Fcpa Compliance Report

In this episode I am joined by Ruth Steinholtz of AretéWork, Jonathan Armstrong of Cordery Compliance and Kristy Grant-Hart of Spark Compliance Consulting and author of How To Be a Wildly Effective Compliance Officer for a roundtable discussion of the recently concluded SCCE European Compliance and Ethics Institute. We discuss some of the highlights, the changes this group of compliance practitioners has seen and where compliance may be headed in 2017 and beyond.Learn more about your ad choices. Visit megaphone.fm/adchoices

Next I consider at how data analytics can be used to help detect or prevent bribery and corruption where the primary sales force used by a company is third parties. A clear majority of Foreign Corrupt Practices Act (FCPA) violations and related enforcement actions have come from the use of third parties. While sham contracting (i.e. using a third party to conduit the payment of a bribe) has lessened in recent years, there are related data analysis that can be performed to ascertain whether a third party is likely performing legitimate services for your company and is not a sham.  There are several more complex analytics that can be run in combination to identify suspicious third parties, and some of the simplest can be to look for duplicate or erroneous payments. A key to moving from detection to prevention is the frequency of review. It is common for organizations to periodically review a year or more of accounts payable invoices at one time for errors or overpayment. Changing this from a one-time annual or

In this episode Compliance Week Editor in Chief Bill Coffin discusses the upcoming Compliance Week 2017 Conference May 22-24, 2017 in Washington DC. Coffin highlights the key note speakers and some of the other key topics for the event. He discusses how Compliance Week is an entire experience for attendees, exhibitors, speakers and guests. Best of all, listeners to this podcast can receive a discount to this year's event. Go to registration and enter discount code CW17TOMFOX.Learn more about your ad choices. Visit megaphone.fm/adchoices

Auditing of third parties is critical to any best practices compliance program and an important tool in operationalizing your compliance program. This is a key manner in which a company can manage the third party relationship after the contract is signed and one which the government will expect you to engage in going forward.  You should plan out four to six weeks in advance, you should perform the audit with your legal counsel’s lead to preserve privilege, work with the business sponsor to establish key business contacts, discuss audit rights and processes with the third party, you should prepare initial document request lists for financial information queries, take the time to review findings from previous audits and resolutions and also review details of opened and closed internal investigations, if there are any Code of Conduct questionnaires available take care to review and finally be cognizant of any related Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement actions. 

In this episode, Matt Kelly pinch hits for a Walt Disney World-vacationing Jay Rosen. Matt and I have a wide-ranging discussion on some of the week’s top FCPA and compliance related stories. We discuss:  Shearman & Sterling issues its Report to the Wells Fargo Board on the fraudulent account scandal. For Tom’s three-part series see Part I, Part II and Part III. United Airlines is at it again. Click here for Matt’s article on Radical Compliance. Click here for Tom’s article in Compliance Week. Interesting judicial decision on restitution from Judge Posner. See article in the Grand Jury Target blog. Barclay’s CEO penalized for trying to unmask internal and anonymous whistleblower by using corporate security and US law enforcement. See Tom’s article in Compliance Week. Matt reports on Oracle’s Modern Finance Experience conference. Click here for Matt’s blog post on Radical Compliance. Learn more about your ad choices. Visit megaphone.fm/adchoices

The building blocks of any Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program lay the foundations for a best practices compliance program. For instance in the lifecycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third party management becomes more important. It is also the one where the rubber meets the road of operationalizing compliance.  In an issue of Supply Chain Management Review in an article by Mark Trowbridge, entitled “Put it in Writing: Sharpening Contracts Management to Reduce Risk and Boost Supply Chain Performance”, provided useful insights into the management of the third party relationship. While the focus of the article was having a strategic approach to contracts management, the author’s “five ways to start professionalizing your approach to

