Categories
Daily Compliance News

Daily Compliance News: March 22, 2024 – The Big Mistake Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Goldman files a suit against Malaysia over 1MDB. (Bloomberg)
  • The DOJ sues Apple.  (Reuters)
  • The Vietnamese President resigns over corruption issues. (NPR)
  • Warren wants the SEC to look into Tesla’s independence. (WSJ)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Into the Weeds

Compliance into The Weeds: SEC Climate Change Reporting and a Unified Risk Management Process

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance?

Look no further than Compliance into the Weeds!

In this episode, Tom and Matt take a deep dive into the recent SEC climate reporting rules and how this could lead to a unified risk management process.

The topic of the recently proposed SEC climate change reporting rule, which requires companies to disclose their greenhouse gas emissions and climate-related risks, raises intriguing discussions across various sectors. This rule emphasizes the importance of transparency, necessitating companies to adapt their risk disclosure frameworks to encompass a range of risks, including cybersecurity, climate change, anticorruption, and financial reporting.

Tom sees this rule as a much-anticipated development with significant implications for companies. He advocates for a comprehensive risk management strategy that aligns with the SEC’s push for holistic risk disclosures, taking into consideration the continuous relevance of climate change regulations at multiple levels. On the other hand, Matt acknowledges the significant challenges and changes that the rule has encountered, particularly litigation from both oil and gas interests and environmental groups. Despite the legal and political uncertainties, he underscores the importance of prioritizing climate change disclosures, given the existence of similar rules in California and Europe.

 

Key Highlights:

  • Climate risk disclosure mandates for companies
  • Enhancing transparency in risk management
  • A theory of unified risk management
  • What does all this mean for compliance and the compliance professional?

Resources:

Matt on Radical Compliance

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 24 — The Self-Disclosure Edition

What happens when two top compliance commentators get together? They talk about compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on a wide variety of compliance-related topics.

The Department of Justice (DOJ) is launching a paid whistleblower initiative, specifically targeting cases of criminal exploitation of the U.S. financial system that slip through the cracks of existing agency schemes. This move has elicited various perspectives, notably from compliance experts Tom Fox and Kristy Grant-Hart. Fox, drawing on his extensive experience in compliance, identifies the program as a vital development, filling a gap in whistleblower compensation efforts. He anticipates that it will compel compliance officers to foster a culture of reporting and enhance efficiency in managing investigations. On the other hand, Kristy, a renowned compliance specialist, also views the initiative positively but expresses concerns about the increased pressure on organizations to ensure compliance.

Despite this, both experts agree that the program is a step in the right direction towards promoting transparency, accountability, and ethical corporate behavior.

Highlights Include:

1. DAG Monaco Speech (DOJ Release)

2. Nicole M. Argentieri Speech (DOJ Release)

3. CTA struck down (WSJ)

4. Leadership Lessons from Robert Oppenheimer (WSJ)

5. State governments move to regulate AI (NYU)

6. The Percentage Of Corporate DOJ And SEC FCPA Enforcement Actions That Result From A Voluntary Disclosure (FCPA Professor)

7. Husband Who Eavesdropped on Wife’s Work Calls Pleads Guilty to Insider Trading (WSJ)

8. SEC Adopts Climate Disclosure Rule (Radical Compliance)

9. Is It Ever OK to Have an 8 a.m. Meeting? (WSJ)

10. The Florida Man Games (NYTimes)

Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 10, Getting to Self-Disclosure: Speak Up, Triage and Internal Investigation

Over this series, I have reviewed the messages communicated by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) from three key Foreign Corrupt Practices Act (FCPA) enforcement actions regarding their priorities in investigations, what they want to see in remediations, and what they consider best practices compliance programs. These enforcement actions warrant a close study of the lessons learned. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities. One thing is abundantly clear: It all begins with self-disclosure.

The three FCPA enforcement actions we have reviewed are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. I added a fourth, the Gunvor S.A. enforcement action, as a discussion point, as it was released while I was writing this series. I have also cited several speeches by DOJ officials, including those from Deputy Attorney General Lisa Monaco and Assistant Attorney General Kenneth Polite. They pointed out a clear path for the company, which finds itself in an investigation, using extensive remediation to avoid monitoring. They provided insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Late last week, there were two speeches at the ABA White Collar Conference: one by DAG Lisa Monaco and a second by Acting Assistant Attorney General Nicole M. Argentieri, which re-emphasized the points I have articulated. Today, I want to use their speeches to add another factor to my Top Ten Lessons List: a Speak Up Culture, effective triage, and quick, efficient, and accurate internal investigation when information is brought forward.

DAG Monaco could not have been clearer when she said, “When a business discovers that its employees broke the law, the company is far better off reporting the violation than waiting for DOJ to discover it. Now, when the DOJ does discover the violation, the company can still reduce its exposure by proactively cooperating in our investigation. But I want to be clear: no matter how good a company’s cooperation, a resolution will always be more favourable with voluntary self-disclosure.” [emphasis supplied]

DAG Monaco noted that the DOJ has structured its “Voluntary Self Disclosure (VSD) programs to encourage companies to take responsibility for misconduct within their organizations. And we’ve conditioned benefits on the company’s willingness to step up and own up — requiring it to disgorge profits, upgrade compliance systems, and cooperate in investigations of culpable employees…We want to empower them to make the business case for investing in compliance. And when they do, they can point to our policies. Early reports on this work are promising. We directed all components and U.S. Attorneys to implement self-disclosure programs.”

The benefits of the VSD come from this self-disclosure. The DOJ’s announcement that it was launching a whistleblower program for payments to people who come forward with information about criminal activity emphasised this idea even more. While the SEC, CFTC, IRS, and other agencies have whistleblower reward programs, this is a powerful message from the DOJ that if your company has an issue, it is far better to self-disclose than investigate, remediate, and hope the DOJ (or any other agency) never finds out about the matter. Put another way, Argentieri spoke about “the benefits that await those that voluntarily disclose misconduct.”

All of this means you must be able to intake, evaluate, and investigate the information.

Culture of Speak Up

Your organization must have an effective and efficient means of allowing employees to raise their hands and speak up. That speak-up can be through an anonymous hotline, by going into their supervisor’s office to report something, or by coming to the compliance function. Or it could be another avenue of reporting. The point is that every company must be ready, willing, and able to hear and act on internal reports of wrongdoing.

Triage

Given the number of ways that information about violations or potential violations can be communicated to government regulators, having a robust triage system is a critical way to separate the wheat from the chaff and bring the correct number of resources to bear on a compliance problem. One important area is determining whether to bring in outside counsel to head up an investigation and the resources you may want or need to commit to a problem. You need to “kick the tyres” of any allegations or information so that you know the circumstances in front of you before you make decisions. You can achieve this through a robust triage process.

Internal Investigations

You can decide whether or not to investigate by consulting with other groups, such as the Compliance Committee of the Board of Directors or the Legal Department. The head of the business unit in which the claim arose may also be notified that an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis. Using a detailed written procedure, you can ensure complete transparency on all parties’ rights and obligations once an allegation is made. This gives compliance the flexibility and responsibility to deal with such matters, from which it can best assess and decide how to manage them.

We concluded this series where we began with the need for or benefits of self-disclosure. The benefits laid out by the DOJ are clear, tangible, and direct. If you self-disclose, provide extraordinary cooperation, extensively remediate, and disgorge any ill-gotten gains through profit disgorgement, there will be a presumption of declination. Even if you do not meet the self-disclosure threshold, you can still garner significant discounts under the DOJ’s Corporate Enforcement Policy through extraordinary cooperation and extensive remediation.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 9, Internal Controls

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point out a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in an ongoing best practices compliance program.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 9, Internal Controls. The DOJ has made it clear that any organization under FCPA scrutiny must use its internal controls to continuously test, monitor, and improve all aspects of its compliance program.

SAP

As a part of its remediation, the company conducted a gap analysis of internal controls. This remediation found those internal controls “lacking.” SAP also undertook a “comprehensive risk assessment focusing on high-risk areas and controls around payment processes and enhancing its regular compliance risk assessment process.” Using this risk assessment as a starting point, the company performed a gap analysis, determined the overall remediation regime needed, and effectuated that remediation. 

ABB

The ABB Plea Agreement reported that ABB “performed a root-cause analysis of the conduct at issue. From there, the company revamped its internal controls, investing significant additional resources in control testing and monitoring throughout the organization. While not often seen as a part of internal controls, the company restructured its reporting by internal project teams to ensure compliance controls oversight.

Additionally, ABB essentially created its monitoring program around controls, testing its compliance program, and reporting to the DOJ. In the “Written Work Plans, Reviews, and Reports” section, ABB agreed to conduct a first review and prepare a report, followed by at least two follow-up reviews and reports. But more than simply reporting on control testing, ABB agreed to create and submit for review a work plan for this ongoing testing of its compliance program, as the program was detailed in the DPA. The DPA specified, “No later than one (I) year from the date this Agreement is executed, the Company shall submit to the Offices a written report setting forth:

  • a complete description of its remediation efforts to date;
  • a complete description of the controls testing conducted to evaluate the effectiveness of the compliance program and the results of that testing; and
  • It proposes to ensure that its compliance program is reasonably designed, implemented, and enforced so that the program is effective in deterring and detecting violations of the FCPA and other applicable anti-corruption laws.”

