Categories
Compliance Tip of the Day

Compliance Tip of the Day: Impact of The Monaco Memo On Investigations

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider what additional pressure the Monaco Memo put on companies to get their investigations done quickly and to get it done right.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: How The Monaco Memo Changed Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how the Monaco Memo, changed compliance by laying out what, who, and how the DOJ will hold individuals and corporations accountable.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Culture: Day 1 – Introduction

In her October 2021 speech, presaging the Monaco Memo, Deputy Attorney General Lisa Monaco talked at length about the importance of corporate culture. She noted, “Corporate culture matters. A corporate culture that fails to hold individuals accountable or fails to invest in compliance — or worse that thumbs its nose at compliance — leads to bad results. Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. Companies serve their shareholders when they proactively place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” These thoughts were formalized in the Monaco Memo.

What does all this mean for compliance professionals going forward? DOJ officials have emphasized that the changes laid out in the Monaco Memo and the requirements around CCO Certification are to empower compliance professionals. In the Monaco Speech, DAG Monaco stated, “Companies should feel empowered to do the right thing—to invest in compliance and culture and to step up and own up when misconduct occurs. Companies that do so will welcome the announcements today. For those who don’t, however, our Department prosecutors will be empowered, too—to hold accountable those who don’t follow the law.” However you may characterize it, I will channel my inner Glenn Fry (with a nod to Miami Vice) and simply say to CCOs and compliance professionals, “The Heat is On.”

Three Key Takeaway:

  1. The DOJ will now evaluate corporate culture in an enforcement action.
  2. You must assess, manage, monitor, and improve your culture.
  3. Corporate culture is now a key metric for regulators.
Categories
FCPA Compliance Report

Eric Young on the Evolution of the CCO

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Eric Young from Guidepost Solutions. Young has worked at prestigious institutions like JPMorgan, General Electric, S&P Global Ratings, and BNP Paribas. He shares his expertise to empower employees looking to move ahead with processes, find solutions, and navigate compliance issues.

Tom and Eric talk about the highlights of the Monaco Memo, updates on the Corporate Enforcement Policy, a case study from ABB to showcase the role of the CCO, and how firms should interpret Department of Justice speeches. He further dives into the corporate culture, accountability, and role of the CCO within an organization. Finally, Eric sheds light on a case from McDonald’s involving the former CEO and their decision to claw back compensation. The discussion concluded with acknowledging the Delaware court’s holding that elevates the CCO’s corporate duties.

Key Topics:

[00:04:24] Process Improvement to Avoid Violations and Effect Positive Change in Company Culture

[00:09:19] The Effects of the Monaco Memorandum on Corporate Compliance Practice

[00:14:35] ABB’s Impressive Performance During an Investigation and Remediation Period

[00:18:42] The C-suite’s Responsibility in Organizations

[00:23:21] The Impact of Experiences on Assessing Business Decisions

[00:28:05] The SEC Inquiry on McDonald’s precipitated by Steve Easterbrook’s Removal

[00:32:24] The Significance of Delaware Courts in Regards to Corporate Law

[00:37:13] The Functions of Corporate Boards During Times of Crisis.

Tune in and listen to Eric as he educates us about the need to report extraordinary circumstances to the Department of Justice

 Resources:

Connect with Tom Fox

●      LinkedIn

Connect with Eric Young

●      Guidepost Solutions

●      LinkedIn

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 4

Over the past year, the role of the Chief Compliance Officer (CCO) has shifted in some very dramatic ways. The shifts have been from disparate groups and for a variety of reasons. Yet when put together, one can see a clear and bright line expanding and elevating the role of the CCO in the corporate world. From the announcement of the requirement for CCO Certification last year up to the announcement of the Delaware Court of Chancery’s decision in the case of In re McDonald’s Corporation Stockholder Derivative Litigation, it is now clear that the CCO has as wide a remit and responsibility as any corporate officer, other than the Chief Executive Officer (CEO) of a company.

I think the following announcements, changes in DOJ and SEC focus on Foreign Corrupt Practices Act (FCPA) enforcement and now a court case out of Delaware will change the role of the CCO forever.

CCO Certification

This shift began with the speech by Kenneth Polite, Assistant Attorney General for the Criminal Division speech on May 17, 2022, at Compliance Week 2022; announcing the new requirement for CCO Certification of compliance programs for companies going through a Deferred Prosecution Agreement (DPA). This CCO Certification required the Glencore CCO to certify Glencore compliance program “is reasonably designed to detect and prevent violations of the FCPA and other anti-corruption laws” at the conclusion of the DPA.  Who is the only other person required to make a similar certification at the conclusion of a DPA? The CEO of the company.

This means the CCO (and CEO) are certifying the entire compliance program meets the standards of not simply best practices but also all the enhanced requirements set out in Attachment C of any DPA. While many have focused on the question of whether this would bring criminal liability to a long-gone (or even current) CCO; this question now seems to miss the mark. Recall what Polite said when announcing the new requirement “It is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has an ethical and compliance focused environment.”

Monaco Memo and Changes in the Corporate Enforcement Policy

The 2022 Monaco Memo and 2023 announced changes in the DOJ’s Corporate Enforcement Policy (CEP) are bookends of a series of changes which began as far back as October 2021 when Deputy Attorney General Lisa Monaco first announced the revisions which would eventually be incorporated into the Monaco Memo and CEP. In many ways the Monaco Memo laid out the sticks while the CEP provided the carrots for current FCPA and other white-collar enforcements.

The Monaco Memo directed prosecutors to evaluate a corporation’s compliance program as a factor in determining the appropriate terms for a corporate resolution; as prosecutors should now assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision.  Kenneth Polite further defined the effectiveness of a compliance program at the time of the offense as “At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal accounting controls that allowed the identification of the misconduct and led to the company’s self-disclosure.” This is the first time the DOJ has said that it is the detection of wrongdoing which defines the effectiveness of a compliance program. This means a company’s investment in a compliance program, CCO and corporate compliance team are all elevated in importance. This prong does not simply get you a discount, but it can put you on the road to the default position of the DOJ for a FCPA violation, a declination.

Moreover, when you couple the ABB FCPA resolution to the Monaco Memo, you see the carrots which appeared in the new CEP. ABB was the first, three-time FCPA recidivist yet was able to get an excellent resolution with the government and a fine of only $315 million despite clear aggravating factors including corruption up to and in the corporate office. From the ABB resolution, you begin to see how the role of the CCO increases dramatically.

Duty of Oversight

These trends were brought together in the Delaware Court of Chancery’s decision in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst in the case In re McDonald’s Corporation Stockholder Derivative Litigation, where for the first time, a Delaware court formally recognized the oversight duties of officers of Delaware corporations.

As I have previously noted, one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a prime reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

The court noted that the CCO has a broad scope within an organization. The court stated “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority.” The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

What Does It Mean?

This is the part where it gets interesting. Under the CCO Certification and the Delaware court’s ruling, it is the CCO who is 1B to the CEO’s 1A. The first step every company must make it to put the CCO in position to report up directly to the Board of Directors. It also means that the days of a CCO reporting to a Chief Legal Officer (CLO) or General Counsel (GC) are certainly numbered. The Delaware Court drove this point home by specifically naming  a CLO/GC as a person “responsible for legal oversight and for making a good faith effort to establish reasonable information systems to cover that area.” In other words, not responsible for the company wide remit such as the CCO.

The next area would come from the Hallmarks of an Effective Compliance Program as laid out in the FCPA Resource Guide, 2nd edition. In that document it states “In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.” That means financial resources and head count.

I would add, a level of professionalism and expertise in compliance means more than simply ‘being a lawyer’. Under Chapter 9, Section 47 of the US Attorney’s Manual, the DOJ is mandated to evaluate “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk.”  Finally, the DOJ will also evaluate other factors such as CCO compensataion as commiserate with the position of being second in importance to the CEO.

The Delaware Court decision creating the Duty of Oversight was not designed to increase the scope, reach and importance of a CCO but the more I look at the case I believe that will be its most lasting legacy. When you look back over the past 12 months, you see that the CCO has more stature and responsibility than it has ever had before.

With a converse nod to Uncle Ben from Spiderman, with great responsibility must come great power.

Categories
31 Days to More Effective Compliance Programs

Day 30 – What is a Root Cause Analysis?

One of the most significant changes in the 2020 FCPA Resource Guide, 2nd edition, was the addition of a new Hallmark entitled “Investigation, Analysis, and Remediation of Misconduct,” which reads in full:

The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigations structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.

Ultimately, performing a root cause analysis is not simply sitting down and asking many questions. It would be best if you had an operational understanding of how a business operates and how they have developed its customer base. Overlay the need to understand what makes an effective compliance program with the skepticism an auditor should bring so that you do not simply accept an answer provided to you, as you might in an internal investigation. Marks noted that “a root cause analysis is not something where you can ask the five whys. You need these trained professionals who understand what they’re doing.”

Three key takeaways:

  1. A root cause analysis is required if you have a reportable compliance failure.
  2. There is no one process for performing a root cause analysis. You should select the one which works for you and follow it.
  3. To properly perform a root cause analysis, you need trained professionals who understand what they’re doing.
Categories
FCPA Compliance Report

James Koukios on Changes to Corporate Enforcement Policy

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Morrison and Foerster partner James Koukios to discuss the recent Kenneth Polite speech announcing changes to the Department of Justice Corporate Enforcement Policy.

In this episode, we consider the following:

  • What is the CEP;
  • This is a follow on from the Monaco Memo;
  • Why this change is significant for recidivists;
  • How this change redefines an effective compliance program;
  • The new CEP offers real, tangible, and significant benefits for compliance programs; and
  • What it all means going forward.

Resources

Kenneth Polite Speech

Updated CEP

Categories
31 Days to More Effective Compliance Programs

Day 26 – Compliance Function in an Organization

The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, the 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.” The Monaco Memo and 2023 changes to the Corporate Enforcement Policy have made this all the more critical going forward.

This Hallmark was significantly expanded in the FCPA Corporate Enforcement Policy and 2020 Update. In the FCPA Corporate Enforcement Policy, the DOJ listed the following as factors relating to a corporate compliance function that it would consider as indicia of an effective compliance and ethics program: 1) the resources the company has dedicated to compliance; 2) the quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; 3) the authority and independence of the compliance function and the availability of compliance expertise to the board; 4) the compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and 5) the reporting structure of any compliance personnel employed or contracted by the company.

The 2020 Update, Monaco Memo, and 2023 update to the Corporate Enforcement Policy all demonstrate the continued evolution in the thinking of the DOJ around the corporate compliance function. Their articulated inquiries can only strengthen a corporate compliance function specifically; and the compliance profession more generally. The more the DOJ talks about the independence of the compliance function, coupled with resources being made available and authority concomitant with the corporate compliance function, the more corporations will see it is directly in their interest to provide the resources, authority, and gravitas to compliance position in their organizations.

Three key takeaways:

  1. How is compliance treated in the budget process?
  2. Has your compliance function had any decisions overridden by senior management?
  3. Beware of compliance outsourcing, as any such contractor must have access to company documents and personnel.
Categories
31 Days to More Effective Compliance Programs

Day 25 – CCO Authority and Independence

The role of the CCO has steadily grown in stature and prestige over the years. The 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, focused on whether the CCO held senior management status and had a direct reporting line to the Board. The new requirement for CCO certification has only emphasized this reality.

This Hallmark was significantly expanded in the 2020 Update and the FCPA Corporate Enforcement Policy. And in so doing, the DOJ has increased the prestige, authority, and role of the CCO and corporate compliance function. The 2020 Update has five general areas of inquiry around the CCO and corporate compliance function. (1) How do the CCO’s salary and stature compare to other senior executives within the company? (2) What are the experience and stature of the CCO with an organization? Does the CCO have appropriate training for the role? (3) How much autonomy does the CCO have to report to the Board of Directors? How often does the CCO meet with directors? Are members of the senior management present for these meetings with the Board of Directors or the Audit Committee? (4) What is your structure? Is the compliance function run by a designated chief compliance officer or another executive within the company, and does that person have other roles? (5) Is data in your organization so siloed that the CCO does not have access to it? If so, what are you doing about it?

Once again, for the compliance professional, the FCPA Corporate Enforcement Policy and 2020 Update make the importance of a best practices compliance program even more critical. The DOJ focuses more on the role, expertise, and how the compliance function is treated within an organization. Pay your CCO considerably less than your GC. You may now better be able to justify that discrepancy. You may be starting behind the eight-ball if you have a legal department budget of $3 million and a compliance department budget of $500,000.

Three key takeaways:

  1. How can you show the CCO has a seat at the senior executive table?
  2. What are the professional qualifications of your CCO?
  3. Does your CCO have true independence to report directly to the Board of Directors?
Categories
31 Days to More Effective Compliance Programs

Day 12 – Financial Incentives for Compliance

One of the areas that many companies have not paid as much attention to in their compliance programs is compensation and incentives. However, the DOJ and SEC have long made clear that they view monetary structure for compensation, rewarding those employees who do business in compliance with their employer’s compliance program, as one of the ways to reinforce the compliance program and the message of compliance.

This was made clear again in the Monaco Memo, which stated, “Corporations can help deter criminal activity if they reward compliant behavior and penalize individuals who engage in misconduct. Compensation systems that clearly and effectively impose financial penalties for misconduct can incentivize compliant conduct, deter risky behavior, and instill a corporate culture in which employees follow the law and avoid legal “gray areas.”

Moreover, the Monaco Memo tied compensation to a company’s culture of compliance. It stated, “Similarly, corporations can promote an ethical corporate culture by rewarding those executives and employees who promote compliance within the organization. Prosecutors should also consider whether a corporation’s compensation systems provide affirmative incentives for compliance-promoting behavior. Affirmative incentives include, for example, the use of compliance metrics and benchmarks in compensation calculations and the use of performance reviews that measure and reward compliance-promoting behavior, both to the employee and any subordinates whom they supervise. When effectively implemented, such provisions incentivize executives and employees to engage in and promote compliant behavior and emphasize the corporation’s commitment to its compliance programs and culture.”

Yet compensation incentives have long been key to any best practices compliance program. As far back as 2004, then SEC Director of Enforcement Stephen M. Cutler noted that integrity, ethics, and compliance needed to be part of promotion, compensation, and evaluation processes: “At the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.”

The 2020 FCPA Guidance, 2nd edition, stated the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms, such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” The Monaco Memo takes it a step further by asking more broadly has your company, “incentivized employee behavior as part of its efforts to create a culture of ethics and compliance within its organization.”

Three key takeaways:

  1. The DOJ and SEC have long advocated compensation as a way to motivate employees into ethical and compliant behaviors
  2. Keep the compliance aspects of your compensation structure simple and easy for your employees to understand
  3. Have full transparency in the framework of your compensation structure