Tag: ECCP

Categories
Blog

Argentieri at ABA White Collar Conference: Corporate Enforcement, Part 1

There were recently two significant speeches by Department of Justice (DOJ) officials at the American Bar Association National Institute on White Collar Crime. The first was by Deputy Attorney General Lisa Monaco. The second was by Acting Assistant Attorney General Nicole Argentieri. They both had important remarks for the compliance professional. Over the next several blog posts, I will review both speeches and what they might indicate for compliance and Foreign Corrupt Practices Act enforcement going forward. Yesterday, I considered the Monaco speech. Today is the speech by Nicole Argentieri.

After reviewing some of the more significant individual prosecutions, Argentieri turned to corporate enforcement, noting, “Corporate accountability is the other side of our white-collar work because companies are the first line of defense against misconduct.” She emphasized the need for “a strong compliance program that is key to preventing corporate crime before it occurs and addressing misconduct when it does occur.” The DOJ’s Corporate Enforcement Policy also encourages “companies to invest in strong compliance functions and to step up and own up when misconduct occurs.” She cited one company that did not have a robust compliance program (or a culture of compliance), Binance, which explicitly communicated its “priorities, telling employees that, when it came to compliance, it was “better to ask for forgiveness than permission.”

In the Foreign Corrupt Practices Act enforcement arena, Argentieri pointed to four cases the DOJ prosecuted over the past 18 months. The companies all entered into corporate resolutions for FCPA violations. This group included Vitol, Glencore, Freepoint, and, most recently, Gunvor. Additionally, the DOJ prosecuted multiple individuals in connection with these cases. She even detailed the multiple bribery schemes involved: “Bribe payments funneled into the pockets of foreign officials through corrupt third-party agents using sham contracts and fake invoices.”

In each organization, there was a decided lack of a culture of compliance. Additionally,  employees exploited gaps in their companies’ internal controls and compliance programs. Personal cell phones and personal email accounts were used, which the organizations seemingly had no access to during the corruption and after the internal investigations. To make payments, internal controls were overridden or ignored to make off-the-books systems not subject to the organization’s standard checks and controls.

Because of the internal control and compliance failures that led to or contributed to the FCPA violations, each of these entities was required to make critical enhancements to their compliance programs to prevent future violations of the FCPA. Argentieri said, “Companies that take forward-leaning steps on compliance will be better-positioned to certify that they have met their compliance obligations at the end of the term of their agreements, as is now required in corporate resolutions with the Criminal Division.”

However, the DOJ’s work done after a settlement with a company is equally important. She clarified that the DOJ will monitor companies after resolution as they make, monitor, and attest to their compliance program and internal controls enhancements. She reported that “twenty-four companies have a market capitalization of more than $1 billion, and 22 are public companies. Over the past decade, hundreds of other companies across a wide range of industries have similarly been subject to compliance obligations in cases brought by the Criminal Division.” This ongoing oversight is not an independent monitorship but to ensure compliance with the resolution documents and to “have a real impact on corporate culture and compliance.”

The DOJ wants good corporate citizens and incentivizes companies to do so in various ways. Beyond enforcement actions are the Evaluation of Corporate Compliance Program (ECCP), the Corporate Enforcement Policy (CEP), the Voluntary Self-Disclosure Program (VSP), and the Compensation Incentives and Clawbacks Pilot Program. Argentieri reported that self-disclosures have increased over the past three years: “In 2023, we received nearly twice as many disclosures as in 2021. We expect this trend to continue as more companies take advantage of the benefits of voluntary self-disclosure and the CEP more generally.”

Argentieri believes that the DOJ has articulated policies that apply transparent criteria for both prosecutors to use and as “guideposts for companies and their counsel to consider when deciding what to do when faced with the prospect of a government investigation. It is a goal of the DOJ “to demonstrate the benefits that await those who voluntarily disclose misconduct.” She concluded this section by stating, “It’s one thing to issue and update policies. It’s another way to change corporate behavior. That is why we track the number of disclosures from companies. I’m proud to announce that early indications are that our policies are bearing fruit.”

Join us tomorrow as we examine how the ECCP, VSD, CEP, and Clawbacks Program have been reflected in recent enforcement actions.

Categories
Blog

Policies and Procedures

There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly a first line of defense when the government comes knocking. The 2023 ECCP made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures against bribery and corruption; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and procedures in anti-corruption compliance.

The specific written policies and procedures required for a best practices compliance program are well known and long established. According to the 2020 FCPA Resource Guide 2nd edition, some of the risks companies should keep in mind include the nature and extent of transactions with foreign governments (including payments to foreign officials); use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectations for standards of conduct in your company. Procedures are the documents that implement these standards of conduct.

Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.

There are five general elements to a compliance policy, which should stake out the following:

  • Identify who the compliance policy applies to;
  • Set out the objective of the compliance policy;
  • Describe why the compliance policy is required;
  • Outline examples of both acceptable and unacceptable behavior under the compliance policy; and
  • Lay out the specific consequences for failure to comply with the compliance policy.

The 2023 ECCP went further by requiring an assessment whether a company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations, through a design which is appropriate to the organization, based upon that organization’s assessed risks.

Design––What is the company’s process for designing and implementing new policies and procedures and updating existing policies and procedures, and has that process changed over time? Who has been involved in the design of policies and procedures? Have business units been consulted prior to rolling them out?

Comprehensiveness––What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of risks it faces, including changes to the legal and regulatory landscape?

The 2023 ECCP Evaluation mandated there must be communication of your compliance policies and procedures throughout the workforce and relevant stakeholders such as third parties and business venture partners.

Accessibility––How has the company communicated its policies and procedures to all employees and relevant third parties? If the company has foreign subsidiaries, are there linguistic or other barriers to foreign employees’ access? Have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?

Responsibility for Operational Integration––Who has been responsible for integrating policies and procedures? Have they been rolled out in a way that ensures employees’ understanding of the policies? In what specific ways are compliance policies and procedures reinforced through the company’s internal control systems?

Moreover, just as risks evolve, your policies and procedures should evolve. The 2023 ECCP asked the following questions:

  • How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices?
  • Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training?
  • What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?
  • Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?

The bottom line is that the DOJ expects updates to your policies and procedures needed to be reviewed on a regular basis and updated as your risks evolve.

Finally, the 2020 FCPA Resource Guide, 2nd edition, ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” It is important that compliance policies and procedures are applied fairly and consistently across the organization. Institutional fairness demands that if compliance policies and procedures are not applied consistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated. Moreover, inconsistent application of your policies and procedures will destroy the credibility of your compliance program. This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the U.S. with the same quality of discipline.

Categories
Blog

Your Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in the creation of your company’s Code of Conduct?

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United’s operations at the company’s huge east coast hub at Newark, NJ.

The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to its 2016 Non-Prosecution Agreement (NPA) settlement with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.

In the 2020 FCPA Resource Guide, 2nd edition, the DOJ and SEC stated:

A company’s Code of Conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.

The 2023 ECCP specified “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” The Antitrust Guidance also specified “If the company has a Code of Conduct, are antitrust policies and principles included in the document?”

The 2020 FCPA Resource Guide, 2nd edition, the 2023 ECCP and Antitrust Guidance go on to make it clear that it is difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company has taken steps to make certain that the Code of Conduct remains current and effective and whether a company has periodically reviewed and updated its code.

There are several purposes which should be communicated in your Code of Conduct. The overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating those requirements, to providing a process for proper decision-making and then requiring that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company upholds and supports proper compliance.

The substance of your Code of Conduct should be tailored to your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. Your company’s disciplinary procedures must be stated in the Code. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code. Further, your company’s Code should emphasize it will comply with all applicable laws and regulations, wherever it does business. The code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

The three most important things about your compliance program are “Document, Document, and Document.” The same is true in communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands it. The DOJ expects each company to begin its compliance program with a very publicly announced, very robust Code of Conduct. If your company does not have one, you need to implement one forthwith.

However, your Code of Conduct is not a static document to be put on a shelf and never reviewed again. For just as your compliance program is a living entity; it should be constantly evolving, the same is true for your Code of Conduct. If your company has not reviewed or assessed your Code of Conduct for five years, do so in short order, as much has changed in the compliance world. Some of the questions you should begin with include:

• When was the last time your Code of Conduct was revised?

• Have there been changes to your company’s business model since the last revision to the Code of Conduct?

• Have there been changes to relevant laws relating to a topic covered in your company’s Code of Conduct?

• Are any provisions of the Code of Conduct outdated?

• What is the budget to revise your Code of Conduct?

After revision of your Code of Conduct, you should develop a plan to communicate the revised document. A rollout is always critical because it is important that revisions are communicated in a manner that encourages employees to review and use the Code of Conduct on an ongoing basis. Your company should use the full panoply of tools available to it to publicize the revised Code of Conduct. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide compliance Code of Conduct roll out meeting where the revised Code is announced with great fanfare out across the company all in one day. Also remember, with all things compliance; the three most important aspects are “Document, Document, and Document”. However, for each delivery of revised Code of Conduct, you must document that each employee received it.

These points are a useful guide to not only thinking through how to determine if your Code of Conduct need updating, but also practical steps on how to tackle the problem. It is far better to review and update your Code of Conduct, than wait for a massive FCPA investigation to go through the process.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 1 – What 2023 Brought to Compliance

2023 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate enforcement actions under the Foreign Corrupt Practices Act (FCPA), there were significant announcements from the Department of Justice (DOJ) that directly impacted compliance professionals and compliance programs.

The first came in January, and it was an update to the Evaluation of Corporate Compliance Programs (2023 ECCP). Next, we heard speeches about the increased focus on clawbacks and other areas of consequence management. In October, Deputy Attorney General (DAG) Lisa Monaco introduced a new Mergers & Acquisitions Safe Harbor Policy in October. Finally, in late November, Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarks at the 39th International Conference on the Foreign Corrupt Practices Act (FCPA) on the use of data analytics in a compliance program and DOJ expectations going forward.

The 2023 ECCP brought forward several new initiatives laid out in the 2020 Update to the Evaluation of Corporate Compliance Programs, including additions and deletions.

In October 2023, Deputy Attorney General Lisa Monaco announced a new policy regarding M&A. It is a Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company.

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA, reported that the DOJ is stepping up its own use of data analytics to identify instances of corporate misconduct and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and SEC are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field. She made several important points for all compliance professionals, which will be significant going forward into 2024 and beyond.

Three key takeaways:

1. 2023 was a key year for the DOJ’s evolution in its views on compliance programs.

2. Clawbacks, incentives, and consequence management have become more important.

3. The new DOJ safe harbor initiative for M&A raises many questions.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics – Day 8 – Data Democratization

In the world of compliance, data analysis plays a crucial role in identifying risks, making informed decisions, and ensuring legal and regulatory compliance. It enables companies to make fact-based decisions and mitigate risks effectively. By leveraging AI, organizations can identify high-risk payments and reduce investigation costs. This not only saves time and resources but also ensures that compliance teams can present risk in a timely and data-driven manner. We previously noted that it is not simply about having the data but also accessing it and then using it.

A key in this process is the implementation of data warehouses and cloud data warehousing solutions. The goal is to eliminate data silos and enable easy data access and analysis. By implementing a modern data stack, companies centralize their data, making it compliance-friendly as mandated by the DOJ (in the 2020 Evaluation of Corporate Compliance Programs) and more generally accessible to employees across the organization.

AI-driven data analysis and compliance solutions are revolutionizing the way organizations approach compliance and data utilization. By leveraging AI technology, these companies enable businesses to make fact-based decisions, identify risks, and ensure regulatory compliance. Investing in data governance and business intelligence tools is crucial for extracting value from data and driving business success. With the democratization of data access, organizations can empower employees to be data-informed and achieve greater efficiency.

 Three key takeaways:

  1. Data analysis is not simply about having the data but also accessing it and then using it.
  2. Data democratization recognizes that effective data utilization is linked to compliance and good business practices.
  3. With the democratization of data access, organizations can empower employees to be data-informed and achieve greater business efficiencies.

For more on KonaAI, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 9 – Dynamic Compliance Policies

One of the key changes coming out of the Covid-19 pandemic is the need for dynamism on corporate policies. This message was driven home in a  MIT Sloan Management Review article,“Turbulent Times Demand Dynamic Rules”. The authors believe, “Circumstances can change rapidly in an uncertain world — organizational rules should be designed to change along with them.”

This concept is most appropriate in the compliance arena in the area of risk management. As your risks change, your management of those risks should adapt to the new reality. This is why the DOJ intoned in the 2023 Evaluation of Corporate Compliance Programs (ECCP) that you should assess your risks as they change, modify your risk protocols, monitor your risk management strategy and then update your compliance programs through continuous monitoring.

This dynamic policy process can build dynamic rules to enhance your company’s ability to anticipate and cope with risk changes. When the corporate compliance function embraces experimentation and learning in the creation and reformulation of policies, it builds flexibility into the organization’s structure, processes, and practices. This type of flexibility is essential as we have moved from disaster recovery to business resiliency to business as usual, especially in the field of risk management.

Three key takeaways:

1. After Covid-19, your policies must be as dynamic as your business.

2. There are three general areas to improve the dynamic features of policy creation and improvement; transparency, experimentation and innovation.

3. Garner feedback from your users on the effectiveness of your compliance policies.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 5 – Training on your Code of Conduct

What about the training on your finalized Code of Conduct? While there have been criticisms of code training, if you consider training as one source of your 360-degrees of compliance communications, the rollout of a new or updated code can be an opportunity. This rollout fits directly into the concept of 360-degrees of compliance communications as rollout is part of both communications and engagement. The delivery of a Code of Conduct is a key element of its effectiveness. By allowing your employees and other stakeholders to engage and interact with the code, through live or interactive training, the effectiveness can be better monitored and measured.
Beginning with the DOJ’s 2017 Evaluation and continuing into the 2023 ECCP, is the DOJ’s emphasis in the effectiveness of training. I think everyone would understand you do need to train but now the government’s talking to us about effective training. Begin with live training that can be held at the corporate headquarters with senior management and executive involvement. Many companies will videotape a message from the CEO to help celebrate the rollout. Then there is the opportunity for localized training that gives employees an opportunity to see, meet, and speak directly with a compliance officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to the Code of Conduct. It gives employees the opportunity to interact with the compliance officer by asking questions which are relevant to markets and locations outside the corporate office, which can often provide employees with the opportunity to have confidential in-person discussions.
However, your Code of Conduct training should be an extension of the way you communicate compliance in your organization. If it is divorced from your 360-degrees of compliance communications style, you may well be missing an opportunity to drive better understanding of the code and denigrate the effectiveness of the training. Whatever approach is used, one of the critical factors is the length of time of the training session. Although lawyers and ethics and compliance professionals can (sometimes) sit through a multi-hour Code of Conduct lesson, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation and number of PowerPoint slides must be kept to a manageable length before the attendee’s eyes start to glaze over.

 Three key takeaways:

  1. Consider a video message from your CEO to help roll out your Code of Conduct initiation or update.
  2. Tailor your Code of Conduct training to your workforce.
  3. Consider interactive and modular approaches to Code of Conduct training.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 19 – Compliance Culture At The Bottom

One of the most important focuses of the DOJ’s 2023 ECCP was around culture. This means how far has the culture of compliance been driven down into an organization. The 2019 Guidance posed the following:
Culture of Compliance – How often and how does the company measure its culture of compliance? Does the company seek input from all levels of employees to determine whether they perceive senior and middle management’s commitment to compliance? What steps has the company taken in response to its measurement of the compliance culture?
These questions point to a CCO or compliance practitioner demonstrating how a culture of compliance is being burned into the very fabric of an organization. While leadership at and from the top has long been considered by both the DOJ and compliance professionals as a key element to move compliance forward, the 2019 Evaluation has also crystalized thinking around compliance culture throughout the organization, including at the bottom
Too often, strategies to move a compliance program or even an initiative come from the top of an organization and are pushed down. To fully operationalize compliance, you must have leadership in compliance further down the organization which (hopefully) has been a part of the design process and can lead the implementation throughout an organization.

Three key takeaways:

  1. While tone at the top is critical, the tone at the bottom can work to more fully operationalize compliance.
  2. 95% of the work is done at this bottom level.
  3. Use HR to come up with a strategy to move compliance into the bottom for more complete operationalization.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 10 – Sales Incentives and Compliance

In the DOJ’s 2023 ECCP, Incentives and Disciplinary Measures it stated:
Incentive System – Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?
When considering how a company could use incentives to further a compliance program and the role of HR in this process, we should also consider how incentives might lead to the converse, as they did in the now-infamous Wells Fargo fraudulent-accounts scandal. When you misalign these two concepts with a faulty sales strategy it can lead to a catastrophic failure, literally costing the company millions of dollars in fines, loss of business and depreciation of shareholder value. Whatever your incentive structure, there will be employees who try to game the system. Some will do it with the tacit or explicit approval of management. You, as the CCO, may be required to act.

Three key takeaways:

  1. Even a benign sales incentive program came become skewed.
  2. A sales incentive program can become high risk or illegal if not properly monitored.
  3. If there is alignment between the strategy, purpose and structure of an incentive system, it often makes the difference between a good and a bad one.

For more information, check out The Compliance Handbook, 4th edition here.

Categories
Everything Compliance

Episode 114, The Monaco, Polite & ECCP Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quartet of Tom Fox, Jonathan Marks, Matt Kelly and special guest Scott Garland from Affiliated Monitors, who discuss at the recent speeches by DAG Lisa Monaco and Kenneth Polite, announcing changes in the DOJ’s Evaluation of Corporate Compliance Programs. We conclude with our fan fav Shout Outs and Rants section.

  1. Matt Kelly looks at the changes around clawbacks. He shouts out to the PCAOB for reminding folks that cryptocurrency ‘reserve reports’ are not worth the paper they are printed on.
  2. Jonathan Marks considers what the two speeches and changes in the ECCP mean for corporate governance. He shouts out to US House of Representatives for overwhelmingly voting to investigate the origins of Covid-19.
  3. Tom Fox looks at the changes to incentives, both financial and non-financial in the 2023 ECCP. He rants about the Tennessee legislature attempt to ban Shakespeare, movies such as Tootie and Some Like It Hot, politicians such as George Santos; all in the guise of banning drag shows.
  1. Special Guest Scott Garland looks at the changes in the monitor selection process and what that means for the line attorney prosecuting a FCPA violation. He shouts out to the Department of Justice for their continued evolution in their thinking about compliance and compliance programs.

The members of the Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.