Tag: Risk Management

Categories
Blog

Changing Sales Models

Over the past 12 months or so, there have been a series of Foreign Corrupt Practices Act (FCPA) enforcement actions in which the respondents have changed and/or modified their sales models to move away from external third parties and toward direct sales and business generation models. This portends a change in the way the Department of Justice (DOJ) may think about sales models, their inherent risk, and risk management going forward. These FCPA enforcement actions involved Albemarle, SAP, Gunvor, and Trafigura.

Albemarle

The Albemarle Non-Prosecution Agreement (NPA) cited several remedial actions by the company that helped Albemarle obtain a superior result in terms of the discounted fine and penalty. These steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out and tested an effective compliance program. The company shifted to a direct sales business model.

This change was relatively new and undoubtedly noteworthy for FCPA enforcement actions, which were changes in a company’s approach to sales and their sales teams. Obviously, corrupt third-party agents brought the company to such FCPA grief. Many of the quotes in the NPA make it clear that Albemarle executives had an aversion to paying bribes but had greater moral flexibility when a third-party agent was involved. This led to the company moving away from third-party agents to a direct sales force.

SAP

While most of the remediation reported in this matter was standard, the one item that every compliance professional should consider is that SAP proactively discontinued using third-party agents for business origination. The point is perhaps the most significant, as the DOJ called out SAP for discontinuing their use of third-party agents. The DOJ information sets out the following: Change in sales models. On the external sales side, SAP eliminated its third-party sales commission model globally, prohibited all sales commissions for public sector contracts in high-risk markets, and enhanced compliance monitoring and audit programs, including creating a well-resourced team devoted to audits of third-party partners and suppliers.

Gunvor

As I noted in my review of the Albemarle and SAP enforcement actions, SAP eliminated its third-party sales commission model globally and prohibited all sales commissions for public sector contracts in high-risk markets. It also enhanced compliance monitoring and audit programs, including the creation of a well-resourced team devoted to audits of third-party partners and suppliers. Albemarle changed its approach to sales and its sales teams. Guvnor also moved away from third-party agents to a direct sales force.

Trafigura

Trafigura eliminated the use of third-party business origination agents. Matt Kelly noted in Radical Compliance, “This is the latest in a string of FCPA enforcement cases where we’ve seen a big, structural change to the sale function. Albemarle eliminated its use of third-party sales agents as part of its FCPA settlement last year; SAP eliminated its third-party sales commission model globally as part of its own FCPA settlement announced in January. Now we have a third global enterprise going that same route, reducing its FCPA risk in a deep, permanent way by restructuring its sales operations.” Here, Trafigura did away with third-party representatives for business generation.

In these four recent enforcement actions, the companies changed their approach to sales and their sales teams and did away with third parties generating new business. All of this points to these companies moving away from third-party agents to a direct sales force.

Moving to a direct sales force does have its risks, which must be managed, but those risks can certainly be managed with an appropriate risk management strategy, monitoring of the strategy, and improvement; those risks can be managed. Yet there is another reason, and more importantly, a significant business reason, to move towards a direct sales business model. Every time you have third-party agent or anyone else between you and your customer, you risk losing that customer because your organization does not have a direct relationship with the customer. A direct sales business model will give your organization more direct access to your customers.

The fact that the 2020 FCPA Resource Guide, 2nd edition, and the 2023 Evaluation of Corporate Compliance Programs do not outline this strategy is another intriguing aspect of how Albemarle, SAP, Gunvor, and Trafigura use it. These are all approaches developed by the companies based upon their own analysis and risk models. It may have come from a realization that the risk involved with third-party sales models was simply too significant, that the companies wanted more control over their sales or some other reason. Whatever the reason for the change, the DOJ took note of each organization and viewed it affirmatively.

Every compliance professional should understand that this is how new ideas are developed by the DOJ and in compliance. Companies assess their own risks and then move forward to manage or change their risk profiles. Expect to start seeing and hearing more about the direct sales model for the DOJ. This is where the DOJ’s comments on compensation incentives and consequence management will come into play.

Categories
Compliance Into the Weeds

Compliance into The Weeds: AI Washing and Compliance

The award winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance?

Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the recent SEC enforcement actions involving AI washing and what it all may mean for the compliance professional.