The bottom line is that all these companies worked very hard to significantly enhance their controls, testing, and monitoring and then improve based on that information. None of the actions taken by these companies were particularly new or even innovative. Indeed, these strategies have been available from the DOJ since at least the first edition of the FCPA Resource Guide in 2012. It was, however, the work by the company to understand the deficiencies in their internal controls regime and their superior efforts to upgrade them.

Albemarle

The Albemarle SEC Order was instructive regarding internal controls for a different reason than we have been considering throughout this series. The Order detailed a series of internal control failures by the company across multiple business units in several other countries. The entire story painted a picture of a company that did not have adequate or easily overridden internal controls.

Vietnam. The Order noted, “Albemarle’s system of internal accounting controls was insufficient to prevent or detect these improper payments, which Albemarle Singapore falsely recorded as legitimate commissions in books and records consolidated into Albemarle’s financial statements.”

India. A backdated agreement increased an India agent’s commission multiple times without compliance oversight or approval. Commissions went from “extremely high” to “far from any possible realistic justification.” Finally, “the agreement called for payment of a three percent commission to India Agent, a rate three times higher than that paid to Albemarle’s existing agent for India.”

Indonesia. Albemarle’s system of internal accounting controls was insufficient to prevent or detect the improper payments made to and through Indonesia Agent, which Albemarle Singapore falsely recorded as legitimate commissions and business expenses in books and records consolidated into Albemarle’s financial statements.”

China.  When an Albemarle business director questioned China Agent’s compensation as “high,” an Albemarle Netherlands business director provided the business justification that he anticipated significant returns on the contract.

UAE.  No due diligence was conducted on an agent until after the agent agreement had been executed. The agent provided no discernible services other than conveying confidential tender evaluations and competitors’ bids obtained from the customer.

Each of these resolutions drives home the importance of internal controls, creation, and remediation as a key part of your overall compliance regime during any investigation. The sooner you can start on your internal controls, the better off you will be in your negotiations with the DOJ and SEC.

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending March 9, 2024

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week.

Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  1. The DOJ announces a whistleblower program.  (WSJ)
  2. More from DAG Monaco. Changes to ECCP regarding AI. (Compliance Week)
  3. The NYT asks for Boeing whistleblowers. (NYT)
  4. Forced labor and Porsches.  (WSJ)
  5. The SEC approves weakened climate change rules. (NYT)
  6. Bribery acquittal in London. (F T)
  7. The CTA ruled it unconstitutional. (NYT)
  8. Senator Menendez, a co-defendant, pleads guilty. (CNBC)
  9. Ethisphere announces the World’s Most Ethical Company Awards. (Press Release)
  10. Gunvor is to pay $661 million for FCPA violations. (WSJ)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day here.

Connect with Tom:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: March 8, 2024 – The DOJ Whistleblower Day Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News.

All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • The DOJ announces a whistleblower program.  (WSJ)
  • More from DAG Monaco. Changes to ECCP regarding AI. (Compliance Week)
  • The NYT asks for Boeing whistleblowers. (NYT)
  • SEC prepares to be sued for pro- and con-climate reporting rules. (FT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Daily Compliance News

Daily Compliance News: March 7, 2024 – The Forced Labor Slow Porsche Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Forced labor and Porsches.  (WSJ)
  • Bribery acquittal in London. (FT)
  • The SEC approves weakened climate reporting rules. (NYT)
  • The Hotel California criminal trial was dismissed. (Bloomberg)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
The Woody Report

The Woody Report: Shadow Insider Trading, The Panuwat Case

Welcome to The Woody Report, where, Washington & Lee, School of Law Associate Professor Karen Woody and host Tom Fox discuss issues on white collar crime, compliance issues, international corruption, securities and accounting fraud, and internal corporate investigations. From current events to topical issues to academic research and thought leadership, Karen Woody helps lead the discussion of these issues on the new and exciting podcast. In this episode, Tom and Karen explore the upcoming trial of Matthew Panuwat over claims of Shadow Insider Trading.

The shadow insider trading case involving Matthew Panuwat is a groundbreaking trial that could redefine the boundaries of insider trading. The Securities and Exchange Commission (SEC) is prosecuting Panuwat for allegedly making around $107,000 by trading in Insight, a company similar to his own, Medivation, based on non-public information about Medivation. This case emphasizes the importance of maintaining confidentiality and integrity in the workplace and could impact insider trading liability by addressing shadow trading and its implications for securities laws.

Tom views this case as a significant and novel one brought by the SEC, highlighting the concept of shadow trading, where companies are economically linked in such a way that trading on one company’s information can be considered insider trading in another. On the other hand, Karen Woody aligns with the SEC’s argument that Panuwat’s actions were not right, emphasizing the importance of following insider trading laws and regulations. Check out this most fascinating case.

