Categories
This Week in FCPA

Episode 280 – the Happy Holiday edition

Hannukah came early this year and we are now in the full holiday swing of things. Tom and Jay are back to look at some of the week’s top compliance and ethics stories this week in the Happy Holidays edition. 

Stories

1.     New Biden Administration anti-corruption strategy revealed. Matt Kelly in Radical Compliance.
2.     Mike Volkov asks where are the FCPA enforcement actions? In Corruption Crime and Compliance.
3.     Global ESG efforts and compliance. Mike Munro in explores in the FCPA Blog.
4.     More on the OECD recommendations.  Jessica Tillipman in the FCPA Blog.
5.     DOL proposal may change ESG game. Melissa Khan in Harvard Law School Forum on Corporate Governance.
6.     Nurturing ethical culture. Matt Kelly in Risk and Compliance Matters.
7.     Is Italy a safe haven for bribe payors? Rick Messick asks in GAB.
8.     How to avoid a dystopian office culture. Rob Shavell in CCI.
9.     Top ethics and compliance failures in 2021. Jaclyn Jaeger in Compliance Week (sub req’d).
10.  When is a potential fine a threat? Keith Paul Bishop in California Corporate and Securities Law  

Podcasts and Events

11.  The recent announcement by DAG Monaco on the refocus of the DOJ’s use of monitors has caused much consternation. To analyze, Affiliated Monitors sponsored a 5-part podcast series this week Not Your Father’s Monitor. In this Episode 1, Bethany Hengsbach considers this change in monitorships from the white-collar enforcement and defense perspective. In Episode 2, Mikhail Reider Gordon looks at global aspects of the new DOJ monitor’s focus. In Episode 3, Cristina Revelo discusses how E&C assessments help drive more compliant companies. In Episode 4, Jesse Caplan brings his views on the intersection of the twin topics of antitrust and healthcare compliance. In Episode 5, Vin DiCianni looks at where monitors and monitorships are going in 2022 and beyond.
12.  Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In our final episode, we wrap up what we learned from the series.
13.  In November on The Compliance Life, I visit with Matt Silverman, Director of Trade Compliance at VIAVI. Matt is the first Trade Compliance Director I have hosted on TCL. In Part 1, Matt details his academic career and early professional life.
14.  The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Once Upon a Trading Law: The History of Insider Trading. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. Check out Episode 1, which looks at the beginnings of insider trading.
15.  Join Tom, Mike Volkov, Carrie Penman, Dr. Pat Harned and Skip Lowney (an all-star panel if there ever was one) for the ECI webinar on the intersection of compliance and E&C programs. Wednesday, December 15, from 2-3:30 ET. Registration and information here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Blog

Monaco Speech: Part 5 – What Does It All Mean?

