Categories
Daily Compliance News

Daily Compliance News: July 24, 2023 – The Struggling in China Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • DOJ revamps Crypto enforcement team. (WSJ)
  • Altice co-founder denies corruption. (Reuters)
  • US consultancies struggle in China after raids. (FT)
  • GOP release FBI report showing no Biden corruption in Ukraine. (Bloomberg)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations -The Investigative Team

Since 2015, DOJ has put even more pressure on every CCO, compliance practitioner, and indeed company, to get an investigation done quickly, efficiently, and, most importantly, right. This is even more true after the U.S. Supreme Court’s decisions in Digital Realty Trust v. Somers, which limited whistleblower protection and benefits to only those whistleblowers who go to the SEC, rather than initially report internally. What do all these documents tell who should be on your investigation team?

As data collection, retention and preservation are critical elements of any significant internal investigation you will need to have the involvement of your IT function. IT can help put a litigation hold on documents that can help with the preservation of data in other areas of the organization. Further, they can assist with certain other aspects as more facts and circumstances are known.

HR is often an underutilized function for an internal investigator. HR can provide context about employees’ work history. There may be notes in HR areas as diverse as training and exit interviews. HR can also give the investigator some insight regarding the credibility of the individual who might be making the allegation. For example, are they good and trusted employees? How long have they been there? What’s their general demeanor? What’s been the feedback on that particular individual?

Forensic accountants should be a part of your investigation team. Such a skilled set team member can bring an investigative mind that drives them to answer questions about what occurred, when and how it happened, and who was involved. However, most lawyers do not understand how forensic accounting is performed and how they can assist your compliance investigation going forward.

Obviously, the GC would be involved to help protect the attorney-client privilege if for no other reason. Further, an investigation needs to have compliance involved, to understand what compliance program was in place at the time of the incident in question, what procedures submission had, and understand if this truly was a gap in the compliance function or maybe there was an area within the compliance function that was not operating as prescribed, or maybe it was a little bit weak.

 Three key takeaways:

1. HR plays a key but often underused role in internal investigations.

2. The Board of Directors and senior management have different roles.

3. Use your legal department to protect the privilege.

Categories
Daily Compliance News

Daily Compliance News: July 18, 2023 – The Polite to Exit Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories covered in today’s edition:

  • Head of DOJ Criminal Division, Kenneth Polite, to step down. (WSJ)
  • What is risk? (NYT)
  • Microsoft to face EU probe over bundling. (FT)
  • Tesla Directors settle comp suit. (Reuters)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Answering DOJ Questions on Confidential Reporting

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.”

This was expanded in the DOJ’s 2020 Guidance, in the section entitled “D. Confidential Reporting Structure and Investigation Process,” with the following language, “Another hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct. Prosecutors should assess whether the company’s complaint-handling process includes proactive measures to create a workplace atmosphere without fear of retaliation, appropriate processes for submitting complaints, and processes to protect whistleblowers.”

Three Key Takeaways:

  1. Internal reporting systems indicate a working, operationalized compliance program.
  2. There must be a solid communication line between the people doing the investigation and those leading the remediation.
  3. Your internal reporting mechanism must be trusted.
Categories
Report from IMPACT 2023

Report from IMPACT 2023 – Andrew Weissmann – Compliance Rules from the DOJ Perspective

ECI’s IMPACT 2023 was one of the leading compliance events in 2023. At this conference, Tom Fox, the Voice of Compliance, was able to visit with several of the speakers, exhibitors, participants, and one group of ethically-minded Girl Scout Troop. In this limited podcast series, Report from IMPACT 2023, Tom explores many of the most cutting-edge topics in ethics and compliance through short podcast episodes. Check out the full series of interviews. You will be enlightened, informed and come away with a fuller and more thorough understanding of the most cutting-edge topics in ethics and compliance. In this episode, Tom visits Andrew Weissmann, former head of the DOJ Fraud Section and current Podcaster and author.

