Categories
Great Women in Compliance

Great Women in Compliance: Internal Controls and Compliance: Building a Successful Partnership

We emphasize the importance of “understanding the business,” in Ethics & Compliance, which is absolutely critical to our success.  One of the topics we discuss less frequently is how to work with other control functions, one of which is internal controls. Lisa is speaking about this topic at the SCCE CEI with Matt Kelly from Radical Compliance. In advance of the conference, Lisa Fine and Ellen Hunt co-hosted a roundtable discussion with Matt Kelly from Radical Compliance and Sarah Lawrence, Sr. Director of Internal Controls at Pearson.

In this episode, they discuss the history and purpose of internal controls and SOX, how they evolved and how they work today.  In particular, they focus on what is financial materiality vs what E&C sees as areas for controls.

The whole group agreed that open lines of communication and coordination are fundamental to both of these control functions working together, and Sarah and Lisa discuss how they have built a collaborative relationship so that both the finance and compliance sides understand each other’s objectives and keep an open line to the benefit of both functions.

#GWIC is proud to announce that it has been nominated for the WomenInPodcastAwards.  This is a people’s choice award and whether you vote for #GWIC or other nominees, we ask that you send the elevator back down by voting. Voting opens August 1, 2024, and details can be found on the #GWIC LinkedIn page at http://www.linkedin.com/groups/12156164

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

The Boston Consulting Group Declination: A Money Shot for Clawbacks

In a recent development that has garnered significant attention in the compliance community, the U.S. Department of Justice (DOJ) declined prosecution of Boston Consulting Group, Inc. (BCG) for violations of the Foreign Corrupt Practices Act (FCPA). Despite evidence of bribery involving BCG’s operations in Angola, the decision to forgo prosecution serves as a powerful reminder of the critical role that timely self-disclosure, cooperation, and effective remediation play in navigating the complexities of corporate compliance and, most significantly, clawbacks play in a decision to decline to prosecute. The decision was made public via a letter from the DOJ to BCG.

Between 2011 and 2017, BCG’s Lisbon, Portugal office engaged in a scheme to secure business contracts with Angolan government agencies, including the Ministry of Economy (MINEC) and the National Bank of Angola (BNA). BCG funneled approximately $4.3 million in commissions to an agent with close ties to Angolan government officials. These payments, made through offshore entities, helped BCG secure twelve contracts, resulting in revenues of $22.5 million and profits of $14.424 million.

The misconduct was serious: BCG employees in Portugal were aware of the agent’s ties to government officials and took deliberate steps to conceal the true nature of the agent’s work. This included backdating contracts and falsifying documents to cover up the corrupt activities. Such actions violated the FCPA, which prohibits U.S. companies from engaging in bribery of foreign officials to secure business advantages.

The money shot in this Declination was in the area of clawbacks. In the Wall Street Journal  (WSJ), Dylan Tokar wrote, “The consulting group’s disciplinary actions come amid pressure on companies by Justice Department officials to clawback compensation from employees involved in wrongdoing. Officials have said they want to shift the burden of penalties for corporate misconduct to those most responsible.” Mary Shirley, quoted by Tokar in the same article, noted, “That’s a strong message. While they’re not stated, the actual figures involved for individuals could be quite high.”

In his Radical Compliance piece on the Declination, Matt Kelly emphasized Shirley’s point: “That final point on surrendering equity — wow. That’s a punitive measure with real bite. Not only has BCG damaged the offenders’ future employment prospects by firing them and leaving a black mark on their records, but the loss of equity is a wallop to all their past employment with the firm. I have no idea how much that equity might have been worth, but BCG is a giant and prosperous business, so it’s entirely possible those offenders just lost millions of dollars.”

Given the severity of the misconduct, the DOJ’s decision to decline prosecution may seem surprising at first glance. However, more conduct was conducted by BSG after discovering the illegal conduct, which led to this superior result. The decline reveals that BCG’s response to finding the potential FCPA violation was exemplary, and equally importantly, it aligned with the DOJ’s Corporate Enforcement and Voluntary Self-Disclosure Policy. These factors included:

  • Timely and Voluntary Self-Disclosure: In a 2014 email, BCG uncovered evidence of the potential FCPA violation and promptly disclosed the misconduct to the DOJ. This proactive step is crucial in the DOJ’s assessment of whether to pursue prosecution, as it demonstrates the company’s commitment to transparency and accountability.
  • Full and Proactive Cooperation: BCG did not merely disclose the misconduct; the company fully cooperated with the DOJ’s investigation. This included providing all relevant facts, including information about the individuals involved in the bribery scheme. Cooperation of this magnitude significantly mitigates the risk of prosecution, as it aids the government in its investigation and potential prosecutions of individuals responsible for the wrongdoing.
  • Comprehensive Remediation: BCG’s response to the misconduct was swift and decisive. The company terminated the personnel involved, imposed compensation-based penalties, and required implicated partners to forfeit their equity in the company. BCG also denied these individuals the financial transitions typically accorded to departing employees, underscoring the seriousness of the misconduct.
  • Significant Compliance Improvements: Beyond addressing the immediate issue, BCG substantially enhanced its compliance program and internal controls. These improvements included formalized employee training, vendor and client screening protocols, and the establishment of local and global risk committees. Such measures demonstrate BCG’s commitment to preventing future misconduct and fostering a culture of compliance.
  • Absence of Aggravating Factors: The DOJ’s decision was also influenced by the absence of certain aggravating factors, such as executive management’s involvement in the misconduct, significant profit relative to the company’s size, or a history of criminal recidivism. These factors often weigh heavily in the decision to prosecute, but in BCG’s case, their absence worked in the company’s favor.
  • Disgorgement of Ill-Gotten Gains: BCG agreed to disgorge $14.424 million, representing the profits from the contracts secured through the corrupt scheme. This financial penalty further reinforced BCG’s commitment to addressing the consequences of its actions and aligning with legal and ethical standards.

The BCG case offers several critical lessons for compliance professionals. First and foremost, the importance of timely and voluntary self-disclosure cannot be overstated. When a company discovers potential misconduct, promptly bringing it to the authorities’ attention can significantly influence the outcome, potentially leading to a declination of prosecution.

Full cooperation with government investigations is essential. Compliance teams must be prepared to provide all relevant information, facilitate interviews, and support the investigation process. This cooperation demonstrates the company’s commitment to addressing the issue and helps build a collaborative relationship with the authorities.

Remediation is another crucial aspect. Companies must swiftly and meaningfully address the root causes of misconduct, including holding individuals accountable and implementing robust compliance measures to prevent future violations. A strong compliance program, reinforced by ongoing training and risk assessment, is vital in demonstrating a company’s commitment to ethical business practices.

Finally, the BCG case underscores the importance of avoiding aggravating factors. Companies should strive to cultivate a culture of integrity from the top down, ensuring compliance is embedded in every aspect of the organization. By doing so, they can reduce the likelihood of misconduct occurring in the first place and mitigate the impact if it does.

The DOJ’s decision to decline BCG’s prosecution is a powerful reminder of the value of self-disclosure, cooperation, and remediation in corporate compliance. For compliance professionals, the BCG case highlights the critical role they play in guiding their organizations through complex legal and ethical challenges. By fostering a culture of compliance, responding proactively to potential issues, and working closely with authorities, companies can navigate the difficult terrain of regulatory enforcement while upholding their commitment to ethical business practices.

Categories
Compliance Into the Weeds

Compliance into The Weeds: Trafigura FCPA Enforcement Action

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance?
Look no further than Compliance into the Weeds!

In this episode, Tom and Matt take a deep dive into the recent SEC enforcement actions involving the Swiss trading company Trafigura.

The topic at hand is the Trafigura FCPA enforcement action, a pivotal case that shines a light on the methods of the Justice Department in dealing with corporate misconduct. This case involves a Swiss company, Trafigura, that was culpable of bribery allegations in Brazil and faced scrutiny for its failure to disclose such schemes.

Matt zeroes in on the absence of a compliance monitor in Trafigura’s case, highlighting the company’s extensive misconduct and questioning whether enhanced compliance reporting could adequately replace such a monitor. He advocates for reforming corporate culture through monitoring and expresses confusion over the DOJ’s inconsistent enforcement strategy.

Fox notes Trafigura’s failure to self-disclose and cooperate and its history of recidivist behavior. He too questions the effectiveness of enhanced compliance reporting as a substitute for a compliance monitor and expresses concern over the Justice Department’s prioritization of fines over reform.

Key Highlights:

  • FCPA Enforcement Action: Importance of Compliance
  • Enhancing Fraud Detection Through Forensic Collaboration
  • Evolution in DOJ Compliance Enforcement Strategies
  • Enforcement Discrepancies in Recidivist Oversight
  • What does it all mean for the compliance professional?

Resources:

Matt on Radical Compliance

Tom on the FCPA Compliance and Ethics Blog

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Overview

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we open with Matt Kelly, providing an overview.

The intriguing case of Albemarle, a chemicals company embroiled in a bribery scheme, is a stark reminder of the importance of compliance and timely remediation measures. Albemarle faced hefty fines and penalties, totaling over $218 million, for using intermediaries to sell chemicals to state-owned oil companies and funnel bribes to government officials. However, the company’s swift action in withholding bonuses during their internal investigation and implementing remedial measures, such as eliminating sales agents and adopting a direct sales approach, was recognized and credited.

We underscore the significance of Albemarle’s transformation of its business model as a positive remediation measure that effectively reduces corruption risk. We also emphasize the importance of timely self-disclosure and the benefits of initiating remediation measures before an investigation is complete. The fines and penalties imposed on Albemarle are among the largest FCPA settlements in 2023. Join us in this FCPA Compliance Report podcast episode as we dive deeply into the regulatory outcome, remediation efforts, and compliance lessons from Albemarle’s case.

Key Highlights:

  • Bribery Scheme with “Friend” Emails
  • Identifying and Addressing Control Gaps for Ethical Business Practices
  • FCPA Settlement and Corruption Risk Reduction

Resources:

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Messaging App Compliance in Regulated Industries: Lessons from Recent Enforcement Actions

In recent years, regulated industries, particularly broker-dealer firms like Wells Fargo and Morgan Stanley, have faced increased scrutiny from regulatory bodies due to their lack of compliance in policing messaging apps. The Securities and Exchange Commission (SEC) recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts outlined in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the Commodity Futures Trading Commission (CFTC) ordered four financial institutions to pay $260 million for recordkeeping and supervision failures due to the widespread use of unapproved communication methods.

Even more troubling is the involvement of senior managers in these misconducts, leading the SEC to require an independent compliance consultant in multiple settlements. This highlights the significance of overall corporate culture and the need for stricter compliance measures. Matt Kelly and I recently explored these enforcement actions, the reforms that companies must implement, the role of consultants in reviewing these reforms, and the potential risks and consequences of using messaging apps for business purposes in a Compliance into the Weeds podcast.

Reforms in regulated industries focus on policies and procedures, messaging policies, and employee training. Companies must establish clear messaging policies that outline the acceptable use of communication channels and the importance of recordkeeping obligations. Training employees on these policies and ensuring their understanding is equally vital. Additionally, companies must track training records and allegations of policy violations, making them readily available for review. Next, both ongoing monitoring and continuous improvement must be utilized. Finally, do not forget the need for disciplinary frameworks, with repeat offenders and senior employees potentially facing more severe discipline.

