Tag: DOJ

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program – Key 2022 FCPA Enforcement Actions

From the Foreign Corruption Practices Act (FCPA) enforcement actions in 2022, one clear theme emerges; that is, organizations must reprioritize their third-party risk management programs. Many companies are becoming complacent in this arena, not realizing the potential consequences of not properly assessing their third-party risk management practices. I recently had the opportunity to visit with Alexander Cotoia of the Volkov Law Group to discuss importance of reprioritizing third-party risk management and how organizations can assess the effectiveness of their current practices. We review three 2022 FCPA enforcement actions to explore the importance of proper third-party risk management and how to avoid the potential consequences of not properly assessing these risks. Join us as we explore the details and implications of these enforcement actions and how organizations can reprioritize their compliance programs for the ever-changing dynamics of third-party risk management.

Here are the steps you need to follow to reprioritize your third-party risk management program.:

  1. Understand that third-party risk, especially as it pertains to anti bribery and corruption concerns, is a universal constant and still the highest risk.
  2. Reassess the framework by which third parties are evaluated and objectively evaluate the totality of risks posed by a potential business partner to the organization.
  3. Implement a risk-based approach to third party risk management.
  1. Understanding third-party risk

Understanding that third party risk, especially as it pertains to anti-bribery and corruption, is a universal constant is an important step in the risk management process. As evidenced by three key enforcement actions, ABB Limited, Oracle and GOL Airlines, organizations must evaluate the risks posed by potential business partners and ensure that the information collected is adequate to objectively assess the totality of the risks. Organizations should be aware that the DOJ requires companies to adopt a risk-based approach to third party risk management. To ensure that the organization is compliant with these regulations, they should review their existing practices and be prepared to supplement them if necessary. Additionally, organizations should be aware that they may be given credit for voluntary disclosure and cooperation efforts when faced with potential violations. This may be beneficial when determining penalties and is an important factor to consider when dealing with third party risk.

  1. Reassess your third-party framework

Reassessing the framework by which third parties are evaluated and objectively evaluating the totality of risks posed by a potential business partner to the organization is a critical step in reprioritizing your third-party risk management strategy. This should be approached holistically, focusing on the information being collected and its adequacy in objectively evaluating risks. Organizations should adopt a risk-based approach, as recommended by the DOJ, and not simply have a one size fits all approach. This approach should include due diligence, assessing the potential partner’s reputation and business practices, verifying their legitimacy and background, and understanding their country of origin and its laws. Additionally, organizations should consider the potential partner’s relationship with government officials and whether it could violate any anti-bribery or corruption laws. If any of these issues are identified, organizations should look into it further to ensure that their partner is compliant. By doing this, organizations can ensure that they are not engaging in any activities that could be deemed illegal or unethical. 

  1. Implement a risk-based approach

Implementing a risk-based approach to third party risk management is essential to any organization’s compliance program. This involves assessing the external parties on which an organization relies operationally, and identifying any risks associated with those external parties. This assessment should include evaluating their qualifications and experience to ensure they are able to meet the organization’s expectations. Additionally, organizations should consider conducting background checks on potential external parties, and assessing any potential conflicts of interest that may arise. Once potential external parties have been identified, organizations should consider conducting due diligence to ensure that the external party has not been involved in any fraud, bribery, or other criminal activities. Organizations should also consider developing contracts and compliance policies for external parties and monitoring their activities to ensure compliance. Finally, organizations should consider developing a training program for their external parties to ensure they understand the organization’s expectations and policies. By implementing a risk-based approach to third party risk management, organizations can reduce the risk of an FCPA violation and ensure their organization remains compliant.

Third-party risk management one of the most critical components of any organization’s compliance program. Organizations should take the initiative to reprioritize third-party risk management and assess the effectiveness of their current practices. Through the exploration of three enforcement actions and the introduction of the joint compliance note, this article has highlighted the importance of properly assessing third-party risk and how to best prepare for the ever-changing dynamics of third-party risk management. By implementing a risk-based approach to third party risk management, organizations can protect themselves from potential violations of the FCPA and ensure their organization remains compliant. With the right tools, processes, and dedication you can achieve the same results and protect your organization from costly fines and penalties.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Alexander Cotoia on the podcast series, sponsored by Diligent here.