The Department of Justice has been working to ensure that companies understand the rules of the road and what is expected of them to comply with the law. Tom Fox and Andrew Weissmann discussed the evolution of compliance programs from the Department of Justice’s perspective, the dialogue between the Department of Justice and the compliance community, the FCPA Pilot Program, the ABB FCPA Enforcement Action, and the need to use different forms of media to ensure that people are consuming the right information. They highlighted the importance of self-disclosure, extraordinary cooperation, and extraordinary remediation to receive a stunning result from the Department of Justice. Furthermore, they discussed the need to educate people in a variety of ways, such as Twitter, podcasts, articles, and op-eds, to ensure that policies are read and consumed. This podcast episode provides an insightful look into the Department of Justice’s approach to compliance and the need for different forms of media to ensure that people are informed.

Highlights include 

·      Compliance Evolution

·      Compliance Education

·      FCPA Recidivism

Resources 

Andrew Weissmann

Prosecuting Donald Trump podcast

Connect with Tom Fox on Linkedin

ECI

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Board – 20 Questions Directors Should Ask about the Board Compliance Committee

In an area of inquiry entitled Oversight, the 2023 ECCP asks three basic questions which we have explored throughout this chapter:

1. What compliance expertise has been available on the Board of Directors?

2. Have the Board of Directors held executive or private sessions with the compliance function?

3. What types of information has the Board of Directors examined in their exercise of oversight in the area in which the misconduct occurred?

To facilitate the answers to these questions, consider this list of 20 questions to reflect the oversight role of directors. These are questions the Board should ask of both senior management and the Board should ask itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.

Part I: Understanding the Role and Value of the Compliance Committee

1. What are the Compliance Committee’s responsibilities and what value does it bring to the Board?

2. How can the Compliance Committee help the Board enhance its relationship with management?

3. What is the role of the Compliance Committee?

Part II: Building an Effective Compliance Committee

4. What skill sets does the Compliance Committee require?

5. Who should sit on the Compliance Committee?

6. Who should chair the Compliance Committee?

Part III: Directed to the Board

7. What is the Compliance Committee’s role in building an effective compliance program within the company? How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?

8. How long should directors serve on the Compliance Committee?

9. How can the Compliance Committee assist directors in retiring from the Board?

Part IV: Enhancing the Board’s Performance Effectiveness

10. How can the Compliance Committee assist in director development?

11. How can the Compliance Committee help the Board chair sharpen the Board’s overall performance focus?

12. What is the Compliance Committee’s role in Board evaluation and feedback?

13. What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?

14. Should the Compliance Committee have a role in chair succession?

15. How can the Compliance Committee help the Board keep its mandates, policies and practices up-to-date?

Part V: Merging Roles of the Compliance Committee

16. How can the Compliance Committee enhance the Board’s relationship with institutional shareholders and other stakeholders?

17. What is the Compliance Committee role in CCO succession?

18. How can the Compliance Committee foster great technical impact for compliance function?

19. What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?

20. How can the Compliance Committee help the Board in deciding CCO pay, bonus and resources made available to the corporate compliance function?

 Three key takeaways:

1. The DOJ Evaluation requires active Board of Director engagement around compliance.

2. Board communication on compliance is a two-way street; both inbound and outbound.

3. Has the Board built an effective Compliance Committee for itself?

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 8 – Florida Man

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, they discuss whether a compliance crisis is coming, a new compliance law in the UK, and why companies may be dialing down their public statements on ESG and DEI. They also delve into a survey on compliance concerns, the importance of preventing corruption in Ukraine, and the creation of a Department of Justice corporate crime database. With exciting stories like a bizarre crime tale and insight into the controversial Wall Street Journal article, this episode will keep you engaged and informed. Don’t miss out on this opportunity to improve your compliance.