The enforcement crackdown by the SEC and CFTC has already resulted in significant penalties, with fines totaling a staggering $550 million. J.P. Morgan was the first bank to face such a settlement decree, setting a precedent for other banks. This raises speculation about whether the misconduct will continue and if there will be additional enforcement actions. While some large securities firms have yet to be targeted, all regulated industries must take note and proactively address compliance issues.

As noted above, using improper messaging apps for business communication is a significant concern for regulators. Moreover, these violations of securities laws occurred due to employees using ephemeral messaging apps like WhatsApp and Snapchat, which turn off record preservation. Once again, the involvement of supervisory employees and managers in using these apps is even more alarming, further angering the regulators. The SEC’s requirement for an independent compliance consultant in multiple settlements indicates a focus on corporate culture and the need to address senior managers’ involvement.

While these enforcement actions focused on regulated industries, it raises an important question about whether non-regulated industries could also face similar exposure to the SEC. The Justice Department has emphasized taking messaging and communication app risks seriously for all companies. Therefore, even if a company operates outside the purview of specific regulations, it is crucial to consider the potential risks and consequences of using improper messaging apps for business purposes. In a Radical Compliance blog post, Kelly noted, “That is a terrible look for a company. It paints the picture of a management team not interested in good ethical conduct, and we all know how that goes over with the Justice Department when evaluating the state of your compliance program.”

We desired to shed some light on the recent enforcement actions against regulated industries for their lack of compliance in policing messaging apps. The fines and penalties imposed by the SEC and CFTC highlight the seriousness of these violations. Companies must implement reforms, establish robust policies and procedures, and prioritize employee training to ensure compliance. The conversation also underscores the potential risks and consequences of using improper messaging apps for business communication. All companies must prioritize compliance and take proactive measures to address these concerns regardless of industry. By doing so, companies can foster a culture of integrity and avoid the hefty fines and reputational damage associated with non-compliance.

Categories
Compliance Into the Weeds

SVB Failure – Lessons for Compliance

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I continue our exploration of the collapse of Silicon Valley Bank (SVB) and take a deeper dive into the compliance angles. Silicon Valley Bank had taken some big risks which led to depositors having a near-death experience, shareholders losing all their money, and taxpayers ultimately supporting the bank’s bailout. Despite the auditors giving an anodyne report on the bank’s risk management, the board, management and regulators all missed the big strategic risks. As a result, the bank collapsed, leaving Matt to question whether stakeholders were given the right assurance on the right things.

Key Highlights

·      What risk management strategies did SVB senior management and Board miss or ignore that could have prevented the financial disaster?

·      Why did SVB’s management decline to pursue improvements to their risk management practices after being warned by BlackRock consultants?

·      Did regulators miss the red flags raised by the San Francisco Fed examiners 18 months before the collapse of SVB?

Notable Quotes:

1.     “We should remember that really, the auditors’ report is going to give assurance on two points: Number one, is there a risk of material misstatement in the financial statements? And number two, does the audit firm have any substantial doubt about the organization’s ability to continue as a going concern for roughly the next twelve months or so? That’s how long it is. But it’s those two things.”

2.     “When you have Elizabeth Warren and conservatives both raising hell at the same time, it’s a valid issue to go and look at then because that does not happen too often.”

3.    “It’s like nobody had thought about this when really once we rolled back DoddFrank protections and supervisory constraints specifically for mid-sized banks, which Republicans pushed through in 2018, once that happened, that became the systemic risk that regulators had to think about.”

4.    “Everybody kind of sort of knew there was a problem, but a whole lot of finger pointing and not enough planning and assurance and communication to the public at large and to investors.”

 Resources

Matt  on LinkedIn

Matt on Radical Compliance

Tom on LinkedIn

Categories
Data Driven Compliance

Matt Kelly on Building Out a Data Analytics Program

Welcome to Data Driven Compliance, the newest edition of the Compliance Podcast Network. In this podcast, we will discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by Kona AI.

In this episode, I visit with Matt Kelly as we consider investigates the importance of data analytics, the compelling central conflict between the abstract importance of analytics and the lack of guidelines on how to actually do it, which forces innovative thinking to build a strong business case to get the data your compliance program needs.

Key Highlights

1. How can compliance officers build a good data analytics program.

2. What are the challenges around data analytics?

3. How can data analytics be used to guide policy changes and provide guidance for internal investigations?

 Notable Quotes 

1.     “They don’t say anything about data analytics. So it is really interesting that we talk about how important it is, but there aren’t too many guidelines on what you should do.

2.     “You really need to define what risks you want to monitor. Then after that, you need to start thinking through what is the data that would inform me about this risk?.”

3.     “You need to be able to see the small individual transaction that’s an outlier and the large all transactions moving in a trend.”

4.     “Sometimes there are ways to get that data that aren’t necessarily obvious right away, but once you think of them, it could be easier to capture that data. You just need to keep on thinking about it.”

Resources:

Radical Compliance

Connect with Tom Fox on LinkedIn

Check out Kona AI

Categories
Compliance Into the Weeds

Having a Values Conversation

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I take a deep dive into having a value conversation to help companies start a conversation about values. If companies do not focus on matters, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company’s best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a safety culture.

Key Highlights

  • The Importance of Workplace Safety [00:04:58]:
  • The Need for Embedding Conversations about Values in the Workplace [00:09:00]
  • Creating a Positive Corporate Culture. [00:12:26]
  • The Dangers of Not Doing Corporate Compliance Properly [00:15:56]

 Notable Quotes

 1.     “It makes a lot of sense to try to embed awareness of them initially, but it feels weird. It’s kind of outside of people’s comfort zone. It’s outside your comfort zone if you are not an ethics and compliance professional.”

2.     “These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this.”

3.     “It’s easy for senior executives. To talk about ethical values. I think for many low-level employees, and those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It’s your middle manager. It’s your boss. You pay attention to what they say.”

4.     “These questions are geared to help those managers, that audience, and their crucial tool.”

 Resources

Matt Kelly in Radical Compliance

Categories
Everything Compliance

Episode 111 – The Duty of Oversight Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quintet of Jay Rosen, Karen Woody, Jonathan Marks, Tom Fox, and Matt Kelly, who review the recent Delaware Court of Chancery decision creating a duty of oversight for corporate officers. We conclude with our fan-fav Shout Outs and Rants section.

1. Matt Kelly sets the stage for our discussion and poses a question about what it all means for CCOs going forward. He rants to the State of Texas Legislature for creating a ‘Gold Card’ for physicians who have over 90% of all requested procedures covered by insurance. (1:30)

2. Jonathan Marks looks at the case from the internal audit and corporate governance perspectives. He rants about the Pentagon’s failure to shoot down a Chinese spy balloon.

3. Tom Fox shouts out to Hindenburg Research and all other short sellers who help uncover fraud, waste, and abuse.

4. Karen Woody looks at the case from a legal perspective and unpacks the court’s legal reasoning. Woody shouts to Amtrak and asks us to ‘ride the train more often.’ (11:08)

5. Jay Rosen reviews the changes wrought for CCOs over the past year, from CCO certification to the Delaware court decision. He shouts out to his twin daughters on their 15th birthday. (41:13)

The members of Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Episode 111, Shout Outs and Rants

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows with our fan-fav Shout Outs and Rants section.

1. Matt Kelly shouts out to the State of Texas Legislature for creating a ‘Gold Card’ for physicians who have over 90% of all requested procedures covered by insurance.

2. Jonathan Marks rants about the Pentagon’s failure to shoot down a Chinese spy balloon.

3. Tom Fox shouts out to Hindenburg Research and all other short sellers who help uncover fraud, waste, and abuse.

4. Karen Woody shouts out to Amtrak and asks us all to ‘ride the train more often.’

5. Jay Rosen shouts out his twin daughters on their 15th birthday.