In a speech before the SIFMA Compliance and Legal Society New York Regional Seminar in November 2015, then Assistant Attorney General Leslie Caldwell laid out metrics the Department of Justice would consider in evaluating a corporate compliance program around third parties. Caldwell began with the following question, “Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?” This inquiry was brought forward into the Justice Department’s Evaluation of Corporate Compliance Programs.  Management of a Third Party Relationship Recognizing that most Chief Compliance Officers (CCOs) and compliance practitioners understand the need for a business justification, questionnaire, due diligence and compliance terms and conditions in a contract, I was gratified to see the DOJ focusing on the final step in the lifecycle of a third party relationship as a key metric for its new Compliance Counsel to evaluate. This is bec

In this episode Matt Kelly and I take a deep dive into the recently released, Public Company Accounting Oversight Board (PCAOB) semi-annual white paper. The white paper providing general information about certain characteristics of emerging growth companies (EGCs). Matt and I discuss some of the PCAOB's key findings: There were 1,951 companies that identified themselves as EGCs in at least one SEC filing since 2012 and have filed audited financial statements with the SEC in the 18 months preceding the measurement date (“EGC filers”). The PCAOB staff observe that the number of EGC filers has grown since the enactment of the Jumpstart Our Business Startups (JOBS) Act, but has stabilized recently. There were 742 EGC filers (or 38 percent) that have common equity securities listed on a U.S. national securities exchange (“exchange-listed”).  The five most common industries for EGC filers as of November 16, 2016, are pharmaceutical preparations, blank check companies, real estate investment trusts, prepackaged so

What is satisfactory due diligence under the Foreign Corrupt Practices Act (FCPA)? That question seems to be more important after story on Unaoil and the subsequent release of the Panama Papers. However, both of these events largely focused on the “who” part of due diligence and the need to know whom you are doing business with going forward. However there is another important question which does not come up as often in due diligence, which is how?  How does a particular third party perform its services with or for your company? If it is on the sales side of things, how can a third party help you make sales? If a third party comes through the Supply Chain, how do their products or services meet the needs of your company? If the third party has a closer business relationship, such as a joint venture (JV), teaming agreement or other similar arrangement, you may well need a much deeper understand of how this third party does business because the relationship may well become so close you will be intertwined with

The Justice Department Evaluation of Corporate Compliance Programs states in Prong 10, Appropriate Controls – What was the business rationale for the use of the third parties in question? What mechanisms have existed to ensure that the contract terms specifically described the services to be performed, that the payment terms are appropriate, that the described contractual work is performed, and that compensation is commensurate with the services rendered?   You should incorporate compliance terms and conditions into your contracts with third parties. You must have appropriate compliance terms and conditions in every contract with third parties. I would suggest that you prepare a template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts;

In this episode, I am joined by Eric Feldman, SVP at Affiliated Monitors. Eric is a long time US government employee who now helps to provide companies with monitorship services, in a wide range of areas. These include external monitors after a FCPA enforcement action, monitorships with companies who contract with the federal government, state and local authorities. Eric discusses the strategic use of a monitor in a wide variety of areas, from prevention and detection of legal violations to M&A work. For more on Affiliated Monitors, check out their website by clicking here.Learn more about your ad choices. Visit megaphone.fm/adchoices

An important part of the job duties of any compliance practitioner is clearing red flags which might appear for a proposed third-party relationship during the due diligence process. It is mandatory that not only must all red flags be cleared but there also be evidence of the decision-making process to show to a regulator if one comes knocking. The Justice Department Evaluation of Corporate Compliance Program states under Prong 10 the following, “Real Actions and Consequences – Were red flags identified from the due diligence of the third parties involved in the misconduct and how were they resolved?” There is no set formula or guideline for clearing red flags or evaluating due diligence. One approach came from two compliance practitioners at GE Oil & Gas, Flora Francis and Andrew Baird made at the 2014 SCCE Utility and Energy Conference on GE’s third party risk management, where they described the process by which GE reviews the risks around each third party with which it does business.  Some of the factors w