Highlights Include

·      Corporate Compliance in a Time of Budget Cuts

·      Preparing for UK’s New Economic Crime Offense

·      Compliance and ESG in corporate culture

·      Managing Unwanted Change in Compliance

·      Legal issues of cryptocurrency exchange

·      Rebuilding Ukraine: Business Opportunities and Corruption

·      Stress-free Workplace Priorities

·      Corporate crime database

·      Florida Man strikes again 

Resources 

1.     Compliance Crisis Coming?

2.     2023 Global Compliance Risk Benchmarking Survey

3.     Managing Unwanted Change

4.     Ukraine and Corruption

5.     DOJ launches corp crime data base

6.    Florida Man Strikes Again (Honorary Darwin Award nominee as well)

7.    How Great Companies Give Their People What They Want

8.    DOJ Drop SBF FCPA Charges

9.    Companies Quiet Diversity Talk

Connect

Kristy Grant-Hart

LinkedIn

Spark Consulting

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Life with GDPR

Life With GDPR – Joe Sullivan Sentence

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Matt Kelly and Jonathan Marks join Tom and Jonathan Armstrong on this episode, as they explore the case of former Uber CISO Joe Sullivan and the lessons compliance officers can learn from his lenient sentence. From growing trends of personal accountability to conflict of interests, the hosts provide six tips for chief compliance officers to protect themselves, including rehearsing responses and seeking external advice when necessary. This eye-opening episode also delves into the challenges faced by compliance officers in situations like Etsy’s ransomware scheme and how they must be cautious with threat actors’ demands. Don’t miss out on this insightful episode that will leave you questioning whether Sullivan was unfairly punished and whether executives’ remuneration packages will receive greater scrutiny going forward. Tune in now to Life With GDPR.

 Key Takeaways:

·      The Joe Sullivan Uber Case and Lessons Learned

·      Individual Liability in Corporate Malpractice

·      Compensation and Conflicts of Interest

·      The Challenges of Compliance Officers in Wrongdoing Incidents

 Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Measuring Compliance Training Effectiveness

Since at least 2017, the DOJ has emphasized the need to determine compliance training effectiveness. In the 2020 Update, it stated under the section entitled “Form/Content/Effectiveness of Training” the following questions, How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated how much the training impacts employee behavior or operations?

The DOJ enshrined the importance of determining the effectiveness of your compliance program in its 2020 Evaluation. The 2020 Evaluation demonstrates that the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many CCOs and compliance professionals still need help to determine. Both the simple guidelines suggested herein, the more robust assessment, and the results provide you with a start to fulfill the precepts set out in the 2020 Evaluation, but you will eventually need to demonstrate the effectiveness of your compliance training in the future.

Three key takeaways:

  1. You must demonstrate that you have measured the effectiveness of your compliance training.
  2. The DOJ is moving into requiring a demonstration of the effectiveness of compliance training.
  3. You should be moving towards a model of demonstrating compliance training ROI to validate the full operationalization of your compliance training.
Categories
Compliance Into the Weeds

Compliance into the Weeds: A Compliance Response on Messaging Apps

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

Join Tom Fox and Matt Kelly on “Compliance into the Weeds” as they delve into the recent SEC crackdown on messaging apps and improper employee use. The hosts explore the challenges of regulating messaging app use and provide solutions emphasizing the importance of corporate culture and risk management strategies. Hear from experts like the DOJ representative who spoke at Compliance Week 2023 and a defense contractor who offers tech solutions to monitor messaging apps on employees’ phones. With GDPR and FINRA regulations to consider, the podcast presents a comprehensive plan for compliance officers that focuses on effective controls, processes, and consequences for policy infractions. Don’t miss out on this informative podcast highlighting the importance of cultivating relationships with internal audit teams, IT teams, and other control departments to ensure proper compliance measures.

 Key Highlights: 

  • Risk management of employee messaging app usage
  • Tech solution for monitoring employees’ messaging
  • Corporate Culture Approach to Compliance in Financial Firms
  • Compliance Challenges in Monitoring Employee Communications
  • Building Relationships for Effective Compliance Management

 Notable Quotes:

“Assess your risks, put a risk management strategy in place, execute that strategy, train your employees, monitor the effectiveness, and remediate as appropriate.”

“And the tech company CEO said it is in his mind, People the policies, procedures, people and processes a more culture compliance strategy could work, but you would need to convince employees.”

“If they are also violating the policy, that’s bad. And that shows you have a corporate culture problem.”

“If it’s corporate culture, how is this any different than any difficult issue we’ve seen in compliance over the past 15 years?”

Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn