Categories
Blog

Key Compliance Speeches from 2023 – DAG Monaco on a Culture of Compliance

In March 2023 there were two days of speeches from the DOJ which added to the compliance complexity.  The speeches were made by Deputy Attorney General (DAG) Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite, Jr. (Polite Speech) and they discussed a number of initiatives by the DOJ which every compliance professional needs to study in some detail. Today we will review the 2023: (1) The Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks; (2) Evaluation of Corporate Compliance Programs; and (3) Revised Memorandum on Selection of Monitors in Criminal Division Matters.

In the fall 2021, Monaco announced the “Corporate Crime Advisory Group to recommend more advances, based on input, and this is important, input from outside as well as inside the department.” This led to the September 2022 announcement of the Monaco Doctrine as laid out in the Monaco Memo where the DOJ changed its focus to “promoting cultures of corporate compliance, while also ensuring consistency and predictability in the way the government treats corporate crime.” Her goal was to “empower companies to do the right thing, by investing in compliance, in culture and in good corporate citizenship — while at the same time empowering our prosecutors to hold accountable those who don’t follow the law.”

At the end of the day, perhaps the most significant pronouncement from Monaco was the following “in today’s complex and uncertain geopolitical – very uncertain quite frankly – geopolitical environment, corporate crime and national security are overlapping to a degree never seen before, and the department is retooling to meet that challenge.” This fits with the Biden Administration’s Strategy on Combatting Corruption, which elevated the fight against bribery and corruption through enforcement of laws such as the Foreign Corrupt Practices Act (FCPA) to a National Security Issue. Of course, the Biden DOJ has said several times in the past that “Sanctions are the new FCPA” and Monaco reiterated that in her speech last week.

Monaco set the tone for the week by identifying five general areas of DOJ focus. (1) Inspiring a Culture of Compliance; (2) Voluntary Self-Disclosure Programs; (3) Promoting Compliance through Compensation and Clawback Programs; (4) Resource Commitments to Corporate Criminal Enforcement; and (5 ) Individual Accountability.

A Culture of Compliance

The Monaco Memo “emphasized the department’s commitment to finding the right incentives to promote and support a culture of corporate compliance.” Monaco hoped to do so by creating two new areas of focus in addition to those laid out in the FCPA Resource Guide,  the 2017 Evaluation of Corporate Compliance Program and its 2020 Update and Chief Compliance Officer (CCO) certification requirement. In the 2023 Monaco Speech, she stated, “I noted two new areas of particular focus: a cross-department approach to promoting voluntary self-disclosure and how compensation structures can foster responsible corporate behavior. We want companies to step up and own up when they discover misconduct and to use compensation systems to align their executives’ financial interests with the company’s interest in good corporate citizenship.”

What is interesting about these two components is that they previously existed but were made more important in the Monaco Memo. Clear rewards for self-disclosure have been a part of FCPA enforcement since 2016 with the initiation of the Pilot Program around self-disclosure. Financial incentives and penalties (carrots and sticks) have been a part of best practices compliance programs since at least 2004 and were included in the original 2012 FCPA Resource Guide. But now a company must engage in both actions to demonstrate a “culture of compliance” to obtain the presumption of a declination under the Corporate Enforcement Policy.

Voluntary Self-Disclosure

Seemingly buried in the speech is perhaps the most significant statement about white collar criminal enforcement. Monaco said, “Now, with respect to voluntary self-disclosure, I am pleased to report that, for the first time, every U.S. Attorney’s Office now has, and every component I should say, that prosecutes corporate crime, now has in place an operative, predictable and transparent voluntary self-disclosure program. These policies share a common principle: absent aggravating factors, no department component will seek a guilty plea where a company has voluntarily self-disclosed, cooperated and remediated the misconduct.” She went on to add, “Let me be very clear. I want every general counsel, every executive and board member to take this message to heart: where your company discovers criminal misconduct, the pathway to the best resolution will involve prompt voluntary self-disclosure to the Department of Justice.” Her example was an excellent one: the ABB FCPA enforcement action.

