Categories
31 Days to More Effective Compliance Programs

Day 1 – What 2022 Brought To Compliance Programs

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2023, I will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, three actions were significant, with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism. In Glencore, we saw what happens to a company that engages in worldwide systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit, which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company could take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies on the Foreign Corrupt Practices Act (FCPA) enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was additional commentary by Principal Associate Deputy Attorney General Marshall Miller in a speech and by Assistant Attorney General Kenneth A. Polite. Every compliance professional should know them in detail as they significantly turn the heat up on corporate compliance programs. The Monaco Memo is further clarification and guidance for line prosecutors when considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing, which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. The DOJ hired Matt Galvan to help develop data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance professional in data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.

 Three key takeaways:

1. Key FCPA cases in 2022 were Glencore, ABB, and Stericycle.

2. The Monaco Memo refocused the DOJ’s efforts on FCPA and other white-collar crime and put the heat on compliance programs.

3. The DOJ’s hiring of Matt Galvan will focus on the DOJ’s expertise in data analytics and their employment in compliance programs.

Categories
FCPA Compliance Report

Ty Francis on LRN Acquisition of Compliance Learning Solutions

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I visit with Ty Francis, the Chief Advisory Officer at LRN. We discuss the just-announced LRN acquisition of the Compliance Learning business unit from Thomson Reuters. The acquisition will further establish LRN’s position as the largest global provider of E&C program management and learning solutions serving over 2,500 companies and tens of millions of learners. It will place LRN literally across every continent, including a larger strategic presence in Asia-Pacific markets. This acquisition also enhances LRN’s capabilities and expertise in the financial services marketplace and will help accelerate several of its vertical market product strategies. Some of the highlights include:

  • How this acquisition allows LNR to bring compliance training to where a customer’s employees are located.
  • How this acquisition will facilitate data-driven compliance.
  • Why a holistic, worldwide scope for compliance learning will be a business positive.
  • How this acquisition will meet the continued growth in the regulatory landscape on a global basis.

Resources

LRN

Categories
The Compliance Life

Bridget Abraham-Reflections on a Non-Traditional Compliance Career Path

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

In this concluding episode, Bridget reflected on her non-traditional path to the CCO chair. She also discussed the compliance challenges of moving money around the globe and doing so with less friction. She recalled some of the key mentors who had helped her career path and concluded with thoughts on how and why a corporate compliance program needs to use data to tell its story.

Resources

Bridget Abraham LinkedIn Profile

Categories
Blog

Oracle: FCPA Recidivist Part 5 – What Does It All Mean?

In this post, we conclude our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving the now recidivist Oracle Corporation. This enforcement action was concluded with the Securities and Exchange Commission (SEC) resulting in an Order. After having examined the background facts and bribery schemes in some details, we turn to what does it all mean for FCPA enforcement going forward and what lessons can the compliance profession draw from Oracle’s missteps.

Paper Programs Fail

One of the most prominent lessons to be garnered from this matter is that paper compliance programs Do Not Work. That may sound like perhaps the most basic truism in all of compliance but here we are in 2022, looking at a major multinational organization which had a ‘check-the-box’ compliance program around distributors and it eventually bit them in the backside.

After having its first FCPA enforcement action in 2012 involving distributors in India, where deep and unwarranted discounts were used to create a pot of slush funds to pay bribes, Oracle instituted a requirement for a ‘second set of eyes’ outside the business unit for unusual or excessive discounts. According to its policies regarding distributors, a valid and legitimate business reason was required to provide a discount to a distributor. Oracle used a three-tier system for approving discount requests above designated amounts, depending on the product. In the first level, Oracle at times allowed subsidiary employees to obtain approval from an approver in a subsidiary other than that of the employee seeking the discount. At the next level and for higher level of discounts, Oracle required the subsidiary employee to obtain approval from another geographic region and the final level (and for the highest discounts) was from someone at the Oracle corporate headquarters. So far so good.

The problem was there was no requirement for evidence of a business justification to support the requested discount. The Order noted, “Oracle reviewers could request documentary support, Oracle policy did not require documentary support for the requested discounts – even at the highest level.” A statement of why you need a discount without any supporting documents as evidence is simply that – a statement. In other words, there was no way for a higher-level approver to determine if such a request was valid or fraudulent. Ronald Reagan was on to a basic compliance concept when he intoned “Trust, but verify.” Those words still ring true as a basic requirement in any compliance program.

Data Analytics

The Oracle enforcement action emphasized why data analytics is mandatory for any current compliance program. In addition to creating slush funds through discounts to distributors, slush funds were created through fraudulent reimbursement requests for expenses associated with marketing Oracle’s products. If the request were under $5,000, business unit level supervisors at the subsidiaries could approve them without any corroborating documentation indicating that the marketing activity actually took place. In one example from the Order, it noted that an Oracle Turkey sales employees obtained such fraudulent reimbursements totaling approximately $115,200 in 2018 that were “ostensibly for marketing purposes and were individually under this $5,000 threshold.” There was apparently no one looking to see who and how often these reimbursement requests were made by any single employee or approved by any supervisor.

