Tag: SAP

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 4, Start with a Root Cause Analysis

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point out a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 4, Root Cause, Risk Assessment, and Gap Analysis. Your remediation should begin with a root cause analysis. From there, move on to a risk assessment and gap analysis, and then you are ready to start your complete remediation.

SAP

The SAP Deferred Prosecution Agreement (DPA) laid out the best example of how this works in practice. The DPA reported extensive remediation by SAP, and the information provided in the DPA is instructive for every compliance professional. SAP engaged in a wide range of remedial actions. It all started with a root cause analysis. Root Cause analysis was enshrined in the FCPA Resource Guide, 2nd edition, as one of the Hallmarks of an Effective Compliance Program. It stated, “The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigation’s structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.”

This means a company should respond to the specific incident of misconduct that led to the FCPA violation. This means your organization “should also integrate lessons learned from misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.” The SAP DPA noted that SAP engaged in the following steps based on these factors:

1. Conducted a root cause analysis of the underlying conduct, then remediated those root causes through enhancement of its compliance program;
2. Conducted a gap analysis of internal controls, remediating those found lacking;
3. Undertook a “comprehensive risk assessment focusing on high-risk areas and controls around payment processes and enhancing its regular compliance risk assessment process”;
4. SAP documented using “comprehensive operational and compliance data” in its risk assessments.

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s compliance program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls on a go-forward basis. To do so, a company will need to analyze the root causes of the misconduct and remediate those causes promptly and appropriately to prevent future compliance breaches. This SAP did it during its remediation phase.

Albemarle

Albemarle also received credit “because it engaged in extensive and timely remedial measures.” This remedial action began based on the company’s root cause analysis of its FCPA violations.
This root cause analysis led to a risk assessment, which led to remediation. All of these steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out an effective compliance program and had tested it.

ABB

ABB also did an excellent job in its remedial efforts. According to the ABB Plea, ABB “engaged in extensive remedial measures, including hiring experienced compliance personnel and following a root-cause analysis of the conduct,” which led to the FCPA enforcement action. More on the ABB remediation later.

Each entity worked diligently to rebuild its compliance programs from the ground up. Whatever the faults of their prior compliance programs, each company was quite diligent in revamping their compliance regimes. While each company builds out a program based on its own risk, there is quite a bit of guidance you can draw from if your company finds itself in this position.

Here, the DOJ communicates that your remedial measures should start with a root cause analysis of the FCPA violation. From there, move to a risk assessment and internal control gap analysis to create a clear risk management strategy.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 3, Extensive Remediation

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point out a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 3, Extensive Remediation. The DOJ expects extensive remediation, well documented with data analytics to support everything you have done. Each of the companies engaged in extensive remediation.

ABB

The plea agreement said that ABB “took a lot of corrective action,” such as hiring experienced compliance staff and, after figuring out what caused the behavior described in the Statement of Facts, putting a lot more money into testing and monitoring compliance across the whole company; putting in place targeted training programs and extra case-study sessions on-site; and continuing to test and monitor to see how things are going. This final point was expanded on in the SEC Order, which reported that all employees involved in the misconduct were terminated.

At this point, there are not many specific components of the ABB remediation available, but we do know that ABB was given credit for hiring “experienced compliance personnel,” starting with the hiring of Natalia Shehadeh, SVP and Chief Integrity Officer, and then allowing Shehadeh to hire a dream team of compliance professionals to work with her.

Albemarle

The NPA cited several remedial actions by the company that helped Albemarle obtain a superior result regarding the discounted fine and penalty. These steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out an effective compliance program and had tested it. The NPA provided that Albemarle engage in the following remedial efforts:

  • Strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization;
  • Transformed its business model and risk management process to reduce corruption risk in its operation and to embed compliance in the business, including implementing a go-to-market strategy that resulted in eliminating the use of sales agents throughout the Company, terminating hundreds of other third-party sales representatives, such as distributors and resellers, and shifting to a direct sales business model;
  • Provided extensive training to its sales team, restructuring compensation and incentives so that compensation is no longer tied to sales amounts;
  • Used data analytics to monitor and measure the compliance program’s effectiveness and
  • We are engaged in continuous testing, monitoring, and improving all aspects of its compliance program, beginning immediately after identifying misconduct.

SAP

SAP also did an excellent job in its remedial efforts, whether SAP realized that, as a recidivist in dire straits, it was after the publicity in South Africa around corruption or some other reason that the company made major steps to create an effective, operationalized compliance program that met the requirements of the Hallmarks of an Effective Compliance Program as laid out in the 2020 FCPA Resource Guide, 2nd edition.