This week I have been writing about the speech Deputy Attorney General (DAG) Lisa O. Monaco gave as a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to end with what it all might mean for the compliance professional. First note the emphasis on culture. Monaco’s remarks were, “Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.” This means that the DOJ will be assessing the entirety of corporate culture. As a compliance practitioner how do you demonstrate culture? Or to phrase the question using the Tom Fox mantra, how did you Document, Document, and Document your culture? Culture obviously starts at the top, but it must imbue and be embedded into an organization.
Equally important is compliance. Here Monaco said, “Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” Note the significance of “company can fulfill its fiduciary duty to shareholders”.
This is a clear tip of the hat to Caremark and other legal requirements for a compliance program based upon civil statutes. This is not the DOJ saying we will punish a company for simply not having a compliance program. Yet make no mistake that if a company does not have a compliance program, not only will there be a very large chance of regulatory violation such as under the FCPA; if your organization does not have a compliance program, it will not receive credit when the penalty phase comes around. Monaco is pointing out as clearly as she can do so the potential legal costs not only from civil shareholder lawsuits but also from regulatory fines and penalties.
Another area which is new to the compliance function will be the DOJ’s review of all corporate malfeasance when assessing a company’s culture, commitment to compliance and possible fines and penalties. Here Monaco stated, “Today, the department is making clear that all prior misconduct needs to be evaluated when it comes to decisions about the proper resolution with a company, whether or not that misconduct is similar to the conduct at issue in a particular investigation. That record of misconduct speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.”
Typically, compliance dealt with anti-corruption compliance, trade compliance, anti-trust compliance and perhaps others. However now a CCO must be apprised of all corporate misconduct as it will be reviewed by the DOJ. For any multi-national organization, that alone will be daunting as how many compliance professionals have visibility into tax, Equal Employment Opportunity Commission (EEOC) claims, labor relations issues or the myriad of other legal issues that every corporate faces every day, literally across the globe? Yet Monaco said that prosecutors would look at just that, stating “A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant.” This is literally a sea change.
Finally, what might be the changes in how corporations are assessed under the FCPA Corporate Enforcement Policy, enacted by prior DAG Rod Rosenstein? Will there continue to be a presumption of declination if you (1) self-disclose; (2) extensively remediate; (3) thoroughly cooperate; and (4) disgorge any ill-gotten gains? If there is no presumption, will there be robust self-disclosure? There is nothing illegal about failing to self-disclose but if a whistleblower then steps forward or the DOJ then opens an investigation based upon other sources and it determines a violation has occurred the opportunity for a declination may well be out the window. Moreover, if there is no self-disclosure and the issue reappears or the remediation is not successful, the company now appears to have actual knowledge of a violation, once again potentially increasing the penalty.
As I wrote yesterday, there are many open questions from these changes. One thing is clear to me, the CCO role and job of the compliance function just got much more challenging.

Categories
Blog

Monaco Speech: Part 3 – Culture

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up her remarks on corporate culture. They were a small but significant part of her remarks so I will quote them in full. She said,
Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.
Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.
Although we understand the costs that enforcement actions can place on shareholders and others, our responsibility is to incentivize responsible corporate citizenship, a culture of compliance and a sense of accountability. So, the department will not hesitate to take action when necessary to combat corporate wrongdoing. [Emphasis Supplied]
I asked Affiliated Monitors Inc., (AMI) founder Vin DiCianni for his thoughts around these remarks. He said, “Last week’s announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes.  In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture.
A culture of compliance is the foundation of an organization’s compliance program. It is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by the Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Tina Rampino, Associate Managing Director at K2 Integrity, laid out some key questions to ask around culture. They included:

  • What is the tone that is set from the most senior levels of the organization?
  • Are employees motivated by doing any and all business no matter the risk?
  • Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?

She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executives and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance:

  1. Tone from the Top.
  2. Establishing and communicating enterprise-wide policies and programs.
  3. Defining clear roles and responsibilities across the three lines of defense.
  4. Ensuring adequate staffing and resources for functions responsible for compliance.
  5. Designing and implementing a comprehensive compliance training program.
  6. Establishing compliance incentives
  7. Creating efforts to embed and sustain a compliance culture.

Monaco had two additional remarks around corporate culture and a culture of compliance that bear repeating. She said, a record of corporate misconduct, even outside the FCPA, “speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.” In a remark that tied back to yesterday’s discussion of monitors she said, “Stepping back, any resolution with a company involves a significant amount of trust on the part of the government. Trust that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities. But where the basis for that trust is limited or called into question, we have other options. Independent monitors have long been a tool to encourage and verify compliance.” This last sentence would speak directly to DiCianni’s thoughts that “Unlike the previous administration’s very limited use of monitors, DAG Monaco described the value that integrity monitors bring to oversight for both the department and those entities subject to such oversight.”
Monaco noted she has sat on corporate boards when in the private sector. This experience certainly informs her approach as the DAG. The DOJ will be taking a much closer and in-depth look at corporate culture and whether there is a culture of compliance in any company which finds itself in a FCPA investigation or enforcement action. CCOs and compliance functions need to be ready to have demonstrable and documented evidence of a culture of compliance.

