflict to real danger.

It is time to ask some tough questions and come up with robust responses to the challenges. With China’s increasing attempts to subvert the US economy, decrease transparency of its business practices, and the use of its blocking statutes that protect its companies from US laws, the situation is becoming increasingly challenging. What steps can you take to safeguard yourself and your business? Join us to explore these questions and more in this special series.

Here are the steps you should follow to begin to think your organization’s business and operational security.:

  1. Identifying potential threats and risks in the global business and commerce ecosystem.
  2. Developing a strategy to diversify the global supply chain to mitigate risks and increase security.
  3. Finding alternate sources of supply and production in different countries to create redundancy and increase diversity.

1.Identifying potential threats and risks

Identifying potential threats and risks in the global business and commerce ecosystem requires an understanding of how geopolitical tensions and economic coercion can impact businesses and markets. When looking at the arrests of Mintz’s Group employees in Beijing and the potential for China to subvert our global free market, it is important to consider how Chinese investments in critical technologies, like battery plants, and their control of resources, like cobalt and copper, could be used to manipulate the market. It is also important to be aware of China’s attempts to restrict access to economic policies, like tariffs, that make it cheaper to manufacture in China than in Vietnam or Malaysia. It is important to consider the impact of China’s annexing of other countries, their blocking statutes, and their potential to use Uighur forced labor in their garment industry, all of which could lead to human rights issues. By understanding the potential threats and risks, businesses can be better prepared to put appropriate measures in place to protect their data, their people, and their customers.

  1. Developing a strategy to diversify your global supply chain 

Developing a strategy to diversify the global supply chain to mitigate risks and increase security is a crucial step in mitigating potential risks associated with China’s increasing adversarial activity. To ensure the safety and security of a company’s supply chain, it is important to diversify its sources of supply, especially for critical infrastructure such as logic bearing circuitry and pharmaceutical ingredients. Your organization should think twice before accepting a cheap bid from a Chinese company and instead diversifying to sources from countries such as Japan, South Korea, the United Kingdom, and the United States. By diversifying supply chain sources, companies can ensure that they are not over-dependent on any one country, and can also take advantage of premium pricing that comes with diversity, security and redundancy in their commerce.

  1. Finding alternate sources of supply and production

Finding alternate sources of supply and production in different countries to create redundancy and increase diversity is an important step in mitigating risk in a highly unpredictable geopolitical environment. To do this, you should start by looking into local manufacturing capabilities and taking the opportunity to support companies from other countries, such as Japan, Korea, the UK, the US, Mexico, and Canada. These countries may be more reliable in their political stability and may offer a premium for the security that comes with diversity. Additionally, it is important to investigate the state of the industries in these countries and what investments they are making. For example, Japan is investing heavily in their electronics sector, Korea in semiconductors, and the US and Canada in AI. To ensure your business is protected, you should also consider investing in a backup plan in case of disruption from your current source. This could involve researching other suppliers, negotiating contracts with them, and training staff and operations to use them. By investing in these alternate sources and plans, you will be able to create redundancy and increase diversity in your supply chain, ultimately making your business more secure.

The importance of identifying potential threats and risks in the global business and commerce ecosystem and developing a strategy to diversify the global supply chain to mitigate risks and increase security cannot be overstated. You should be working to find alternate sources of supply in different countries to create redundancy and increase diversity. By taking the necessary steps to understand the potential risks of doing business with China, businesses can be better prepared to protect their data, their people, and their customers. Opaqueness is the foe of transparency.  With the right knowledge and strategy, you too can ensure the safety and security of your business.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
FCPA Compliance Report

Erica Salmon Byrne on 2023 World’s Most Ethical Companies

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined Erica Salmon Byrne, President of Ethisphere, to discuss the World’s Most Ethical Companies awards. Byrne explains the evaluation process and what types of areas are investigated. She highlights how the list has fluctuated over the years and the importance of a company’s people practices. Through the cross functional scorecard, companies can measure their performance compared to a global index.

We discuss the importance of “ethics premium” and the scorecard process. To measure the value of a company’s people practices, the survey demonstrated an outperformance of 13.6% against a comparable global index. Byrne also gives information to listeners on where to find more information on the world’s most ethical companies. Tune into this episode of the FCPA Compliance Report and learn more about the World’s Most Ethical Companies. 