The remedial actions by SAP can be grouped as follows:

  1. Root Cause, Risk Assessment, and Gap Analysis. After doing a gap analysis of internal controls and fixing any problems found, the company did a root cause analysis of the behavior in question and fixed the issues it found. It then did a full risk assessment, focusing on high-risk areas and controls around payment processes, and used the results to improve its compliance risk assessment process.
  2. Enhancement of Compliance. Here, the company significantly increased the budget, resources, and expertise devoted to compliance; restructured its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership; enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties; enhanced its reporting, investigations and consequence management processes;
  3. Change in sales models. On the external sales side, SAP eliminated its third-party sales commission model globally, prohibited all sales commissions for public sector contracts in high-risk markets, and enhanced compliance monitoring and audit programs, including creating a well-resourced team devoted to audits of third-party partners and suppliers. On the internal side, SAP adjusted internal compensation incentives to align with compliance objectives and reduce corruption risk.
  4. Data Analytics. Here, SAP expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally, and comprehensively used data analytics in its risk assessments.

Each of these entities worked quite diligently to rebuild their compliance programs from the ground up. Whatever the faults of their prior compliance programs, each company was quite diligent in revamping their compliance regimes. While each company builds out a program based on its own risk, there is quite a bit of guidance you can draw from if your company finds itself in this position.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 1, Self-Disclosure

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring, and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions. Today, we begin with Number 1, self-disclosure. The first and most important thing is that a company should self-disclose a potential FCPA violation to the DOJ.

The DOJ expects and will reward self-disclosure above all else. The ABB enforcement action all began with ABB’s putative attempt to self-disclose. ABB set up a meeting where they intended to self-disclose but only set up the meeting without telling the DOJ the reason for the meeting. Unfortunately for ABB, this attempt was unsuccessful, as the South African press broke the story of ABB’s bribery and corruption between the time ABB called to set up a meeting and sat down with the DOJ. Yet the DOJ spent significant time discussing the underlying facts, and it was clear it positively impacted the DOJ.

Kenneth Polite, then Assistant Attorney General, said of ABB’s conduct around this attempt, “Before the meeting, however, a media report drew public attention to the wrongdoing.  But because the company could demonstrate intent and efforts to self-disclose before, and without any knowledge of, the media report, the Department weighed both the early detection of the misconduct and the intent to disclose it significantly in ABB’s favor.”

In the Albemarle enforcement action, there was a significant discussion in the NPA around Albemarle’s voluntary self-disclosure to the DOJ. “The disclosure was not “reasonably prompt,” as it was made approximately 16 months ago to the DOJ after initial discovery by the company. This meant the self-disclosure “was not within a reasonably prompt time after becoming aware of the misconduct in Vietnam,” and it means that Albemarle did not meet the standard for voluntary self-disclosure. While the DOJ “gave significant weight” to the company’s voluntary, even if untimely, disclosure of the misconduct, it is certainly cautionary.

Equally interesting was the SAP enforcement action. Although this factor was not present in the SAP enforcement action, the DOJ’s message regarding the DOJ’s expectation of self-disclosure and the obvious and palpable benefits could not be any clearer. Under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the U.S.S.G. fine range but rather at 40% from above the low end. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. SAP’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

In addition to these enforcement actions, Kenneth Polite, in a speech announcing changes in the Corporate Enforcement Policy, made clear the importance of self-disclosure in the eyes of the DOJ. “Our existing policy provides that if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates, there is a presumption that we will decline to prosecute absent certain aggravating circumstances involving the offense’s seriousness or the offender’s nature. These aggravating circumstances include, but are not limited to, involvement by executive management of the company in the misconduct; a significant profit to the company from the wrongdoing; egregiousness or pervasiveness of the misconduct within the company; or criminal recidivism.” If a company self-discloses, but a criminal resolution is warranted, our existing policy offers 50% off of the low end of the applicable Sentencing Guidelines penalty range.

He re-emphasized this position: “When a company has uncovered criminal misconduct in its operations, the clearest path to avoiding a guilty plea or an indictment is voluntary self-disclosure.  It is also the clearest path to the greatest incentives that we offer, such as a declination with disgorgement of profits.” While noting the difficulty of a company deciding to self-disclose, “we are underscoring that a corporation that falls short of our expectations does so at its own risk. Make no mistake – failing to self-report, cooperate, and remediate fully can lead to dire consequences.” [emphasis supplied]

The DOJ could not be clearer. The No. 1 lesson is that you need to self-disclose if you want any of the benefits available.

Categories
Blog

Self-Disclosure is Now the Key

The Department of Justice (DOJ) has been making significant strides in emphasizing the importance of voluntary self-disclosure in corporate enforcement cases, particularly in the Foreign Corrupt Practices Act (FCPA) realm. This shift in approach is evident in recent policy announcements and enforcement actions, beginning with the 2022 ABB Foreign Corrupt Practices Act (FCPA) settlement to the 2023 Albemarle FCPA resolution and continuing to the 2024 SAP Foreign Corrupt Practices Action settlement. Through these three resolutions,  the DOJ clarified that its most important criteria for evaluating a company for a fine under the FCPA is whether or not it self-discloses.

Representatives of the DOJ Kenneth Polite and Lisa Monaco further discussed this incentive in speeches in 2023. In announcing a revision to the 2017 FCPA Corporate Enforcement Policy, which became the 2023 Corporate Enforcement Policy, Kenneth Polite emphasized the ‘need for speed’ both in self-disclosure and during the pendency of any FCPA or compliance real compliance-related involving the DOJ.

The DOJ’s focus on incentivizing self-disclosure is a strategic move to encourage companies to come forward with violations and cooperate with authorities. The new Corporate Enforcement Policy offered up to a 75% reduction in penalties for voluntary disclosure. This discount is available even if there were ‘aggravating factors’ in the matter, such as C-Suite involvement in bribery and corruption. The DOJ could not send a more precise signal and be more transparent about what they want and will incent. This approach reflects a broader trend toward rewarding companies that proactively address compliance issues and work collaboratively with law enforcement agencies.

One of the key factors influencing the DOJ’s enforcement actions is the impact of recidivism. In October 2021, the DOJ, through a speech by Lisa Monaco and memorialized in the 2023 Evaluation of Corporate Compliance Programs (2023 ECCP), made it clear that it will not tolerate repeat offenders and is prepared to impose harsh penalties on companies that fail to self-disclose violations. However, even recidivist companies are encouraged to come forward and address compliance issues head-on, with the potential for significant penalty reductions if they demonstrate genuine cooperation and remediation efforts. The ABB resolution, in which the company was the first three-time FCPA recidivist yet received a superior outcome, once more demonstrated the DOJ’s current focus. The attempted self-disclosure fell short by only a day or two, as ABB had scheduled a meeting with the DOJ to self-disclose but had not formally done so. In the interim, a news story broke in South Africa about ABB’s systemic bribery and corruption in that country.

Although this factor was absent from the SAP enforcement action, the DOJ’s message regarding the benefits of self-disclosure and the DOJ’s expectation of self-disclosure could not have been clearer. Under the Corporate Enforcement Policy, SAP’s failure to self-disclose costs it an opportunity of at least 50% and up to a 75% reduction off the low end of the acceptable range of the US Sentencing Guidelines. Its actions as a criminal recidivist resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the USSG acceptable range but rather at 40% from above the low back. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. Its inability to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

There was a significant discussion in the NPA around Albemarle’s voluntary self-disclosure to the DOJ. However, NPA noted that “the disclosure was not “reasonably prompt” as defined in the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy and the US Sentencing Guidelines.” The NPA reported that Albemarle learned of allegations regarding possible misconduct in Vietnam approximately 16 months before disclosing them to the DOJ. Interestingly, the SEC Order only stated, “Albemarle made an initial self-disclosure to the Commission of potential FCPA violations in Vietnam after completing an internal investigation of such conduct and, simultaneously, self-reported potential violations it was investigating in India, Indonesia, and China. Albemarle later self-disclosed potential violations in other jurisdictions to the Commission as part of an expanded internal investigation.”

This meant the self-disclosure “was not within a reasonably prompt time after becoming aware of the misconduct in Vietnam,” which means that Albemarle did not meet the standard for voluntary self-disclosure under the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy. While the DOJ “gave significant weight” to the Company’s voluntary disclosure, even if untimely, disclosure of the misconduct is undoubtedly cautionary.

The tradeoffs involved in balancing different factors, such as self-disclosure, cooperation, and remediation, can present challenges for companies navigating the complex landscape of FCPA enforcement. While the DOJ’s emphasis on self-disclosure offers potential benefits regarding penalty reductions and monitoring requirements, companies must carefully weigh the risks and rewards of voluntary disclosure against the possible consequences of non-disclosure.

The importance of considering the impact of decisions about the DOJ’s FCPA enforcement actions cannot be overstated. Companies that prioritize a culture of compliance, proactive monitoring, and data-driven analytics are better positioned to detect and address potential violations before they escalate into costly enforcement actions. By aligning their compliance programs with the DOJ’s expectations and demonstrating a commitment to ethical business practices, companies can mitigate the risks associated with FCPA violations and build a strong foundation for long-term success.

What the DOJ wants is self-disclosure as soon as possible. One only needs to recall the case of Cognizant Technologies, where the company received a complete declination, and there were allegations of C-Suite involvement in the bribery schemes. This Declination was provided mainly because the company self-disclosed only two weeks after the information was filtered to the Board of Directors. While Cognizant Technologies may be the gold standard, a company’s timely self-disclosures can be considered for a full Declination.

Categories
FCPA Compliance Report

FCPA Compliance Report – Tom Fox and Michael Volkov Look at Incentives for Self-Disclosure

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Michael Volkov as they take a deep dive into the ABB, Albemarle, and SAP FCPA enforcement actions to try and unpack the DOJ’s pivot away from heavy penalties for recidivists to prioritizing self-disclosure above all else.

Volkov’s perspective on the Department of Justice’s (DOJ) FCPA enforcement actions is both critical and analytical, shaped by his extensive experience. He underscores the necessity of transparency and explanation in the factors considered by the DOJ, highlighting its significance to practitioners in the field. Volkov also recognizes the shift in DOJ policy towards data-driven compliance, requiring companies to provide data to substantiate their conclusions and demonstrate their compliance efforts. He further notes the evolving landscape of voluntary disclosure and remediation, suggesting these areas are now pivotal in the DOJ’s enforcement approach. Volkov’s insights reflect a nuanced understanding of the changing dynamics in FCPA enforcement and the imperative for companies to adapt to these shifts.

Key Highlights:

  • Importance of Cooperation in Corporate Enforcement Cases
  • Incentivizing Self-Disclosure in DOJ’s FCPA Enforcement
  • Increased Penalty Reduction for Voluntary Self-Disclosure
  • DOJ’s Evolving Approach to Corporate Penalties
  • Benefits of Voluntary Self-Disclosure in Enforcement

Resources:

Volkov Law Group

Corruption, Crime and Compliance

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

 

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Compliance Into the Weeds

Compliance into The Weeds: To Monitor or Not to Monitor: What is even The Question?

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the seeming inconsistency in approaches to monitoring (or lack thereof) in two recent DOJ enforcement actions involving eBay and SAP.

The Department of Justice’s (DOJ) seemingly inconsistent approach to corporate enforcement and compliance monitoring has been a topic of much debate and confusion. Or has it? This inconsistency is particularly evident in the assignment of compliance monitors and CCO certification, as seen in the contrasting cases of eBay and SAP. Does the DOJ have a contradictory approach? What are the criteria for assigning monitors? Are local U.S. Attorneys may be following their own agendas, leading to this inconsistency. Is there a lack of logic and effectiveness in the DOJ’s policies? To delve deeper into this issue, join Tom Fox and Matt Kelly in this episode of Compliance into the Weeds.

Key Highlights:

  • Effectiveness and Consistency of Compliance Monitors
  • Incentivizing self-disclosure and remediation in corporate enforcement
  • Inconsistent assignment of monitors based on misconduct
  • Inconsistent enforcement practices by U.S. Attorneys

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
From the Editor's Desk

From The Editor’s Desk – January and February 2024 in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories that have appeared in Compliance Week over the past month, look at the top compliance stories upcoming for the next month, talk about some sports and generally try to solve the world’s problems.

Tom Fox and Kyle Brasseur are back. In this episode, they look at the Department of Justice’s role in shaping corporate compliance practices through its enforcement actions, setting the tone for companies to voluntarily self-disclose and cooperate. Tom believes that the DOJ is making a concerted effort to highlight what companies are doing right in enforcement actions, particularly in relation to remedial efforts and cooperation. He sees the DOJ’s settlement documents as a clear communication of what they expect from companies going forward. Kyle emphasizes the importance of focusing on the positive aspects of enforcement actions and learning from what companies are doing right to prevent similar situations in the future. He mentions the use of data analytics and the retention of off-channel communications as examples of new expectations from the DOJ. Join Tom Fox and Kyle Brasseur on this episode of From the Editor’s Desk as they delve deeper into the topic of DOJ enforcement actions and corporate compliance practices.

