Tag: Matt Kelly

Categories
Blog

Stepping Up and Stepping Forward: The Future of Compliance in an Age of AI and Deregulation

The world of compliance took a surprising turn this February with the Executive Order issued by the President suspending FCPA investigation and enforcement. This was followed in short order by the dismissal, after six years of prosecution, of the two ex-Cognizant Technology executives charged with paying or authorizing the payment of bribes in that case. It now appears that both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA units will be eviscerated and even shut down by the Administration. These significant legal rollbacks have ignited a series of conversations about the very essence and future of the compliance profession. As compliance professionals, many of us are left pondering, where exactly does compliance go from here?

I recently discussed this topic on the Compliance into the Weeds podcast with Matt Kelly, reflecting on his insights from a compliance event held in Boston he wrote about in a blog post in Radical Compliance. Matt highlighted a prevalent unease among compliance officers, underpinned by two primary concerns: the potential redundancy of compliance roles due to relaxed regulatory scrutiny and the impact of advancing technology, particularly AI, on compliance functions.

First, tackle the issue of regulatory rollback. The Trump administration has shown a clear inclination toward scaling back certain regulatory requirements, warranted or not. But there is a critical takeaway. It is not 2010, at the modern beginnings of compliance; it is 2025, and compliance is fundamentally different from what it was 15 years ago. Compliance practices and ethics programs have become deeply integrated into business operations, creating intrinsic value that transcends mere regulatory requirements. These practices have proven essential not only for managing regulatory risk but also for effectively managing broader business risks, operational efficiency, and corporate reputation.

Yet, despite the embedded nature of compliance in modern corporations, there’s a troubling scenario Matt outlined based on a keen observation from Kristy Grant-Hart. Could compliance functions gradually be absorbed by other departments? Could compliance tasks like hotline management drift toward HR, regulatory compliance fall into the hands of the legal department, and privacy compliance become the responsibility of IT security? Unfortunately, this scenario is not entirely implausible. Some short-sighted organizations might indeed take this fragmented route, viewing it as an opportunity to reduce headcount and costs.

Both Matt and I agree this is a dangerous and ultimately costly path. Fragmenting compliance capabilities across departments risks creating silos, precisely what compliance professionals have spent years fighting against. Silos impede effective communication and cloud transparency and hinder the swift, coordinated responses necessary to manage risk in today’s complex business environments. In short, this fragmentation threatens operational integrity, compliance effectiveness, and, ultimately, corporate profitability.

Instead of retrenching, compliance professionals must seize this uncertain moment as an opportunity. This is a time to demonstrate conclusively how compliance adds tangible business value beyond regulatory mandates. Hui Chen beautifully articulated this sentiment in her insightful blog post, urging compliance leaders to elevate their roles proactively. Chen recommends re-evaluating and broadening our compliance messaging, enhancing engagement with leadership, and demonstrating the clear business value compliance delivers to the organization.

Now, when we look at technology, particularly AI, there is palpable excitement and understandable anxiety within our compliance community. AI presents both extraordinary potential and a perceived threat. The crux of the concern is straightforward: could AI replace human compliance professionals?

AI undoubtedly enhances compliance capabilities significantly; it empowers us to manage larger, more complex data sets, swiftly identifies risks, automates repetitive compliance tasks, and enriches our analytical capabilities. But here’s the fundamental truth: AI requires a “human in the loop.” Human oversight, nuanced judgment, ethical considerations, and strategic thinking cannot, and should not, be outsourced entirely to algorithms.

Moreover, AI is not a threat but a tool that amplifies the effectiveness of compliance officers. Compliance professionals should proactively harness AI to enhance third-party risk management, improve whistleblower and speak-up programs, conduct more nuanced behavioral analytics, and streamline compliance training and communication. AI is here to augment, not eliminate, the vital role of the compliance officer.

Short-sighted individuals will always view AI as a cost-cutting opportunity. These individuals might attempt to unravel compliance functions, dispersing responsibilities across various departments supported by AI, thereby undermining the coherent strategic value a centralized compliance function provides.

Our response as compliance professionals should be unequivocal; robust compliance management and risk assessment capabilities are more critical now than ever. Compliance functions must remain centralized and strategic, leveraging technology to enhance rather than dilute their impact. We must clearly demonstrate to senior management how a strong, unified compliance function, bolstered by advanced technologies like AI, not only ensures regulatory compliance but actively strengthens operational resilience, business efficiency, and profitability.