The evolving landscape of Artificial Intelligence (AI) has brought on a new paradigm of risk management in AI disclosures. This has caught the attention of regulatory bodies like the SEC, thereby necessitating a heightened focus on transparency and the implementation of comprehensive risk strategies.

Tom advocates for the integration of AI risk reporting into the overall risk management strategy, emphasizing the need for governance and the right risk control measures. His views are shaped by his understanding of the potential repercussions of misleading AI disclosures and the significance of transparency in warding off enforcement actions from regulatory bodies.

Matt echoes a similar sentiment, underscoring the importance of recognizing and managing AI risks. His perspective is influenced by the unique challenges that AI poses, calling for strategically tailored governance and risk management practices to navigate the complexities of AI technology.

Key Highlights:

  • AI Misrepresentation Enforcement by SEC
  • Transparency in AI Risk Reporting for Compliance
  • Integrating AI Risk into Overall Risk Management
  • Collaborative Roles for Effective AI Governance
  • A theory of unified risk management
  • What does all this mean for compliance and the compliance professional?

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Week Conference Podcast

Compliance Week 2024 Speaker Preview Podcast – Michele Cahn on Emerging Risk Areas

In this episode of the Compliance Week 2024 Speaker Preview Podcasts series, Michele Cahn discusses her panel at Compliance Week 2024, “Examining and Interpreting Emerging Risk Areas.” Some of the issues she will discuss in this podcast and her presentation are:

  • What are emerging risk areas for compliance?
  • The geopolitical risks unique to 2024
  • Learning about emerging enforcement trends & best practices at Compliance Week 2024
  • Learn about benchmarking, emerging issues & best practices at Compliance Week 2024

I hope you can join me at Compliance Week 2024. This year’s event will be held April 2-4 at the Westin Washington, DC, Downtown. The line-up is first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event, offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 19th year, join 500+ compliance, ethics, legal, and audit professionals who gather to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. Compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs, among many others, to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 80+ respected cross-industry practitioners, including CEOs, CCOs, regulators, federal officials, and practitioners, to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from panels on leadership, fraud detection, confronting regulatory change, abiding by cross-border rules and regulations, and the always-favorite fireside chats.
  • Bring actionable takeaways from various session types, including cyber, AI, Compliance, Board obligations, data-driven compliance, and many others, to your program for you to listen, learn, and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount on the registration price. Enter the discount code TFOX2024 for $200 off.

The Compliance Podcast Network produces the Compliance Week 2024 Preview Podcast series. Compliance Week sponsors this series.

Categories
Great Women in Compliance

Great Women in Compliance: Rupert Evill on Prioritizing Employee Well-Being in Risk Management

Welcome to the Great Women in Compliance Podcast. How can you make risk management more relevant? In this episode, Hemma Lomax visits with Rupert Evill, a seasoned expert in human-centered risk management with a diverse background spanning over 50 countries and 30 sectors and a strong academic foundation in business, international relations, and sustainability.

Rupert’s perspective on human-centered risk management is deeply rooted in the importance of understanding and valuing the personal and human aspects of risk. He emphasizes the need to consider values, ethics, and beliefs when assessing and managing risks, and highlights the significance of empathy, compassion, and curiosity in the process. His belief is that making risk management relevant involves engaging with local perspectives and experiences, acknowledging the realities faced by individuals in different contexts, and building relationships based on mutual understanding and respect. This perspective has been shaped by his extensive experience in due diligence, intelligence gathering, and counter-espionage, as well as his work with mid-caps and SMEs through his company, Ethics Insight.

Key Highlights:

  • Strength-Based Approach to Ethical Risk Management
  • Enhancing Employee Engagement through Simplified Communication
  • Empathy-driven Approach to Addressing Systemic Challenges
  • Fostering Ethical Culture Through Employee Engagement
  • Strategic Alignment for Effective Compliance Functions
  • Individual-Focused Risk Mitigation Strategies
  • Fostering Psychological Safety for Informed Decision-Making
  • Practical Risk Management Strategies for Businesses