Categories
Blog

Lessons Learned from L’Affair Gruden

The fallout from the John Gruden imbroglio has widened and deepened. Many have asked why the NFL sat on the Gruden emails which were uncovered in the investigation of the toxic culture of the Washington football team, known to the NFL since the spring of this year, are only now coming into the public eye. Additionally, if the first email where Gruden disparaged the head of the NFL’s players union with a racial slur, which if it had not been brought to light by the Wall Street Journal (WSJ) on Sunday of this week, would it have been released by the NFL or Las Vegas Raiders at all? Finally, why did the NFL only send the first email to the Raiders when clearly there were many, many more that were unearthed. All good questions and they demonstrate several salient factors, not the least being as how the fallout from one event and investigation, can impact an entire industry. However, even without current answers to these and other questions there are several very important lessons for the compliance professional.
Don’t Put Stupid Stuff in Emails
Before we get to compliance, consider the most basic problem here. Not that Gruden is simply a racist, homophobe, sexist, misogynist and a person with little moral compass. We might have never known what was in his heart, if Gruden had not put those immoral values into emails over eight years. The reason he is now out of professional football, probably forever, is that he put his values into emails, in the crudest terms possible. Twenty years ago, I did corporate training on this very topic. That training is apparently still needed. Imagine how the civil litigation will look when all this gets to trial. All the plaintiff’s lawyer(s) will have to do is read the emails to demonstrate a wide variety of civil wrongs and regulatory breaches and the only question left will be damages.
Fallout from Unrelated Investigations
In the 21st century, nothing happens in a vacuum. The offending emails were uncovered in an unrelated investigation. These emails largely came from outside the entity being investigated (the Washington football team) and the investigative firm turned them over to the entity overseeing the investigation, here the NFL. As noted above, it is not clear what action the NFL might have taken against Gruden, his former employer ESPN or his current employer, the Las Vegas Raiders. Gruden’s resignation from the Raiders may well forestall an answer into those questions.
Now imagine the same scenario when the Securities and Exchange Commission (SEC) investigates Activism for its toxic work environment (or the Department of Justice (DOJ) for that matter) or when the SEC investigated Lordstown Motors for a variety of other fraud and accounting issues. What if a set of similar emails appeared, all coming from an outside 3rd party, such as Gruden’s did to the Washington football team President Bruce Allen? Would the company employing that same 3rd party receive an email from the SEC requesting all emails from the offending employee? Would the SEC want to look at all emails? How would your company respond? Is the EEOC going to get involved? Will they (or the SEC) be contacting ESPN, owned by the Walt Disney Company, a publicly traded organization about the culture at ESPN which allowed Gruden to send those emails. Are you ready to respond to them? 
What is Due Diligence?
No person wakes up in their mid-40s or 50s and thinks, today is the day I will start sending out racist, homophobic, sexist or misogynist emails and a throw away my moral compass. No one. They were like that long before they started doing so. Gruden had thought and felt those things long before he put them into print. Put another way, a leopard does not change it spots overnight. They were there for a long time.
As our colleague Candice Tal, founder of Infortal, continually reminds us, due diligence is not a one-time event nor a cursory google search. It is a sustained deep dive investigation. Gruden did not become a racist, homophobic, sexist and misogynist overnight. You can bet there are other pieces of evidence of his values and beliefs out there. The then Oakland Raiders signed Gruden to the richest professional football contract ever given to a coach, $100 million over 10 years. Yet they apparently did little to no background due diligence on him. Was there evidence of his racist, homophobic, sexist and misogynist views in the public record? Would it have mattered to the Raiders? Would the Raiders have hired him anyway? Perhaps so but at least they might have known about Gruden’s racist, homophobic, sexist and misogynist values and tried to manage that risk. Of course, they might have passed on hiring him altogether if they knew what the fallout could look like.
Culture, Culture and More Culture
What is the culture of your organization? Why did the NFL allow such a culture to flourish that would allow a Monday Night Football commentator on ESPN to hold the job and then become the highest paid professional coach? Is it because the Maga-hatter wearing NFL owners are all Trump supporters? What about the other employees who make up those organizations? Professional football players are 70% African American. What do Gruden’s remarks, the NFL’s non-response and the Raiders hiring communicate to them about how management thinks of them? Raider owner Mark Davis advised people to look to the NFL for answers.
Bill Rhoden, writing in The Undefeated, an ESPN publication, put it succinctly, “my concern is about the legion of enablers who supported Gruden all of these years. What about them? Who are they? The NFL has gotten rid of its Gruden problem. It has not gotten rid of Gruden-ism: regressive sensibilities that stand foursquare against diversity, inclusion and tolerance.” He went on to say, “The reality is that the NFL, for all of its attempts to move forward, has been revealed as a regressive organization populated by white men who hold views about race and power that are antithetical to progress and enlightenment. Trust me, Gruden is not the only person who holds these beliefs. He’s the only one stupid enough, or emboldened enough, to express them via email.”
In short, the NFL has a huge culture problem. But you cannot change unless you admit you have a problem. We have seen nothing from the NFL that indicates it believes the problem is beyond John Gruden.