Compensation and Clawbacks

Once again Monaco emphasized a part of every best practices compliance program over the past 20 years, financial incentives for doing business ethically and in compliance. However, in her 2023 Speech, she emphasized the disincentives or clawbacks. She stated, “First, every corporate resolution involving the Criminal Division will now include a requirement that the resolving company develop compliance-promoting criteria within its compensation and bonus system…Second, under the pilot program, the Criminal Division will provide fine reductions to companies who seek to claw back compensation from corporate wrongdoers.”

Monaco said the goal is “to shift the burden of corporate wrongdoing away from shareholders, who frequently play no role in the misconduct, onto those directly responsible.” The DOJ will incentivize such behavior in the following manner. “At the outset of a criminal resolution, the resolving company will pay the applicable fine, minus a reserved credit equaling the amount of compensation the company is attempting to claw back from culpable executives and employees. If the company succeeds and recoups compensation from a responsible employee, the company gets to keep that clawback money — and also doesn’t have to pay the amount it recovered.  And because we heard from stakeholders about how challenging and how expensive the pursuit of clawbacks can be, the pilot program will also ensure that those who pursue clawbacks in good faith but are unsuccessful are still eligible to receive a fine reduction.”

Resource Commitments

This section of the speech deals with DOJ resource commitments but it is still significant. Here Monaco emphasized the intersection of corruption, money-laundering, sanctions and National Security. This continues the Biden Administration trend on this score. There are new and additional resources the DOJ is bringing to bear in all of these areas. This includes the international arena as well. But a huge part of this commitment is that companies are now seen in many ways as the front line of criminal enforcement through self-disclosure of illegal conduct. If the DOJ continues down this path, both the incentives for self-disclosure and cooperation as well as the pain the DOJ will bring for companies which do self-disclose will be significant.  Monaco closed her speech with the following, “Investing now in a robust compliance program is good for business, and it is good for our collective economic and national security.”

Individual Accountability

As far back as 2015, in the Yates Memo, the DOJ has said they will emphasize individual accountability, through individual, as opposed to corporate, enforcement actions. In her speech, Monaco pointed to charges brought against two of the current most prominent alleged fraudsters, Sam Bankman-Fried and Carlos Watson and the convictions out of Theranos; Elizabeth Homes and Sunny Balwani. She also stated, “The Criminal Division’s Fraud Section, for example, secured more individual convictions at trial last year than in any of the previous five years.  So, our message is clear: the department will zealously pursue corporate crime in any industry, and we will hold wrongdoers accountable, no matter how prominent or powerful they are.” While this has yet not been seen in FCPA enforcement, perhaps it will be this year and beyond.

Tomorrow we will review the Polite Speech.

Categories
Blog

Albemarle FCPA Enforcement Action: Part 5 – Lessons Learned

Over the past several blog posts, I have been exploring the Albemarle FCPA enforcement action.  We have explored in some detail the DOJ Non-Prosecution Agreement (NPA) and the SEC Administrative Order(Order). In this final blog post on the series, I want to suss out some lessons for the compliance professional.

Consequence Management

When Kenneth Polite announced the Pilot Program in conjunction with the 2023 Evaluation of Corporate Compliance Programs (ECCP), the focus was largely on clawbacks. However, the relevant section in the ECCP was entitled “Consequence Management,” indicating a broader focus on both incentives to do business ethically and in compliance as well as disincentives. The ECCP asked a series of questions:

  • Has the company considered the impact of its financial rewards and other incentives on compliance?
  • Has the company evaluated whether commercial targets are achievable if the business operates in a compliant and ethical manner?
  • What role does the compliance function have in designing and awarding financial incentives at senior levels of the organization?
  • How does the company incentivize compliance and ethical behavior? What percentage of executive compensation is structured to encourage enduring ethical business objectives?
  • Are the terms of bonus and deferred compensation subject to cancellation or recoupment, to the extent available under applicable law, in the event that non-compliant or unethical behavior is exposed before or after the award was issued?
  • Does the company have a policy for recouping compensation that has been paid where there has been misconduct?
  • Have there been specific examples of actions taken (e.g., promotions or awards denied, compensation recouped, or deferred compensation canceled) as a result of compliance and ethics considerations?

The NPA noted that Albemarle engaged in holdbacks, as they did not pay bonuses to certain employees involved in the conduct or those who had oversight. The NPA stated, “The Company withheld bonuses totaling $763,453 during its internal investigation from employees who engaged in suspected wrongdoing.” The illegal conduct involved those who “(a) had supervisory authority over the employee(s) or business area engaged in the misconduct; and (b) knew of, or were willfully blind to, the misconduct.” The significance of this effort was vital as it qualified Albemarle for an additional fine reduction of a dollar-for-dollar credit of the amount of the withheld bonuses under the Criminal Division’s March 2023 Compensation Incentives and Clawbacks Pilot Program.

Indeed, Deputy Attorney General Lisa Monaco, in a recent speech, said, “The pilot program also rewards companies that claw back or withhold incentive compensation from executives responsible for misconduct – or attempt to do so in good faith. For every dollar that a company claws back or withholds from an employee who engaged in misconduct – or a supervisor that knew of or turned a blind eye to it – the Department will deduct a dollar from the otherwise applicable penalty that the resolving company would pay.”

She specifically cited the Albemarle FCPA resolution, where “the company received a clawback credit for withholding bonuses of employees who engaged in misconduct. Not only did Albemarle keep the bonuses that would have gone to wrongdoers, but the company also received an offset against its penalty for the same amount. That’s money saved for Albemarle and its shareholders – and a concrete demonstration of the value of clawback programs.”

 Remediation During Investigation

The NPA cited several remedial actions by the company that helped Albemarle obtain the superior result in terms of the discounted fine and penalty. These steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out an effective compliance program and had tested it. The NPA provided that Albemarle:

  • Strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization;
  • Transformed its business model and risk management process to reduce corruption risk in its operation and to embed compliance in the business, including implementing a go-to-market strategy that resulted in eliminating the use of sales agents throughout the Company, terminating hundreds of other third-party sales representatives, such as distributors and resellers, and shifting to a direct sales business model;
  • Provided extensive training to its sales team and restructured compensation and incentives so that compensation is no longer tied to sales amounts;
  • Used data analytics to monitor and measure the compliance program’s effectiveness and
  • We are engaged in continuous testing, monitoring, and improvement of all aspects of its compliance program, beginning almost immediately following the identification of misconduct.

Two of the factors are relatively new and certainly are noteworthy for the compliance professional. The first is the change in the company’s approach to sales and their sales teams. Obviously, it was corrupt third-party agents that brought the company to such FCPA grief. Many of the quotes in the NPA and Order make it clear that Albemarle executives had an aversion to paying bribes but had greater moral flexibility when a third-party agent was involved. This led to the company moving away from third-party agents to a direct sales force.

Moving to a direct sales force does have its risks, which must be managed, but those risks can certainly be managed with an appropriate risk management strategy, monitoring of the strategy, and improvement; those risks can be managed. Yet there is another reason, and more importantly, a significant business reason, to move towards a direct sales business model. Every time you have a third-party agent or anyone else between you and your customer, you risk losing that customer because your organization does not have a direct relationship with the customer. By having a direct sales business model, your organization will have a direct relationship with your customer and, therefor, the ability to develop it further.