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Week Conference Podcast

Compliance Week 2024 Speaker Preview Podcasts – James Griffin on Emerging Risks

In the Compliance Week 2024 Speaker Preview Podcasts series episode, James Griffin discusses his panel presentation at Compliance Week 2024, “Examining and Interpreting Emerging Risk Areas.” Some of the issues he will discuss in this podcast and his presentation are:

  • What is top of mind for compliance leaders, including a review of recent settlements and interpretations of the implications of those settlements?
  • Emerging areas of risk, future trends, and what’s coming down the pike
  • New ideas for his compliance program from Compliance Week 2024

I hope you can join me at Compliance Week 2024. This year’s event will be held April 2-4 at The Westin Washington, DC, Downtown. The line-up for this year’s event is first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event, offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 19th year, join 500+ compliance, ethics, legal, and audit professionals who gather to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. Compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs, among many others, to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 80+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from panels on leadership, fraud detection, confronting regulatory change, abiding by cross-border rules and regulations, and the always-favorite fireside chats.
  • Bring actionable takeaways to your program from various session types, including cyber, AI, Compliance, Board obligations, data-driven compliance, and many others, for you to listen, learn, and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount on the registration price. Enter the discount code TFOX2024 for $200 off.

The Compliance Week 2024 Preview Podcast series is a production of the Compliance Podcast Network. Compliance Week is the sponsor of this series.

Categories
Data Driven Compliance

Data Driven Risk Management and Fraud Prevention

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than Tom Fox’s award-winning podcast, Data-Driven Compliance. This podcast features an in-depth conversation about the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I take a solo turn to explore how data-driven compliance has moved from cutting-edge compliance to part of a best practices compliance program to becoming table stakes to do business in a multi-national world.

AI and data-driven compliance solutions are revolutionizing risk management and fraud prevention practices, offering advanced analytics, machine learning, and automation to enhance decision-making processes, improve efficiency, and proactively address compliance risks. These tools are essential for companies to navigate the complex regulatory landscape. Understanding the transformative power of data-driven approaches in compliance and risk management is critical for every compliance professional. User adoption is critical, for even the most advanced technology will not be effective if not embraced and utilized by compliance professionals. There is also a need to balance automation and human judgment to ensure the effectiveness of these tools in risk management.

Key Highlights:

  • Data-Driven Compliance Tools for Risk Management
  • Optimizing Decision-Making with AI-Driven Compliance Tools
  • Transformative Data-Driven Fraud Detection and Prevention

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Continually Evolving Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how your compliance program should continually evolve from your Code of Conduct to Risk Assessment to Continuous Improvement, all in a process oriented, documented approach.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Why Compliance Needs a Seat at The Table

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we review why compliance needs a seat at the corporate strategy table.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Into the Chair - Tales from Chief Compliance Officers

Into the Chair, Tales from Chief Compliance Officers: Rafael Capa on Mastering Risk Management for Success in Compliance

Welcome to the latest edition of the Compliance Podcast Network: Into the Chair: Tales from Chief Compliance Officers, which details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to navigate the compliance waters of any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Into the Chair: Tales from Chief Compliance Officers is a Comply podcast hosted by Tom Fox and is a production of the Compliance Podcast Network. In this episode, I visit with Rafael Capa, who has a background in risk management and is in compliance.

Rafael Capa is a highly experienced risk management professional with a career spanning over two decades in various sectors, including market risk, counterparty credit risk, liquidity risk, and operational risk. His perspective on the overall risk management strategy is shaped by his extensive experience. It is centered on the belief that it should be proactive, efficient, and tailored to the specific needs of the business lines. Capa emphasizes the importance of identifying, measuring, monitoring, reporting, and remediating risks in compliance and encourages firms to be proactive in assessing and implementing policies and procedures rather than waiting for regulations to be put in place. He also advocates for using data analytics and artificial intelligence in compliance to enhance effectiveness and efficiency. Furthermore, Capa, who holds a certificate in climate risk, underscores the emerging significance of this field in the compliance role and the necessity for compliance to keep pace with risk management in addressing this issue.

 

Key Highlights:

  • Proactive Risk Management Strategy Implementation
  • Building a Proactive Compliance Program with Data Analytics and AI
  • Enhancing Compliance through Customized Risk Assessment

Resources:

Rafael Capa on LinkedIn

Haitong International Securities Group

Comply

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Tailored Risk Management in the Third Sector

Compliance and risk management are crucial aspects of any organization; the third sector is no exception. In this week’s episode of Great Women in Compliance, hosted by Hemma Lomax, she visited with Sabrina Segal on compliance and risk management in the third sector. The third sector, which includes charities and nonprofits, operates in areas where the private sector doesn’t see value and where government regulations have failed. As a result, risk management becomes even more crucial in these high-risk environments with limited resources.

Sabrina Segal is a seasoned third-sector integrity risk and compliance advisor with a legal background, currently based in Rwanda as part of an international development and humanitarian assistance team. Her perspective on compliance and risk management in the third sector is that it is inherently high risk due to its operation in areas where the private sector does not see value and where government regulations have failed. Segal believes that the current risk management approaches, which are quantitative-heavy and designed for industries like finance and oil and gas, are not suitable for the third sector, which is more qualitative-heavy.

Drawing from her experiences, she emphasizes the need for bespoke approaches tailored to the specific needs and constraints of small and medium-sized charities and nonprofits. Segal has developed a strategy called objective-centered risk management for the third sector, which focuses on achieving objectives, identifying threats and opportunities, and directly influencing decision-making, viewing her work in compliance and risk management to improve organizations’ overall programming and impact in the third sector.

Segal advocates for an objective-centered approach to risk management in the third sector. This approach focuses on achieving objectives rather than simply creating static risk registers and matrices. By tying risk analysis directly to objectives, organizations can better understand the impact of uncertainty on their goals and make informed decisions. This approach also integrates risk management into project management, recognizing the dynamic nature of risks and their effect on objectives.

Compliance and risk management are essential for any organization, but they are significant in the third sector. Non-profit organizations often rely on public trust and funding, making it crucial to maintain a strong reputation. Compliance ensures that organizations adhere to legal and ethical standards, while risk management helps identify and mitigate potential threats to the organization’s mission and sustainability.

Another approach highlighted by Segal is Active Monitoring and Mitigation. This approach involves identifying and addressing threats and opportunities to achieve objectives. By mapping the causes of these threats and opportunities, organizations can implement active monitoring or mitigation steps to minimize risks and maximize opportunities.

One of the challenges faced by the third sector is the lack of quantitative data for risk analysis. While the finance or oil and gas industries can rely on quantitative tools such as Monte Carlo simulations or Bayesian statistics, the third sector often deals with qualitative data and dynamic systems. Segal emphasizes the need for bespoke approaches that work well for charities and nonprofits, tiny and medium-sized organizations with limited resources. She suggests using quantitative tools where possible and creating data trust in the third sector to improve risk management advice. Organizations can identify and assess potential risks more effectively using data-driven approaches. Risk matrices, statistical analysis, and predictive modeling can help quantify risks and prioritize them based on their likely impact. This allows organizations to allocate resources efficiently and make informed decisions to mitigate risks.

Active monitoring and mitigation involve continuously monitoring potential risks and proactively addressing them. Rather than waiting for risks to materialize, organizations in the third sector should adopt a proactive approach. This includes regular assessments, monitoring key performance indicators, and implementing control measures to prevent or minimize the impact of identified risks. By actively monitoring and mitigating risks, organizations can ensure the smooth operation of their programs and protect their stakeholders.

Risk analysis should be closely tied to an organization’s objectives in the third sector. By aligning risk analysis with objectives, organizations can prioritize risks that have the most significant potential to hinder the achievement of their mission. This involves identifying the risks that could impact the organization’s ability to deliver its programs or services. By linking risk analysis to objectives, organizations can develop targeted strategies to manage and mitigate these risks, ensuring the successful fulfillment of their mission.

In addition to risk management, compliance is another critical aspect of the third sector. Segal highlights the role of lawyers and compliance professionals in ensuring restorative justice and breaking the cycle of vengeance. By including all stakeholders and giving voice to the voiceless, lawyers and compliance professionals contribute to the success of restorative justice initiatives and create durable solutions in post-conflict environments.

Overall, compliance and risk management in the third sector require tailored approaches that consider charities and nonprofits’ unique challenges and limited resources. By focusing on objectives, actively monitoring and mitigating risks, and considering unforeseen risks, organizations in the third sector can improve their programming and significantly impact the communities they serve.