Categories
Blog

Compliance Program Use of Data Analytics

Matt Galvin, Counsel, Compliance & Data Analytics at the DOJ and one of the experts leading the DOJ’s data analytics initiative, highlighted in another talk, the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning. The DOJ expects companies to adopt a similar data-driven approach to compliance. In her speech, Argentieri speech where she stated, “just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

This means that  while due diligence and background checks are essential, the real risk of fraud occurs during the actual business transactions with third parties. Companies need to go beyond initial checks and continuously monitor high-risk vendors, contract terms, and other relevant data sources. By mapping risks to data sources and implementing effective tests, companies can identify and prioritize risky transactions. The increasing accessibility and cost-effectiveness of data analytics have made it a viable option for companies of all sizes. It can help companies demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency. The importance of continuous data analysis in compliance programs was highlighted by the Bank of America CFPB enforcement action.

However, implementing a data-driven compliance program comes with its own set of challenges. There is still confusion among the compliance community regarding what data analytics entails and how it should be applied. Data-analytics should be seen as a process-oriented approach rather than treating it as a one-time project. Data analytics should be integrated into the compliance program as a continuous business process, similar to third-party due diligence.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of the use of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained.

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

The Argentieri speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.

The DOJ’s increasing use of data analytics for proactive enforcement has far-reaching implications. Companies must recognize the importance of adopting a data-driven approach to compliance and invest in the necessary resources and technology. By doing so, they can not only meet the DOJ’s expectations but also improve the effectiveness of their compliance programs and mitigate the risk of fraud.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

Categories
Blog

2022-The Year in FCPA

2022 saw a relatively slow year in Foreign Corrupt Practices Act (FCPA) enforcement actions. Yet, as usual, the cases themselves were packed with much for the compliance professional to digest. Moreover, 2022 was a very significant year for every compliance practitioner and compliance program. My latest book, 2022 – The Year in FCPA – FCPA Enforcement Actions, DOJ Commentary and Key Lessons for Compliance from 2022 reviews the corporate FCPA enforcement actions from the past year and mine them for lessons which can be garnered by the compliance practitioner.

The cases themselves ranged in fine and penalty values from $1.1 billion (Glencore International A.G.) down to $6.3 million (KT Corporation). The Department of Justice (DOJ) FCPA prosecutions involved the following entities: Stericycle Inc. (Stericycle), with an overall fine of $84 million; Glencore, with an overall fine of $1.1 Billion; GOL Linhas Aéreas Inteligentes S.A. (GOL), with an overall fine of $41 million; ABB Ltd. (ABB) with an overall fine of $315 million and, concluding the year, Honeywell UOP, with an overall fine of $160 million. From the Securities and Exchange Commission (SEC) we saw enforcement actions involving the following entities: KT Corp, with a penalty of $6.3 million; Tenaris S.A., with a penalty of $78 million; Oracle Corporation (Oracle), with a penalty of $23 million, and Stericycle, GOL, ABB and Honeywell, with the fine amounts noted above. Finally, Glencore was also fined by the Commodity Futures Trading Commission (CFTC).

The total fines and penalties were $1.396 billion. Under the new monitorship policy, announced in October 2021 and put into practice through the Monaco Memo, there were two cases which  included appointments of Corporate Monitors (Glencore and Stericycle). From the DOJ there were two Declinations. The first involved the French entity Safran S.A. and included a $17 million disgorgement. The second involved the UK entity Jardine Lloyd Thompson Group Holdings Ltd. (JLT) and included a $29 million disgorgement. 2022 saw one individual FCPA trial involving former Goldman Sachs Group Inc. Managing Director Roger Ng, who was convicted for criminally circumventing the firm’s internal controls. The Swedish telecom company Telefonaktiebolaget LM Ericsson (Ericsson) had its monitorship extended for 1 year amidst ongoing investigation they breached the Deferred Prosecution Agreement (DPA) and, finally, the Russian entity Mobile TeleSystems PJSC (MTS) also had its monitorship extended for 1 year.

In the realm of individuals prosecuted there were 24 individual criminal prosecutions and it appeared that individual criminal prosecutions continued at aggressive pace. With the formalization of the Monaco Memo, the DOJ will be targeting more individuals for prosecutions in 2023 so the pace of individual prosecutions will continue and probably increase. In 2022, the majority of the individual prosecution stemmed from prior FCPA actions involving a small number of companies; most notably Petróleos de Venezuela S.A. (PDVSA), Vitol Inc., Odebrecht S.A. and Sargeant Marine Inc. It is significant that the DOJ has continued its use of anti-money laundering (AML) charges, which have a 20-year maximum sentence together with FCPA charges, which have a five-year maximum sentence.

However, 2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, three actions were significant, with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism. In Glencore, we saw what happens to a company that engages in worldwide systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit, which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company could take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of DOJ enforcement policies on the FCPA enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was additional commentary by Principal Associate Deputy Attorney General Marshall Miller in a speech and by Assistant Attorney General Kenneth A. Polite. Every compliance professional should know them in detail as they significantly turn the heat up on corporate compliance programs. The Monaco Memo is further clarification and guidance for line prosecutors when considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing, which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. The DOJ hired Matt Galvan to help develop data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance professional in data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.

What did the year 2022 in FCPA mean for you. Check out 2022-The Year in FCPA now available on Amazon.com.

Categories
31 Days to More Effective Compliance Programs

Day 1 – What 2022 Brought To Compliance Programs

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2023, I will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, three actions were significant, with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism. In Glencore, we saw what happens to a company that engages in worldwide systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit, which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company could take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies on the Foreign Corrupt Practices Act (FCPA) enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was additional commentary by Principal Associate Deputy Attorney General Marshall Miller in a speech and by Assistant Attorney General Kenneth A. Polite. Every compliance professional should know them in detail as they significantly turn the heat up on corporate compliance programs. The Monaco Memo is further clarification and guidance for line prosecutors when considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing, which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. The DOJ hired Matt Galvan to help develop data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance professional in data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.

 Three key takeaways:

1. Key FCPA cases in 2022 were Glencore, ABB, and Stericycle.

2. The Monaco Memo refocused the DOJ’s efforts on FCPA and other white-collar crime and put the heat on compliance programs.

3. The DOJ’s hiring of Matt Galvan will focus on the DOJ’s expertise in data analytics and their employment in compliance programs.

Categories
Blog

What 2022 Brought to Compliance

2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, there were three enforcement actions were significant with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism, in Glencore, we saw happens to a company which engages in worldwide, systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company can take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies on the around Foreign Corrupt Practices Act (FCPA) enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was also additional commentary by Principal Associate Deputy Attorney General Marshall Miller, in a speech and a speech by Assistant Attorney General Kenneth A. Polite. Every compliance professional should all of them in detail as they significantly turn the heat up on corporate compliance programs.

The Monaco Memo is broken down into four main sections: I. Guidance on Individual Accountability; II. Guidance on Corporate Accountability; III. Independent Compliance Monitorships; and IV. Commitment to Transparency in Corporate Criminal Enforcement. The Monaco Memo is both further clarification and further guidance for line prosecutors when they are considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action.

I see the Monaco Memo and the Miller and Polite Speeches as complimentary releases of information which drive home several key changes in DOJ enforcement. Perhaps changes are too strong, but they these announcements make clear the DOJ is dedicated to individual accountability and prosecution. Corporations will have to reorient their approach to investigations and sharing of information with the DOJ to this new mandate. Next the DOJ is strongly shifting the burden in the investigatory and negotiation phases to make clear the company must come forward with evidence to support lower fines and penalties and greater discounts, particularly in individual financial penalties and incentives, i.e., clawbacks. The Monaco Memo laid out not simply how to avoid a monitor but a program of proactive monitoring which can lead to the prevention of a crime before the FCPA is violation. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. It was the DOJ hiring of Matt Galvan to help develop a data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance profession in the use of data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.