Check out the Volkov Law Group here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Tying it all Together for Joint Ventures

I want to emphasize again the risks JVs pose under the FCPA. Mike Volkov has stated, “A joint venture requires the integration of disparate company cultures. It can be successful and is usually one of the significant reason for the joint venture itself.” Both parties should assess each other and decide that the JV is a good fit, meaning that each side will benefit. Too much time is spent on looking at the JV partner’s compliance toolbox (i.e., policies, procedures, and controls), and not enough time is spent on identifying compliance strengths and weaknesses. You must bring it all together with one format.

Indeed the 2020 Update to the Evaluation of Corporate Compliance Programs posed the following questions under the category, “Process Connecting Due Diligence to Implementation” What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post- acquisition audits, at newly acquired entities? Remember a “newly acquired entity” can be a joint venture.
Three key takeaways: 

  1. It all starts with a Relationship Manager.
  2. Have company oversight of all JVs. Couple this with a COC for a second set of eyes.
  3. Audit, monitor, and remediate (as appropriate) your JVs on an ongoing basis.
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 4 – Final Thoughts

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we will conclude our multi-part review of this document by some of the other key changes and additions to the document and what it all means for the compliance professional going forward.

 Use of Monitors

In the introduction its states, “Moreover, Criminal Division policies on monitor selection instruct prosecutors to consider, at the time of the resolution, whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems and whether remedial improvements to the compliance program and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future to determine whether a monitor is appropriate.” This language is a firm reject of the Benzkowski Memo and the prior administration’s reticence to employ monitorships as a tool to ensure compliance with not only the settlement documents but also the creation and implementation of a compliance program.

Internal Compliance Controls

Under Section II, entitled “Is the Corporation’s Compliance Program Adequately Resourced and Empowered to Function Effectively?”, is the new language, “In this regard, prosecutors should evaluate a corporation’s method for assessing and addressing applicable risks and designing appropriate controls to manage these risks.” This simple sentence packs quite a wallop as it mandates a risk assessment, design and implementation of appropriate internal compliance controls and then monitoring of those controls to see if they are managing the risks identified in the risk assessment. Many of these concepts are fleshed out in the ECCP but it is clear this is a minimum expectation from the Department of Justice (DOJ).

Adequate Compensation and Salary/Bonus Review for Compliance

Under Section III, “Does Your Compliance Program Work in Practice”, is the following new language: “Independence and Empowerment – Is compensation for employees who are responsible for investigating and adjudicating misconduct structured in a way that ensures the compliance team is empowered to enforce the policies and ethical values of the company? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel or others within the organization that have a role in the disciplinary process generally?”

This is a significant new addition to the ECCP. It forces a company to adequately compensate those employees who investigate and pass judgment on misconduct. But it is more than simply adequate compensation as it also requires a company not to retaliate via low salaries or limited raises or other compensation for doing their jobs as compliance officers. In other words, if the Chief Executive Officer (CEO) is being investigated by compliance; that same CEO should not be setting or reviewing the salary of the Chief Compliance Officer (CCO) or those doing the investigation. This mandates that the DOJ will review the entire corporate organization on these issues.

Final Thoughts

This brings us to the end of a series of momentous announcements by the DOJ. While we have not discussed the changes in monitor selection announced by Polite as it largely deals with internal DOJ process, we would note that it will require a more lengthy and rigorous request process for those prosecutors’ seeking monitors, as well as a review process up to perhaps even the DAG. This alone could lengthen out an entire Foreign Corrupt Practices Act (FCPA) enforcement action.

The incentives language, both financial and non-financial, will require a much deeper analysis by a corporate compliance program in the areas of compensation, as well as promotion, than has even been mandated. The first thing I would do as a CCO is go down the hall to speak with the head of Human Resources (HR) to get an understanding of how compensation is based and what factors of doing business ethically and in compliance are reviewed for both salary and discretionary bonus amounts. The same would hold true for promotion into both middle and senior management. All of these will need to have metrics or other auditable frameworks around them so they can be reviewed, tested and data presented to the regulators if they come knocking.

The language around messaging apps needs to be taken to heart by not simply the compliance function but all senior level executives. While the Securities and Exchange Commission (SEC) has garnered the most publicity for its fines levied on regulated industries, the new language of the ECCP makes clear the DOJ is equally concerned about this issue. Woe be it to any company which finds itself in a FCPA investigation or enforcement action where said company does not meet these DOJ requirements. The DOJ will most probably assume a willful failure to meet the strictures of the 2023 ECCP.

Obviously, the Biden Administration DOJ is stepping away from some of the initiatives of the Trump Administration DOJ. However, in other areas this DOJ is building on some of the steps of the prior administration. It is clear the DOJ is continuing to evolve in its thinking about what constitutes a best practices compliance program and will continue to do so. Compliance professionals will need to study these new initiatives and implement their requirements.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance For Business Ventures – Why engage in pre-acquisition due diligence? The Business Perspective

Why should a company engage in pre-acquisition due diligence in the M&A context? In this episode, I am joined by Affiliated Monitors founder Vin DiCianni to explore the business reasons for engaging in what may be seen as a compliance exercise.

Financial, legal, or reputational risk can have a significant impact the valuation or a transaction or its desirability. Factors such as current or historical bribery/corruption discovered at any point in the acquiring company provide the compliance practitioner with strong ammunition when confronted with a management that fails to understand the need for a robust due diligence in a M&A transaction. By not focusing on the regulatory aspects of M&A transactions, but more on the market reasons for engaging in the appropriate due diligence, you can emphasize the business reasons for compliance.
Three key takeaways:

  1. There are numerous legal and business reason to engage in anti-corruption due diligence in the M&A space.
  2. ESG can present significant corruption risks in emerging markets.
  3. Present your analysis in high, medium and low risk formats.
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 3 – Messaging Apps

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we review another new addition to the ECCP, dealing with messaging apps.

There is not much which seems to excise the regulators in the compliance space as much as messaging apps. The Securities and Exchange Commission (SEC) has brought multiple and very large enforcement actions against regulated industries around their allowing employees to use messaging apps with no corporate oversight. The Department of Justice (DOJ) has been talking about messaging apps for over two years and now incorporated its guidance into the ECCP.

The ECCP opened this section by noting, “Messaging applications have become ubiquitous in many markets and offer important platforms for companies to achieve growth and facilitate communication.” For any company under investigation or in a Foreign Corrupt Practices Act (FCPA) enforcement action, the DOJ will evaluate its “policies and mechanisms for identifying, reporting, investigating, and remediating potential misconduct and violations of law…governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications.” Off the shelf policies will not be sufficient as the company’s management of messaging apps “should be tailored to the corporation’s risk profile and specific business needs.” Not surprisingly the DOJ is also concerned about storage, access and even backups, requiring that “business-related electronic data and communications are accessible and amenable to preservation by the company.” Training and communication of these policies and procedures will also be evaluated and “whether the corporation has enforced the policies and procedures on a regular and consistent basis in practice.”

The Messaging Apps

Under the section entitled “Communication Channels”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What electronic communication channels does the company and its employees use, or allow to be used, to conduct business?
  • How does that practice vary by jurisdiction and business function, and why?
  • What mechanisms has the company put in place to manage and preserve information contained within each of the electronic communication channels?
  • What preservation or deletion settings are available to each employee under each communication channel, and what do the company’s policies require with respect to each?
  • What is the rationale for the company’s approach to determining which communication channels and settings are permitted?

Under this section, compliance must delineate which messaging apps a company uses and why. Is it consistent or does it vary country by country? What mechanism has your organization put in place to manage this risk? Finally, how are the communications preserved and what is your rationale for your system?

Policies and Procedures

Under the section entitled “Policy Environment”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What policies and procedures are in place to ensure that communications and other data is preserved from devices that are replaced?
  • What are the relevant code of conduct, privacy, security, and employment laws or policies that govern the organization’s ability to ensure security or monitor/access business-related communications?
  • If the company has a “bring your own device” (BYOD) program, what are its policies governing preservation of and access to corporate data and communications stored on personal devices—including data contained within messaging platforms—and what is the rationale behind those policies?
  • How have the company’s data retention and business conduct policies been applied and enforced with respect to personal devices and messaging applications?
  • Do the organization’s policies permit the company to review business communications on BYOD and/or messaging applications?
  • What exceptions or limitations to these policies have been permitted by the organization? If the company has a policy regarding whether employees should transfer messages, data, and information from private phones or messaging applications onto company record-keeping systems in order to preserve and retain them, is it being followed in practice, and how is it enforced?

This section presents several areas a compliance professional should look into for their program. Do you have an appropriate set of policies and procedures in place and are they the same for company issued phones and BYOD phones? If not, why not. Do you have a data retention policy in place for messaging apps and their platforms and is it applied consistently (if at all)? Does your organization review business communications through messaging apps or does your organization even have the right to do so? Finally, are messages preserved somewhere?

Under the section entitled “Risk Management”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What are the consequences for employees who refuse the company access to company communications? Has the company ever exercised these rights?
  • Has the company disciplined employees who fail to comply with the policy or the requirement that they give the company access to these communications? Has the use of personal devices or messaging applications—including ephemeral messaging applications—impaired in any way the organization’s compliance program or its ability to conduct internal investigations or respond to requests from prosecutors or civil enforcement or regulatory agencies?
  • How does the organization manage security and exercise control over the communication channels used to conduct the organization’s affairs?
  • Is the organization’s approach to permitting and managing communication channels, including BYOD and messaging applications, reasonable in the context of the company’s business needs and risk profile?

This  final section might as well have been named ‘consequence management’ but I guess that moniker was already taken. Here the DOJ wants to know what consequences recalcitrant  employees faced for failure to follow the appropriate  policies and procedures.  Moreover, did any employee actions around messaging apps hinder or block internal investigations or regulators queries or attendant responses?  Next, is an appropriate level of internal security being exercised for such communications? Finally, are the company’s action reasonable in the context of its business needs and risk management protocol?

Obviously, there is quite a bit in these three sections every compliance professional will have to consider. But the framework already exists which you can adapt. It is risk assessmentrisk management strategyongoing monitoringongoing improvement. It may take some work but your blueprint to handle these requirements exists.

Join us tomorrow when we conclude our review of the 2023 ECCP.

Categories
Everything Compliance - Shout Outs and Rants

Episode 114 – Shout Outs and Rants

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top podcast talk show. In this episode, we have the quartet of Tom Fox, Jonathan Marks, Matt Kelly, and special guest Scott Garland from Affiliated Monitors for our fan fav Shout Outs and Rants edition.

  1. Matt Kelly has a dual rant. He shouts out to the PCAOB for reminding folks that cryptocurrency ‘reserve reports’ are not worth the paper they are printed on. He rants about crypto being a big circular whackadoo.
  2. Jonathan Marks shouts out to the US House of Representatives for overwhelmingly voting to investigate the origins of Covid-19.
  3. Tom Fox looks rants about the Tennessee legislature’s attempt to ban Shakespeare, movies such as Tootie and Some Like It Hot, and politicians such as George Santos, all in the guise of banning drag shows.
  4. Special Guest Scott Garland shouts out to the Department of Justice for their continued evolution in their thinking about compliance and compliance programs.
Categories
Daily Compliance News

March 14, 2023 – The $27bn In Corruption Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

·       Qatar alleged to have spied on Swiss FIFA prosecutor. (Times of Israel)

·       $27bn tax and corruption scandal in Indonesia. (TheStraitsTimes)

·       South African corruption watchdog to clear President Ramaphosa. (NYT)

·       Coal company receives declination. (FCPA Blog)

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Pre-acquisition Risk Assessment

One of the clearest themes from the original 2012 FCPA Resource Guide was the importance of your pre-acquisition work in any M&A on a target company. In the section on Declinations, the 2012 FCPA Resource Guide provided an example of a company that had received a declination in large part because of its pre-acquisition work, which then served as a basis for its post-acquisition remediation. I find it appropriate to think of the process as a straight line, directly from the pre-acquisition phase to closing and then to remediation, integration, and self-reporting in the post-acquisition phase. These same concepts were brought forward in the 2020 FCPA Resource Guide, 2nd edition.

It should all begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk exposure, such as best/worst-case scenarios. A pre-acquisition risk assessment could also be used as a mechanism through which to view the feasibility of the business strategy and help to value the potential target.

The pre-acquisition risk assessment can be critical in any M&A work for compliance. Use this opportunity to see where the target might stand on compliance. Your risk assessment can evolve as you obtain greater information. Finally, use this pre-acquisition risk assessment as a base document to plan, resource, and budget for your post-acquisition remediation, integration, and reporting.

Three key takeaways: 

  1. One never has enough time to engage in all the pre-acquisition reviews you might want to do, so optimize your time and resources.
  2. Consider what you can review to put together a preliminary risk assessment on the target.
  3. As with most compliance initiatives, you are only limited by your imagination, so if you are limited in time and scope, try something new and different.
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 2 – Consequence Management

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we review another new addition to the ECCP, that being ‘consequence management’. This certainly includes clawbacks but there is also other language which compliance professionals will need to incorporate into their compliance program beyond clawbacks.