Key Highlights

  1. What is the World’s Most Ethical Companies® recognition?
  2. How long has Ethisphere recognized the World’s Most Ethical Companies?
  3. What are criteria Ethisphere considers during the evaluation process? What is the evaluation framework.
  4. What are the benefits of applying for the World’s Most Ethical Companies?
  5. Even if a company is not selected, what are some of the benefits?
  6. What is the Ethics Premium and what was the 2023 Ethics Premium? 

 Notable Quotes

“What does the recognition itself mean? So, you know, it’s  really interesting, Tom. Because I I’ve asked a lot of honorary companies about that. And I  particularly liked the way 1 company phrased it to me when I was talking to them last week, and they said, look, there are lots and lots of times that companies get recognized for messing up.”

“We’re looking at the ways you are thinking about, your impact on the communities in which you operate. We are looking at your ethics and compliance program initiatives. We’re looking at the way you are governing your programs both at the board level and at the C suite level. We’re looking at your leadership and your reputation.”

“I’ve had multiple compliance officers tell me that their best self-assessment work is just reading the red line of our survey every year and asking themselves would I answer this new question from Ethisphere?”

“Are there questions on this survey I can’t answer without going and speaking to somebody else? Do I know who that person is? And if not, why not? Because all of those relationships are critical relationships to operating your program well.”

 Episode Links

World’s Most Ethical Companies

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures-Franchisor Liability


There remains a question about franchisor liability under the FCPA. Franchising has been a successful model in the U.S. and now many corporations are looking at overseas expansion opportunities. Franchise law has become well developed across the U.S., with many states developing laws to protect the rights and obligations of both parties in a franchise agreement.
There are no reported FCPA enforcement actions regarding franchisors. However, the factors in a franchise relationship would appear to lead to clear FCPA responsibility of the franchisor for its overseas franchisee’s actions. Additionally, court interpretation of the FCPA has held that it is applicable where conduct is used “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. As everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. Nevertheless, many U.S. companies view franchisees as different from other types of more direct sales representatives, such as company sales representatives, agents, resellers or even JV partners, for the purposes of FCPA liability.

The Master Franchise model is typically the most used model in international franchise expansion. It generally revolves around a Master Franchise agreement between the U.S. based franchisor and a franchisee in a specific geographic territory. This franchisee then contracts with third-party sub-franchisees within the specified territory. Typically, the U.S.-based franchisor will have no contractual relationship with the international sub-franchisees. The master franchisee acts as the franchisor in the local market and recruits, trains, and provides other support in the local area on behalf of the U.S. franchisor. Here the FCPA exposure is both direct and indirect.
While some believe that a franchisor may not have direct involvement in conduct prohibited by the FCPA, as there may not be the requisite corrupt intent required under the statute. However, unless a franchisor has an adequate compliance program in place, a franchisor may well find itself in the shoes of Frederic Bourke and sustain a finding of conscious indifference.
Three key takeaways: 

  1. Consider the different types of international franchise agreements to help assess your compliance risk.
  2. There are no reported FCPA enforcement actions involving international franchisors, yet.
  3. Franchisors must conduct thorough research in both the foreign market they hope to enter and on their potential franchisees.
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 2

What happens when two top compliance commentators get together? They talk compliance of course. Join Kristy Grant-Hart and Tom Fox for their new podcast, 2 Gurus Talk Compliance! But it is not simply Kristy and Tom talking compliance. In this podcast series Kristy and Tom review  other top commentators in compliance as well. In this podcast, we will consider all things compliance, corporate ethics, ESG, governance, and whatever else is on our minds and the minds of other experts in the field. Kristy and Tom explore all of these topics with expertise and wit.

2 Gurus Talk Compliance will include a deep dive into the latest headlines, as well as ask hard hitting questions and provide valuable insights on the current happenings of the world. Don’t miss out this week, as Tom and Kristy look at how the new DOJ pilot program and update to the evaluation of corporate compliance program guidance will affect dailiness operations.

