Categories
Compliance Week Conference Podcast

Compliance Week 2024 Speaker Preview Podcast – Vince Walden on the Latest in DOJ Data Analytics Expectations

In this episode of the Compliance Week 2024 Speaker Preview Podcasts series, Vince Walden discusses his panel at Compliance Week 2024, “Aligning your Compliance Program to DOJ’s Data Analytics Expectations.” Some of the issues he will discuss in this podcast and his presentation are:

  • The latest words from the DOJ on data analytics
  • How will the DOJ use data analytics going forward?
  • Seeing old friends and learning about new best practices at Compliance Week 2024

I hope you can join me at Compliance Week 2024. This year’s event will be held April 2-4 at the Westin Washington, DC, Downtown. The line-up is first-rate, with some top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event, offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 19th year, join 500+ compliance, ethics, legal, and audit professionals who gather to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. Compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs, among many others, to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 80+ respected cross-industry practitioners, including CEOs, CCOs, regulators, federal officials, and practitioners, to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from panels on leadership, fraud detection, confronting regulatory change, abiding by cross-border rules and regulations, and the always-favorite fireside chats.
  • Bring actionable takeaways from various session types, including cyber, AI, Compliance, Board obligations, data-driven compliance, and many others, to your program for you to listen, learn, and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount on the registration price. Enter the discount code TFOX2024 for $200 off.

The Compliance Podcast Network produces the Compliance Week 2024 Preview Podcast series. Compliance Week sponsors this series.

Categories
Compliance Into the Weeds

Compliance into The Weeds: The ACFE 2024 Anti-Fraud Technology Benchmarking Report

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt look at the recent ACFE publication of its 2024 Anti-Fraud Technology Benchmarking Report and what it means for compliance professionals.

The ACFE 2024 Antifraud Technology Benchmarking report unveils an intriguing shift towards the use of AI in antifraud analytics, with a significant 83% of respondents planning to adopt generative AI in the coming years. However, the report also highlights a gap in current practices, with only a quarter of organizations utilizing analytics for corruption and bribery detection. Tom views this report as a crucial tool for understanding the evolving landscape of fraud detection. He emphasizes the importance of staying ahead of technological advancements and the potential risks of not having sophisticated tools for managing fraud investigations.

Similarly, Matt underscores the report’s insights into the challenges faced by antifraud professionals. He stresses the importance of aligning analytical capabilities with manpower resources and the critical role of experienced professionals in managing complex issues like bribery and corruption. Both perspectives highlight the need for a strategic blend of technology and human expertise in the ever-evolving world of compliance and audit.

Key Highlights:

  • Generative AI Integration in Antifraud Analytics
  • Generative AI Impact on Fraud Examination Trends
  • AI’s Role in Fraud Detection and Compliance
  • Detecting Financial Fraud Through Advanced Analytics

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

Categories
Data Driven Compliance

Data Driven Risk Management and Fraud Prevention

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than Tom Fox’s award-winning podcast, Data-Driven Compliance. This podcast features an in-depth conversation about the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I take a solo turn to explore how data-driven compliance has moved from cutting-edge compliance to part of a best practices compliance program to becoming table stakes to do business in a multi-national world.

AI and data-driven compliance solutions are revolutionizing risk management and fraud prevention practices, offering advanced analytics, machine learning, and automation to enhance decision-making processes, improve efficiency, and proactively address compliance risks. These tools are essential for companies to navigate the complex regulatory landscape. Understanding the transformative power of data-driven approaches in compliance and risk management is critical for every compliance professional. User adoption is critical, for even the most advanced technology will not be effective if not embraced and utilized by compliance professionals. There is also a need to balance automation and human judgment to ensure the effectiveness of these tools in risk management.