In closing, Matt and I both agree these are indeed challenging and uncertain times for the compliance profession. However, they also represent a profound opportunity for growth and innovation and demonstrate the indispensable value compliance brings to businesses. Compliance professionals must rise to this challenge, proactively shaping the future rather than passively waiting for it to unfold.

As Matt aptly concluded, and I echo wholeheartedly, “I would bet on the durability of the ethics and compliance profession every day of the week.” I would only add that now is unquestionably the moment for compliance to step forward confidently, embracing innovation and clearly demonstrating its value as a strategic partner in business success.

Categories
Blog

Top Compliance Leadership Skills for the Wild Wild West that is Coming – Part 2, Curiosity

This week, Donald Trump was inaugurated as the 47th President of the United States. I can only say with complete certainty that the world of compliance will never be the same. Trump not only promises tariffs and sanctions against America’s enemies and competitors but also promises them against America’s friends. His views on the Foreign Corrupt Practices Act (FCPA) are well known (‘a horrible law’), and so are his views on bribery.

He may well be the first President to employ the FCPA as a tactical weapon against companies from countries that are not only the US’s enemies and competitors but also our allies. This is nothing to say about how he will direct the Department of Justice to use the Foreign Extortion Prevention Act (FEPA) against our enemies, competitors, and allies. So prepare for the Wild West of corporate compliance for the next four years.

As compliance professionals face this miasma in 2025, compliance leadership skills will be more critical than ever. With these new, renewed, and mounting regulatory pressures, declining employee engagement, and intensifying demand for ethical corporate governance, the role of compliance leaders has never been more pivotal or challenging.

This week, I am looking at three leadership skills for the Chief Compliance Officer (CCO), compliance professional, or compliance practitioner to focus on for this sea change in compliance. One faces outward, one faces inward, and the third relates to your attitude. They are (1) fairness, (2) curiosity, and (3) a sense of humor. These three skills will enhance your team’s effectiveness and strengthen your organization’s overall compliance posture. Yesterday, we considered fairness. Today, we look at the curiosity of the compliance professional.

Curiosity: Your Secret Weapon for Compliance Growth 

From my experience, curiosity is a game-changer in compliance. Indeed, in the initial Radical Compliance podcast, Matt Kelly interviewed Hui Chen about the original (2017) Evaluation of Corporate Compliance Programs; she said it was designed to get compliance professionals and CCOs to ask questions about their compliance programs.

Besides the Trump Administration, in 2025, compliance programs will face emerging challenges such as AI ethics, ESG requirements, and new data privacy laws. Curiosity enables compliance leaders to stay ahead of these trends, fostering innovation and adaptability in their programs. Curious leaders break free from silos, seek new knowledge, and inspire their teams to think creatively. This mindset is critical for identifying risks and opportunities in an unpredictable regulatory environment.

Curiosity drives innovation, sharpens problem-solving skills, and helps compliance officers identify risks and opportunities others may overlook. But how can compliance professionals actively cultivate curiosity in themselves and their teams? Here’s a roadmap to help you stay informed, ask better questions, and fill critical knowledge gaps.

Stay Informed on Industry Trends 

Regulatory landscapes are shifting faster than ever, with new challenges arising in artificial intelligence (AI), environmental, social, and governance (ESG) standards, and data privacy. Compliance professionals must proactively stay informed about these trends to keep their programs agile and relevant. Indeed, every Deferred Prosecution (DPA) includes language mandating awareness of other businesses in their industry and any compliance developments.

What are some of the action steps a compliance professional or CCO can take? If you are reading this blog post, it is an excellent first step. You can listen to one or more of the 50 podcasts on the Compliance Podcast Network. Both steps will put you on the cutting edge of the nuts and bolts of compliance. For topical compliance news and analysis, you can read well-known commentators such as Matt Kelly on Radical Compliance. You can read industry publications like Compliance Week or law firm or consulting firm newsletters on topical compliance issues. Focus on emerging areas like AI ethics, ESG enforcement actions, and updates to GDPR or other privacy frameworks.

Attending webinars and conferences are excellent opportunities to hear from industry leaders, regulators, and peers. These conferences include Ethisphere and Compliance Week in the spring and SCCE and ACI in the fall. These events provide real-time insights and practical strategies for addressing emerging risks. When you attend such events, you can often garner as much information by networking with your peers. You can also join professional organizations, such as SEEC, ACFE, ECI, and others, which often have online forums to exchange knowledge and share best practices with other compliance professionals.

By staying informed, you can anticipate changes before they disrupt your organization and position yourself as a forward-thinking compliance leader.

Ask Better Questions 

Compliance professionals are often tasked with identifying risks and making decisions under uncertainty. The quality of the questions you ask determines the depth of your understanding and the effectiveness of your solutions. Traditional compliance questions like “What’s the risk here?” are essential but can be limiting. To foster curiosity, you need to dig deeper and challenge assumptions.

What are some examples of better questions you can ask? Start with such basics as “What assumptions are we making, and how can we test them?” This question helps uncover blind spots in risk assessments or compliance strategies. Follow up with questions like “How does this risk evolve?” Understanding the lifecycle of a risk can help you develop proactive mitigation strategies. Always add this query to your repertoire: “What can we learn from other industries?” Exploring how different sectors handle similar challenges can inspire innovative solutions in your company.

You should work to apply all of this in your everyday compliance work. Start by encouraging your team to approach problems from multiple angles. Take your risk assessment, where you can consider not just the likelihood and impact of a risk but also the assumptions underlying those ratings. This mindset shift leads to more robust and effective compliance strategies.

 Fill Knowledge Gaps 

In the compliance field, the more you know, the more you realize how much you still need to learn. Recognizing and addressing knowledge gaps is a critical skill for any compliance professional. Think about compliance issues in some of the following ways: Reflect on your recent projects or decisions. Consider if there were times when you felt unsure or relied heavily on external experts. Keep track of emerging topics where you only have surface-level knowledge, such as ESG reporting requirements or AI regulations. Finally, do not be afraid to ask your team for feedback. They may identify areas where additional expertise could strengthen the program.

Encourage Curiosity in Your Team

Curiosity is not simply a personal trait but a cultural value that compliance leaders can cultivate within their teams. A curious team is more likely to challenge assumptions, identify risks early, and propose creative solutions. You do not have to send your team to conferences to foster curiosity. You can do that yourself by creating opportunities for cross-functional in-house learning. Invite experts from other departments, such as cybersecurity, ESG, or finance, to share insights during compliance meetings. This not only broadens your team’s knowledge but also strengthens cross-departmental collaboration.

Encourage “What If” scenarios by asking your team to imagine hypothetical scenarios and explore how they would address them. Such as, “What if we faced a cyber breach tomorrow?” or “What if a supplier violated ESG standards?” It can be a perfect starting point for you and your entire team. Finally, celebrate curiosity by recognizing and rewarding team members who ask insightful questions, propose innovative ideas, or learn about emerging risks. By embedding curiosity into your team’s culture, you empower them to think critically and proactively, enhancing the overall effectiveness of your compliance program.

Curiosity is a powerful tool that enhances professional growth and strengthens compliance programs’ resilience and adaptability. In 2025 and beyond, compliance leaders who embrace curiosity will be best positioned to navigate uncertainty, address emerging risks, and lead their organizations confidently.

Join us tomorrow as we explain why having a sense of humor may be the most important skill for surviving the new administration’s inevitable chaos.

Categories
Fox on Podcasting

Fox on Podcasting – Celebrating Excellence in Podcasting in the Domestic Arena

Join Tom Fox as he explores the world of podcasting, and get ready to be inspired to start your podcast. Today, we begin a three-part series on honoring excellence in podcasting and the Agora Awards. In this second episode celebrating the Compliance Podcast Network Agora Awards, host Nick Gallo introduces four guests and hosts of their own podcasts: Mike Volkov, Matt Kelly, Mike DeBernardis, and Karen Woody.

In this episode, we stress the importance of being listenable and engaging rather than rigidly adhering to a set script when discussing compliance issues. Reflecting on experiences from 14 to 15 years ago, it’s clear that a heavily scripted approach can fall short. All our guests agree that a more conversational format resonates better with audiences. We focus on meaningful dialogues, keep episodes concise, typically around 20 minutes, and highlight the value of slowing down and prioritizing listener engagement over extensive, pre-planned talking points.

Key highlights:

  • Engaging Podcasting
  • Evolution with Compliance Into the Weeds
  • Building a Good Conversation
  • Podcast Length and Ambitions

Resources:

Matt Kelly

Compliance into the Weeds

Everything Compliance

Karen Woody

The Woody Report

Classroom Insiders

Succession-the Final Season

Everything Compliance

Mike DeBernardis

All Things Investigation

Mike Volkov

Corruption, Crime and Compliance

Categories
Great Women in Compliance

Great Women in Compliance: Internal Controls and Compliance: Building a Successful Partnership

We emphasize the importance of “understanding the business,” in Ethics & Compliance, which is absolutely critical to our success.  One of the topics we discuss less frequently is how to work with other control functions, one of which is internal controls. Lisa is speaking about this topic at the SCCE CEI with Matt Kelly from Radical Compliance. In advance of the conference, Lisa Fine and Ellen Hunt co-hosted a roundtable discussion with Matt Kelly from Radical Compliance and Sarah Lawrence, Sr. Director of Internal Controls at Pearson.

In this episode, they discuss the history and purpose of internal controls and SOX, how they evolved and how they work today.  In particular, they focus on what is financial materiality vs what E&C sees as areas for controls.

The whole group agreed that open lines of communication and coordination are fundamental to both of these control functions working together, and Sarah and Lisa discuss how they have built a collaborative relationship so that both the finance and compliance sides understand each other’s objectives and keep an open line to the benefit of both functions.

#GWIC is proud to announce that it has been nominated for the WomenInPodcastAwards.  This is a people’s choice award and whether you vote for #GWIC or other nominees, we ask that you send the elevator back down by voting. Voting opens August 1, 2024, and details can be found on the #GWIC LinkedIn page at http://www.linkedin.com/groups/12156164

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

The Boston Consulting Group Declination: A Money Shot for Clawbacks

In a recent development that has garnered significant attention in the compliance community, the U.S. Department of Justice (DOJ) declined prosecution of Boston Consulting Group, Inc. (BCG) for violations of the Foreign Corrupt Practices Act (FCPA). Despite evidence of bribery involving BCG’s operations in Angola, the decision to forgo prosecution serves as a powerful reminder of the critical role that timely self-disclosure, cooperation, and effective remediation play in navigating the complexities of corporate compliance and, most significantly, clawbacks play in a decision to decline to prosecute. The decision was made public via a letter from the DOJ to BCG.

Between 2011 and 2017, BCG’s Lisbon, Portugal office engaged in a scheme to secure business contracts with Angolan government agencies, including the Ministry of Economy (MINEC) and the National Bank of Angola (BNA). BCG funneled approximately $4.3 million in commissions to an agent with close ties to Angolan government officials. These payments, made through offshore entities, helped BCG secure twelve contracts, resulting in revenues of $22.5 million and profits of $14.424 million.

The misconduct was serious: BCG employees in Portugal were aware of the agent’s ties to government officials and took deliberate steps to conceal the true nature of the agent’s work. This included backdating contracts and falsifying documents to cover up the corrupt activities. Such actions violated the FCPA, which prohibits U.S. companies from engaging in bribery of foreign officials to secure business advantages.

The money shot in this Declination was in the area of clawbacks. In the Wall Street Journal  (WSJ), Dylan Tokar wrote, “The consulting group’s disciplinary actions come amid pressure on companies by Justice Department officials to clawback compensation from employees involved in wrongdoing. Officials have said they want to shift the burden of penalties for corporate misconduct to those most responsible.” Mary Shirley, quoted by Tokar in the same article, noted, “That’s a strong message. While they’re not stated, the actual figures involved for individuals could be quite high.”

In his Radical Compliance piece on the Declination, Matt Kelly emphasized Shirley’s point: “That final point on surrendering equity — wow. That’s a punitive measure with real bite. Not only has BCG damaged the offenders’ future employment prospects by firing them and leaving a black mark on their records, but the loss of equity is a wallop to all their past employment with the firm. I have no idea how much that equity might have been worth, but BCG is a giant and prosperous business, so it’s entirely possible those offenders just lost millions of dollars.”

Given the severity of the misconduct, the DOJ’s decision to decline prosecution may seem surprising at first glance. However, more conduct was conducted by BSG after discovering the illegal conduct, which led to this superior result. The decline reveals that BCG’s response to finding the potential FCPA violation was exemplary, and equally importantly, it aligned with the DOJ’s Corporate Enforcement and Voluntary Self-Disclosure Policy. These factors included:

  • Timely and Voluntary Self-Disclosure: In a 2014 email, BCG uncovered evidence of the potential FCPA violation and promptly disclosed the misconduct to the DOJ. This proactive step is crucial in the DOJ’s assessment of whether to pursue prosecution, as it demonstrates the company’s commitment to transparency and accountability.
  • Full and Proactive Cooperation: BCG did not merely disclose the misconduct; the company fully cooperated with the DOJ’s investigation. This included providing all relevant facts, including information about the individuals involved in the bribery scheme. Cooperation of this magnitude significantly mitigates the risk of prosecution, as it aids the government in its investigation and potential prosecutions of individuals responsible for the wrongdoing.
  • Comprehensive Remediation: BCG’s response to the misconduct was swift and decisive. The company terminated the personnel involved, imposed compensation-based penalties, and required implicated partners to forfeit their equity in the company. BCG also denied these individuals the financial transitions typically accorded to departing employees, underscoring the seriousness of the misconduct.
  • Significant Compliance Improvements: Beyond addressing the immediate issue, BCG substantially enhanced its compliance program and internal controls. These improvements included formalized employee training, vendor and client screening protocols, and the establishment of local and global risk committees. Such measures demonstrate BCG’s commitment to preventing future misconduct and fostering a culture of compliance.
  • Absence of Aggravating Factors: The DOJ’s decision was also influenced by the absence of certain aggravating factors, such as executive management’s involvement in the misconduct, significant profit relative to the company’s size, or a history of criminal recidivism. These factors often weigh heavily in the decision to prosecute, but in BCG’s case, their absence worked in the company’s favor.
  • Disgorgement of Ill-Gotten Gains: BCG agreed to disgorge $14.424 million, representing the profits from the contracts secured through the corrupt scheme. This financial penalty further reinforced BCG’s commitment to addressing the consequences of its actions and aligning with legal and ethical standards.

The BCG case offers several critical lessons for compliance professionals. First and foremost, the importance of timely and voluntary self-disclosure cannot be overstated. When a company discovers potential misconduct, promptly bringing it to the authorities’ attention can significantly influence the outcome, potentially leading to a declination of prosecution.

Full cooperation with government investigations is essential. Compliance teams must be prepared to provide all relevant information, facilitate interviews, and support the investigation process. This cooperation demonstrates the company’s commitment to addressing the issue and helps build a collaborative relationship with the authorities.

Remediation is another crucial aspect. Companies must swiftly and meaningfully address the root causes of misconduct, including holding individuals accountable and implementing robust compliance measures to prevent future violations. A strong compliance program, reinforced by ongoing training and risk assessment, is vital in demonstrating a company’s commitment to ethical business practices.

Finally, the BCG case underscores the importance of avoiding aggravating factors. Companies should strive to cultivate a culture of integrity from the top down, ensuring compliance is embedded in every aspect of the organization. By doing so, they can reduce the likelihood of misconduct occurring in the first place and mitigate the impact if it does.

The DOJ’s decision to decline BCG’s prosecution is a powerful reminder of the value of self-disclosure, cooperation, and remediation in corporate compliance. For compliance professionals, the BCG case highlights the critical role they play in guiding their organizations through complex legal and ethical challenges. By fostering a culture of compliance, responding proactively to potential issues, and working closely with authorities, companies can navigate the difficult terrain of regulatory enforcement while upholding their commitment to ethical business practices.

Categories
Compliance Into the Weeds

Compliance into The Weeds: Trafigura FCPA Enforcement Action

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance?
Look no further than Compliance into the Weeds!

In this episode, Tom and Matt take a deep dive into the recent SEC enforcement actions involving the Swiss trading company Trafigura.

The topic at hand is the Trafigura FCPA enforcement action, a pivotal case that shines a light on the methods of the Justice Department in dealing with corporate misconduct. This case involves a Swiss company, Trafigura, that was culpable of bribery allegations in Brazil and faced scrutiny for its failure to disclose such schemes.

