Tag: DOJ

Categories
Blog

Data-Driven Compliance – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white-collar crime. We are not just waiting for companies to self-report, for witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

But as with all new initiatives in compliance, one must emphasize the importance of starting a compliance journey with a formal risk assessment. Guevara suggested collaborating with various departments within the organization, such as accounts payable, receivables, internal audit, and business operations, to understand the risks associated with different processes. This collaborative effort helps identify compliance controls that need to be in place and ensures that the data required for analysis is available.

While low-hanging fruit may seem like an attractive starting point, Guevara cautioned against solely focusing on easy wins. He advised against presenting a weak business case to secure budget approval for compliance projects. Instead, he recommended conducting a comprehensive compliance risk assessment to prioritize areas that require immediate attention. This approach ensures that compliance efforts are aligned with your organization’s overall risk management strategy.

Data analytics play a crucial role in enhancing compliance efforts. By leveraging data analytics tools and techniques, compliance professionals can identify patterns, detect anomalies, and uncover potential compliance risks. However, Guevara highlighted the importance of validating suspicious transactions before raising concerns. It is essential to conduct due diligence and thoroughly investigate any potential issues to maintain financial integrity and credibility.

Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. It is crucial for compliance professionals to stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 

Categories
Daily Compliance News

Daily Compliance News: December 13, 2023 – The Not Soft on Crime Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • DOJ says it’s not soft on corporate crime. (WSJ)
  • COP28 reaches a historic deal. (FT)
  • The lure of corruption is omnipresent. (Catholic News Agency)
  • The epic verdict adds to Google int’l antitrust woes. (Reuters)
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 7 – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division.

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. Compliance professionals must stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 Three key takeaways:

1. Nicole Argentieri, acting assistant attorney general for the Criminal Division, said,  “Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

2. . Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks.

3. Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Data Analytics, BoA and DOJ Pronouncements

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into data analytics and highlight the Bank Of America CFPB enforcement action for failures in a data analytics program.

Data analytics is a powerful tool in the realm of compliance and risk management, providing invaluable insights that can help organizations identify potential risks and assess the effectiveness of their compliance programs. Tom emphasizes the importance of continuous monitoring using data analytics, citing a case where Bank of America was fined $12 million due to poor use of data analytics. He advocates for the use of analytics algorithms as ongoing monitoring tools and encourages business units to take an active role in managing their risks. Matt underscores the significance of data analytics in identifying and managing compliance risks. He echoes Fox’s sentiments on the need for continuous monitoring and the involvement of business units in risk management.

They also note that both the DOJ and SEC are ramping up their focus on data analytics for corporate compliance, setting higher expectations, especially for larger corporations. This shift is not only transforming the landscape of corporate compliance but also reshaping the way companies approach self-disclosure of misconduct. Join Fox and Kelly on this episode of the Compliance into the Weeds podcast as they delve deeper into the implications of the DOJ and SEC’s increasing focus on data analytics for corporate compliance.

Key Highlights:

  • The Importance of Continuous Data Analytics
  • Bank of America’s Compliance Risk Management
  • Effective Monitoring and Surveillance in Financial Services
  • DOJ’s Expectations for Corporate Data Analytics
  • Uncovering Fraud Through Data Analytics

Resources:

Matt’s blog posts in Radical Compliance

A $12M Lesson on Data Analytics

Some Vague Hints on Analytics, FCPA 

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Argentieri on the Use of Data Analytics

Last week, Nicole Argentieri, acting assistant attorney general for the Criminal Division, speaking at the ACI National FCPA reported that the Department of Justice (DOJ) is stepping up its own use of data analytics to identify instances of corporate misconduct, and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and the Securities and Exchange Commission (SEC) are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field.