Show Notes for Episode 47, for the week ending April 7, the Season Opener Edition In this episode, Jay and I have a wide-ranging discussion on some of the week’s top FCPA and compliance related stories. We discuss:  Wrap up from the SCCE European Compliance and Ethics Institute. SEC Unit Chief Kara Brockmeyer announces her retirement. Click here for Matt Kelly’s article on Radical Compliance. Wal-Mart announces its 2016 spend on its FCPA investigation and remediation of $99MM. Click here for Matt Kelly’s article on Radical Compliance. Upjohn warnings after the Yates Memo. See article the Grand Jury Target blog. Report on OECD Integrity Forum. Allison Taylor writes in the FCPA Blog. Astros, Red Sox and Dodgers all lead their divisions. Jay previews his weekend report. Learn more about your ad choices. Visit megaphone.fm/adchoices

Yesterday I considered the need for due diligence in the management of third parties. Today, I want to take a deeper dive and explore the levels of due diligence. Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.  Level I  First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering, anti-bribery, sanctions lists, coupled with other financial corruption & criminal databases.  These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities.  It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their co

Most companies fully understand the need to comply with the FCPA requirements around third parties as they represent the greatest risks for an FCPA violation. However, most companies are not created out of new cloth but are ongoing enterprises with a fully up and running business in place. This means they may need to bring resources to bear to comply with the FCPA while continuing operating an ongoing business. This can be particularly true in the area of performing due diligence on third parties. Many companies understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of third party risk and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. The information that you should have developed in Steps 1 & 2 of the third party management process should provide you with the initial information to c

In this episode, I visit with Adelle Berger, who recently became the Chief Integrity Officer at Louis Berger. Some of the topics we discuss are: Why is her title “Chief Integrity Officer” as opposed to Chief Compliance Officer or Chief Ethics and Compliance Officer?; What is the role of a CCO around integrity or how does she see her role at Louis Berger different that a traditional CCO?; Does she have any specific initiatives around ‘integrity’?; How can a Chief Integrity Officer help drives the values and culture in an organization; Her academic background is not the usual one for a compliance professional, what took her in the field; and How a Chief Integrity Officer is the most recent iteration of the compliance function, to Compliance 3.0. Learn more about your ad choices. Visit megaphone.fm/adchoices

The next step in the five-step process is the Questionnaire. The term ‘questionnaire’ is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. The questionnaire should be mandatory step for any third party that desires to work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk, but run away from doing business with such a party.  In the 2011 UK Ministry of Justice’s (MOJ), discussion of Six Principals of an Adequate Procedures compliance program, they said the following, a Questionnaire, “means that both the business person who desires the relationship and the foreign business representative commit certain designated information in writing prior to beginning the due diligence process.”  One of the key requirements of any successful anti-corruption complian

In this episode Matt Kelly and I take a deep dive into the recent kerfuffle involving United Airlines and its policy which prevented to teenaged girls from boarding a flight wearing leggings. Was United within its rights to exclude the passengers for inappropriate dress? Is the policy valid? Did the gate agent receive appropriate training to make their decision? In the world of today, social media accelerates the ability to judge, without improving the ability to judge. For ethics & compliance officers, that means every compliance risk is now magnified into a reputation risk. Finally, we consider Matt's closing sentence, "Training, values, culture, judgment. Funny how those four things keep cropping up, isn’t it?" and what it means for compliance.  For more insight, read Matt's blog post, "United's Policy Management Lessons"Learn more about your ad choices. Visit megaphone.fm/adchoices

The Evaluation, in Prong 10, Third Part Management asks, “What was the business rationale for the use of the third party in question?” This question is one of the most basic tools to operationalize your compliance program and should form the basis of your third-party risk management process.  It is common sense that you should have a business rationale to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have that specific third party representing your company. This concept is enshrined in the 2012 FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.”  The Internal Revenue Service (IRS) also considers a business rationale to be an important part of any

In this episode I visit with John Hanson (AKA 'the Fraud Guy') who is also the founder of the International Association of Independent Corporate Monitors (IAICM). He discusses why he founded the group, the needs it hopes to address, the resources available to members and others  and how someone can apply for membership. the Association's website is icicm.org. For additional information you can contract Hanson at jhanson@iaicm.org. Finally, ror more information see my blog post IAICM Shines a Light on Corporate Monitor. Learn more about your ad choices. Visit megaphone.fm/adchoices