Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Culture: Day 16 – How a Culture of Speak Up Improves Corporate Culture

What is a speak-up culture, and how does it improve the overall corporate culture? A speak-up culture is a work environment where open communication is encouraged, fostering trust and innovation. This culture is built on leadership that values listening and employee involvement in problem-solving. One of the key factors in fostering a speaking-up culture is protecting employees from retaliation. Anti-retaliation policies and procedures, training for middle managers, and a consistent, transparent process for investigating concerns are crucial to maintaining this culture. The fair process doctrine, which emphasizes transparency, consistency, and protection from retaliation, plays a significant role in building trust, encouraging engagement, and enhancing the overall organizational culture.

Empowered Employees. When employees feel empowered to contribute their ideas, it can lead to significant positive outcomes for the organization. However, fostering a speak-up culture goes beyond just listening. Retaliation should never be tolerated, and organizations must make it clear that it will not be accepted under any circumstances.

Role of Middle Managers. Middle managers play a vital role in fostering a speak-up culture. They need to be trained to listen, accept information, and report it to the appropriate channels.

Consistency and transparency. Consistency and transparency in the investigation process are also key components of a speak-up culture. Organizations must have a clear process in place for investigating concerns, and employees should be aware of this process.

Fostering a speak-up culture in the workplace is crucial for building trust, encouraging engagement, and enhancing the overall organizational culture. It requires leadership that values listening and employee involvement, as well as policies and procedures to protect employees from retaliation. Middle managers play a vital role in supporting employees and facilitating open communication. Consistency and transparency in the investigation process are essential for building trust and ensuring that employees feel comfortable bringing forward their concerns. By fostering a speak-up culture, organizations can create a culture where employees feel empowered to contribute their ideas and make a positive impact on the workplace.

 Three key takeaways:

1. Having a reporting system is important but listening is equally critical.

2. Employees must be protected from retaliation.

3. Fostering a speak-up culture can create a culture where employees feel empowered to contribute their ideas and make a positive impact on the workplace.

Do you want to improve your culture? How can you assess your culture and develop a strategy to improve it going forward? Check out the new tool, The Culture Audit. For more registration, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Binance Pays $4+ Billion for Criminal Acts

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the Binance enforcement action brought by the DOJ, OFAC, FinCEN, and the CFTC.

In a landmark case that has sent shockwaves through the cryptocurrency industry, Binance, the world’s largest cryptocurrency trading platform, has been slapped with a staggering $4.3 billion fine for intentionally violating anti-money laundering laws and other financial regulations. Tom views this as a significant turning point, marking the end of the libertarian experiment around cryptocurrency and alternative financial systems. He believes that the hefty penalties imposed on Binance, along with other smaller enforcement actions in the crypto world, are a clear message from regulators that the crypto sector must comply with US laws and regulations.

Matt echoes Fox’s sentiments, emphasizing that the enforcement actions against Binance and other cryptocurrency ventures signify the end of the libertarian experiment around cryptocurrency. He underscores the deliberate and intentional nature of Binance’s violations, stating that they knowingly deceived and evaded compliance regulations. Join Tom Fox and Matt Kelly on this episode of the Compliance into the Weeds podcast as they delve deeper into this case and its implications for the cryptocurrency industry.

 Key Highlights:

  • Binance’s $4.3 Billion AML Violation
  • Deceptive Evasion of Regulations in Cryptocurrency
  • Extensive Monitorship to Address Compliance Deficiencies
  • Binance’s Non-Compliance Leads to Legal Consequences
  • Personal Liability of the CCO
  • End of Crypto?

 Resources:

Matt’s blog post in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance: Audrey Harris – The Woman in the Arena

Audrey Harris, this week’s guest, shared a quote with us that is very meaningful to her. It is from Theodore Roosevelt, about “The Man in the Arena. Since this is #GWIC, we have expanded this to the women in the arena. That is the woman who is actually in the arena, not the critic or the person who waits to offer suggestions or say what can be done better after the hard calls are made and who strives to do the work and…spends herself on a worthy cause; who at the best knows, in the end, the triumph of high achievement, and who at the worst, if she fails, at least fails while daring greatly, so that her place shall never be with those cold and timid souls who neither knows victory nor defeat.”

Audrey Harris is the woman in the arena. She is Managing Director, of  Global Anticorruption, Compliance, Ethics & Non–Financial Risk at Affiliated Monitors, Inc., was formerly at two world-class law firms, and has also been a Chief Compliance Officer. She has made hard decisions in real-time and now helps organizations do the same.

In this episode, Lisa and Audrey talk more about what the woman in the arena does and why Ethics and Compliance Officers are truly the people in the arena. Audrey will also provide insight on the most recent US Department of Justice statement, whether it really is the “Monaco Memo 3.0,” and her views about what is significant in the memo and the guidance it provides.

 The arena for GWIC next week is US Thanksgiving, so we are off but will see you with a great episode on November 29.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance-related offerings. GWIC is also sponsored by Corporate Compliance Insights, where we have a page where you can hear every episode. If you are enjoying this episode, please rate it and/or provide a review.

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

Categories
Daily Compliance News

Daily Compliance News: November 15, 2023 – The Two Per Week Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Ukraine legislator tied to Giuliani arrested for treason.  (WaPo)
  • 2 sexual harassment claims per week at McDonalds UK (TT)
  • Can Barclay’s move beyond scandal (and Jes Staley)? (FT)
  • US drops antitrust claims over hospital hiring. (Reuters)
Categories
FCPA Compliance Report

FCPA Compliance Report – Billy Jacobson on Building a Boutique Law Firm

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Billy Jacobson, well-known to the compliance community, who recently opened a new boutique law firm, Jacobson Lopez. We talk about why he co-founded the firm, the type of work it takes on, and where he hopes it might grow.

Billy Jacobson is a seasoned attorney with a rich background in white-collar law and compliance, having served as a DOJ attorney and worked on high-profile fraud cases such as the Enron trials and as CCO at Weatherford. His experience and knowledge of AML, FCPA, and BSA practices shape his viewpoint on Jacobson Lopez, a boutique law firm that specializes in compliance and investigations. With his partner, Jonathan Lopez, Billy co-founded Jacobson Lopez, a boutique law firm offering specialized services in compliance work, internal investigations, government enforcement, and individual representation. They aim to provide big law firm expertise at more modest rates, with greater flexibility and no conflict issues, positioning their firm as an alternative to larger law firms. To gain more insights into Billy’s perspective and the work of Jacobson Lopez, join Tom Fox and Billy Jacobson on this FCPA Compliance Report podcast episode.

Key Highlights:

  • Boutique White Collar Law Firm in DC
  • Organic Growth and Strategic Partnerships in Law
  • Federal Prosecution Experience: Navigating Complex Legal Issues

Resources:

Billy Jacobson on LinkedIn

Jacobson Lopez

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Culture: Day 4 – Assessing and Aligning your Corporate Values

One of the concepts enshrined in the Monaco Memo is that the Department of Justice (DOJ) will assess corporate culture for any company that may find itself under investigation for Foreign Corrupt Practices Act (FCPA) violations. This enshrinement is not exactly new as Deputy Attorney General (DAG) Lisa Monaco announced this new DOJ focus in October 2021 in her speech. The parameters of how the DOJ will assess culture are still being worked out but Chief Compliance Officers (CCOs) and compliance professionals need to consider this issue in the context of their own compliance programs and corporate culture in case the DOJ ever comes knocking. Over the next several blog posts, I will be exploring how a corporate compliance function can assess, monitor, and improve your corporate culture.

We begin with assessing your corporate values and then aligning them within your organization. In a recent Harvard Business Review (HBR) article, entitled What Does Your Company Really Stand For?authors Paul Ingram and Yoonjin Choi explored these and other issues. The authors believe that corporate values are more critical than ever. I have adapted their work for the compliance professional.

The authors developed a five-step approach for values alignment.

1.     Identify the values within your employee base and create a values structure.

2.     Identify key priorities from strategy to determine what is the most important thing the organization can do to achieve its strategy.

3.     Wed values that serve both the organization and its employees.

4.     Begin the assessment process.

5.     Generate a final list of organizational values.

From the compliance perspective, the protocol. Recognizing that values are but one part of an overall corporate culture, gives you a mechanism to think through how to begin an overall assessment of your organization. Values do make up a portion of an overall culture. Through the engagement advocated herein, you can not only get a good reading on such key values as trust and respect but, more importantly, learn how to incorporate them as overall assets into your corporate culture.

Three key takeaways:

1. The Monaco Memo enshrined the concept that the DOJ will assess culture.

2. What does your company stand for?

3. When properly aligned, values can be a powerful part of corporate culture.

Check the free webinar on the new tool, The Culture Audit with Tom Fox and Sam Silverstein on Tuesday, November 20, 12 CT. For more information and registration, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Culture: Day 1 – Introduction

In her October 2021 speech, presaging the Monaco Memo, Deputy Attorney General Lisa Monaco talked at length about the importance of corporate culture. She noted, “Corporate culture matters. A corporate culture that fails to hold individuals accountable or fails to invest in compliance — or worse that thumbs its nose at compliance — leads to bad results. Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. Companies serve their shareholders when they proactively place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” These thoughts were formalized in the Monaco Memo.

What does all this mean for compliance professionals going forward? DOJ officials have emphasized that the changes laid out in the Monaco Memo and the requirements around CCO Certification are to empower compliance professionals. In the Monaco Speech, DAG Monaco stated, “Companies should feel empowered to do the right thing—to invest in compliance and culture and to step up and own up when misconduct occurs. Companies that do so will welcome the announcements today. For those who don’t, however, our Department prosecutors will be empowered, too—to hold accountable those who don’t follow the law.” However you may characterize it, I will channel my inner Glenn Fry (with a nod to Miami Vice) and simply say to CCOs and compliance professionals, “The Heat is On.”

Three Key Takeaway:

  1. The DOJ will now evaluate corporate culture in an enforcement action.
  2. You must assess, manage, monitor, and improve your culture.
  3. Corporate culture is now a key metric for regulators.
Categories
Blog

Data Driven Compliance: Current Trends and Innovations

Data-driven compliance strategies have become a game-changer in risk management and fraud prevention. I recently had the opportunity to participate in a KonaAi-sponsored webinar entitled “Data Driven Compliance: Current Trends and Innovations.” The event was hosted by Vince Walden and featured Rayne Towns, the Global Head of Risk and Monitoring at Nokia.

I view data-driven compliance strategies in risk management and fraud prevention as an evolution of the compliance profession. It can be seen in the importance of data analytics in improving the effectiveness of compliance programs. There is and will always be the need for human interpretation and utilization of the data. Towns see data-driven compliance strategies as a way to strengthen and improve the compliance program’s effectiveness, using data analytics to identify and address gaps in the compliance program. She also emphasizes the importance of prioritizing and starting with solving specific problems when implementing data analytics. Vince Walden joined in with his perspective on data-driven compliance strategies in risk management and fraud prevention.

Data driven compliance is one more in the evolution of the compliance profession, one more step. Fortunately, we have evolved from when compliance was very much legal driven by lawyers. And over time, most compliance professionals (and equally importantly, the DOJ and SEC) began to view compliance as a business process. As a business process, it can be measured, it can be studied, it can be monitored, and it can be approved based on that information.

We began with the importance of data analytics in compliance programs. The shift towards data-driven compliance has transformed the profession from solely legal-driven to a measurable and improvable business process. This shift has been recognized by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). The SEC first called out the use of data analytics, as it did in the Order concluding the Key Energy FCPA enforcement action. Most recently, the Albemarle FCPA resolution specifically called out the company’s use of data analytics in its remediation program, which occurred during the pendency of its FCPA resolution process.

In 2016, the Securities and Exchange Commission called out data analytics in an enforcement action for the first time. It was the Key Energy FCPA enforcement action, where they suggested data analytics would have shown or demonstrated a range of values outside the norm for certain gifts, travel, and entertainment for the company. This demonstrated that regulatory thinking evolved as well. Now, data analytics has become a critical element to improve the business process of compliance. Data driven compliance allows you to measure it, monitor it, and improve it all in a documented fashion so that if a regulator ever comes knocking, you can demonstrate to them not only the effectiveness of your compliance program but also how you are moving your compliance regime forward based on solid data and analysis.

AB InBev was one of the first companies to successfully implement data-driven compliance strategies, moving from detection to prevention of issues. This shift has resulted in cost savings and improved risk management for the company. Equally significant was the company’s public discussion of the BrewRight program and how it evolved into a broader business process tool.

The DOJ always telegraphs what is important to them. Starting 2020 with the 2020 Update to the Evaluation of Corporate Compliance Programs, they said the CCO must have access to all data across an organization. You may have data silos, but a CCO must be able to punch through all of those data silos. It is a natural progression from 2020 to this Albemarle FCPA enforcement action, where the DOJ clearly stated that the company’s data analytics program allowed them to move forward with the remediation.

Moreover, the critical part was that Albemarle was not required to have a monitor. To avoid having a monitor required under the resolution required two things. One, an effective compliance program, but two, testing of it. And the DOJ has made very clear those requirements. Albemarle had an effective compliance program, but more importantly, they have monitored it and tested it through their data analytics program. Their compliance function’s actions saved the company millions. And it tells the rest of us what the DOJ will look for in a compliance program going forward.

Data analytics plays a crucial role in various aspects of compliance, including M&A due diligence and risk assessment. By leveraging external data sources, compliance professionals can gain valuable insights into potential risks associated with vendors, customers, and employees. This information allows them to make informed decisions and mitigate risks effectively.

Compliance professionals must be aware of the importance of data-driven compliance strategies’ impact on decision-making. Using data analytics, compliance professionals can measure, monitor, and improve compliance programs in a documented fashion. This demonstrates the compliance program’s effectiveness and enables organizations to adjust and adapt more quickly to changing regulatory requirements.

However, implementing data-driven compliance strategies comes with its own challenges. Balancing the tradeoffs between automation and manual processes is one such challenge. While automation can streamline compliance processes and identify gaps, manual touches are sometimes necessary. Data analytics can help identify these gaps and drive accountability and training efforts.

There is great potential for new technologies like generative AI and machine learning to enhance compliance programs. These technologies can make compliance processes more efficient and enable better decision-making. For example, generative AI can guide users through dashboards and provide valuable insights, making compliance tasks easier and more effective.

Budget approvals are another crucial consideration for organizations when implementing data-driven compliance strategies. CFOs prioritize keeping the business out of legal risks and fines, fraud prevention and recoveries, and improved internal controls. Data analytics is not just a “nice-to-have” but a “must-have” for organizations. Those that do not embrace data analytics or fail to move towards it are at risk.

In conclusion, data-driven compliance strategies have revolutionized the compliance profession. Organizations can measure, monitor, and improve compliance programs by leveraging data analytics, resulting in cost savings, improved risk management, and better decision-making. While there are challenges associated with implementing data-driven compliance strategies, the benefits far outweigh the tradeoffs. Compliance professionals must embrace data analytics as a critical element of their compliance programs to stay ahead in an ever-evolving regulatory landscape.

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Holdbacks

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, Kristy Grant-Hart reviews the holdbacks on the internal control failures and other areas identified in the SEC enforcement action.

In this episode of the FCPA Compliance Report podcast, we delve into clawbacks and consequence management in compliance programs, particularly about the Foreign Corrupt Practices Act (FCPA). Our host, Tom Fox, brings a unique perspective, expressing disappointment over the lack of clawbacks in a recent case but emphasizing the importance of consequence management, such as withholding bonuses from employees involved in misconduct. His extensive experience in the field shapes Fox’s insights, and he underscores the need for businesses to shift their models in response to investigations and compliance violations. He also highlights the significance of a proactive approach to addressing compliance issues and the need for a significant change in the business model. Join Tom Fox as he navigates the complex world of compliance in this enlightening FCPA Compliance Report podcast episode.

 Key Highlights:

  • The Significance of Consequence Management in FCPA Investigations
  • The Significance of Shifting Business Models
  • Holdbacks going forward

Resources

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

DAG Monaco on Cooperation and Compliance Incentives for M&A

Early in October at the 2023 SCCE Compliance and Ethics Institute, Deputy Attorney General Lisa Monaco delivered a long-anticipated speech expanding and formalizing the Department of Justice’s (DOJ’s) new Safe Harbor for mergers and acquisitions in the Foreign Corrupt Practice Act (FCPA) context. The latest M&A Safe Harbor expanded on an old and frankly cumbersome Opinion Release from 2008 and some old FCPA enforcement actions from the last decade to create a clear, concise, and most welcomed announcement.

The Halliburton Opinion Release (08-02) gave some very tight deadlines for engaging in due diligence post-acquisition and reporting to the DOJ. The deadlines were 90 days to identify and report high-risk agents, 120 days to identify and report medium-risk agents, and 180 days to identify and report low-risk agents. For those scoring at home, that is three, six, and nine months, which for most corporations is the blink of an eye.

Moreover, while the 2012 FCPA Resource Guide did provide some guidance on what may constitute a safe harbor, the word “may” was a sticking point for corporate management when deciding whether and how to proceed with a potential merger or acquisition. There is a big difference between a theoretical outcome and one that is concrete and presumptively available. Finally, a series of FCPA enforcement actions involved mergers and acquisitions. It was unclear when remediation of any issues must be completed, from 18 months to “as soon as is practicable.”

This new DOJ policy is then aimed at encouraging cooperation and compliance in the corporate world, particularly during acquisitions. This policy allows companies to avoid charges for compliance violations discovered during the acquisition process as long as specific deadlines are met. Compliance officers are crucial in this process, conducting due diligence before and after the acquisition.

Monaco stated, “We are announcing a Department-wide Safe Harbor Policy for voluntary self-disclosures in the mergers and acquisition process context. In the future, acquiring companies that promptly and voluntarily disclose criminal misconduct within the Safe Harbor period, cooperate with the ensuing investigation, and engage in requisite, timely, and appropriate remediation, restitution, and disgorgement will receive the presumption of declination.”

Under this new policy, acquiring companies will not be held accountable for aggravating factors at the acquisition target. This means that the acquiring company will not be responsible if there are compliance issues at the target company. However, there are concerns about how this policy will be executed and its potential impact on different enforcement actions.

A key element is the clear and concise timelines articulated by DAG Monaco. She stated, “To ensure consistency, I am instructing this Safe Harbor policy to be applied Department-wide. Each part of the Department will tailor its application of this policy to fit its specific enforcement regime and consider how it will be implemented.

To ensure predictability, we are setting clear timelines. As a baseline matter, to qualify for the Safe Harbor, companies must disclose misconduct discovered at the acquired entity within six months from the date of closing. That applies whether the misconduct was found pre- or post-acquisition.”

After that, “Companies will have a baseline of one year from the closing date to fully remediate the misconduct. These baselines are subject to a reasonableness analysis because we recognize deals differ and not every transaction is the same. So, depending on the specific facts, circumstances, and complexity of a particular transaction, Department prosecutors could extend those deadlines.”

One essential tradeoff in this policy is the balance between encouraging cooperation and holding companies accountable for their actions. On one hand, the policy incentivizes companies to disclose compliance violations and cooperate with the Justice Department voluntarily. This can lead to more effective enforcement and greater transparency in the corporate world. On the other hand, there is a risk that some companies may take advantage of this policy and try to cover up compliance violations.

Compliance officers also face challenges in this new policy. If they are not involved in pre-acquisition due diligence, it could be a red flag for their career security. There is a concern that unscrupulous management teams may try to close a deal without proper due diligence and then blame the compliance officer if issues arise later on. Compliance officers must proactively ensure their involvement in the acquisition process to protect themselves and their companies.

The enforcement of this policy, particularly in antitrust cases, is also a subject of curiosity and anticipation. It is unclear how the policy will apply to corporate misconduct beyond bribery and corruption or anti-competitive actions. There are questions about whether the default position of the DOJ antitrust division will be a declination or if they will still bring charges against companies involved in antitrust violations.

While this new policy is a step forward for compliance, there are still concerns about its effectiveness and potential abuse. The Justice Department is trying to balance providing incentives for cooperation and holding companies accountable for their actions. However, there is a need for further clarity and guidance on how this policy will be executed in practice.

Overall, the new policy on corporate compliance during acquisitions is an essential development in the corporate world. It highlights the importance of considering compliance issues when making decisions about acquisitions and encourages companies to take proactive steps to address compliance violations. Compliance officers play a crucial role in this process and must be vigilant in ensuring their involvement to protect themselves and their companies. The execution of this policy and its impact on different enforcement actions will be closely watched in the coming months.