The DOJ has been using data analytics to uncover cases of corporate misconduct, including violations of the Foreign Corrupt Practices Act (FCPA). Acting Assistant Attorney General Nicole Argentieri, highlighted the department’s efforts to improve its data analytics game and its use of analytics to find cases of corporate misconduct. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.” While the DOJ has successfully prosecuted individuals for FCPA violations using data analytics, there is yet to be a high-profile corporate FCPA violation case that has arisen from the department’s own data analytics.

On the other hand, the SEC has a dedicated data analytics team called the EPS team, which has uncovered cases of accounting fraud and insider trading. The SEC’s data-rich environment and lower burden of proof on the civil side have allowed them to successfully prosecute cases using data analytics. This demonstrates that regulators can effectively utilize data analytics to identify corporate misconduct.

The increasing focus on data analytics by the DOJ and SEC has implications for companies. The better a company is at data analytics, the more pressure it may face for voluntary self-disclosure of misconduct. Good data analytics can bring risks or incidents of misconduct to light, and once they are discovered, companies cannot ignore them. The 2023 Evaluation Of Corporate Compliance Programs (2023 ECCP) instructs prosecutors to inquire about a company’s use of data analytics in identifying misconduct. This puts pressure on companies to proactively address and disclose any misconduct they uncover through data analytics.

This also means that data analytics in the compliance function has moved from cutting edge to best practice. It soon may mean simply table stakes for compliance. In the 2020 ECCP, the DOJ mandated the compliance function have access to all corporate data and be able to break through data siloes in their organizations. Any company which does not have a data analytics capability may be in for a long road to hoe if the DOJ or SEC comes knocking.

However, not all companies have sophisticated data analytics programs in place. The DOJ recognizes that smaller firms may not have the same level of resources and expects a certain level of sophistication tailored to a company’s size. Larger companies, especially Fortune 500 companies, are expected to have more sophisticated data analytics capabilities, including business intelligence units and advanced technology. The expectations for more sophisticated analytics are higher for these companies.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained. (Matt Kelly took a deep dive into the BoA enforcement action in this week’s edition of Compliance into the Weeds.)

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

Argentieri’s speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.

Categories
Blog

Assessing and Improving Corporate Culture Through the Culture Audit™

I am hugely pleased to announce a dynamic new tool for compliance professionals, the Culture Audit™ which is a software tool designed to help companies evaluate their corporate culture and identify areas for improvement. Developed by Sam Silverstein, founder of the Accountability Institute, the Culture Audit™ allows a compliance professional or any business to assess their corporate culture quickly and efficiently as mandated by the Department of Justice (DOJ). (Full disclosure-I do work for and with Sam Silverstein and the Accountability Institute.)

Beginning with the speech by Deputy Attorney General Lisa Monaco in October 2021, the recognized the need for companies to assess, manage, monitor and improve their corporate culture. This was memorialized in the 2023 update to the Evaluation of Corporate Compliance Programs (ECCP), announced in January 2023. In the ECCP, the DOJ asks these following questions how often and how does a company measure a culture of compliance? What are your hiring and incentive structures around compliance? What steps have you taken in response to your measurements of compliance?

All these questions posed by the DOJ lead to the requirement that every company needs to assess their culture, because the DOJ is going to do in any enforcement action or review. However, it can be done using the same compliance processes currently in place, as culture is just like any other risk. As a risk, it can be assessed. This is why the Culture Audit™ is such a game-changer in compliance as it provides you a software tool to perform that initial risk assessment. When you have assessed a risk, then you can start to put together a risk management strategy in place. With your culture strategy in place, you can train your employees on it and then monitor their performance, determining the results. From there you can improve your culture strategy as needed. But it all starts with a culture assessment, and that’s what the Culture Audit™ allows you to do.

The Culture Audit™ can be set to 20 languages, which makes this the best possible tool, not just for international companies, with offices around the world, but also those in places like in South Dakota, where there might be a production facility and there could actually be three or four languages spoken on the production floor. This allows all employees in an organization the opportunity to communicate, to provide the vital feedback, and makes this a very powerful tool.