Key Highlights:

  • Insightful Shadow Trading in Panuwat Trial
  • Redefining Insider Trading through Shadow Trading Practices
  • Expanding Industry-Wide Prohibition on Insider Trading

 Resources:

Karen Woody on LinkedIn

Karen Woody at Washington & Lee, School of Law

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 2, The Need for Speed

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point to a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 2, the Need for Speed. The DOJ expects a company to share information with regulators as quickly as it finds those facts without necessarily knowing how such admissions might affect its overall case and settlement chances.

In a 2023 speech, Assistant Attorney General Kenneth Polite announced the change I called ‘The Need for Speed.’ Polite characterized the change as going from ‘full’ cooperation to ‘extraordinary’ cooperation. He noted the DOJ has differences between corporations and individuals in both investigations and enforcement, but “concerning how we consider cooperation, the lens and framework through which we analyze the level and degree of cooperation aren’t so different.”

Polite named three concepts, “immediacy, consistency, degree, and impact—that apply to cooperation by both individuals and corporations, which will help to inform our approach to assessing what is “extraordinary.”He went on to note that “In assessing the quality of a cooperator’s assistance, we value: when an individual begins to cooperate immediately, and consistently tells the truth; individuals who allow us to obtain evidence we otherwise couldn’t get, like quickly obtaining and imaging their electronic devices or having recorded conversations; cooperation that produces results, like testifying at a trial or providing information that leads to additional convictions.” He emphasized that there are “examples in the individual context.”

Then came the puzzling part. Polite stated, “We know “extraordinary cooperation” when we see it, and the differences between “full” and “extraordinary” cooperation are perhaps more in degree than kind.  To receive credit for extraordinary cooperation, companies must go above and beyond the criteria for full cooperation set in our policies—not just run of the mill, or even gold-standard cooperation, but truly extraordinary.” He stated, “At the same time, the government will not affirmatively direct a company’s internal investigation if it chooses to do one, and companies are often well positioned to know the steps they can take to best cooperate in a particular given case.” He concluded, “And, of course, the facts and circumstances of each case will be unique.”

Perhaps Polite is simply channeling his inner Potter Stewart with his line, ‘We know it…when we see it’. Of course, if two or more people look at the same set of facts, there is always the chance for two or more interpretations. The question then becomes how to define extraordinary cooperation.

It also ties directly into what Deputy Attorney General Lisa Monaco said in announcing the Monaco Doctrine when she stated, “Department prosecutors must gain access to all relevant, non-privileged facts about individual misconduct swiftly and without delay.” [emphasis supplied] This meant, “to receive full cooperation credit, corporations must produce on a timely basis all relevant, non-privileged facts and evidence about individual misconduct such that prosecutors have the opportunity to effectively investigate and seek criminal charges against culpable individuals.” If a company fails to meet this burden, it will “place in jeopardy their eligibility for cooperation credit.” The DOJ goes the next step by placing the burden on companies to demonstrate timeliness, stating they “bear the burden of ensuring that documents are produced promptly to prosecutors.”

In the ABB enforcement action, ABB received credit for extraordinary cooperation based on the following: “(i) promptly providing information obtained through its internal investigation, which allowed the Offices to preserve and obtain evidence as part of their independent investigation; (ii) making regular and detailed factual presentations to the Offices; (iii) voluntarily making foreign-based employees available for interviews in the United States; (iv) producing relevant documents located outside the United States to the Offices in ways that did not implicate foreign data privacy laws; and (v) collecting, analyzing, and organizing voluminous evidence and information that it provided to the Offices, including the translation of certain foreign language documents.”

Some additional insight is found in the SEC Order, which states, “ABB’s cooperation included real-time sharing of facts learned during its internal investigation.”  This meant “ABB was sharing information with regulators as quickly as it found those facts, without necessarily knowing how such admissions might affect its overall case and settlement chances.” [emphasis supplied]

Since the SAP enforcement action, extraordinary cooperation has become more difficult to ascertain. While there was no mention of the super duper, extra-credit giving extensive remediation that Kenneth Polite discussed, when SAP began to cooperate, it moved to collaborate extensively. The DPA noted SAP “immediately began to cooperate after South African investigative reports made public allegations of South Africa-related misconduct in 2017 and providing regular, prompt, and detailed updates to the Fraud Section and the Office regarding factual information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its independent investigation…” Most interestingly, the DPA reported that SAP imaged “the phones of relevant custodians at the beginning of the company’s internal investigation, thus preserving relevant and highly probative business communications sent on mobile messaging applications.” This is explicit instruction around messaging apps in FCPA enforcement actions.

Albemarle was credited with significant cooperation by the DOJ during the pendency of its investigation. The NPA noted that the company also received credit for its substantial cooperation and extensive and timely remediation. However, there was only a standard list of items relating to this cooperation and nothing on extraordinary collaboration.

We are back where we started; there is a need for speed. However, the only functional definition we have for it comes from the SEC and not the DOJ. As laid out in the SEC Order for ABB, it is a real-time sharing of facts.