Categories
Compliance Into the Weeds

Compliance Into The Weeds: Key Compliance Issues for 2024

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into issues Matt has on his radar for compliance professionals in 2024.

Matt Kelly is well known for zigging when everyone else is zagging. At the start of each year, he publishes a column that looks at key issues for compliance professionals in the year ahead. This podcast takes a deep dive into these issues. The rapidly evolving landscape of AI, cybersecurity, and governance is increasingly shaped by regulatory and compliance trends. In this context, industry experts Tom Fox and Matt Kelly offer insightful perspectives. We consider governmental oversight of AI, with more specific AI regulations in 2024, while also highlighting the potential of AI integration into compliance products and platforms. We also look at issues with the SEC, PCAOB, and DOJ.  Join Tom Fox and Matt Kelly as they delve deeper into these topics in this episode of the award-winning Compliance into the Weeds.

Key Highlights:

  • FEPA and its enforcement
  • NOCLAR and the PCAOB
  • SEC v. Solar Winds and its CISO
  • AI-Regulation and Business Use
  • SEC right to disgorgement 

Resources:

Matt Kelly on LinkedIn

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 1 – What 2023 Brought to Compliance

2023 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate enforcement actions under the Foreign Corrupt Practices Act (FCPA), there were significant announcements from the Department of Justice (DOJ) that directly impacted compliance professionals and compliance programs.

The first came in January, and it was an update to the Evaluation of Corporate Compliance Programs (2023 ECCP). Next, we heard speeches about the increased focus on clawbacks and other areas of consequence management. In October, Deputy Attorney General (DAG) Lisa Monaco introduced a new Mergers & Acquisitions Safe Harbor Policy in October. Finally, in late November, Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarks at the 39th International Conference on the Foreign Corrupt Practices Act (FCPA) on the use of data analytics in a compliance program and DOJ expectations going forward.

The 2023 ECCP brought forward several new initiatives laid out in the 2020 Update to the Evaluation of Corporate Compliance Programs, including additions and deletions.

In October 2023, Deputy Attorney General Lisa Monaco announced a new policy regarding M&A. It is a Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company.

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA, reported that the DOJ is stepping up its own use of data analytics to identify instances of corporate misconduct and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and SEC are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field. She made several important points for all compliance professionals, which will be significant going forward into 2024 and beyond.

Three key takeaways:

1. 2023 was a key year for the DOJ’s evolution in its views on compliance programs.

2. Clawbacks, incentives, and consequence management have become more important.

3. The new DOJ safe harbor initiative for M&A raises many questions.

Categories
Blog

What 2023 Brought to Compliance

2023 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate enforcement actions under the Foreign Corrupt Practices Act (FCPA), there were significant announcements from the Department of Justice (DOJ) which directly impact compliance professionals and compliance programs.

The first came in January and it was update to the Evaluation of Corporate Compliance Programs (2023 ECCP). Next we heard speeches about the increased focus on clawbacks and other areas of consequence management. In October, Deputy Attorney General (DAG) Lisa Monaco introduced a new Mergers & Acquisition Safe Harbor Policy in October. Finally, in late November Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarksat the 39th International Conference on the Foreign Corrupt Practices Act (FCPA) on the use of data analytics in a compliance program and DOJ expectations going forward.

The 2023 ECCP brought forward several new initiatives laid out in the 2020 Update to the Evaluation of Corporate Compliance Programs, include additions and deletions. It also incorporated many of the concepts from the 2022 Monaco Memo. We begin with a review of the new incentives, both financial and non-financial; consequence management; messaging apps and provide a summary for the compliance professional.

In March there were two days of speeches from the DOJ which added to the compliance complexity for 2023 and beyond.  The speeches were made by Deputy Attorney General (DAG) Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite, Jr. (Polite Speech) and they previewed a number of initiatives by the DOJ which every compliance professional needs to study in some detail. These new initiatives included: (1) The Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks; (2) Evaluation of Corporate Compliance Programs; and (3) Revised Memorandum on Selection of Monitors in Criminal Division Matters.

In October 2023, Deputy Attorney General Lisa Monaco announced a new policy regarding M&A. It is a Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company. Under the policy, the acquiring party will receive a presumption of criminal declination if it promptly and voluntarily discloses criminal misconduct, cooperates with any ensuing investigation, and engages in appropriate remediation, restitution and disgorgement.