The Department of Justice (DOJ) has been talking about clawbacks for some time now. However, the revised language of the ECCP puts more rigor around what the DOJ is now mandating. This section begins by noting that financial penalties as well as financial incentives can influence employee behavior and that prosecutors are now required to consider both aspects. It states:

“By way of example, prosecutors may consider whether a company has publicized disciplinary actions internally, where appropriate and possible, which can have valuable deterrent effects. Prosecutors may also consider whether a company is tracking data relating to disciplinary actions to measure effectiveness of the investigation and consequence management functions. This can include monitoring the number of compliance-related allegations that are substantiated, the average (and outlier) times to complete a compliance investigation, and the effectiveness and consistency of disciplinary measures across the levels, geographies, units or departments of an organization…Some companies have also enforced contract provisions that permit the company to recoup previously awarded compensation if the recipient of such compensation is found to have engaged in or to be otherwise responsible for corporate wrongdoing. Finally, prosecutors may consider whether provisions for recoupment or reduction of compensation due to compliance violations or misconduct are maintained and enforced in accordance with company policy and applicable laws…Compensation structures that clearly and effectively impose financial penalties for misconduct can deter risky behavior and foster a culture of compliance.”

Clawbacks

With the Pilot Program and other announcements in the Monaco and Polite speeches, the DOJ has made clear that companies need to seek to recover amounts paid out to executives which were illegally received as corporate compensation. This could include both salary, stock options or similar payments or discretionary bonuses. Regarding your corporate clawback protocol itself, the ECCP poses the following questions:

  • What percentage of executive compensation is structured to encourage enduring ethical business objectives?
  • Are the terms of bonus and deferred compensation subject to cancellation or recoupment, to the extent available under applicable law, in the event that non-compliant or unethical behavior is exposed before or after the award was issued?
  • Does the company have a policy for recouping compensation that has been paid, where there has been misconduct?
  • Have there been specific examples of actions taken (e.g., promotions or awards denied, compensation recouped or deferred compensation cancelled) as a result of compliance and ethics considerations?

All of this means every compliance program will need to analyze each of these components as set out. It will also require a review of executive contracts to determine if there are clawback provisions set out in each employment contract. If there are no such provisions, they will need to be inserted. Finally, what “specific examples of actions taken” does a company have to show to the DOJ should they come knocking?

Consequence Management

The DOJ also mandated that compliance programs take a deeper dive into their entire financial incentive program; both incentives and dis-incentives. While not previously discussed in speeches, these new requirements seem to flow from the general statements made by both Monaco and Polite over the past year. In this area, the ECCP mandates the following inquiries:

  • How has the company ensured effective consequence management of compliance violations in practice?
  • What insights can be taken from the management of a company’s hotline that provide indicia of its compliance culture or its management of hotline reports?
  • How do the substantiation rates compare for similar types of reported wrongdoing across the company (i.e. between two or more different states, countries, or departments) or compared to similarly situated companies, if known?
  • Has the company undertaken a root cause analysis into areas where certain conduct is comparatively over or under reported?
  • What is the average time for completion of investigations into hotline reports and how are investigations that are addressed inconsistently managed by the responsible department?
  • What percentage of the compensation awarded to executives who have been found to have engaged in wrongdoing has been subject to cancellation or recoupment for ethical violations?
  • Taking into account the relevant laws and local circumstances governing the relevant parts of a compensation scheme, how has the organization sought to enforce breaches of compliance or penalize ethical lapses?
  • How much compensation has in fact been impacted (either positively or negatively) on account of compliance-related activities?

Obviously, there is some overlap with the clawback language but there is quite a bit new in these questions. The DOJ ties hotline and speak up reports directly to a company’s culture of compliance. This is almost a direct tie back to the findings of Kyle Welch in his seminal work on a speak up culture. But the DOJ goes on to ask about substantiation rates, closure rates, consistent and fair application of discipline (and rewards when called for) and root cause analysis; which are not simply technical aspects of compliance programs but are concrete steps companies can implement to engender trust with employees that their concerns will be taken seriously and then acted upon when they are raised. Once again, as with clawbacks, these are levels of analysis that many compliance programs have not yet taken but are now required to do so.

Join us tomorrow when we consider messaging apps under the revised ECCP.

Categories
Daily Compliance News

March 11, 2023 – The Settlement Ditched Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • JPMorgan sues former exec Jes Staley for Epstein connections. (WSJ)
  • DOJ against USSG changes. (Reuters)
  • Whistleblowers ditch settlement with Texas AG. (Houston Chronicle)
  • Swiss bankers indicted for AML violations. (ICIJ)