Matt zeroes in on the absence of a compliance monitor in Trafigura’s case, highlighting the company’s extensive misconduct and questioning whether enhanced compliance reporting could adequately replace such a monitor. He advocates for reforming corporate culture through monitoring and expresses confusion over the DOJ’s inconsistent enforcement strategy.

Fox notes Trafigura’s failure to self-disclose and cooperate and its history of recidivist behavior. He too questions the effectiveness of enhanced compliance reporting as a substitute for a compliance monitor and expresses concern over the Justice Department’s prioritization of fines over reform.

Key Highlights:

  • FCPA Enforcement Action: Importance of Compliance
  • Enhancing Fraud Detection Through Forensic Collaboration
  • Evolution in DOJ Compliance Enforcement Strategies
  • Enforcement Discrepancies in Recidivist Oversight
  • What does it all mean for the compliance professional?

Resources:

Matt on Radical Compliance

Tom on the FCPA Compliance and Ethics Blog

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Overview

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we open with Matt Kelly, providing an overview.

The intriguing case of Albemarle, a chemicals company embroiled in a bribery scheme, is a stark reminder of the importance of compliance and timely remediation measures. Albemarle faced hefty fines and penalties, totaling over $218 million, for using intermediaries to sell chemicals to state-owned oil companies and funnel bribes to government officials. However, the company’s swift action in withholding bonuses during their internal investigation and implementing remedial measures, such as eliminating sales agents and adopting a direct sales approach, was recognized and credited.

We underscore the significance of Albemarle’s transformation of its business model as a positive remediation measure that effectively reduces corruption risk. We also emphasize the importance of timely self-disclosure and the benefits of initiating remediation measures before an investigation is complete. The fines and penalties imposed on Albemarle are among the largest FCPA settlements in 2023. Join us in this FCPA Compliance Report podcast episode as we dive deeply into the regulatory outcome, remediation efforts, and compliance lessons from Albemarle’s case.

Key Highlights:

  • Bribery Scheme with “Friend” Emails
  • Identifying and Addressing Control Gaps for Ethical Business Practices
  • FCPA Settlement and Corruption Risk Reduction

Resources:

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Messaging App Compliance in Regulated Industries: Lessons from Recent Enforcement Actions

In recent years, regulated industries, particularly broker-dealer firms like Wells Fargo and Morgan Stanley, have faced increased scrutiny from regulatory bodies due to their lack of compliance in policing messaging apps. The Securities and Exchange Commission (SEC) recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts outlined in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the Commodity Futures Trading Commission (CFTC) ordered four financial institutions to pay $260 million for recordkeeping and supervision failures due to the widespread use of unapproved communication methods.

Even more troubling is the involvement of senior managers in these misconducts, leading the SEC to require an independent compliance consultant in multiple settlements. This highlights the significance of overall corporate culture and the need for stricter compliance measures. Matt Kelly and I recently explored these enforcement actions, the reforms that companies must implement, the role of consultants in reviewing these reforms, and the potential risks and consequences of using messaging apps for business purposes in a Compliance into the Weeds podcast.

Reforms in regulated industries focus on policies and procedures, messaging policies, and employee training. Companies must establish clear messaging policies that outline the acceptable use of communication channels and the importance of recordkeeping obligations. Training employees on these policies and ensuring their understanding is equally vital. Additionally, companies must track training records and allegations of policy violations, making them readily available for review. Next, both ongoing monitoring and continuous improvement must be utilized. Finally, do not forget the need for disciplinary frameworks, with repeat offenders and senior employees potentially facing more severe discipline.

The enforcement crackdown by the SEC and CFTC has already resulted in significant penalties, with fines totaling a staggering $550 million. J.P. Morgan was the first bank to face such a settlement decree, setting a precedent for other banks. This raises speculation about whether the misconduct will continue and if there will be additional enforcement actions. While some large securities firms have yet to be targeted, all regulated industries must take note and proactively address compliance issues.

As noted above, using improper messaging apps for business communication is a significant concern for regulators. Moreover, these violations of securities laws occurred due to employees using ephemeral messaging apps like WhatsApp and Snapchat, which turn off record preservation. Once again, the involvement of supervisory employees and managers in using these apps is even more alarming, further angering the regulators. The SEC’s requirement for an independent compliance consultant in multiple settlements indicates a focus on corporate culture and the need to address senior managers’ involvement.

While these enforcement actions focused on regulated industries, it raises an important question about whether non-regulated industries could also face similar exposure to the SEC. The Justice Department has emphasized taking messaging and communication app risks seriously for all companies. Therefore, even if a company operates outside the purview of specific regulations, it is crucial to consider the potential risks and consequences of using improper messaging apps for business purposes. In a Radical Compliance blog post, Kelly noted, “That is a terrible look for a company. It paints the picture of a management team not interested in good ethical conduct, and we all know how that goes over with the Justice Department when evaluating the state of your compliance program.”

We desired to shed some light on the recent enforcement actions against regulated industries for their lack of compliance in policing messaging apps. The fines and penalties imposed by the SEC and CFTC highlight the seriousness of these violations. Companies must implement reforms, establish robust policies and procedures, and prioritize employee training to ensure compliance. The conversation also underscores the potential risks and consequences of using improper messaging apps for business communication. All companies must prioritize compliance and take proactive measures to address these concerns regardless of industry. By doing so, companies can foster a culture of integrity and avoid the hefty fines and reputational damage associated with non-compliance.

Categories
Compliance Into the Weeds

SVB Failure – Lessons for Compliance

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I continue our exploration of the collapse of Silicon Valley Bank (SVB) and take a deeper dive into the compliance angles. Silicon Valley Bank had taken some big risks which led to depositors having a near-death experience, shareholders losing all their money, and taxpayers ultimately supporting the bank’s bailout. Despite the auditors giving an anodyne report on the bank’s risk management, the board, management and regulators all missed the big strategic risks. As a result, the bank collapsed, leaving Matt to question whether stakeholders were given the right assurance on the right things.

Key Highlights

·      What risk management strategies did SVB senior management and Board miss or ignore that could have prevented the financial disaster?

·      Why did SVB’s management decline to pursue improvements to their risk management practices after being warned by BlackRock consultants?

·      Did regulators miss the red flags raised by the San Francisco Fed examiners 18 months before the collapse of SVB?

Notable Quotes:

1.     “We should remember that really, the auditors’ report is going to give assurance on two points: Number one, is there a risk of material misstatement in the financial statements? And number two, does the audit firm have any substantial doubt about the organization’s ability to continue as a going concern for roughly the next twelve months or so? That’s how long it is. But it’s those two things.”

2.     “When you have Elizabeth Warren and conservatives both raising hell at the same time, it’s a valid issue to go and look at then because that does not happen too often.”

3.    “It’s like nobody had thought about this when really once we rolled back DoddFrank protections and supervisory constraints specifically for mid-sized banks, which Republicans pushed through in 2018, once that happened, that became the systemic risk that regulators had to think about.”

4.    “Everybody kind of sort of knew there was a problem, but a whole lot of finger pointing and not enough planning and assurance and communication to the public at large and to investors.”

 Resources

Matt  on LinkedIn

Matt on Radical Compliance

Tom on LinkedIn

Categories
Data Driven Compliance

Matt Kelly on Building Out a Data Analytics Program

Welcome to Data Driven Compliance, the newest edition of the Compliance Podcast Network. In this podcast, we will discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by Kona AI.

In this episode, I visit with Matt Kelly as we consider investigates the importance of data analytics, the compelling central conflict between the abstract importance of analytics and the lack of guidelines on how to actually do it, which forces innovative thinking to build a strong business case to get the data your compliance program needs.

Key Highlights

1. How can compliance officers build a good data analytics program.

2. What are the challenges around data analytics?

3. How can data analytics be used to guide policy changes and provide guidance for internal investigations?

 Notable Quotes 

1.     “They don’t say anything about data analytics. So it is really interesting that we talk about how important it is, but there aren’t too many guidelines on what you should do.

2.     “You really need to define what risks you want to monitor. Then after that, you need to start thinking through what is the data that would inform me about this risk?.”

3.     “You need to be able to see the small individual transaction that’s an outlier and the large all transactions moving in a trend.”

4.     “Sometimes there are ways to get that data that aren’t necessarily obvious right away, but once you think of them, it could be easier to capture that data. You just need to keep on thinking about it.”

Resources:

Radical Compliance

Connect with Tom Fox on LinkedIn

Check out Kona AI