The Safe Harbor policy is a clear continuation of the DOJ’s push for corporate voluntary self-disclosure. Monaco outlined efforts by DOJ to increase the benefits to companies that voluntary disclose corporate misconduct rather than those companies that decide not to disclose misconduct. The key for the acquirer company to  obtain the “carrot” DOJ is dangling and poses questions as to the “stick” the DOJ might wield if a self-disclosure does not achieve safe harbor, or more broadly, if an acquirer fails to identify criminal misconduct in the acquisition process, either pre or post-closing. This new Mergers & Acquisitions Safe Harbor Policy clearly demonstrates the DOJ’s interest is to avoid discouraging companies with strong compliance programs from acquiring companies with ineffective compliance programs and/or a history of misconduct. To the contrary, DOJ is seeking to incentivize an acquiring company to timely disclose misconduct uncovered during the M&A process.

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA reported that the DOJ is stepping up its own use of data analytics to identify instances of corporate misconduct, and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and the Securities and Exchange Commission (SEC) are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field. She made several important points for all compliance professionals which will be significant going forward into 2024 and beyond.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Congress Fills a Gap – FEPA

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the Foreign Extortion Prevention Act (FEPA), a groundbreaking law that aims to combat corruption by criminalizing foreign government officials who solicit or accept bribes from US entities.

This law complements the Foreign Corrupt Practices Act (FCPA), which penalizes companies for offering bribes, and introduces new challenges and implications for anti-corruption measures. Tom views FEPA as a long-overdue measure that fills a gap in anti-corruption efforts. He agrees with Matt emphasizes that FEPA addresses a long-standing concern of anti-corruption advocates. Both Fox and Kelly anticipate further guidance from the Department of Justice on how this new law will interact with existing measures under the FCPA. Join Tom Fox and Matt Kelly as they delve deeper into this topic in the latest episode of the Compliance into the Weeds podcast.

 

Key Highlights:

  • Combating Foreign Corruption: FIFA’s Powerful Impact
  • Implications of FIFA Cooperation on FCPA Prosecution
  • Extradition Challenges in FIFA Corruption Cases
  • The Impact of the Name and Shame List

Resources:

Matt Kelly on LinkedIn

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Congress Fills a Corruption Hole: The Foreign Extortion Prevention Act (FEPA)

The compliance community has long recognized the gaping hole in the Foreign Corrupt Practices Act (FCPA). As a supply side law, it criminalizes the payment of bribes, not the demand to pay a bribe or extortion. The gap was recently filled by the Foreign Extortion Prevention Act (FEPA) which extended crucial protections to Americans working abroad and provides the Department of Justice (DOJ) with a potent new tool. By criminalizing both the giving and demanding of foreign bribes, FEPA seeks to level the playing field for American workers while fostering ethical business practices globally. FEPA represents a promising solution to protect Americans working overseas, promote fair business competition, and combat corruption on a global scale. With its potential to bring about meaningful change, FEPA is a vital step in safeguarding American values and interests in the international arena. Sam Rubenfeld, cited to Scott Greytak, the director of advocacy for Transparency International US, for the following, “FEPA is a landmark, bipartisan law that holds the potential to help root out foreign corruption at its source. It is arguably the most sweeping and consequential foreign bribery law in nearly half a century.”

This legislation fills a significant gap in anti-corruption measures and raises important questions about its implications for the enforcement of the Foreign Corrupt Practices Act (FCPA) and the cooperation expected from companies involved in bribery schemes. FEPA, part of the National Defense Authorization Act (NDAA), addresses a long-standing concern among anti-corruption advocates. While the FCPA has been effective in penalizing US companies for offering bribes to foreign officials, there has been a lack of legal mechanisms to hold foreign government officials accountable for accepting these bribes. FEPA now provides prosecutors with the means to pursue such officials.

One of the key aspects of FEPA is that it criminalizes the solicitation or acceptance of bribes by foreign government officials from US entities. This complements the FCPA, which focuses on the offering of bribes by US companies. By targeting both sides of the bribery equation, FEPA aims to create a more comprehensive and effective framework for combating corruption.

However, the implementation of FEPA is not without its challenges. One of the main challenges is the extradition of foreign officials for prosecution, particularly from countries like Russia or China. Extradition processes can be complex and time-consuming, and cooperation from foreign governments may not always be forthcoming. This poses a significant hurdle in holding foreign officials accountable under FEPA.