This is as basic a fraud scheme as one can imagine. Think of employee gift, travel and entertainment (GTE) reimbursement where anything over $100 must be preapproved. One BD type or one business unit routinely submits requests after purchases of $99.99 so no preapproval is required. The supervisor approves it, and it is automatically paid to the employee. One reimbursement at $99.99 may not raise a red flag but multiple requests should. The same concept holds true in this situation. However, no one at Oracle was looking at this bigger picture. This is where a data analytics program would pick up such anomalies and flag it for closer inspection and investigation. Oracle appears to have realized this through part of its remediation which included the implementation of a compliance data analytics program moving to proactive auditing.

Internal Control Upgrades

Putting in compliance enhancements to remediate your control failures is a key part to any FCPA enforcement resolution. In this area, there were improvements in the following capacities: (a) in distributor discounting by improving aspects of the Oracle discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls; (b) in the Oracle procurement process through the increased oversight of, and controls on, the purchase requisition approval process; (c) by the removal of perverse incentives by limiting financial motivations and business courtesies available to third parties; (d) in basic gifts, travel and entertainment policies (GTE) by improving its customer registration and payment checking processes in connection with Oracle technology conferences.

Basic GTE

I cannot believe that in 2022 we are talking about companies that still do not have the most basic GTE policies in force. Since at least 2007, the Department of Justice (DOJ) made clear what was appropriate in business travel, business courtesies and business entertainment. Oracle’s 112 Project decidedly was not as it was designed to appear as a business trip to Oracle’s home office (then in California) related to Oracle’s bid on a project. However, the trip was designed to be a sham to hide boondoggle travel for four government officials. The alleged business meeting at the corporate headquarters lasted only 15 minutes and for the rest of the week, the Oracle BD folks entertained the government officials in Los Angeles and Napa Valley and then took them to a “theme park” in the greater Los Angeles area. Any travel involving government officials or any other covered persons under the FCPA should be submitted to and approved by your compliance function, including costs and the itinerary.

There was much to consider from the SEC enforcement action under the FCPA involving Oracle. We still have not heard from the DOJ. There may be more to come….

Categories
Great Women in Compliance

Megan Zwiebel – Data, Behavioral Science and the Compliance Function

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

In this episode of Great Women in Compliance, Lisa speaks with Megan Zwiebel, who is Director of Operations & Delivery at R&G Insights Lab, which is an analytics and behavioral science practice, affiliated with the law firm Ropes & Gray. Megan started her career at a large law firm at a litigator, and used her natural curiosity and skill set to move into journalism, and now into her current role, where she and the team are helping to build innovative and practical solutions for organizations and legal practices in using data and science.

In this discussion, Megan talks about how the R&G Insights Lab compliments traditional law firm work, and how it is different, with respect to supporting E&C programs. She talks about the importance of “telling the story,” and how we can best use these tools to build our programs and to work cross-functionally.

Like Lisa, Megan started her career at a large law firm, and they discuss some of their similar and different experiences in those first jobs, and how that impacted their work and career trajectories. She shares some of the law firm evolution she has seen, and how women in leadership is inspiring and impacts law firm culture.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.

You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
The Walden Pond

An Interview with Myself – How My Forensic Data Analytics Career Led Me to Kona AI

 

Host Vincent Walden goes solo as he shares his story of changing careers and discusses the direction he plans to take his new company in. Vincent is using his 20+ years as a legal, compliance and investigation technology innovation expert to lead Kona AI as its new CEO. Kona AI is the most innovative, AI-driven, cost-effective, and easy-to-use compliance and anti-fraud technology solution to mid and large companies on the market.

 

 

In the last months of his role as Managing Director at Alvarez & Marsal, he came to the realization that the Kona AI platform, which they had been using to help companies find improper payments, needed to be scaled. Now, he and his colleague Matt Galvin are collaborating with MIT to build an algorithm-sharing consortium of leading companies.

 

Resources

To learn more, and contact Vincent Walden, please visit Kona AI

 

Categories
The ESG Report

The Legal Side of ESG with Christian Perez Font


 
Christian Perez Font has appeared on many of Tom Fox’s podcasts. He is the managing partner of Thinkeen Legal, a revolutionary law firm that specializes in corporate and commercial law, domestic and cross-border transactions, and compliance with a focus on startups, and small and mid-sized companies. He specializes in using data to help clients do traditional legal tasks. Thinkeen Legal’s main focus is the healthcare industry. In this episode, Christian and Tom discuss organizations’ legal approach to ESG. 
 

 
Compliance Through The ESG Lens
Tom asks Christian how he approaches M&A and compliance from an ESG perspective. Christian responds that when he looks at data and legal projects, he thinks about the data from two perspectives. “First you need to think of data as fuel because it’s what keeps your compliance cycle going on, your business cycle going on; but also as a measure of progress towards a certain goal.” The same goes for a company’s ESG program, he says. He explains that it is crucial to have fixed goals for each part of your ESG program as well as a way to measure your progress toward those goals. In an ESG program, you may have to analyze large sums of data in some cases, and in other cases the data may be very limited. He tells Tom, “When we talk about data in the governance side of things, you’re probably going to have fewer amounts of data to track than if you’re thinking about social responsibility.” 
 
The Nexus Between Healthcare Compliance and ESG
Thinkeen Legal is known for its work in the healthcare compliance industry, so Tom asks how data, healthcare, compliance, and ESG intersect. Christian explains that there’s a big intersection of ESG and compliance on the social responsibility side and governance sides.  He remarks, “When looking at acquisition as an investor, one of the things you want to look at is the social responsibility program to know if this is the company you want to invest in from a corruption standpoint… In the healthcare sector, we’ve seen some companies use social responsibility initiatives for improper purposes.” Therefore, he advises that good asset management – which is a part of a governance system – can provide you with useful information from a compliance perspective about what is happening in relation to ESG in the company. 
 
ESG and Data Analytics 
Tom asks Christian about the importance of ESG audits and the importance of the data you collect. Christian replies that auditors play a crucial role in data tacking by having to intimately understand the trends the company is tracing. “Data analytics and tracking play a major role in business acquisitions,” he points out. “Know as much as you can about the other. Understand the company’s ESG program and have a clear grasp of its social responsibility and environmental footprint.”
 
Resources 
Christian Perez Font | LinkedIn | Twitter 
Thinkeen Legal | Twitter | Instagram  
 

Categories
FCPA Compliance Report

Claire Worledge on Data Analytic Secrets


In this episode of the FCPA Compliance Report I visit with Claire Worledge. Claire is an internal auditor by professional training. She is the author of Data Analytic Secrets. We visit about her book and her work to bring greater visibility to data analytics to the internal audit profession and the wider compliance profession. Some of the highlights include:
What is data visualization?
What do you see as the role of data analytics in internal audit?
Why Claire wrote Data Analytic Secrets  and the audience for the book.
How can data analytics and visualization be used in fraud prevention?
How about anti-corruption/anti-bribery programs?
How can internal audit be best used in an anti-corruption/anti-bribery program?
What is the intersection of internal audit and internal control?
Resources
Claire Worledge on LinkedIn
Aufinia website

Categories
This Week in FCPA

Episode 298 – the NBA Playoffs Are Here edition


As the Celtics win Game One with a buzzer beater, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the NBA playoffs are here edition.
 Stories

  1. Mike Volkov takes a deep dive into the recent DOJ trial record. In a 3-part series on Corruption Crime and Compliance.
  2. Sexual harassment case too implausible for Hollywood? Adam Manno in the Daily Mail.
  3. KT Corp FCPA enforcement action analysis. Lawyers from Debevoise in Compliance and Enforcement.
  4. Stericycle FCPA settlement. DOJ Press Release. Harry Cassin the FCPA Blog. Tom begins a 3-part series on the FCPA Compliance Report.
  5. Data analytics informs SEC enforcement action. Jaclyn Jaeger in Compliance Week.
  6. SEC Chair Gensler reflects on 1st year of Chairmanship? Ephrat Livny in NYT.
  7. Into the crystal ball on climate disclosures. Mai-Khoi Nguyen-Thanh and Taylor Wirthin CCI.
  8. Should Elon Musk have been stopped long ago? Francine McKenna in Time.
  9. What should be on your audit committee agenda for 2022? Maureen Bujno, Krista Parsons and Kimia Clemente in Harvard Law School Forum on Corporate Governance.
  10. Putting the ‘G’ first in ESG. Lawrence Heim in practicalESG

 Podcasts and More

  1. Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during a FCPA investigation and thereafter. In Part 2 we took a deep dive into the Lisa Monaco speech and what it means for compliance professionals.
  2. What is the only podcast dedicated to the intersection of Compliance and ESG? It’s the Compliance ESG Podcaston the CPN. Check out this week’s episode with Erika Peters of Exiger on the ESG Standards. For your added viewing pleasure check out the video pod on YouTube.
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. In Part 3, Susan moves into the CCO chairs at AECOM.
  4. Are you a MCU fan? If so check out the latest 2 episodes of Popcorn and Compliance-the MCU Series as Tom and Megan Dougherty are going through the full MCU in chronological, not release date order. The latest two episodes are Black Widow and Black Panther.
  5. Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the discount code TFLAW $200 OFF. More here.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
The Ethics Movement

Converge21 Workshop Edition-Julia Arbery on Demystifying Data & Analytics


Welcome to The Ethics Movement, special podcast series highlighting Converge21 The Workshop Edition. This podcast series will feature some of the speakers at the event. You can find out more information about the event and register here. In this podcast, I visit with Julia Arbery, a partner at StoneTurn who will help the discussion on the Workshop, Demystifying Data & Analytics: Leverage What you Have for Effective Risk Management. You have collected this data from my program, now what? The panel will use sample data sets to outline a foundation for data driven risk management. Join us for a dynamic Workshop.