Key Highlights:

  • Data-Driven Compliance Tools for Risk Management
  • Optimizing Decision-Making with AI-Driven Compliance Tools
  • Transformative Data-Driven Fraud Detection and Prevention

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The SAP FCPA Enforcement Action-Part 5: Lessons Learned

We conclude our series on the initial Foreign Corrupt Practices Act (FCPA) enforcement action. It involved the German software giant SAP. While the conduct which led to the enforcement action occurred for a lengthy period of time and was literally worldwide in scope, the response by SAP is to be both noted and commended. The hard and impressive work that SAP did during the pendency of the investigation and enforcement action led to a very favorable result for the company in the reduced amount of its assessed fine and penalty as well as the fact that no monitor was mandated by the Department of Justice (DOJ) or Securities and Exchange Commission (SEC). Today, in our final post, we review key lessons learned from the SAP enforcement action.

Remediation

SAP did an excellent job in its remedial efforts. Whether SAP realized as a recidivist of the dire straits it was in after the publicity in South Africa around is corruption or some other reason, the company made major steps to create an effective, operationalized compliance program which met the requirement of the Hallmarks of an Effective Compliance Program as laid out in the 2020 FCPA Resource Guide, 2nd edition.

The remedial actions by SAP can be grouped as follows.

  1. Root Cause, Risk Assessment and Gap Analysis. Here the company conducted a root cause analysis of the underlying conduct then remediating those root causes, conducted a gap analysis of internal controls, remediating those found lacking; and then performed a comprehensive risk assessment focusing on high-risk areas and controls around payment processes, using the information obtained to enhance its compliance risk assessment process;
  2. Enhancement of Compliance. Here the company significantly increasing the budget, resources, and expertise devoted to compliance; restructuring its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership; enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties; enhanced its reporting, investigations and consequence management processes;
  3. Change in sales models. On the external sales side, SAP eliminated its third-party sales commission model globally, and prohibiting all sales commissions for public sector contracts in high-risk markets and enhanced compliance monitoring and audit programs, including the creation of a well-resourced team devoted to audits of third-party partners and suppliers. On the internal side, SAP adjusted internal compensation incentives to align with compliance objectives and reduce corruption risk;
  4. Data Analytics. Here SAP expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally; and comprehensively used data analytics in its risk assessments.

Data Analytics

The references to data analytics and data driven compliance warrant additional consideration. SAP not only did incorporate data analytics into its third-party program but also expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally. The SEC Order also noted that SAP had implemented data analytics to identify and review high- risk transactions and third-party controls. The SAP DPA follows the Albemarle FCPA settlement by noting that data analytics is now used by SAP to measure the compliance program’s effectiveness. This language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions access to all company data; this is the second time it has been called out in a FCPA settlement agreement in this manner. Additionally, it appears that by using data analytics, SAP was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation; thereby avoiding a monitor.

Holdbacks

Next was the holdback actions engaged in by SAP. The DPA noted, SAP withheld bonuses totaling $109,141 during the course of its internal investigation from employees who engaged in suspected wrongdoing in connection with the conduct under investigation, or who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct and (b) knew of, or were willfully blind to, the misconduct, and further engaged in substantial litigation to defend its withholding from those employees, which qualified SAP for an additional fine reduction in the amount of the withheld bonuses under the DOJ’s Compensation Incentives and Clawbacks Pilot Program.

Self-Disclosure

While this factor was not present in the SAP enforcement action, the message sent by the DOJ could not be clearer on not simply the expectation of the DOJ for self-disclosure but also the very clear and demonstrable benefits of self-disclosure. Under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist, resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the U.S.S.G. fine range but rather at 40% from above the low end. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. It’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

Extensive Cooperation

There were also lessons to be garnered from SAP’s cooperation with the DOJ. While there was no mention of the super duper, extra-credit giving extensive remediation which Kenneth Polite discussed last year; when SAP began to cooperate, it moved to extensively cooperate. The DPA noted SAP “immediately beginning to cooperate after South African investigative reports made public allegations of the South Africa-related misconduct in 2017 and providing regular, prompt, and detailed updates to the Fraud Section and the Office regarding factual information obtained through its own internal investigation, which allowed the government to preserve and obtain evidence as part of its independent investigation…” Most interestingly, the DPA reported that SAP imaged “the phones of relevant custodians at the beginning of the Company’s internal investigation, thus preserving relevant and highly probative business communications sent on mobile messaging applications.” This is clear instruction around messaging apps in FCPA enforcement actions.

Resources

SEC Order

DOJ DPA

Categories
Everything Compliance

Everything Compliance – Episode 127, The Awesome Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have the quartet of Jonathan Armstrong, Matt Kelly, and Jay Rosen, all hosted by Tom Fox, joining us on this episode to discuss some of the topics they are watching in 2024.

  1. Matt Kelly looks at the recently enacted Foreign Extortion Prevention Act (FEPA). He rants about the SEC getting hacked around the Bitcoin ETF announcement and reminds everyone to use two-factor authentication.
  2. Tom Fox shouts out to the University of Michigan for winning the College Football National Championship.
  1. Jonathan Armstrong looks at the intersection of AI and Operational Resilience and ties it to the need for greater Board skills in these areas. He shouts out to Jay Rosen, who is in transition and would be a great addition to any compliance product or service BD team.
  1. Jay Rosen opines on the DOJ’s Expectations for Data Driven Analytics in 2024. He shouts out to Robert Kraft and the New England Patriots for paying departing coach Bill Belichick his full 2024 salary.
  1. Jonathan Marks asks, What does it mean to be on a Board in 2024? He rants about the Philadelphia Eagles.

The members of the Everything Compliance are:

  • Jay Rosen – Jay is Vice President, Business Development, Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks can be reached at jtmarks@gmail.com.

The host, producer, ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

The SAP FCPA Enforcement Action-Part 3: The Comeback

This week we are taking a deep dive into the SAP Foreign Corrupt Practices Act (FCPA) enforcement action. In it, SAP agreed to pay the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) approximately $222 million in penalties and disgorgement. SAP also entered into a three-year Deferred Prosecution Agreement (DPA) with the DOJ. Given the multi-year (2014-2022) length of the various bribery and corruption schemes and worldwide geographic scope, the amounts paid in bribes and benefits garnered by SAP from their corruption; one might charitably wonder how SAP was able to reap such a positive outcome of only a fine and penalty totaling $222 million. We will explore that question today.

Extensive Cooperation

The starting point for this analysis is the DOJ DPA. The first key point to note is there was no self-disclosure by SAP. As the DPA noted, SAP only began to cooperate after investigative reports were made public in 2017 in South Africa about SAP’s bribery and corruption program. However from this point forward SAP moved to extensively cooperate. The DAP noted SAP “immediately beginning to cooperate after South African investigative reports made public allegations of the South Africa-related misconduct in 2017 and providing regular, prompt, and detailed updates to the Fraud Section and the Office regarding factual information obtained through its own internal investigation, which allowed the government to preserve and obtain evidence as part of its independent investigation…”

This cooperation included producing relevant documents and other information to the Fraud Section “from multiple foreign countries expeditiously, while navigating foreign data privacy and related laws;” SAP “voluntarily making Company officers and employees available for interviews;”  and took “significant affirmative steps to facilitate interviews while addressing witness security concerns”; interestingly SAP was required to resolve potential deconfliction issues between the its own internal investigation and the investigation being conducted by the DOJ. The company promptly collected, analyzed, and organized “voluminous information, including complex financial information.” It translated “voluminous foreign language documents to facilitate and expedite review by the Fraud Section and the Office.” Most interestingly, the DPA repored that SAP imaged “the phones of relevant custodians at the beginning of the Company’s internal investigation, thus preserving relevant and highly probative business communications sent on mobile messaging applications.”

The Remediation

The DPA reported extensive remediation by SAP as well and the information provided in the DPA is instructive for every compliance professional. The DPA noted that SAP engaged in the following remedial steps.

  1. Conducted a root cause analysis of the underlying conduct then remediating those root causes through enhancement of its compliance program;
  2. Conducted a gap analysis of internal controls, remediating those found lacking;
  3. Undertook a “comprehensive risk assessment focusing on high-risk areas and controls around payment processes and enhancing its regular compliance risk assessment process”;
  4. SAP documented its use of a “comprehensive operational and compliance data” into its risk assessments;
  5. SAP eliminating “its third-party sales commission model globally, and prohibiting all sales commissions for public sector contracts in high-risk markets”;
  6. “Significantly increasing the budget, resources, and expertise devoted to compliance;”
  7. Restructuring its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership;
  8. Enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties;
  9. Enhancing its reporting, investigations and consequence management processes;
  10. Adjusting compensation incentives to align with compliance objectives and reduce corruption risk;
  11. Enhanced and expanding compliance monitoring and audit programs, planning, and resources, including developing a well-resourced team devoted to audits of third-party partners and suppliers;
  12. Expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally; and
  13. Disciplined “any and all” employees involved in the misconduct.

Obviously, SAP engaged in a wide range of remedial actions. It all started with a root cause analysis. Root Cause analysis was enshrined in the FCPA Resource Guide, 2nd edition as one of the Hallmarks of an Effective Compliance Program. It stated, “The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigation’s structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.”

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s compliance program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls on a go-forward basis. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches. This SAP did during its remediation phase.

Equally of interest are the references to data analytics and data driven compliance. SAP not only did so around its third-party program but also expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally. The SEC Order also noted that SAP had implemented data analytics to identify and review high- risk transactions and third-party controls. The SAP DPA follows the Albemarle FCPA settlement by noting that data analytics is now used by SAP to measure the compliance program’s effectiveness. This language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions access to all company data; this is the second time it has been called out in a settlement agreement in this manner. Additionally, it appears that by using data analytics, SAP was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation; thereby avoiding a monitor.

Next was the holdback/clawback actions engaged in by SAP. The DPA noted, SAP withheld bonuses totaling $109,141 during the course of its internal investigation from employees who engaged in suspected wrongdoing in connection with the conduct under investigation, or who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct and (b) knew of, or were willfully blind to, the misconduct, and further engaged in substantial litigation to defend its withholding from those employees, which qualified SAP for an additional fine reduction in the amount of the withheld bonuses under the DOJ’s Compensation Incentives and Clawbacks Pilot Program.

Finally, the DOJ related that SAP had enhanced and has committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfied the minimum elements set forth in Attachment C to DPA. Based upon all these factors, including SAP’s remediation and the state of its compliance program, and the Company’s agreement to report to the Fraud Section and the Office as set forth in Attachment D to this Agreement, the DOJ “determined that an independent compliance monitor was unnecessary.”

All-in-all a great result by and for SAP for which the company and its compliance team should take great credit in going forward.

Resources

SEC Order

DOJ DPA

Join us tomorrow where we consider fine and penalties.

Categories
Data Driven Compliance

Data Driven Compliance: The Journeys of Albemarle and ABB to Data – Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I co-hosted with Vince Walden, CEO of KonaAI, to visit with our guests Andrew McBride, Chief Risk Officer at Albemarle, and Tapan Debnath, Head of Integrity, Regulatory Affairs, & Data Privacy—Process Automation at ABB, on their respective companies’ journeys to data-driven compliance.

We consider the importance of integrating due diligence systems with business conduct and anticipate 2024 to be a breakthrough year for data-driven compliance. McBride, recognized by the Department of Justice for his work in data-driven compliance, believes in the critical role of data in identifying and responding to risks, testing the effectiveness of compliance programs, and reporting to internal stakeholders. Debnath stressed the need for visibility and alignment with senior business stakeholders during investigations and the use of data analytics platforms to measure integrity and key performance indicators. Join Tom Fox, Vince Walden, Andrew McBride, and Tapan Debnath on this episode of the Data Driven Compliance podcast as they delve deeper into the challenges and importance of data-driven ethics and compliance programs.