The NPA also specifically called out the Company’s use of data analytics in two ways. The first was to monitor the Company’s compliance program, and the second was to measure the compliance program’s effectiveness. While this language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions’ access to all company data, this is the first time it has been called out in a settlement agreement in this manner. Moreover, although not specifically tied to the lack of a required corporate Monitor, it would appear that by using data analytics, Albemarle was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation.

Internal Controls Over Commission Increases

According to the SEC Order, the Company failed to devise and maintain a sufficient system of internal accounting controls with respect to commission rates and deviations from contracted rates. In other words, even though there were internal controls in place for the setting of third-party agents’ commissions, they could be overridden at will. The Order concluded by noting, “As a result, sales personnel were able to increase agents’ commission rates in multiple countries – including Vietnam, India, China, and UAE – despite certain Albemarle personnel having knowledge of red flags indicating the agents would use a portion of the commission to make bribe payments to obtain contracts, influence tender specifications, or obtain nonpublic information concerning competitors’ bids.”

Every compliance professional should review their company’s controls over agents’ commission rates to make sure the business unit personnel alone cannot raise commission rates. While business units can always make the business case, this enforcement action drives home the message that the compliance function is not ‘one and done’ when an agent is approved but must be monitored throughout the third-party relationship lifecycle. Any requested change to a commission rate must go through the same analysis and approval process as the original approval.

Timely Self-Disclosure

There was a significant discussion in the NPA around Albemarle’s voluntary self-disclosure to the DOJ. However, NPA noted that “the disclosure was not “reasonably prompt” as defined in the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy and the U.S. Sentencing Guidelines.” The NPA reported that Albemarle learned of allegations regarding possible misconduct in Vietnam approximately 16 months before disclosing it to the DOJ. Interestingly, the SEC Order only stated, “Albemarle made an initial self-disclosure to the Commission of potential FCPA violations in Vietnam following its completion of an internal investigation of such conduct and, at the same time, self-reported potential violations it was investigating in India, Indonesia, and China. Albemarle later self-disclosed to the Commission potential violations in other jurisdictions as part of an expanded internal investigation.”

This meant the self-disclosure “was not within a reasonably prompt time after becoming aware of the misconduct in Vietnam,” and it means that Albemarle did not meet the standard for voluntary self-disclosure under the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy. While the DOJ “gave significant weight” to the Company’s voluntary, even if untimely, disclosure of the misconduct, it is undoubtedly cautionary.

What the DOJ wants is self-disclosure as soon as possible. One only needs to recall the case of Cognizant Technologies, where the company received a complete Declination where there were allegations of C-Suite involvement in the bribery schemes. This Declination was provided in large part because the company made its self-disclosure only two weeks after the information filtered up to the Board of Directors. While Cognizant Technologies may be the gold standard, it shows that if a company timely self-discloses, it can be considered for a full Declination.

The Albemarle FCPA resolution documents are chocked full of solid information that every compliance professional can use in the future. They are well worth a deep dive—finally, a kudos to Albemarle for obtaining this superior result.

Categories
Daily Compliance News

Daily Compliance News: October 6, 2023 – The Backdoor Man Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • DOJ offers self-disclosure incentives in M&A. (WSJ)
  • SBF-Backdoor Man? (NYT)
  • A car wreck, death, and corruption? (Vanity Fair)
  • Alibaba accused of ‘possible espionage’. (FT)

Categories
FCPA Compliance Report

FCPA Compliance Report – Maria D’Avanzo on Investigations

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In the latest episode of FCPA Compliance Report, Maria D’Avanzo from Traliant returns to discuss the essential role of outside counsel in FCPA investigations and the challenges that a CCO may face. They believe having trusted counsel with business acumen and commercial knowledge is vital, especially when discovering potential violations outside the initial scope of the investigation. Maria shares her experience working with the CEO and chair of the audit committee and offers excellent tips for compliance professionals learning to trust their gut. The speakers also discuss the importance of self-disclosure and equally applying disciplinary actions across different jurisdictions in misconduct cases. This explosive discussion is full of insights, advice, and best practices, making it a must-listen for anyone looking to improve their organization’s compliance standards. You won’t want to miss it!

Key Highlights:

  • Managing Whistleblower Complaints: Next Steps and Importance of Outside Counsel
  • FCPA Investigation Best Practices
  • Navigating investigations outside of the initial scope
  • Navigating Compliance Decision-Making
  • Internal Disciplinary Processes and Corporate Compliance
  • Supervised learning and DOJ cooperation challenges
  • The decision (or not) to self-disclose

Resources:

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

Ryan Patrick on the Role of a US Attorney Under the Monaco Memo, CEP & ECCP

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Looking for a podcast that will give you insights into the Department of Justice’s corporate enforcement policy and the implications for corporations facing investigations? Look no further than FCPA Compliance Report! In this episode, Tom Fox sits down with Ryan Patrick, a former US district attorney for the southern district of Texas. They discuss the importance of staying up-to-date with DOJ memos and speeches, the difficulty for corporations in deciding whether or not to self-disclose, and the implications of outside counsel being deputized. Ryan emphasizes the importance for companies to work with lawyers who know judges and have pre-existing relationships with local prosecutors, including US attorneys and line prosecutors. They discuss the Southern District of Texas and its role in border-related issues, as well as the Patrick’s time as a US Attorney for the Southern District of Texas. This podcast is a must-listen for anyone looking to gain a better understanding of corporate enforcement and compliance policies. Don’t miss out on the conversation between Tom Fox and Ryan Patrick!

 Key Highlights

·      Discussing U.S District Attorney’s work challenges

·      Evolution of Corporate Enforcement Policy by DOJ

·      Challenges in Communication with Corporations for Attorneys

·      Challenges of Self-Disclosure for Businesses

·      Navigating Legal Issues with Local Counsel

·      Challenges to Attorney-Client Privilege in Corporate Cases

·      Border Security and Cryptography Cases in Texas

·      US Attorney General Advisory Committee in Presidential Administration

·      Role of Southern District of Texas in law enforcement and corporate enforcement

·      Inside a Federal Prosecutor’s Role

 Notable Quotes

·      “It seems to me that this broaden beyond simply anti-corruption in FCPA and whether it be fraud, whether it be antitrust, whether it be environmental, whether it be a wide variety of other types of issues that an AUSA and a local district attorney US district attorney’s office would prosecute.”

·      “Asking the US attorney’s offices now to step into this space where really thinking from the idea of self-disclosure and from monitoring or audio auditing, so to speak, someone’s compliance program.”

·      “One of the not perhaps most difficult, but hardest conversations a corporation has is whether or not to self-disclose under the FCPA.”

·      “Bring it to me. I will consider it because it’s not 1 size fits all.

Resources

Ryan Patrick on LinkedIn

Ryan Patrick on Haynes and Boone

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
From the Editor's Desk

February and March in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

 In this month’s episode, we look back at top stories in CW from February around the changes in DOJ efforts to encourage corporate cooperation and compliance and; the Treasury Department’s renewed enforcement efforts against banks for violations of OFAC Regulations. We previewed some of the stories CW will look at in March, including several articles about data privacy in the US and Europe in a CW special issue.

Kyle relates some of the upcoming Compliance Week 2023 Conference highlights from May 15-17 in Washington, DC. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link below.

 We conclude with a look at some of the top sports stories, including a recap of the Super Bowl, the insanity of the NBA trading deadline, and the opening of Spring Training.

 Resources

Compliance Week 2023 information and registration here

Kyle Brasseur on LinkedIn

Compliance Week

Categories
Daily Compliance News

February 23, 2023 – The Self-Disclosure Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • US states seek to block ESG investing rules. (Reuters)
  • Judge allows Wexner subpoena by mail in Epstein lawsuit. (FT)
  • Ohio speaker alleged to have used bribes money to pay for physical assaults. (Ohio Capital Journal)
  • US attorneys want more self-disclosure. (Bloomberg)
Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 2

In this three-part blog post series, we are ruminating on how to create an effective compliance program through  the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

Under Step 4, companies must quickly analyze their data quickly and efficiently to determine if they need to self-disclose any potential issues. By sharing the attributes across corporate siloes, companies can make their individual models perform better and improve their compliance programs. This allows companies to access the data quickly and easily, allowing them to identify potential risks and areas of improvement. It also provides insights into the effectiveness of compliance programs, allowing companies to make better informed decisions concerning their compliance.

Overall, having access to relevant sources of data is essential for an effective compliance program. Companies can gain access to data through on-premise platforms. By leveraging these sources of data, companies can ensure their compliance programs are up to date and compliant with applicable laws and regulations.

Step 5 is to conduct monitoring at the beginning and throughout the lifespan of any business  relationship or transaction cycle. This is an important step as it allows a company to identify potential issues with their compliance program and take corrective action. Monitoring should be conducted at the beginning of a relationship or transaction to ensure that all parties understand the expectations and that there is no potential for criminal activity. Monitoring should continue throughout the relationship as well, as this will allow a company to identify any changes in behavior or activity that could indicate a potential problem. This can be used to gain insights into a vendor’s financial and transactional data, which is often a key indicator of future or even potential compliance violations.

Having access to relevant sources of data and conducting monitoring throughout the lifespan of a third-party relationship will help an organization meet the expectations set by the DOJ for an effective compliance program. With the DOJ’s recent announcement of amendments to the Corporate Enforcement Policy, companies have even greater incentive to self-disclose if they uncover potential violations, all of which demonstrates an effective compliance program. A data analytics platform can help companies quickly identify understanding of the risks and monitoring these relationships regularly, companies can ensure that they are compliant with all applicable regulations and review potential issues.

With a comprehensive view of their activities, organizations can quickly identify any changes in activities, such as unusual patterns of payments or activities, which could indicate a potential problem. Through visibility into third party activities and transactions, companies are able to gain a better understanding of the compliance risk associated with their third-party relationships. Moreover, businesses have a mechanism to identify any financial or transactional red flags.

Interestingly Walden advocates having an “on-premise application” for data analytics, which is he step 6.  He believes “This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools.” It can be hosted and managed as a service, “meaning that companies can utilize the platform without having to move large amounts of data around each month.” This helps companies to gain insights from the model without compromising their data privacy. Furthermore, this platform can be used to identify anomalous payments that may be indicative of corruption or fraudulent activities.

Join us tomorrow where continue conclude our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance

Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 1

I recently had the opportunity to visit with Vince Walden for the inaugural episode of the newest podcast on the Compliance Podcast Network, Data Driven Compliance. Walden is a compliance professional with 15 years of experience, who left his day job and founded Kona AI, a cutting-edge innovation for compliance professionals. Kona AI is an on-premise platform to build advanced analytics and compliance monitoring that aligns with the DOJ’s expectations.

Over this multi-part blog post series, I will be discussing how to create an effective compliance program through  the use of data analytics by considering the requirement laid out by the Department of Justice (DOJ) in their recent pronouncements on a best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics.

It is important for compliance professionals to make informed decisions that are driven by data to ensure that the compliance program is effective and efficient. Data-driven decisions enable compliance professionals to make decisions that are backed by evidence, allowing them to make informed decisions that are based on facts and figures rather than assumptions or guesswork. Without data, compliance professionals would be unable to accurately measure the effectiveness of their compliance program or identify potential risks or areas of non-compliance.

Data-driven decisions also allow compliance professionals to identify areas of strength and opportunities for improvement. By utilizing data, they can identify trends, patterns, and correlations that can help them understand the underlying causes of compliance issues and formulate strategies to address them. Furthermore, data-driven decisions are more likely to be accepted and supported by stakeholders, as they are based on facts and have been thoroughly researched and analyzed. Ultimately, data-driven decisions ensure that compliance professionals are making informed decisions that are in the best interests of their organization. Walden articulate 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at your fingertips.