Categories
Daily Compliance News

October 12, 2021 the In a Blue Moon edition


In today’s edition of Daily Compliance News:

  • New head of SDNY.(WSJ)
  • Whistleblower used data as weapon. (WaPo)
  • Toxic culture at Blue Moon? (WaPo)
  • Amazon extends RTW flexibility. (NYT)
Categories
Blog

WPP Enforcement Action: Part 5 – The Lessons Learned

This week we have been exploring the recent Securities and Exchange Commission (SEC) Cease and Desist Order (Order) entered into last week with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Today we conclude with some lessons learned for the compliance professional.
Culture Matters
It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. As I have cited to multiple times in this exploration of WPP, the Order stated, “WPP had no compliance department during the relevant period”. If your company will not have a compliance function, it speaks about as highly as one can about the values and culture of your organization. It could not be put more simply, with no compliance program, your organization does not value having a culture of compliance. Throughout the Order are examples of this lack of value. From the perfunctory first investigation into allegations in India, to the paper compliance program in place, to the lack of preacquisition due diligence from the compliance perspective; it is clear WPP put no value into having a culture of compliance.
Investigations 
The Order made clear that after the initial whistleblower report, “which identified CEO A by name as the architect of the scheme”; WPP then tasked part of the group involved in the actions to investigate the allegations. That group then hired “an Indian partner firm of an international accounting firm ostensibly to investigate the allegations and review India Subsidiary’s processes regarding government contracts and transactions involving government clients.” [emphasis supplied] Who did this investigator rely on for information? The very leaders of the corruption scheme, the WPP-India Chief Executive Officer (CEO) and Chief Financial Officer (CFO).
What were other key deficiencies in the investigation?

  • There was no contact with the identified recalcitrant 3rd
  • The investigative firm relied on information from the parties identified in the whistleblower report.
  • There was no independent verification.
  • There were no conclusions related to the bribery allegations brought forward by the whistleblower.

The WPP matter is an excellent teaching tool for how NOT to perform an investigation.
Mergers and Acquisitions (M&A)
Here WPP apparently engage in none of the M&A components of even a minimum standard for compliance. There was no preacquisition due diligence into any of the entities acquired. Simply doing acquisitions in a high-risk environment is not verboten. But doing so with no compliance is. Moreover, there was apparently no integration of the acquired entities into the WPP compliance program, such as it was. Once again without a compliance function to drive this to the finish, there was no corporate group tasked to finish it out. Obviously, there was no forensic compliance audit of the acquired entities after acquisition as well. I cannot point to a shortcoming of WPP as there were no shortcomings in execution, as there was no effort.
Incentives
When do sales or remuneration incentives become perverse incentives? For Wells Fargo, it came when the corporate hierarchy determined that the proper number of Wells Fargo products was eight per customer and employees continued employment and compensation would depend on hitting that inane number. (Remember the CEO, John Stumpf, said “8 is great!”) WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption. When you couple that with no effective controls, no culture of compliance and outright fraud, you see how WPP came to Foreign Corrupt Practices Act (FCPA) grief.
Whistleblower Reports
The bribery schemes were so blatant that in India there were seven internal whistleblower reports. As stated in the Order, “From July 7, 2015 through September 2, 2017, WPP received seven anonymous complaints alleging – with increasing specificity – two bribery schemes related to India Subsidiary’s work for DIPR.” That is seven, count them seven documented whistleblower reports which had details including names of the participants and the bribery schemes. This failure simply boggles the mind, yet is axiomatic of the culture of WPP.
It is still not clear how WPP came to the attention of the SEC. We do know if it was not through self-disclosure. It may well have been an internal whistleblower. For companies who decry whistleblowers who go public, WPP is Prime Example 1 of why. Moreover, how many whistleblowers would have the continued drive to continue to report illegal conduct after the first report which was dismissed through a sham investigation?
We are now at the end of the WPP sage from the perspective of the SEC enforcement action. I began this series with several questions which still remain open. They include:

  • How was the SEC made aware of WPP’s bribery and corruption?
  • Is there a parallel Department of Justice (DOJ) enforcement action?
  • Where is the Serious Fraud Office (SFO)?
  • How did WPP avoid a monitor?

As these questions remain open, we may well be revisiting WPP again.

Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 1: Culture of Compliance

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series, we will break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 1, I am joined by Tina Rampino who breaks down the big picture on culture.

We began with the basics: that a culture of Compliance is the foundation of an organization’s compliance program. Rampino said it is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by an institution’s Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Rampino detailed some key questions to ask, such as “What is the tone that is set from the most senior levels of the organization? Are employees motivated by doing any and all business no matter the risk? Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?” She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
An effective compliance training program can help to ensure that an institution is regularly addressing new issues and emerging risks. It also helps to ensure that employees have the right knowledge and skills necessary to perform their roles, so they understand the risks within the institution and their business area as well as the consequences of non-compliance. Rampino detailed some of the areas your organization should focus on with the following questions, “Do our training programs match the risks of our institution, and the variety of functions within it?”; “Do our employees have the right experience and training to do their jobs?” and “Are we regularly addressing new issues and ensuring our programs help our teams deal with emerging risks?”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executive and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance.

  1. Tone from the Top.
  2. Establishing and communicating enterprise-wide policies and programs.
  3. Defining clear roles and responsibilities across the three lines of defense.
  4. Ensuring adequate staffing and resources for functions responsible for compliance.
  5. Designing and implementing a comprehensive compliance training program.
  6. Establishing compliance incentives
  7. Creating efforts to embed and sustain a compliance culture.

An institution’s leadership must support all those elements to ensure that employees have what is needed to effectively manage their compliance risk.
We concluded by considering the role both training and communication have in a culture of a compliance program. Interestingly, Rampino said it maybe “the MOST important role because it is a means by which these critical messages are delivered to all employees.” The reason is that a comprehensive compliance training program “not only ensures that employees are aware of their responsibilities, it provides them with detailed information on how they should identify, mitigate, escalate, and report risk.” Moreover, “the most important asset to an institution’s compliance program is truly each and every employee.” Comprehensive and well thought-out training should assist in creating awareness, developing, and refining skills needed to ensure compliance. The training program should reflect the risks within the organization and should evolve as emerging risks are identified.
In terms of an effective communications program, institutions should ensure robust and recurring communication. “One and done” is not an effective way to deliver communications or develop an organizational culture. A robust program issues clear messages in a recurring fashion. Rampino concluded with some key takeaways on communications. First, institutions that want to create a culture of compliance should issue policy alerts and remind staff of changes. Second, information should then be easily accessible and readily available for employees. Finally, town halls, quarterly newsletters, and even short video messages explaining changes can be effective ways to ensure that all staff members understand what they must do to support the institution’s focus on compliance.
For more information, go to K2 Integrity.

Categories
The Compliance Handbook

Culture is the Foundation with Eric Feldman and Vin DiCianni


As we witness the evolution of work environments in the new normal, what will not change is the importance of building culture. Every successful compliance program takes roots in an organization’s values and principles that determine how employees behave and approach situations. In today’s episode of The Compliance Handbook Podcast, host Thomas Fox is joined by industry experts Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI), and Eric Feldman, Senior Vice President of AMI.
✅ Major takeaways discussed in the episode:
✔️  Feldman reminds us that culture is a foundational internal control without which all other controls will fail.  The question is not “why do people commit fraud?” but “why do people comply?”
✔️ Aspire for a culture that motivates rather than just people working for compliance. Incentivize people who make decisions based on ethics and create the kind of environment that makes people want to follow the rules.
✔️ To change an entire company’s culture, you can’t just do it at the top of the organization.Leadership needs to be brought in at different levels of the organization to make it a team approach and effectively apply ethical changes.
✔️ Independent integrity monitors need to be brought in as a third-party assessment to help companies maintain a great culture proactively.
✔️  Be constantly reminded that messaging should be consistently made from the top to the bottom of the organization to establish the culture.
✅ The “Nuts and Bolts” for Creating a Comprehensive Compliance Plan 
This chapter of this unique work lays out a succinct yet thorough one month approach to operationalizing a company’s compliance regimen. Beginning with a section on what 2020 brought to the compliance landscape, each chapter methodically outlines best practices for everything from establishing policies, procedures, and internal controls, to assessing risk, training, handling investigations, and more. Each day ends with three key takeaways you can implement at little or no cost.
✅ Understanding Compliance Responsibility Across the Organization
The Compliance Handbook also takes a close look at all professionals’ roles with compliance responsibility, from Compliance Officers and Boards of Directors to Human Resources, to Internal Audit and Internal Controls and Communications and Training professionals.
✅ In-Depth Treatment of Hot Topics and Trends
The Handbook provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:

  • Compliance and business ventures
  • Third-party risk management
  • The Board’s Role in Compliance
  • Continuous improvement
  • Compliance innovation
  • And much more

✅ Incorporating Current Government Pronouncements
The Second Edition incorporates the most current government pronouncements governing best practices compliance programs, including the 2019 Evaluation of Corporate Compliance Programs released by the Fraud Section of the Department of Justice, and its 2020 Update; the updated FCPA Resource Guide 2nd edition; the Framework for OFAC Compliance Commitments; and the 2019 DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust.
eBooks, CDs, downloadable content, and software purchases are non-cancellable, non-refundable, and non-returnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis + for further legal research options. A valid subscription to Lexis + is required to access this content.
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25

Categories
Daily Compliance News

March 12, 2021 the Fear in Fine Arts edition


In today’s edition of Daily Compliance News:

  • Hundreds of UK firms hacked. (BBC)
  • Kansas AD who hired Les Miles let go. (ESPN)
  • Trump appointed Post Master General wants to wreck mail service even more. (WaPo)
  • What is a culture of fear? (NYT)
Categories
The Affiliated Monitors Expert Podcast

How to Assess Your Culture


In this episode, I am joined by Jay Rosen, VP of Business Development for Affiliated Monitors, Inc.. Corporate culture exists in the space between what an organization professes and what it does. today, we examine any key aspect of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. We consider how to assess your corporate culture.
 Highlights include:

  • Who should perform the assessment of corporate culture?
  • An in-house resource may be seen as more ongoing monitoring than culture assessment.
  • Conversely an independent outside expert may be able to garner more fulsome information of the true state of your corporate culture.
  • Tools to assess the culture of an organization include employee surveys, conversations, visits to field operations.
  • What are the differences, if any, which must be considered when assessing a global company?
  • Why do you need to “fine-tune” a cultural survey to get a good understanding of the company’s culture and obtain meaningful metrics?
  • The bottom line is you should take the temperature of your employees internally by doing regular monitoring of your company to understand its culture and what needs to be done.

For more information on Affiliated Monitors, Inc. check out their website here.
For more information see Jay’s blog post How does a company assess its cultureon Corporate Compliance Insights.