Categories
Sports and Compliance

The Dan Snyder Indemnity Edition

Welcome to the Sports and Compliance podcast. For the longest time, I have wanted to have a podcast on the intersection of Sports and the World of Compliance and Ethics, both for those stories as the play out on the Sports Page and for the lessons they provide to business executives and compliance professionals. In this podcast series, I am joined by one of the top compliance commentators around, Stephen Martin, CCO at Skillsoft. Together will use our love of sports and competition to discuss current ethical issues in sports, look at compliance through a sports lens and determine how the world of sports and its stories can be a guide for the compliance professional.

In today’s episode, Tom and Stephen look at the sale of the team formerly known as the “team who will not be named,” the investigation surrounding Alabama Crimson Tide basketball player Brandon Miller, and MLB’s changes to the game such as the size of the bases, clocks on pitchers and hitters and outlawing shifts; all in the hopes of speeding up the game. Tom and Stephen explore the stories from different perspectives and always keeping their compliance audience in mind. Learn more with Sports and Compliance and keep up with current sports news, with a dash of compliance laid in.

Key Highlights

·       The Mary Jo White Report and Confidence in the NFL [00:03:56]

·       The Alabama Basketball Imbroglio [00:06:53]

·       The Consequences of Poor Decision Making [00:10:33]

·       The Impact of Baseball’s Rule Changes on the Game [00:13:49]

·       The Impact of the Shift on Baseball [00:17:13]

·       Baseball Speed Up: Positive Effects on Keeping Fans Interested [00:19:56]

Notable Quotes

1.    “You don’t often see it when somebody causes their own problems and then ask to be identified for them, but we’ve seen that with CEOs before.”

2.    “It’s a classic example of a couple of things we see in compliance. Star performers. Sometimes there’s just different rules for them. Right? And that’s just how it goes.”

3.    “It’s just it’s shocking to me that Alabama has done it this way.””

4.    “You can’t just say, I’m being mistreated. We’ve had that conversation in our household the last few days about what’s fair and when rules are in place, what happens? And these are all good things to understand because they’re there are consequences whether positive or negative to rule changes and you can figure them out.”

Categories
Daily Compliance News

March 3, 2023 – The Spread The Pain Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

Categories
Blog

Levels of Due Diligence-Part II

In the conclusion of this blog post series on levels of due diligence, I am drawing from Candice Tal, Founder and CEO of Infortal Worldwide, in her seminal article entitled, Deep Level Due Diligence: What You Need to Know.

Level II. Level II due diligence encompasses supplementing Global Watch lists with a deeper screening of international media, typically major newspapers and periodicals from all countries plus detailed internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company; the third-party’s key executives and associated parties. I believe that Level II should also include in-country database searches. Other types of information you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments; a check for international derogatory electronic and physical media searches, which should be performed both English and foreign-languages, in its country of domicile. Further, if you are in a specific industry, use technical specialists and obtain information from sector specific sources.

Level III. This level is a deep dive. It will require an in-country ‘boots-on-the-ground’ investigation. I agree with Tal that a Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.” Further, “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English. Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”

Level III should also include deep dark and historical Internet searches, also known as Open Source Intelligence Investigations (OSINT). Although AI can be used for some of this work, it should be noted that AI without investigative analysis will yield less adverse information. Investigative analysis looks at hidden and undisclosed information and searches for information that should have been found but was not. It is an integrated approach incorporating ‘boots on the ground’, intelligence gathering, and due diligence investigations. Relying on basic Google searches is a certain mistake as hidden and undisclosed information are unlikely to be discovered.

But more than simply an investigation of the company, including a site visit and coupled with onsite interviews, Tal says that some other things you investigate include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other lawsuits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publicly.”

Further, you may need to engage a foreign law firm to investigate the third-party in its home country to determine their compliance with its home country’s laws, licensing requirements and regulations. Lastly, and perhaps most importantly, you should use a Level III to look the proposed third-party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third-party. More than simply trying to determine if the third-party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the FCPA; you can use a Level III to determine if the third-party is willing to stand up with you under the FCPA and are you willing to partner with the third-party?

There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II and III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to “Document, Document, and Document” all your due diligence.

Categories
Great Women in Compliance

Tracy Saale-From Law Enforcement to In-House

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine. In today’s episode, Lisa speaks with Tracy Saale, who is Conduct Risk Management, Managing Director and Corporate Responsibility Officer at Charles Schwab.

This is her second career, and while we often hear from attorneys who have gone in-house, or were assigned to compliance, Tracy started out as a prosecutor and then at the U.S. Federal Bureau of Investigations (FBI), where she worked all over the globe, and advised in ethics and compliance during her career there. She discusses the importance of advising law enforcement officials on what is – or is not – permissible, particularly when they are dealing with criminal behavior and security issues. When she started at the FBI, they had approximately 14% women agents, and while that has increased into the 20% range, there is a way to go, so she recounts her experiences.

While Tracy was a bit guarded given her experiences with corporate malfeasance, she also was impressed with Charles Schwab, and joined them in part for that. In her in-house career, she is now seeing what so many of us see – that the majority of people are trying to do the right things – a more positive side of corporate life.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Creativity and Compliance

Do It Right Rick and Creating a Custom Character

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices people use to consume information in their everyday, non-work lives and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

In this episode, Tom and Ronnie visit with Katherine Hill, Legal Compliance Manager at Ferguson Enterprises. We discussed the compliance program rebranding that Ronnie and his creative team at Learnings & Entertainment helped Katherine put together. They discuss the unique challenges for a blue-collar workforce and how Learnings & Entertainment was able to help Katherine and her team drive engagement through the creation of ‘Do It Right, Rick.’

Highlights include:

  • Why a Custom Character?
    • Improving the image
    • putting a friendly face on the program
    • highly customized messaging
  • What was involved?
    • Brainstorming and coming up with the ideas
  • How is it being deployed?
  • Lessons Learned.

Resources:

  • Learnings & Entertainments (Website)
  • Compliance Confessions – inspired by “Mean Tweets,” these 90-second commercials address misconceptions and excuses to promote speak-up culture and the E&C team as positive and helpful.
  • E&C Training Jams – a soulful singer banters with ethics & compliance, explaining policies, sharing examples, and debunking excuses. 
  • Tales from the Hotline – Real speak-up-themed stories about workplace behavior gone wrong.
  • Workplace Tonight Show! – E&C meets SNL Weekend Update explaining corporate risk topics and why employees should care.
  • 60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up, and the E&C team as helpful advisors and coaches.
  • Custom Live & Digital Programming – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.
Categories
Great Women in Compliance

Julie Bregnard – Moving on Up

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine. The Great Women in Compliance podcast’s guest for this week is Julie Bregnard, a Compliance professional who is relatively early into her career and going places fast.  Mary interviews Julie with a special focus on the job search, as Julie has just moved into a new role after five years at her first “real” job.  As discussed in the GWIC New Year episode several weeks ago to kick off 2023, the market for certain levels of Compliance staff is extremely favorable now.  Julie and Mary share some tips for further increasing job hunter success in the search.

 Julie also reflects on her time as a new graduate looking for her first job after university.  Mary asked Julie to give some tips on subject as she received a request to do an episode that is helpful to students.  Though further back in time, Mary still remembers how painful and demoralizing the search for your first professional full-time role can be and with this in mind, asked Julie to share some advice and encouragement for students on how to best stay motivated and on task throughout this time.

 As a Compliance practitioner who has been instrumental in strategizing on and delivering multiple Compliance Week events to her internal stakeholders, Julie provides some insights on what she thinks makes for a good Compliance Week and takes a broader view on how you can leverage them for ongoing dialogue in an organization.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Having a Values Conversation

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I take a deep dive into having a value conversation to help companies start a conversation about values. If companies do not focus on matters, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company’s best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a safety culture.

Key Highlights

  • The Importance of Workplace Safety [00:04:58]:
  • The Need for Embedding Conversations about Values in the Workplace [00:09:00]
  • Creating a Positive Corporate Culture. [00:12:26]
  • The Dangers of Not Doing Corporate Compliance Properly [00:15:56]

 Notable Quotes

 1.     “It makes a lot of sense to try to embed awareness of them initially, but it feels weird. It’s kind of outside of people’s comfort zone. It’s outside your comfort zone if you are not an ethics and compliance professional.”

2.     “These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this.”

3.     “It’s easy for senior executives. To talk about ethical values. I think for many low-level employees, and those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It’s your middle manager. It’s your boss. You pay attention to what they say.”

4.     “These questions are geared to help those managers, that audience, and their crucial tool.”

 Resources

Matt Kelly in Radical Compliance

Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 2

In this three-part blog post series, we are ruminating on how to create an effective compliance program through  the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

Under Step 4, companies must quickly analyze their data quickly and efficiently to determine if they need to self-disclose any potential issues. By sharing the attributes across corporate siloes, companies can make their individual models perform better and improve their compliance programs. This allows companies to access the data quickly and easily, allowing them to identify potential risks and areas of improvement. It also provides insights into the effectiveness of compliance programs, allowing companies to make better informed decisions concerning their compliance.

Overall, having access to relevant sources of data is essential for an effective compliance program. Companies can gain access to data through on-premise platforms. By leveraging these sources of data, companies can ensure their compliance programs are up to date and compliant with applicable laws and regulations.

Step 5 is to conduct monitoring at the beginning and throughout the lifespan of any business  relationship or transaction cycle. This is an important step as it allows a company to identify potential issues with their compliance program and take corrective action. Monitoring should be conducted at the beginning of a relationship or transaction to ensure that all parties understand the expectations and that there is no potential for criminal activity. Monitoring should continue throughout the relationship as well, as this will allow a company to identify any changes in behavior or activity that could indicate a potential problem. This can be used to gain insights into a vendor’s financial and transactional data, which is often a key indicator of future or even potential compliance violations.