Under Step 1, the assessing of your company’s conduct begins with understanding the DOJ’s  expectations for an effective compliance program. Companies should have policies and procedures in place that enable them to access relevant sources of data, conduct ongoing monitoring of third-party relationships, and hold compliance officers accountable for the effectiveness of the compliance program. Additionally, companies should ensure they have the necessary technology in place to be able to quickly conduct an analysis of their data to determine if a self-disclosure is necessary. By taking these steps, companies can ensure they are meeting the DOJ’s expectations and are in a better position to successfully self-disclose if necessary.

Finally, assessing a company’s conduct should also involve an analysis of the company’s external communications. Companies should have a process in place for responding to inquiries from the public, media, and other stakeholders, and they should ensure that all communications are accurate and timely. Additionally, companies should ensure they are regularly engaging with their stakeholders to keep them informed of any changes in their compliance policies or procedures. By taking these steps, companies can ensure they are engaging in effective external communications that foster trust and confidence in their compliance program.

Self-disclosure is a key step in achieving an effective compliance program. Walden lists this as Step 2. It is important for companies to to demonstrate their commitment to compliance and avoid possible enforcement actions. Recently Kenneth Polite reiterated the importance of self-disclosure and discussed the changes to the corporate enforcement policy. Self-disclosure is viewed as a sign of good faith and can have a major impact on the DOJ’s decision to pursue or not to pursue a case.

However, to meet this requirement under the DOJ Corporate Enforcement Policy, companies need to have access to their data quickly in order to determine if self-disclosure is necessary. This means having an on-premises platform that can quickly search through transactions, identify potential corrupt payments, and compare them to a predictive model. This will demonstrate that they have an effective compliance program for the DOJ to consider them for leniency. But it requires having access to relevant sources of data and conducting monitoring throughout the relationship with third parties. Having an analytics platform can help companies detect anomalies in their data and identify patterns in the data that can help create an effective compliance program.

In addition to self-disclosure, companies must also take steps to ensure that their compliance program is effective and meets the standards of the DOJ. Companies should have access to a streamlined technology platform that helps them manage their compliance efforts. This platform should have tools to monitor third-party relationships, identify suspicious activity, and monitor compliance efforts. An effective compliance program also requires ensuring that employees receive proper training and understanding of the company’s policies and procedures. Companies should also have an audit system in place to regularly check that their compliance program is meeting the standards of the DOJ. This audit system should include periodic assessments of the compliance program and regular reviews of third-party relationships.

Of course, if you do not know you have a problem, you organization cannot self-disclose and cannot meet the mandates to demonstrate an effective compliance program. Hence under Step 3, an organization must understand if there is a problem or not which warrants self-disclosure.  With the right technology in place, companies can monitor their compliance efforts and ensure that they are meeting the expectations of the DOJ. Additionally, companies should ensure that employees are properly trained on the company’s policies and procedures. Taking these steps can help create an effective compliance program that meets the expectations of the DOJ.

Join us tomorrow where continue our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance.

Categories
FCPA Compliance Report

Laura Perkins on the Monaco Memo

In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, I am joined by Hughes Hubbard partner Laura Perkins to take a deep dive into the Monaco Memo. Some of the highlights include:

  1. Determination of Monitor Need.
  2. Roadmap to proa-active compliance.
  3. Timely self-disclosure as criteria for monitorship?
  4. Monitor selection criteria.
  5. Monitor review and oversight.

 Resources

Laura Perkins on HughesHubbard.com

Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog

  1. A Jolt for Compliance
  2. Timely Self-Disclosure
  3. Corporate Compliance Programs
  4. Monitors
  5. Polite Speech

Monaco Memo