 Highlights Include

·      Moral hazard for DOJ/Compliance

·      Global Corporate Governance Trends for 2023

·      Assessment of Monaco/Polite Speeches and new ECCP

·      Compliance in the Metaverse

·      Five hard leadership bills to swallow.

·      Former Blue Bell CEO Pleads Guilty

·      $9 Million Cow Manure Ponzi Scheme

·      Lessons Learned from Ericsson’s DPA Breach

·      Serious Fraud Office Abandons Prosecution

·      2023 Evaluation of Corporate Compliance Programs

 Notable Quotes

1.      “The effect on the economy is much more severe than I would have ever thought. The market tanked, basically, for 3 days. And of course, the market runs on perceptions. Pretty much like bank runs run on per perceptions.”

2.     “We had some assets disappear over the weekend. We’ve had the federal government come in at backstop that amount, full amount, not just limited to the 250000 per person or entity that the FDIC ensures I think banking regulations will probably change forever because of this event.”

3.      “A couple of weeks ago, we had 2 major speeches by deputy attorney general Lisa Monaco and Kenneth Polite, at the ABA white collar conference that were followed by the release of an updated 2023 version of the Evaluation of Corporate Compliance Programs, a new policy regarding monitors as well, and the announcement of a pilot program.”

Resources 

  1. Moral hazard for DOJ/Compliance 
  2. Global Corporate Governance Trends for 2023 
  3. Assessment of Monaco/Polite Speeches and new ECCP
  4. Compliance in the Metaverse
  5. Five hard leadership bills to swallow
  6. Former Blue Bell CEO Pleads Guilty to Misdemeanor Over Listeria Outbreak
  7. Central Valley Man Pleads Guilty to Nearly $9 Million Cow Manure Ponzi Scheme
  8. Lessons Learned from Ericsson’s DPA Breach: An Internal Investigation Nightmare
  9. U.K. Serious Fraud Office Abandons Prosecution of Former G4S Executives
  10. DOJ Announces Major Changes To Corporate Compliance Program Evaluation

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Connect with Tom Fox on Linkedin

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Distributors as Business Venture Partners

Many compliance practitioners generally view distributors as a part of their third-party risk management program, with most of their attention on the pre-contract phase of the risk management process. Typically, most of the efforts are spent on due diligence with less on managing the relationship after the contract is signed. However, many facets of a corporate relationship with a distributor are closer to those of other business venture partners.

One of the issues in any compliance program is the compensation paid to a business venture partner as FCPA exposure arises when companies pay money – either directly or indirectly – to fund bribe payments. In the traditional intermediary scenario, the company funnels money to a business venture partner, who then passes on some or all of it to the bribe recipient. Often, the payment is disguised. Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2020 FCPA Resource Guide, 2nd edition and DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs, have provided insight into how the government interprets and enforces the FCPA. This information, in turn, allows companies to get smarter about FCPA compliance. With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations. Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.
Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus.
Three key takeaways: 

  1. The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out of range distributor discount.
  3. Tracking distributor discounts globally makes your company more efficient.
Categories
Innovation in Compliance

Third-Party Management: A risk-based approach – Part 4: Adam Bailey on Reporting

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 4, I visit with Adam Bailey to look at the role of the Board in risk, audit, compliance, and ESG and the reporting from executive teams and GRC practitioners to take risks and seize chances.

Bailey has worked to help organizations better manage their risk by providing insight and clarity to boards of directors. He strived to enable executive teams and GRC practitioners to assess and manage strategic risks, ultimately connecting boards, practitioners, and executives together to innovate and drive growth. With the complexity of third-party relationships continuing to grow, companies need to adopt a continuous improvement approach to contend with unforeseen risks. A corporate compliance function is not just something nice to have, but a must and a Board needs clear and relevant data to make the best decisions. Organizations need to use the necessary tools to ensure that Boards have the visibility to manage their third parties and make informed decisions.


Key Highlights
1. A compliance function must support leaders through its reporting work.
2. Companies can effectively manage third-party risk with a risk-based approach and robust processes.
3. Connecting Board, senior executives, and practitioners together to enable organizations to take risks and innovate is critical.

Notable Quotes

  1. “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”
  2. “Continuous blanket monitoring of all third parties with every risk asset you can think of is just not feasible and probably wouldn’t deliver the outcomes that we need.”
  3. “We know that change is constant, regulators are looking for risk management policies and practices which continually improve and evolve over time.”
  4. “We need robust processes and systems in place to make sure that when you create your third-party profile, it’s screened against sanctions lists, embargo watch lists, et cetera, to provide the rich data that’s there.”

Resources

Adam Bailey on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program -Reporting

Today’s business landscape is becoming increasingly complex and globally interconnected, with the average business now working with over 100 third-party vendors. While this presents a wealth of opportunities, it also brings a range of challenges for boards and GRC professionals alike when it comes to third-party risk management. I recently visited with Diligent’s Senior Vice President of Products, Adam Bailey on how to tackle these challenges and leverage third-party risk management to identify opportunities and equip boards to take risks, innovate and drive things forward. Here are the steps you need to follow to also get clarity, insight, innovation.:

  1. Understand the role of the board in oversight and provide clarity on third-party risk management.
  2. Board review Codes of Conduct.
  3. Continuous improvement view of risk management.
  4. Utilize real-time data to react to changing times.
  5. Ensure commitment to shared values and ethical cultures.

 1.Understand the role of the Board in oversight

Understanding the role of the Board in oversight and providing clarity on third-party risk management is an essential step in any risk management strategy. Obviously, the Caremark Doctrine is the leading authority which Boards must follow. But more than simply oversight to  meet a legal requirement, businesses should see the business opportunity by creating a business process which connects employees, compliance professionals, executives, and boards together in a seamless process. This connection enables a culture of continuous improvement that starts at board level and cascades down through the structures of the business. This allows two-way communication between boards and compliance professionals, so that boards can clearly communicate their risk management strategy and expectations. 

  1. Board review of Codes of Conduct

A key role for any Board is to review and refresh if needed your organization’s Code of Conduct on a regular basis. When it comes to third-party risk management this is needed to  ensure that the third parties are following the company’s established guidelines. A Board should understand the importance of third-party risk management and how to fulfill their role of oversight. There should be an enterprise-wide single source of data for every Board to ensure effective governance, risk and compliance. Boards should also be provided with dashboards to allow for continuous monitoring of third-party relationships and to provide real-time information and data to enable businesses to react to changing times. Ultimately, companies need to show that their Board is making a good faith effort to address risks by having due diligence processes in place and effective plans to monitor those processes.

  1. Continuous improvement view of risk management

A key role for any Board is to implement a continual improvement view of risk management. This shifts an organization’s focus from a one-time due diligence approach to ongoing, rigorous due diligence designed to identify risk areas and set benchmarks for improvement. This allows a Board to have a clear view of the risks involved and make informed decisions. A two-way dialogue is also important, with data flowing up to the board and actions cascading back down to the compliance team. 

  1. Utilize real-time data to react to changing times

There is probably no more important task for a Board in 2023 than responding to changing times. Obviously Covid-19 is still in front of mind, but the change political, geographic, economic and even climate changes are moving much more quickly now. For a Board to provide effective oversight, it must have access to real-time data to react to changing times. This is both from a regulatory perspective and a business/reputational perspective. All internal stakeholders should be connected with enterprise-wide single source of all nonfinancial data required for effective governance, risk, and compliance. The platform also provides real-time information and data so Boards can quickly react to changing times. Furthermore, the platform adds relevancy and context to the risk data which helps Boards make informed decisions based on the potential upside and downside of taking on certain risks.

  1. Ensure commitment to ethical values and ethical cultures

It really all does start at the top and Boards must ensure commitment to ethical values and ethical cultures. Boards should mandate that companies adopt a continual improvement view and embrace not just one and done due diligence, but ongoing monitoring and continuous improvement. Boards should mandate that organization enforce their commitment to ethical values, ethical cultures, and honest business practices. When it comes to third parties, Boards must understand the risk each third-party poses and to consider the business in question and the sort of inherent nature of the dealings with that third-party. Having a robust platform also provides real-time information and data throughout the relationship with the third-party, dashboards to monitor third-party information, and a single source of truth for all nonfinancial data. This allows for a two-way dialogue between GRC professionals and the board to ensure that the board has the clearest, most relevant, and most targeted information to inform better decisions.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Adam Bailey on the podcast series here.