Having access to relevant sources of data and conducting monitoring throughout the lifespan of a third-party relationship will help an organization meet the expectations set by the DOJ for an effective compliance program. With the DOJ’s recent announcement of amendments to the Corporate Enforcement Policy, companies have even greater incentive to self-disclose if they uncover potential violations, all of which demonstrates an effective compliance program. A data analytics platform can help companies quickly identify understanding of the risks and monitoring these relationships regularly, companies can ensure that they are compliant with all applicable regulations and review potential issues.

With a comprehensive view of their activities, organizations can quickly identify any changes in activities, such as unusual patterns of payments or activities, which could indicate a potential problem. Through visibility into third party activities and transactions, companies are able to gain a better understanding of the compliance risk associated with their third-party relationships. Moreover, businesses have a mechanism to identify any financial or transactional red flags.

Interestingly Walden advocates having an “on-premise application” for data analytics, which is he step 6.  He believes “This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools.” It can be hosted and managed as a service, “meaning that companies can utilize the platform without having to move large amounts of data around each month.” This helps companies to gain insights from the model without compromising their data privacy. Furthermore, this platform can be used to identify anomalous payments that may be indicative of corruption or fraudulent activities.

Join us tomorrow where continue conclude our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance

Categories
Corruption, Crime and Compliance

DOJ’s Compliance Frontier: Incentives and Disincentives

On this episode of the Crime, Corruption and Compliance podcast, host Michael Volkov discusses the Department of Justice’s recent focus on incentives and disincentives as part of an effective ethics and compliance program. This includes awards for ethical conduct, clawbacks, and deferred payment schemes to hold officers and employees accountable for misconduct, and requirements for executives to be evaluated on their compliance with laws and regulations. Michael also talks about how companies can create appropriate policies and procedures to incentivize and monitor compliance, and how to design and implement a compensation system that ensures compliance.



Key ideas you’ll hear in this episode: 

  • DOJ stresses the need for positive incentives for ethical conduct, including awards and annual employee performance reviews.
  • Companies already have a strong disincentive for engaging in misconduct, which is termination.
  • Recent enforcement actions against companies like Novartis and Wells Fargo have highlighted the gap in the incentive-disincentive framework.
  • DOJ is examining the efficacy of clawbacks and deferred payment schemes as an important alternative to massive criminal fines against companies. This will hold the bad actors accountable, as well as those who had supervisory responsibilities and failed to act.
  • Clawbacks and punishments for bad actors will need to be incorporated into settlements and terminations. Company policies will need to include more protections and discretion to pull back benefits from bad actors.
  • There are a number of issues to consider when implementing a clawback program, including who it applies to, how it is triggered, and how much of the company’s bonus payments should be subject to clawback.
  • DOJ anticipates requiring a wide clawback program that extends to senior management level. Crafting these measures will require a collaborative process within the company involving legal and business representatives, human resources, ethics and compliance, senior management, and potentially union representatives or work councils.
  • Danske Bank is the first to implement a compliance compensation requirement in their settlement papers with the Justice Department. The settlement includes a provision that executives will be evaluated on their compliance efforts and a failing score will make them ineligible for bonuses.
  • Companies need to design and implement compensation systems to incentivize compliance behavior and create disincentives for non-compliant conduct.

 

KEY QUOTES:

“Your company policies are going to have to incorporate more protections and more discretion for the company to pull back on benefits to bad actors. Bad actors here, I mean not just the actual bribe payer or scheme designer, but also those people who failed to conduct proper oversight and monitoring of the department that engaged in the misconduct.” – Michael Volkov 

 

“In practice, companies need to formulate appropriate policies and procedures, document their system, and demonstrate commitment to enforcement of the policies to incentivize compliance behavior and create clear disincentives for noncompliant conduct.” – Michael Volkov

 

“A compliance-oriented compensation system has to be implemented along with other clawback and deferred payment systems.” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Code of Conduct as an Internal Control

In 2016, the SEC announced one of the most interesting non-international-focused FCPA enforcement actions. It involved a clear quid pro quo benefit paid out by United Airlines, Inc. to David Samson, the former chairman of the Board of Directors of the Port Authority of New York and New Jersey. This public government entity has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, New Jersey.

At the time, United’s Code of Conduct prohibited “United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to influence the recipient improperly.” Only the United Board of Directors could grant a waiver to the code, and none was sought or obtained by Smisek. The Order concluded, “The [Chairman’s] Route was initiated in violation of United’s policies.”

The company was also sanctioned for not having internal controls to prevent such actions as those taken by Smisek. The SEC also found this was a violation of Section 13. This was in the face of detailing the protocol for the United instituting or reinstituting a route. The Order stated, “United had insufficient internal accounting controls to prevent approval of the South Carolina Route in derogation of United’s Policies.” All the underlying facts, enforcement theories, and remediation point towards the failure of internal controls when domestic bribery corruption occurs.

 Three key takeaways:

1. It is very unusual for the FCPA to form the basis of a domestic bribery violation.

2. A Code of Conduct can be an internal control.

3. Even a CEO must follow internal controls.

For more information on building a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.