Highlights Include:

  • SAP Enforcement Action
  • CNIL and Amazon’s Excessive Employee Surveillance Violation
  • Exploring Best Practices in Know Your Customer and Anti-Money Laundering Compliance
  • Highlighting Compliance Success in Financial Services
  • Insights from DOJ Enforcement Actions Roundtable
  • Bill Belichick
  • NFL Playoffs
Categories
Everything Compliance

Everything Compliance – Episode 128, The Frozen Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have the quartet of Jonathan Armstrong, Matt Kelly, Karen Woody, and Jay Rosen, all hosted by Tom Fox, joining us on this episode to discuss some of the topics they are watching during this extended cold spell across the US.

1. Matt Kelly looks at the tale of two companies, eBay and SAP, and the disparity in whether monitorships were mandated. He shouts out to Saul Dreier and the Holocaust Survivors Band, who recently played a gig at the White House.

2. Tom Fox shouts out to Sir Elton John for winning an Emmy, thus becoming only the 18th person to hold the prestigious EGOT designation.

3. Jonathan Armstrong looks at the new SFO director and his new focus for the beleaguered agency.  He shouts out to Nick Rossi (or whatever name he is using) and his 16 aliases.

4. Jay Rosen takes a deep dive into the SAP Foreign Corrupt Practices Act enforcement action. He shouts out to the Cara Cara naval oranges.

5. Karen Woody looks at the Segway shareholder case and its duty of oversight analysis for an officer. She shouts out to all the folks in Indiana who work and fix things during a deep freeze and those manning homeless shelters.

The members of the Everything Compliance are:

  • Jay Rosen is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody is one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly is the Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
  • Jonathan Marks can be reached at jtmarks@gmail.com.

The host, producer, ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
All Things Investigations

All Things Investigations – Mike DeBernardis on The SAP Enforcement Action

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, I was joined by HughesHubbardReed partner Mike DeBernardis to discuss the recently announced FCPA enforcement action involving SAP.

Mike DeBernardis is a seasoned expert in the field of FCPA enforcement, with a specific focus on SAP enforcement action and the critical role of compliance programs. Drawing from his extensive knowledge of corruption schemes in various countries and the role of third-party intermediaries in these activities, DeBernardis views the SAP enforcement action as a pivotal case study that underscores the importance of robust compliance programs and proactive remedial actions. He commends SAP for their significant investment in their compliance program and their willingness to alter their business practices, such as severing certain third-party relationships and high-risk conduct. DeBernardis believes these actions reflect a commitment to business integrity and serve as a valuable lesson for companies navigating complex investigations. Join Tom Fox and Mike DeBernardis as they delve deeper into this topic on this episode of All Things Investigations.

Key Highlights:

  • SAP’s Corrupt Third-Party Intermediaries and Enforcement Action
  • The Power of Cooperation and Remediation
  • DOJ’s Emphasis on Cooperation and Technology

Resources:

Hughes Hubbard & Reed website

Mike DeBernardis on LinkedIn

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 21 — Big Trouble in China Edition

What happens when two top compliance commentators get together? They talk about compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on a wide variety of topics, including the self-improvement of the Florida Man gone astray.

In the ever-evolving world of regulatory compliance and risk management, challenges are constant, and strategies must be dynamic. Tom highlights corruption in China, data privacy, the duty of oversight for officers and export control sanctions. Kristy highlights the ESG & DEI, Supply Chains and China, SAP, frequent flyer mile fraud and checks in on Florida Man. Join Tom Fox and Kristy Grant-Hart as they delve deeper into these issues in this episode of the 2 Gurus Talk Compliance podcast.

Highlights Include:

  1. First Shots Fired in 2024 Proxy Battle Over ESG, DEI: (Law.com)
  2. Enforcement of China’s Forced Import Ban Needs to Be Much Tougher, Say U.S. Lawmakers (WSJ)
  3. Lessons Learned from the SAP Enforcement Action: DOJ Changes Tack on FCPA Enforcement While SEC Digs into Third-Party Controls (Part III of III) (Corruption, Crime & Compliance)
  4. Frequent flyer miles helped authorities crack down on a $127 million money laundering scheme (The Street): HERE
  5. Analysis of failure to exercise duty of oversight by a corporate officer. (FCPA Compliance & Ethics Blog)
  6. McDonald’s Duty of Officer oversight. (Compliance and Enforcement)
  7. China and its fight against corruption.  (Reuters)
  8. Big penalties are coming for export control and sanctions enforcement. (WSJ)
  9. A federal data privacy law in 2024? (CCI)
  10. Florida man uses phone he found in Walmart bathroom to call in fake bomb threat, cites TikTok trend: deputies (FOX Orlando)

Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn