Fcpa Compliance Report

In this episode Kristy Grant-Hart, author of How to be a Wildly Successful Compliance Officer joins me to debate the merits of the ISO 37001 certification. I think the process is worse than useless while Kristy believes they are a step forward.  For our additional written commentary on this issues, see Kristy's post The top five myths about ISO 37001 exposed. For my views in opposition, see ENI Receives an ISO 37001 Certification and ENI CEO Charged with CorruptionLearn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Jay and I have a wide-ranging discussion on the intersection of culture and ethics. We discuss:  German authorities raid at VW investigation counsel, Jones Day, offices in Germany and what it may portend for FCPA investigation. See Tom’s article on the FCPA Blog. British cycling team scandal. See Tom’s article on the FCPA Blog. Uber, culture and corporate governance. See FT article, “Crisis inside the cult of Travis”. Venezuela begins to investigate PDVSA for corruption. See article in the Wall Street Journal. Federal reserve seeks lifetime ban for JPMorgan bankers who ran the illegal ‘Sons and Daughters’ hiring program. See article in the FCPA Blog. Tom reveals an exciting new podcast, the Compliance Report-International Edition, which will premier next week. The initial episode will feature Carlos Ayers on recent anti-corruption developments in Brazil and South America. Jay previews his weekend report. Tom reports on a talk about 3rd party ROI at the upcoming Third-Party Risk Managemen

Another way to operationalize compliance is to have oversight moved out into regions. Such an approach can more effectively ensure employee and third party compliance with your Code of Conduct throughout a organization by integrating compliance into every aspect of a Company’s functions and generating the necessary information to continuously improve your compliance program. Such a regional compliance committee can operate on multiple planes to fully operationalize compliance in a company, augment existing internal controls and make the company a more efficient and profitable entity. The formation of a regional compliance committee works to operationalize compliance through the creation of more direct ownership, accountability, and valuable transparency of your compliance regime.  This moves compliance down into all levels of the company’s operations.  This approach also significantly improves consistency of compliance execution and helps to ensure that all a company’s business objectives are achieved in a le

The operationalization of your compliance programs means how deeply is compliance integrated into the function of your company. Today, I want to consider another way to operationalize compliance through the Compliance Oversight Committee. The Compliance Oversight Committee sits between the CCO and the Board’s compliance committee. The role of this Compliance Oversight Committee is to provide oversight and review of high risk issues such as third party approvals and renewals, requests for payments from third parties and significant gift, travel and entertainment requests from employees. This committee’s oversight demonstrates not only a shared committee to compliance as required under the Justice Department’s Evaluation of Corporate Compliance Programs but also fulfills the requirement for engaged senior management oversight as a part of a company’s management of risk. As far back as January 2005, in the Deferred Prosecution Agreement (DPA) entered into between the Department of Justice (DOJ) and the Monsanto

This episode is dedicated to the Justice Department’s Evaluation of Corporate Compliance Programs, which was released in February. In this episode, Matt Kelly and Mike Volkov provide next insight. Next week will be views from Jay Rosen and Jonathan Armstrong.    Matt Kelly opens by considering the Evaluation as a continuation in a series of pronouncements around ‘operationalizing’ your compliance program. He discusses whether this approach consistent or different with the regulatory requirements of SEC FCPA enforcement and how would this document intersect with SEC ‘regulatory enforcement’ of the FCPA? Finally, he considers whether the Evaluation ties in at all to a control environment under either the COSO 2013 Framework or COSO ERM framework. For Matt Kelly’s posts see the following:             Fresh FCPA Guidance from the Justice Department; and             Deeper Dive into new DoJ Compliance Guidance Mike Volkov discusses why the Evaluation was issued literally in the dead of night and why would t

  Today I want to explore in some detail the first Objective in the COSO 2013 Framework-the Control Environment as a path to operationalize your compliance program. This Objective lays out five steps you can take to put the responsibility on function corporate disciplines to imbue compliance into the fabric of an organization.  A.        Control Environment  Rittenberg said this “sets the tone for the implantation and operation of all other components of internal control. It starts with the ethical commitment of senior management, oversight by those in governance, and a commitment to competent employees.” The five principles of the Control Environment object are as follows:  Principle 1 - The organization demonstrates a commitment to integrity and ethical values. Principle 2 - The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Principle 3 - Management establishes with board oversight, structures, reporting lines and

In this episode, Matt Kelly and I take a deep dive into a dramatic 48 hours in the life of the FCPA last week, which portends the trend of continued FCPA enforcement. It included the announcement by Kevin Blanco, acting assistant attorney general for the Criminal Division, who speaking at the American Bar Association’s annual white collar crime conference of the extension of the FCPA Pilot Program; the retort by Secretary of State Rex Tillerson to President Trump on the power of the FCPA for US companies doing business overseas, the Justice Department brief and oral argument in the Hoskins appeal where the DOJ continued to press for an expansive view of FCPA jurisdiction as originally preferred by the Obama DOJ; and finally we discuss the summary of all US attorneys by the Trump administration and Matt's proffers an interesting theory on why Preet Bharara was fired. For more reading, see Matt's piece on Radicalcomplinance.com entitled, "FCPA: Pilot Program Extended, and Much More".Learn more about your ad cho

Under the Prong entitled “Policies and Procedures” subtexted Operational Integration, the Evaluation states:  Payment Systems – How was the misconduct in question funded (e.g., purchase orders, employee reimbursements, discounts, petty cash)? What processes could have prevented or detected improper access to these funds? Have those processes been improved? While of the basic Watergate maxims has always been appropriate in any FCPA investigation, Follow The Money, the Evaluation takes payment systems and their internal controls several steps further past the detect and even investigatory precepts. There is not a set of “compliance internal controls” but rather internal controls permeating throughout an organization which creates their effectiveness. Today, we examine what are effective compliance internal controls and how the payroll function can assist in fulfilling those requirements.  What are internal controls?  What are internal controls in a FCPA compliance program? The starting point is the law itself,

  If there is one over-riding theme from the recently released Evaluation of Corporate Compliance programs it is that a corporate compliance program must be operationalized. Indeed that is the theme of this month’s series of podcasts. Another way to think about operationalization is the connectedness of compliance throughout an organization. In an article from the Harvard Business Review (HBR), entitled “How Smart, Connected Products are Transforming Companies”, by Michael E. Porter and James E. Heppelmann, focused on the new products. It provided some interesting insights into both the interconnectedness of processes and structures, which apply to the compliance practitioner going forward. I call it “connected compliance.” It provides another mechanism for you to consider in operationalizing your compliance program.   Process in Connected Compliance   Processes are being reshaped by the data which is now available and more “intense coordination among [corporate] functions is now required.” Regarding structur

In this episode, I have back John Champion, one-half of the podcast duo going through every Star Trek TV episode and movie at missionlogpodcast.com. Today, I visit with John on his reflections on the 50th anniversary of Star Trek, what Star Trek was like both with and post Gene Roddenberry, our differences over the TNG episode Relics and John's upcoming conference appearance. Check out John and his partner Key Ray, each week at missionlogpodcast.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, I visit with Morrison and Forrester partner James Koukios, on the firm's publication "Top Ten International Anti-Corruption Developments for January 2017.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Jay Rosen reports live from the ABA White Collar Conference at the Fontainebleau Hotel in Miami.  In addition to providing his insights on the highlights of the conference and the buzz around the new Justice Department Evaluation of Corporate Compliance Programs document released in February, we discuss: Adam Davidson’s piece in the New Yorker Magazine entitled, “Donald Trump’s Worst Deal” which looks at a Trump organization transaction in Azerbaijan which raises both FCPA and sanctions issues. The newly revamped Justice Department’s Fraud Section’s website. Highlight the rollout of the International Association of Independent Certified Monitors’ (IAICM) new website. Review the week’s FCPA related issues. Take a deep dive into the blockbuster trade announced between the Houston Texans and Cleveland Browns where the Texans sent their starting QB and a second round pick to the Browns for a fourth round pick in return (who says Texans are not great horse-traders!) Jay previews his weekend repor

Operationalizing your compliance program can take many shapes and forms. Using the entire risk management process to embed your compliance program within the contours of your organization is an important, key step as it will allow you to have full visibility of your compliance risks through a longer life cycle. Forecasting allows you to consider your business strategy and wed the risks you can foresee. Risk assessments allow you to evaluate and measure known risks. Risk-based monitoring allows you to monitor both the compliance risks you and detect those you do not know, on an ongoing basis.  I think there are several key lessons to be considered by any Chief Compliance Officer (CCO) or compliance practitioner. The first is the process around risk management. Most compliance practitioners understand the need for a risk assessment as it is articulated as Hallmark No. 4 of the Ten Hallmarks of an Effective Compliance Program. From the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Co

I continue my discussion of operationalizing your compliance program through the risk management process by considering risk-based monitoring. I continue this series based upon interviews with Ben Locwin, Director of Global R&D at BioGen and an operational strategist in pharma and healthcare, to explore risk forecast, risk assessment and risk monitoring for the compliance profession.  Locwin said, “Risk-based monitoring is really about continuous, ongoing monitoring for those things which provide the most potential future risk to you. In other words, instead of a static risk registry that may come in part with forecasting, where you would say, “We’re trying to anticipate these risks.” By using risk-based monitoring to review issues on an ongoing basis, and the models that are behind the risk-based modeling, risk-based monitoring models, they’re continuously refined based on incoming data.”  The problem for many companies is they are siloed in not only their data but also in the systems. Locwin explained that

In this episode, I visit with New Yorker reporter Adam Davidson, who penned an article in the New Yorker which looked at a hotel deal between the Trump organization and a family of Politically Exposed Persons (PEPs) in Azerbaijan. Davidson talks about what intrigued him about the story, his reporting and most troubling, the PEPs alleged ties to funding from the Iranian Revolutionary Guard. It is a cautionary tale about major construction project in countries with a high perception of corruption, the need to understand who your business partners are and the source of their funding. The article is Donald Trump's Worst Deal.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ Evaluation of Corporate Compliance Programs states: Risk Management Process – What methodology has the company used to identify, analyze, and address the particular risks it faced? Information Gathering and Analysis – What information or metrics has the company collected and used to help detect the type of misconduct in question? How has the information or metrics informed the company’s compliance program? I continue my exploration of the risk management process by focusing today on risk assessments. One cannot really say enough about the role of risk assessment in compliance programs. Each time you hear a regulator talk about compliance programs, it starts along the lines of you cannot manage your FCPA risk without first determining what your company’s risk is; and to determine that compliance risk, the process you should utilize comes through a risk assessment. We previously considered forecasting. The differences between forecasting and risk assessment is that risk assessment attempts to consider

The Justice Department Fraud Section recently revamped its website and it is quite an upgrade. I do not know when the Fraud Section did this update but as with the Evaluation of Corporate Compliance Programs document, it certainly was a soft launch. It appears the new site compiles several disparate sources of Fraud Section and Justice Department information into one website. Also, there looks to my eye to be some information posted on the Fraud Section website for the first time. In short, it is an excellent and most welcomed resource. A quick review of the site has a slide show of recent Justice Department resolutions scrolling across the screen. Go down to the bottom of the screen and you will see two very interesting documents, a 2015 and 2016 Fraud Section Year in Review. The FCPA Unit section includes such information as prior enforcement actions, Opinion Releases, other anti-corruption treaties and resources. There is also a list of Fraud Section leadership. However, the Fraud Section is made up of mor

At its heart, every business tries to plan for its future. It is a critical aspect of any management of any organization, non-profits, privately owned for profits and, of course, publicly traded companies. It is important that management be able to set out what it opines will happen in the next three, six, twelve and twenty-four months. Noted health care process expert Ben Locwin has said this “is really something that the businesses try to wrap their heads around in such a way that they can shunt resources where they think is appropriate in order to meet these future demands. Forecasting really at its heart is an educated guess and really as much as it becomes a reliable model more so and less so a guess, is based on the quality of the input data.” It is a process through which you are attempting to “prognosticate what the future will bring to you”. Unfortunately, forecast models are only as good as the data which are put into them or the GIGO (Garbage In, Garbage Out) Principal. Three Key Takeaways Risk ma

In this Part III to a three part podcast series, I visit with noted risk management expert, Ben Locwin on risk-based monitoring as a adjunct to forecasting and risk assessments. We discuss how to accomplish it and how to integrate into your overall monitoring and feedback loops. We conclude with a stitching together of the risk management process. For More Information see my five part blog series on the Risk Management Process.  1. Forecasting 2. Risk Assessments 3. Risk-Based Monitoring 4. White Noise and Interpreting Data 5. What does it all mean?  Learn more about your ad choices. Visit megaphone.fm/adchoices

Analysis and Remediation of Underlying Misconduct Root Cause Analysis – What is the company’s root cause analysis of the misconduct at issue? What systemic issues were identified? Who in the company was involved in making the analysis?  A root cause analysis should be a method to learn more about your business process and what went wrong so that the systems and process itself can be changed because there is a thinking in the field which basically centers around the theme of, unless you have changed the process, then you're going to keep getting similar or the same results. The process is going to deliver whatever it delivers, whether that be right, wrong, or indifferent. Until you change the process and the systems, you can basically expect that you're going to have some sort of output that is going to repeat itself over and over again. Finding blame does not necessarily help and really you want to get deeper into those root causes. The reason it is monikered “root cause analysis”, is to emphasize the need