The Culture Audit™ is simple for all employees to use as a link is provided used throughout the organization. Moreover, it is an anonymous survey. The Culture Audit™ does collect any specific Personal Identifiable Information (PII). The Culture Audit™ does not know who is responding, and there is no ability to track back to individual employees. This provides an environment where employees are free to share what they really think about the organization, what they really feel about what’s happening inside in their workplace culture.

The Culture Audit™ measures various aspects of a company’s culture, including compliance practices, hiring processes, and employee engagement. It generates a comprehensive report that highlights gaps and provides actionable steps for improvement. The tool is particularly beneficial for global organizations as it supports international language communication.

One key feature of the Culture Audit™ is its emphasis on auditability and transparency. In the event of a regulator’s inquiry, the Culture Audit™ provides a detailed report that can be shared to demonstrate the company’s commitment to assessing and improving its culture. The questions and the results are fully auditable. The raw data collected during the audit is also retained for future reference, allowing organizations to track their progress over time.

One of the key benefits of the Culture Audit™ is its ability to identify areas for improvement and provide actionable insights. The Culture Audit™ report includes an action plan that guides organizations on specific areas to focus on and steps to take for improvement. Silverstein emphasized that all companies should be either improving because they are underperforming or reinforcing what they are already good at. By continuously reinforcing positive aspects of their culture, organizations can prevent a decline over time.

The Culture Audit™ can also be a valuable tool for companies considering acquisitions. By using the tool to assess the culture of a potential target, companies can gain insights into the target’s values, ethics, and decision-making processes. This information can help inform the decision-making process and identify potential risks or areas of alignment.

The Culture Audit™ is a true game-changer in compliance as it provides organizations with a powerful tool to assess and improve their corporate culture. By measuring various aspects of culture, providing actionable insights, and emphasizing auditability and transparency, the Culture Audit™ helps organizations create a positive and productive workplace environment. With the increasing focus on corporate culture by regulators, the Culture Audit™ can also help companies demonstrate their commitment to ethical behavior and compliance. By utilizing this tool, organizations can drive better leadership, improve employee engagement, and ultimately enhance their bottom line.

Resources

Culture Audit

Set up a call to discuss the Culture Audit, click here

Categories
Daily Compliance News

Daily Compliance News: December 1, 2023 – The Data – Driven Enforcement Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • The DOJ will use more data-driven enforcement in FCPA cases. (DOJ Press Release)
  • Sam Altman outlines plans for OpenAI going forward. (NYT)
  • Russian soldiers are using bribery to escape combat. (Novaya Gazeta)
  • Ohio Governor DeWine to be deposed in FirstEnergy civil litigation (Ohio Capitol Journal)
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Culture: Day 16 – How a Culture of Speak Up Improves Corporate Culture

What is a speak-up culture, and how does it improve the overall corporate culture? A speak-up culture is a work environment where open communication is encouraged, fostering trust and innovation. This culture is built on leadership that values listening and employee involvement in problem-solving. One of the key factors in fostering a speaking-up culture is protecting employees from retaliation. Anti-retaliation policies and procedures, training for middle managers, and a consistent, transparent process for investigating concerns are crucial to maintaining this culture. The fair process doctrine, which emphasizes transparency, consistency, and protection from retaliation, plays a significant role in building trust, encouraging engagement, and enhancing the overall organizational culture.

Empowered Employees. When employees feel empowered to contribute their ideas, it can lead to significant positive outcomes for the organization. However, fostering a speak-up culture goes beyond just listening. Retaliation should never be tolerated, and organizations must make it clear that it will not be accepted under any circumstances.

Role of Middle Managers. Middle managers play a vital role in fostering a speak-up culture. They need to be trained to listen, accept information, and report it to the appropriate channels.

Consistency and transparency. Consistency and transparency in the investigation process are also key components of a speak-up culture. Organizations must have a clear process in place for investigating concerns, and employees should be aware of this process.

Fostering a speak-up culture in the workplace is crucial for building trust, encouraging engagement, and enhancing the overall organizational culture. It requires leadership that values listening and employee involvement, as well as policies and procedures to protect employees from retaliation. Middle managers play a vital role in supporting employees and facilitating open communication. Consistency and transparency in the investigation process are essential for building trust and ensuring that employees feel comfortable bringing forward their concerns. By fostering a speak-up culture, organizations can create a culture where employees feel empowered to contribute their ideas and make a positive impact on the workplace.

 Three key takeaways:

1. Having a reporting system is important but listening is equally critical.

2. Employees must be protected from retaliation.

3. Fostering a speak-up culture can create a culture where employees feel empowered to contribute their ideas and make a positive impact on the workplace.

Do you want to improve your culture? How can you assess your culture and develop a strategy to improve it going forward? Check out the new tool, The Culture Audit. For more registration, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Binance Pays $4+ Billion for Criminal Acts

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the Binance enforcement action brought by the DOJ, OFAC, FinCEN, and the CFTC.

In a landmark case that has sent shockwaves through the cryptocurrency industry, Binance, the world’s largest cryptocurrency trading platform, has been slapped with a staggering $4.3 billion fine for intentionally violating anti-money laundering laws and other financial regulations. Tom views this as a significant turning point, marking the end of the libertarian experiment around cryptocurrency and alternative financial systems. He believes that the hefty penalties imposed on Binance, along with other smaller enforcement actions in the crypto world, are a clear message from regulators that the crypto sector must comply with US laws and regulations.

Matt echoes Fox’s sentiments, emphasizing that the enforcement actions against Binance and other cryptocurrency ventures signify the end of the libertarian experiment around cryptocurrency. He underscores the deliberate and intentional nature of Binance’s violations, stating that they knowingly deceived and evaded compliance regulations. Join Tom Fox and Matt Kelly on this episode of the Compliance into the Weeds podcast as they delve deeper into this case and its implications for the cryptocurrency industry.

 Key Highlights:

  • Binance’s $4.3 Billion AML Violation
  • Deceptive Evasion of Regulations in Cryptocurrency
  • Extensive Monitorship to Address Compliance Deficiencies
  • Binance’s Non-Compliance Leads to Legal Consequences
  • Personal Liability of the CCO
  • End of Crypto?

 Resources:

Matt’s blog post in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance: Audrey Harris – The Woman in the Arena

Audrey Harris, this week’s guest, shared a quote with us that is very meaningful to her. It is from Theodore Roosevelt, about “The Man in the Arena. Since this is #GWIC, we have expanded this to the women in the arena. That is the woman who is actually in the arena, not the critic or the person who waits to offer suggestions or say what can be done better after the hard calls are made and who strives to do the work and…spends herself on a worthy cause; who at the best knows, in the end, the triumph of high achievement, and who at the worst, if she fails, at least fails while daring greatly, so that her place shall never be with those cold and timid souls who neither knows victory nor defeat.”

Audrey Harris is the woman in the arena. She is Managing Director, of  Global Anticorruption, Compliance, Ethics & Non–Financial Risk at Affiliated Monitors, Inc., was formerly at two world-class law firms, and has also been a Chief Compliance Officer. She has made hard decisions in real-time and now helps organizations do the same.

In this episode, Lisa and Audrey talk more about what the woman in the arena does and why Ethics and Compliance Officers are truly the people in the arena. Audrey will also provide insight on the most recent US Department of Justice statement, whether it really is the “Monaco Memo 3.0,” and her views about what is significant in the memo and the guidance it provides.

 The arena for GWIC next week is US Thanksgiving, so we are off but will see you with a great episode on November 29.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance-related offerings. GWIC is also sponsored by Corporate Compliance Insights, where we have a page where you can hear every episode. If you are enjoying this episode, please rate it and/or provide a review.

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.