Another notable feature of FEPA is the introduction of a “name and shame” list. This list is intended to publicly identify, and shame foreign government officials involved in bribery schemes. While this may serve as a deterrent, it could also have unintended consequences. For instance, it may impact Transparency International’s corruption perception indexes, potentially affecting the rankings of countries and their relations with the US. Additionally, it could have implications for US companies operating in those countries, potentially straining foreign relations.

The passage of FEPA raises important considerations for compliance officers and companies. They need to assess how this new law may impact their existing controls and policies. The arrival of FEPA as a tool to combat corruption is undoubtedly a positive development. However, it is crucial to carefully evaluate the potential implications for FCPA prosecutions and the cooperation expected from companies involved in bribery cases.

Compliance officers should also consider the potential changes in the calculus for prosecutors. With FEPA in place, prosecutors may now have the legal means to pursue foreign government officials complicit in bribery schemes. This raises questions about the extent to which companies will be required to assist the DOJ in pursuing FEPA cases alongside FCPA cases. Companies may need to provide testimony and cooperate in the prosecution of foreign officials, potentially impacting the resolution of FCPA violations.

Looking ahead, it is essential for the DOJ to provide clarity on how FEPA will be utilized and what expectations companies should have when caught up in FEPA-related investigations. Transparency and guidance from the Department of Justice will help companies navigate the potential challenges and ensure compliance with the law.

The bottom line is that FEPA represents a significant step in the fight against corruption. By criminalizing the solicitation or acceptance of bribes by foreign government officials from US entities, FEPA fills a crucial gap in anti-corruption measures. However, challenges remain in extraditing foreign officials for prosecution and managing the potential consequences of the “name and shame” list. Compliance officers and companies must carefully consider the implications of FEPA on their operations and update their controls and policies accordingly. With proper guidance and cooperation, FEPA can be a powerful tool in combating corruption and promoting ethical business practices.

Penalties under FEPA include (from Transparency International)

  1. Expanding Legal Protections: FEPA amendment U.S. bribery law (18 U.S.C. § 201) to make it illegal for foreign officials to corruptly demand, seek, receive, or accept bribes under two crucial circumstances:
  • From U.S. individuals or companies.
  • From any person while within the United States, in connection with obtaining or retaining business.
  1. Stringent Penalties: Those found guilty of violating FEPA could face severe consequences, including:
  • Criminal fines of up to $250,000 or three times the value of the bribe, whichever is greater.
  • Prison sentences of up to 15 years.
  1. Transparency and Accountability: FEPA introduces a vital accountability mechanism by requiring the DOJ to publish an annual report. It will include the following:
  • It examines the scale and nature of foreign bribe demands against American companies, shedding light on the extent of the issue.
  • It evaluates the effectiveness of U.S. diplomatic efforts aimed at safeguarding American businesses from foreign bribe demands.
  • It assesses the efforts of foreign governments to prosecute individuals involved in corrupt practices against American interests.

Matt Kelly and I take a deep dive into FEPA on this week’s Compliance into the Weeds. To listen, click here.

Categories
Blog

The DOJ on the Need for Compliance Program Data Analytics

The Department of Justice (DOJ) is increasingly utilizing data analytics for proactive enforcement, signaling a significant shift in their approach to combating white-collar crime. This move reflects the recognition of data analytics as a crucial component of compliance programs, extending beyond historical reporting to transactional details and third-party interactions.

Recently, Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarks at the 39th International Conference on the Foreign Corrupt Practices Act (FCPA). She stated, “the Criminal Division has long been an innovator in using data to enhance its investigations and prosecutions. I am proud to announce that we are taking that experience and expertise with data analysis and applying these tools to our FCPA investigations. Through investments in personnel, we have improved our ability to harness and analyze available data — both public and non-public — to identify potential wrongdoing involving foreign corruption. This approach has already generated successful FCPA investigations and prosecutions.” 

In this week’s episode of “Data Driven Compliance,” host Tom Fox and Vince Walden, discussed the importance of data analytics in the DOJ’s enforcement efforts was discussed. Matt Galvin, an expert leading the DOJ’s data analytics initiative, highlighted the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning.

