Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – What Are Internal Controls?

What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. Internal controls expert Joe Howell has said that internal controls are systematic measures, such as reviews, checks and balances, methods, and procedures instituted by an organization that performs several different functions. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes the diversion of company assets, such as by unauthorized sales discounts or receivables write-offs, as well as the distribution of assets.

Three key takeaways:

  1. Effective internal controls are required under the FCPA.
  2. Internal controls are a critical part of any best practices compliance program.
  3. There are multiple FCPA enforcement actions that demonstrate the enforcement spotlight on internal controls.
Categories
31 Days to More Effective Compliance Programs

Day 31 – Using a Root Cause Analysis for Remediation

The 2020 Update re-emphasized the need to perform a root cause analysis and, equally importantly, use it to remediate your compliance program. It stated, “a hallmark of a compliance program that works effectively in practice is the extent to which a company can conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.”
It went on to state what additional steps the company has taken “that demonstrate recognition of the seriousness of the misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risk”).”

The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach using data already in the organization. Identify current and future needs for organizational improvement. Your solution should be a repeatable, step-by-step process in which one method can confirm the results of another. Focusing on the corrective measures of root causes is more effective than simply treating the symptoms of a problem or event, and you will have a much more robust solution in place. This is because the solution(s) are more effective when accomplished through a systematic process with conclusions backed up by evidence.

When you step back and consider what the DOJ was trying to accomplish with its 2020 Update, it becomes clear what the DOJ expects from the compliance professional. Consider the structure of your compliance program and how it inter-relates to your company’s risk profile. When you have a compliance failure, use the root cause analysis to think about how each of the structural elements of your compliance program could impact how you manage and deal with that risk.

Three key takeaways:

  1. The key is objectivity and independence.
  2. The critical element is how you used the information you developed in the root cause analysis.
  3. The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach using data already in the organization.
Categories
Daily Compliance News

January 31, 2023 – The Company That Bribed the World Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Stormy Daniels hush money case goes to NY grand jury. (NYT)
  • Too embarrassed to drive a Tesla. (BBC)
  • J&J’s attempt to escape talc powder liability fails. (Reuters)
  • Saman Ashani was sentenced in the US. (FT)
Categories
31 Days to More Effective Compliance Programs

Day 30 – What is a Root Cause Analysis?

One of the most significant changes in the 2020 FCPA Resource Guide, 2nd edition, was the addition of a new Hallmark entitled “Investigation, Analysis, and Remediation of Misconduct,” which reads in full:

The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigations structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.

Ultimately, performing a root cause analysis is not simply sitting down and asking many questions. It would be best if you had an operational understanding of how a business operates and how they have developed its customer base. Overlay the need to understand what makes an effective compliance program with the skepticism an auditor should bring so that you do not simply accept an answer provided to you, as you might in an internal investigation. Marks noted that “a root cause analysis is not something where you can ask the five whys. You need these trained professionals who understand what they’re doing.”

Three key takeaways:

  1. A root cause analysis is required if you have a reportable compliance failure.
  2. There is no one process for performing a root cause analysis. You should select the one which works for you and follow it.
  3. To properly perform a root cause analysis, you need trained professionals who understand what they’re doing.
Categories
Corruption, Crime and Compliance

Deep Dive into the Honeywell FCPA Settlement

In this episode, host Michael Volkov takes a closer look at the Honeywell FCPA case. The Justice Department and the FCC had a strong year in FCPA enforcement; they closed out the year with two important cases, ABB and Honeywell. Last week’s episode covered the ABB case, and this episode will focus on the Honeywell UOP case, which resulted in a $160,000,000 settlement. 

  • Honeywell was involved in a bribery scheme in Brazil and Algeria to secure contracts with state-owned oil companies.
  • Honeywell conspired to offer a $4 million bribe to a high-ranking executive of Petrobras in Brazil in an attempt to secure a valuable $425 million contract to design and build a refinery.
  • Honeywell’s use of third-party agents, such as sales agents, to facilitate bribery payments was done without proper controls and oversight, leading to a lack of proper invoicing, description of services, and confirmation of payment arrangements which facilitated illegal payments.
  • Honeywell’s senior management was complicit in the scheme and there was a lack of commitment to corporate ethics and compliance culture within the company.
  • The case serves as a reminder of the risks to companies of engaging in bribery and the importance of having a strong compliance culture and third-party risk management program.

 

KEY QUOTE:

“Honeywell’s actions occurred in an environment where no one raised a question about the bribery scheme. The … narrow focus on winning the project through whatever means possible was clear.” – Michael Volkov

RESOURCES

Honeywell UOP to Pay Over $160 Million to Resolve Foreign Bribery Investigations in U.S. and Brazil

SEC Charges Honeywell with Bribery Schemes in Algeria and Brazil

Email Michael: mvolkov@volkovlaw.com

Categories
FCPA Compliance Report

James Koukios on Changes to Corporate Enforcement Policy

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Morrison and Foerster partner James Koukios to discuss the recent Kenneth Polite speech announcing changes to the Department of Justice Corporate Enforcement Policy.

In this episode, we consider the following:

  • What is the CEP;
  • This is a follow on from the Monaco Memo;
  • Why this change is significant for recidivists;
  • How this change redefines an effective compliance program;
  • The new CEP offers real, tangible, and significant benefits for compliance programs; and
  • What it all means going forward.

Resources

Kenneth Polite Speech

Updated CEP

Categories
FCPA Compliance Report

Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 2

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We conclude with Part 2, looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases, and some of the important issues which arose in 2022 and how they might impact compliance in 2023.

In this episode, we consider the following:

·      Building trust and credibility in the investigative process

·      The ABB FCPA enforcement action

·      The Honeywell FCPA enforcement action

·      Why the heat is on compliance after the Monaco Memo

·      Corporate incentives and discipline, including clawbacks

·      The Glencore FCPA enforcement action and CCO Certification

Resources

Mike Volkov on LinkedIn

The Volkov Law Group

Categories
Corruption, Crime and Compliance

2022 FCPA Year in Review Featuring Tom Fox

2022 saw higher numbers of FCPA enforcement actions, settlements, and criminal prosecutions of individuals. One of the most important developments was the update of policy in the Monaco Doctrine, which was elaborated on in the Monaco Memo, providing important guidance for compliance professionals. Tom Fox joins Michael Volkov to discuss some of the more interesting cases from the past year.

Tom Fox is hailed as the Voice of Compliance, serving and evangelizing for the compliance community for over 15 years. He is the founder and creator of the Compliance Podcast Network where he hosts various podcasts, such as Innovation In Compliance and the ESG Report, and the Executive Leader at the C-Suite Network. 

 

Some ideas you’ll hear them explore are:

  • The DOJ is getting better at communicating with the compliance community through resolution documents like DPA, NPA, and, occasionally, declinations. These documents provide insight into the DOJ’s thinking and approach to cases, which compliance professionals can use to gain a better understanding of how to approach compliance issues.
  • In Tom’s upcoming book, “FCPA Year in Review 2022,” he highlights the KT Corp bribery case, which went back to the basics in its old-school rendition of corruption: bags of cash money. The lesson here is that bribery can be as simple as a $50 slipped into a handshake.
  • In the curious case of Glencore, the FCPA enforcement action taken against them reflects the DOJ’s focus on defective cultures within companies. This case involved multiple enforcement agencies across multiple countries and multiple bribery schemes, rounding up fines and penalties totalling up to $1.1 billion, with $700M for FCPA violations, and $441M for price and market manipulation. Glencore had a culture that was committed to profit at any cost, and the company paid over $100M to third parties knowing that some of the money would be used to bribe officials in various countries.
  • The Oracle case involving bribery and corruption involving gifts, travel, and entertainment should serve as a reminder to companies to review their gift, travel, and entertainment policies and ensure they are aware of how their business officials are spending their travel, per diem, and entertainment money.
  • Avoid hiring third-parties recommended by or at the direction of a state-owned official or executive.
  • The Lisa Monaco memorandum emphasizes the need for effective compliance programs and the benefits of voluntary disclosure, full cooperation, and timely and appropriate remediation. 

 

KEY QUOTE

“Internal controls are not simply due diligence, distributors, et cetera. It goes down to your payments, schemes and how you pay your vendors should all be a part of your internal controls.” – Tom Fox

 

Resources

Tom Fox on the Web | LinkedIn | Twitter | Blog

Categories
FCPA Compliance Report

Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 1

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We begin a two-part podcast on looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases and some of the important issues which arose in 2022 and how they might impact compliance in 2023.

In this episode we consider:

·      The Monaco Memo

·      The Stericycle FCPA enforcement action

·      The KT FCPA enforcement action

·      The upcoming trial of Cognizant executives and internal investigations

·      Key individual prosecuted

Resources

Mike Volkov on LinkedIn

The Volkov Law Group

Categories
Compliance Into the Weeds

Compliance Issues & Events We Are Looking at for 2023

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I consider a list of compliance issues and events worth watching in the next 12 months, likely to happen in the coming year, that will be most consequential for corporate compliance and audit professionals.

For 2023 (at least at this point), it is the following:

·      SEC rules on greenhouse gases.

·      PCAOB enforcement.

·      The FTC and privacy enforcement.

·      Fallout from the Oracle FCPA enforcement action.

·      New DOJ corporate crime enforcement policies.

·      An ESG controller.

·      Crash and burn of Elon Musk-style corporate governance.

 Resources

Matt Kelly in Radical Compliance