Tag: DOJ

Categories
Compliance Kitchen

Compliance Kitchen on Navigating the 10th Package of EU Sanctions and DOJ’s Disruptive Technology Strike Force

The Compliance Kitchen with host Silvia Surman is the podcast you need to stay up-to-date on regulation details. In the most recent episode, Silvia dives into the EU’s tenth package of sanctions against Russia and the DOJ’s new disruptive technology strike force. Surman covers details such as entities and people added to the Russia sanctions list, additional trade restrictions, enforcement and anti-convention measures, and the prohibition on transmitting dual use items and goods and technology from the EU through Russian territory. Additionally, Surman talks about the DOJ’s new strike force encompassing more than 10 cities to enforce U.S. laws protecting advanced technologies from illegal acquisition. Tune into The Compliance Kitchen for the need-to-know information on regulation details!

Highlights Include

  • EU Sanctions
  • DOJ Disruptive Technology Strike Force

Notable Quotes

  1. “The EU has added a number of entities and people to the Russia sanctions list.”
  2. “Also those who continue to press the Kremlin’s propaganda and spread this information in the media.”
  3. “The goal is to prevent critical technologies from being acquired or used by certain nation state adversaries such as China, Russia, North Korea, and Iran.”
  4. “This is a joint venture that encompasses more than 10 cities and aims to enforce U. S. Laws to protect advanced technologies from illegal acquisition and used by certain nation state adversaries.””

Resources

Silvia Surman on LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – JV risks under the FCPA

Just as the FCPA enforcement field is covered with actions centering around M&A, multiple actions involve JVs. JVs continue to plague many U.S. companies up to this day. In many ways, JVs present more difficult issues for the compliance practitioner than M&A because of the control issues present in JVs with foreign governments or state-owned enterprises ownership.

There are other risks that a company must seek to avoid. These include transferring things of value to a state-owned enterprise for the benefit of someone outside the JV. A company must avoid payments for which there is no legitimate business purpose to the state-owned enterprise in the JV itself, as they will be deemed illegal benefits to the state-owned enterprise outside the JV.

The bottom line is JVs present a unique set of FCPA risks for the compliance practitioner. You will need to incorporate risk management techniques in all phases of the JV relations; pre-formation, the JV agreement, and in operations after the JV has begun operation. The compliance obligations and compliance process are ongoing.
Three key takeaways:

  1. JVs present unique FCPA risks.
  2. Control is only one issue a compliance practitioner must consider in evaluating JV risks.
  3. Companies continue to have significant FCPA risks from JVs.
Categories
From the Editor's Desk

February and March in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

 In this month’s episode, we look back at top stories in CW from February around the changes in DOJ efforts to encourage corporate cooperation and compliance and; the Treasury Department’s renewed enforcement efforts against banks for violations of OFAC Regulations. We previewed some of the stories CW will look at in March, including several articles about data privacy in the US and Europe in a CW special issue.

Kyle relates some of the upcoming Compliance Week 2023 Conference highlights from May 15-17 in Washington, DC. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link below.

 We conclude with a look at some of the top sports stories, including a recap of the Super Bowl, the insanity of the NBA trading deadline, and the opening of Spring Training.

 Resources

Compliance Week 2023 information and registration here

Kyle Brasseur on LinkedIn

Compliance Week

Categories
Daily Compliance News

March 3, 2023 – The Spread The Pain Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 2

In this three-part blog post series, we are ruminating on how to create an effective compliance program through  the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

Under Step 4, companies must quickly analyze their data quickly and efficiently to determine if they need to self-disclose any potential issues. By sharing the attributes across corporate siloes, companies can make their individual models perform better and improve their compliance programs. This allows companies to access the data quickly and easily, allowing them to identify potential risks and areas of improvement. It also provides insights into the effectiveness of compliance programs, allowing companies to make better informed decisions concerning their compliance.

Overall, having access to relevant sources of data is essential for an effective compliance program. Companies can gain access to data through on-premise platforms. By leveraging these sources of data, companies can ensure their compliance programs are up to date and compliant with applicable laws and regulations.

Step 5 is to conduct monitoring at the beginning and throughout the lifespan of any business  relationship or transaction cycle. This is an important step as it allows a company to identify potential issues with their compliance program and take corrective action. Monitoring should be conducted at the beginning of a relationship or transaction to ensure that all parties understand the expectations and that there is no potential for criminal activity. Monitoring should continue throughout the relationship as well, as this will allow a company to identify any changes in behavior or activity that could indicate a potential problem. This can be used to gain insights into a vendor’s financial and transactional data, which is often a key indicator of future or even potential compliance violations.

Having access to relevant sources of data and conducting monitoring throughout the lifespan of a third-party relationship will help an organization meet the expectations set by the DOJ for an effective compliance program. With the DOJ’s recent announcement of amendments to the Corporate Enforcement Policy, companies have even greater incentive to self-disclose if they uncover potential violations, all of which demonstrates an effective compliance program. A data analytics platform can help companies quickly identify understanding of the risks and monitoring these relationships regularly, companies can ensure that they are compliant with all applicable regulations and review potential issues.

With a comprehensive view of their activities, organizations can quickly identify any changes in activities, such as unusual patterns of payments or activities, which could indicate a potential problem. Through visibility into third party activities and transactions, companies are able to gain a better understanding of the compliance risk associated with their third-party relationships. Moreover, businesses have a mechanism to identify any financial or transactional red flags.

Interestingly Walden advocates having an “on-premise application” for data analytics, which is he step 6.  He believes “This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools.” It can be hosted and managed as a service, “meaning that companies can utilize the platform without having to move large amounts of data around each month.” This helps companies to gain insights from the model without compromising their data privacy. Furthermore, this platform can be used to identify anomalous payments that may be indicative of corruption or fraudulent activities.

Join us tomorrow where continue conclude our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance

Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 1

I recently had the opportunity to visit with Vince Walden for the inaugural episode of the newest podcast on the Compliance Podcast Network, Data Driven Compliance. Walden is a compliance professional with 15 years of experience, who left his day job and founded Kona AI, a cutting-edge innovation for compliance professionals. Kona AI is an on-premise platform to build advanced analytics and compliance monitoring that aligns with the DOJ’s expectations.

Over this multi-part blog post series, I will be discussing how to create an effective compliance program through  the use of data analytics by considering the requirement laid out by the Department of Justice (DOJ) in their recent pronouncements on a best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics.

It is important for compliance professionals to make informed decisions that are driven by data to ensure that the compliance program is effective and efficient. Data-driven decisions enable compliance professionals to make decisions that are backed by evidence, allowing them to make informed decisions that are based on facts and figures rather than assumptions or guesswork. Without data, compliance professionals would be unable to accurately measure the effectiveness of their compliance program or identify potential risks or areas of non-compliance.

Data-driven decisions also allow compliance professionals to identify areas of strength and opportunities for improvement. By utilizing data, they can identify trends, patterns, and correlations that can help them understand the underlying causes of compliance issues and formulate strategies to address them. Furthermore, data-driven decisions are more likely to be accepted and supported by stakeholders, as they are based on facts and have been thoroughly researched and analyzed. Ultimately, data-driven decisions ensure that compliance professionals are making informed decisions that are in the best interests of their organization. Walden articulate 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at your fingertips.

Under Step 1, the assessing of your company’s conduct begins with understanding the DOJ’s  expectations for an effective compliance program. Companies should have policies and procedures in place that enable them to access relevant sources of data, conduct ongoing monitoring of third-party relationships, and hold compliance officers accountable for the effectiveness of the compliance program. Additionally, companies should ensure they have the necessary technology in place to be able to quickly conduct an analysis of their data to determine if a self-disclosure is necessary. By taking these steps, companies can ensure they are meeting the DOJ’s expectations and are in a better position to successfully self-disclose if necessary.

Finally, assessing a company’s conduct should also involve an analysis of the company’s external communications. Companies should have a process in place for responding to inquiries from the public, media, and other stakeholders, and they should ensure that all communications are accurate and timely. Additionally, companies should ensure they are regularly engaging with their stakeholders to keep them informed of any changes in their compliance policies or procedures. By taking these steps, companies can ensure they are engaging in effective external communications that foster trust and confidence in their compliance program.

Self-disclosure is a key step in achieving an effective compliance program. Walden lists this as Step 2. It is important for companies to to demonstrate their commitment to compliance and avoid possible enforcement actions. Recently Kenneth Polite reiterated the importance of self-disclosure and discussed the changes to the corporate enforcement policy. Self-disclosure is viewed as a sign of good faith and can have a major impact on the DOJ’s decision to pursue or not to pursue a case.

However, to meet this requirement under the DOJ Corporate Enforcement Policy, companies need to have access to their data quickly in order to determine if self-disclosure is necessary. This means having an on-premises platform that can quickly search through transactions, identify potential corrupt payments, and compare them to a predictive model. This will demonstrate that they have an effective compliance program for the DOJ to consider them for leniency. But it requires having access to relevant sources of data and conducting monitoring throughout the relationship with third parties. Having an analytics platform can help companies detect anomalies in their data and identify patterns in the data that can help create an effective compliance program.

In addition to self-disclosure, companies must also take steps to ensure that their compliance program is effective and meets the standards of the DOJ. Companies should have access to a streamlined technology platform that helps them manage their compliance efforts. This platform should have tools to monitor third-party relationships, identify suspicious activity, and monitor compliance efforts. An effective compliance program also requires ensuring that employees receive proper training and understanding of the company’s policies and procedures. Companies should also have an audit system in place to regularly check that their compliance program is meeting the standards of the DOJ. This audit system should include periodic assessments of the compliance program and regular reviews of third-party relationships.

Of course, if you do not know you have a problem, you organization cannot self-disclose and cannot meet the mandates to demonstrate an effective compliance program. Hence under Step 3, an organization must understand if there is a problem or not which warrants self-disclosure.  With the right technology in place, companies can monitor their compliance efforts and ensure that they are meeting the expectations of the DOJ. Additionally, companies should ensure that employees are properly trained on the company’s policies and procedures. Taking these steps can help create an effective compliance program that meets the expectations of the DOJ.

Join us tomorrow where continue our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance.

Categories
Daily Compliance News

February 20, 2023 – The Presidents’ Day Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • China top investment banker disappears. (Bloomberg)
  • Main Justice to take over corruption investigation into Texas AG. (MSNBC)
  • Can the arbitration clause eviscerate CA state law on employment claims? (Reuters)
  • Freeport trader charged with FCPA violations. (WSJ)

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Internal Controls for Third Parties

Bribery built into the fabric of Chinese healthcare system”, reporters Jamil Anderlini and Tom Mitchell wrote about the ‘nuts and bolts of how bribery occurs in the healthcare industry in China. The authors quoted Shaun Rein, a Shanghai-based consultant and author of “The End of Cheap China,” for the following “This is a systemic problem, and foreign pharmaceutical companies are in a conundrum. If they want to grow in China, they must give bribes. It’s not a choice because officials in the health ministry, hospital administrators, and doctors demand it.”

It would be reasonable to expect that internal controls over gifts would be designed to ensure that all gifts satisfy the required criteria, as defined and interpreted in Company policies. It should fall to a Compliance Officer to finalize and approve a definition of permissible and non-permissible gifts, travel, and entertainment, and internal controls will follow from such definition or criteria set by the company. These criteria would include the amount of the spend, localized down into increased risk, such as the higher risk recognized in China. Within this context, there are four general internal controls to consider. 

Three Key Takeaways:

  1. GSK in China continues to be an example of the lack of internal controls for an effective compliance program.
  2. General areas of review for internal compliance controls.
  3. Third parties are still at the highest risk of corruption-related issues.

For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.

Categories
Compliance Kitchen

Compliance Kitchen – The Changes in the DOJ Corporate Enforcement Policy

The Compliance Kitchen returns with a wrap-up of the week’s top trade and economic sanction issues. In today’s episode, Silvia Surman visits the DOJ revised its Corporate Enforcement Policy and the Kitchen looks at the highlights.

Categories
Daily Compliance News

February 4, 2023 – The Pope Fights Corruption Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Will Weisselberg flip? (Bloomberg)
  • FTC says Lena can participate. (Law360)
  • DOJ looking at Silvergate. (Reuters)
  • Pope urges rejection of corruption. (AP News)