Key Highlights:

  • Using data analytics to assess program effectiveness
  • Proactive risk management through continuous monitoring
  • Leveraging due diligence for proactive risk management
  • Data transparency and collaboration for compliance success
  • Transitioning from external dependencies to internal capabilities

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Compliance Program Use of Data Analytics

Matt Galvin, Counsel, Compliance & Data Analytics at the DOJ and one of the experts leading the DOJ’s data analytics initiative, highlighted in another talk, the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning. The DOJ expects companies to adopt a similar data-driven approach to compliance. In her speech, Argentieri speech where she stated, “just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

This means that  while due diligence and background checks are essential, the real risk of fraud occurs during the actual business transactions with third parties. Companies need to go beyond initial checks and continuously monitor high-risk vendors, contract terms, and other relevant data sources. By mapping risks to data sources and implementing effective tests, companies can identify and prioritize risky transactions. The increasing accessibility and cost-effectiveness of data analytics have made it a viable option for companies of all sizes. It can help companies demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency. The importance of continuous data analysis in compliance programs was highlighted by the Bank of America CFPB enforcement action.

However, implementing a data-driven compliance program comes with its own set of challenges. There is still confusion among the compliance community regarding what data analytics entails and how it should be applied. Data-analytics should be seen as a process-oriented approach rather than treating it as a one-time project. Data analytics should be integrated into the compliance program as a continuous business process, similar to third-party due diligence.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of the use of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained.

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

The Argentieri speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.

The DOJ’s increasing use of data analytics for proactive enforcement has far-reaching implications. Companies must recognize the importance of adopting a data-driven approach to compliance and invest in the necessary resources and technology. By doing so, they can not only meet the DOJ’s expectations but also improve the effectiveness of their compliance programs and mitigate the risk of fraud.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 7 – Compliance Program Use of Data Analytics

Matt Galvin, Counsel, Compliance & Data Analytics at the DOJ and one of the experts leading the DOJ’s data analytics initiative, highlighted in another talk the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning. The DOJ expects companies to adopt a similar data-driven approach to compliance. In her speech, Argentieri stated, “Just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

Three key takeaways:

1. This also means that data analytics in the compliance function has moved from cutting edge to best practice. It soon may simply mean table stakes for compliance.

2. The DOJ is seeking to incentivize an acquiring company to timely disclose misconduct uncovered during the M&A process.

3. The DOJ has made it clear that under this new Mergers & Acquisitions Safe Harbor Policy, organizations that do not perform effective due diligence or self-disclose misconduct at an acquired entity will be subject to full successor liability.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 1 – What 2023 Brought to Compliance

2023 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate enforcement actions under the Foreign Corrupt Practices Act (FCPA), there were significant announcements from the Department of Justice (DOJ) that directly impacted compliance professionals and compliance programs.

The first came in January, and it was an update to the Evaluation of Corporate Compliance Programs (2023 ECCP). Next, we heard speeches about the increased focus on clawbacks and other areas of consequence management. In October, Deputy Attorney General (DAG) Lisa Monaco introduced a new Mergers & Acquisitions Safe Harbor Policy in October. Finally, in late November, Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarks at the 39th International Conference on the Foreign Corrupt Practices Act (FCPA) on the use of data analytics in a compliance program and DOJ expectations going forward.

The 2023 ECCP brought forward several new initiatives laid out in the 2020 Update to the Evaluation of Corporate Compliance Programs, including additions and deletions.

In October 2023, Deputy Attorney General Lisa Monaco announced a new policy regarding M&A. It is a Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company.

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA, reported that the DOJ is stepping up its own use of data analytics to identify instances of corporate misconduct and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and SEC are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field. She made several important points for all compliance professionals, which will be significant going forward into 2024 and beyond.

Three key takeaways:

1. 2023 was a key year for the DOJ’s evolution in its views on compliance programs.

2. Clawbacks, incentives, and consequence management have become more important.

3. The new DOJ safe harbor initiative for M&A raises many questions.