The DOJ expects companies to adopt a similar data-driven approach to compliance. Vince Walden, cited to the Argentieri speech where she stated, “just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

Walden emphasized that while due diligence and background checks are essential, the real risk of fraud occurs during the actual business transactions with third parties. Therefore, companies need to go beyond initial checks and continuously monitor high-risk vendors, contract terms, and other relevant data sources. By mapping risks to data sources and implementing effective tests, companies can identify and prioritize risky transactions.

The increasing accessibility and cost-effectiveness of data analytics have made it a viable option for companies of all sizes. It can help companies demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency. The importance of continuous data analysis in compliance programs was highlighted by the Bank of America enforcement action by the Consumer Financial Protection Bureau (CFPB).

The DOJ’s use of data analytics is not limited to public data available from public companies. They are also leveraging private information, which could potentially include information obtained during investigations within specific industries. The DOJ has made significant investments in technology and resources to enhance their enforcement capabilities, taking inspiration from techniques used in the healthcare division to combat fraud.

However, implementing a data-driven compliance program comes with its own set of challenges. There is still confusion among the compliance community regarding what data analytics entails and how it should be applied. Walden stressed the need for a process-oriented approach rather than treating it as a one-time project. Data analytics should be integrated into the compliance program as a continuous business process, similar to third-party due diligence.

The DOJ’s increasing use of data analytics for proactive enforcement has far-reaching implications. Companies must recognize the importance of adopting a data-driven approach to compliance and invest in the necessary resources and technology. By doing so, they can not only meet the DOJ’s expectations but also improve the effectiveness of their compliance programs and mitigate the risk of fraud.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

For the full podcast episode, click here.

Categories
Data Driven Compliance

Data Driven Compliance: Vince Walden on DOJ Remarks on Data-Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I visited with Vince Walden, CEO of KonaAI, on the recent remarks by the DOJ on data-driven analytics and compliance.

Vince Walden, an expert in data-driven compliance and fraud examination, has made significant strides in the industry as the CEO of Kona AI. His perspective on the Department of Justice’s (DOJ) increasing use of data analytics for proactive enforcement is that it marks a significant shift in the DOJ’s approach to enforcement. Walden notes that the DOJ is now actively using data analytics to proactively identify risks and cases, rather than relying solely on self-reporting or anomalies. He believes that data analytics is no longer considered cutting-edge but rather an expected part of a best practices compliance program. His extensive experience in white-collar crime and FCPA cases, as well as his participation in events such as the annual FCPA conference, have shaped this perspective. Join Tom Fox and Vince Walden as they delve deeper into this topic on the next episode of the Data Driven Compliance podcast. 

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Data-Driven Compliance – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white-collar crime. We are not just waiting for companies to self-report, for witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

But as with all new initiatives in compliance, one must emphasize the importance of starting a compliance journey with a formal risk assessment. Guevara suggested collaborating with various departments within the organization, such as accounts payable, receivables, internal audit, and business operations, to understand the risks associated with different processes. This collaborative effort helps identify compliance controls that need to be in place and ensures that the data required for analysis is available.

While low-hanging fruit may seem like an attractive starting point, Guevara cautioned against solely focusing on easy wins. He advised against presenting a weak business case to secure budget approval for compliance projects. Instead, he recommended conducting a comprehensive compliance risk assessment to prioritize areas that require immediate attention. This approach ensures that compliance efforts are aligned with your organization’s overall risk management strategy.

Data analytics play a crucial role in enhancing compliance efforts. By leveraging data analytics tools and techniques, compliance professionals can identify patterns, detect anomalies, and uncover potential compliance risks. However, Guevara highlighted the importance of validating suspicious transactions before raising concerns. It is essential to conduct due diligence and thoroughly investigate any potential issues to maintain financial integrity and credibility.

Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. It is crucial for compliance professionals to stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 

Categories
Daily Compliance News

Daily Compliance News: December 13, 2023 – The Not Soft on Crime Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • DOJ says it’s not soft on corporate crime. (WSJ)
  • COP28 reaches a historic deal. (FT)
  • The lure of corruption is omnipresent. (Catholic News Agency)
  • The epic verdict adds to Google int’l antitrust woes. (Reuters)
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 7 – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division.

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. Compliance professionals must stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 Three key takeaways:

1. Nicole Argentieri, acting assistant attorney general for the Criminal Division, said,  “Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

2. . Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks.

3. Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks.