Fcpa Compliance Report

Today, I the Holy Grail of compliance –Return on Investment—for your compliance program. In a very interesting article by Paul Healy and George Serafeim entitled, “An Analysis of Firms’ Self-Reported Anticorruption Efforts”. In this academic paper, the authors looked at the issue of not simply profitability of companies, which had more robust anti-corruption compliance programs but also what was the direct effect on the companies’ return on equity (ROE) in countries which were perceived to have a high incidence of corruption. Not surprisingly, in countries in a low risk for corruption, there was not much difference in the sales growth for companies with robust anti-corruption compliance programs and those business which into the authors’ ‘cheap talk’ category. However when it came to growth in countries which had a high propensity of corruption, there was a dramatic difference. When quantitative types say, “The magnitudes of the estimated coefficients are economically interesting”; it is a HUGE deal. These fi

I often write about the nuts and bolts of an effective compliance program but one of the most basic things that an effective compliance program must have is a compliance department present to ask the basic questions of compliance to and receive an answer from. I think to the DOJ and SEC this means a couple of things. First, and foremost, there must be the requisite number of resources dedicated to the compliance function. This means that a compliance department must be staffed with an appropriate number of compliance professionals to do the day-to-day basic work of compliance. Head count is always important in any corporation but there must be some minimum number of people in the compliance department to answer the phone or respond to email.  But, equally important to this resource issue is providing centralized assistance and what the FCPA Guidance says is “to provide guidance and advice on complying with a company’s ethics and compliance program”. In other words, it is up the corporation to have someone the

Every Board of Directors need a true compliance expert sitting on their Board. Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such compliance subject matter expertise at the Board level? An arm of the US government has recognized the need for such expertise at the Board level. In 2015 the Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong messa

In this episode I visit with Jonathan Armstrong about the UK portion of the Rolls-Royce global anti-corruption settlement. We discuss the UK Deferred Prosecution Agreement, how it came about, what it might mean for the Serious Fraud Office going forward and how the judicial review of the UK DPA process adds a level of transparency not seen in the United States DPA practice.  For more on the Rolls-Royce settlement see: Cordery Compliance client alert, click here.  FCPA Compliance Blog articles on the settlement, Part I and Part II Learn more about your ad choices. Visit megaphone.fm/adchoices

Continuous improvement requires that you not only audit third parties but also monitor whether employees are staying with the compliance program. In addition to the language set out in the FCPA Guidance, two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs. Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. Many compliance practitioners understand you should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should

Show Notes for Episode 5, Year End Review, Part II  We turn to the 2016 year in review, in this Part II of a two-part series.   Jonathan Armstrong leads a discussion on Privacy Shield, information and data privacy issues the past year.   Mike Volkov relates what he saw as the top enforcement highlights from 2016, the block-buster year for FCPA fines and penalties and the growing trend of globalization of enforcement. Matt Kelly discusses the arrival of front pay, and general escalation of retaliation risk for company’s vis-a-vis whistleblowers, ideas on auditing corporate culture and what types of data and information should go on a compliance dashboard.  For Matt’s posts on these topics see the following: Another Front in Retaliation Risk: Front Pay Ideas on Auditing Organizational Culture What Goes on a Compliance Dashboard?  Rants will return next week.  The members of the Everything Compliance panel include: Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions

One of the more prescient authors I know is Ryan C. Hubbs, who in 2014, wrote an article for Fraud Magazine entitled “Shell Games”. Shell companies can come in different shapes and sizes. Shelf companies are those formed but not used for a long period of time. This provides the facade of appearing. Finally this type of fraud needs directors and nominees to fill out the package and provide the aura of legitimacy. The final area of concern is ‘hot spot’ or one location which is the home for multiple shell companies.  In your basic research do not limit your search to the International Consortium of Investigative Journalist’s database of companies listed in the Panama Papers themselves. Initially this database is reported to only have listed 5-7% of the world’s shell companies. Some of the basic questions you should be looking at from your own data and information such as information mis-matches around address, phone, fax, ship to, bank, cell contact.  Also consider whether incoming/outgoing wire transfer docum

In this episode Matt Kelly and I take a deep dive into a couple of recent SEC enforcement actions. The first involved L-3 Technologies and accounting irregularities. The second involves BlackRock and the continued issues around pre-taliation. We connect these enforcement actions to broader issues involving the COSO 2013 Framework, the DOJ mandated expertise in compliance, a speak-up culture and remedial actions. For additional information, check out Matt's blog posts on these topics: Lessons Galore in New SEC Internal Controls Case; and SEC Dings BlackRock for Pre-Taliation Clauses. Learn more about your ad choices. Visit megaphone.fm/adchoices

Many compliance practitioners often inquire how to set up a data analysis program and how to use it to help monitor for a compliance program. I draw from Joe Oringel, co-founder of Visual Risk IQ for the firm’s five-step process for any analytics project. The steps are: (1) Brainstorming, (2) Acquire and Map Data, (3) Write Queries, (4) Analyze and Report, and (5) Refine and Sustain. Step 1 - Brainstorming It all begins with Step 1, brainstorming. Any data analysis project in a compliance setting, or any business context, begins by picking the business questions to answer with data. So in an initial meeting, you could ask one or more of the following opening questions: What do we expect to find if we do a detailed review of this data? What policies should have been followed? What would a mistake or even fraud look like? The data to be reviewed could be expense reports, accounts payable invoices, or sales contracts. The key to successful brainstorming is to identify the questions you want to ask and answer, an

In this episode, I visit with Matt Ellis, a partner at Miller & Chevalier. Ellis has recently published his first book The FCPA in Latin America. Ellis' discusses why he wrote the book, some of the key issues around FCPA compliance in Latin America and debunks the myth that Latin Americans desire bribery and corruption in their business dealing. Learn more about your ad choices. Visit megaphone.fm/adchoices

What if you want to take you post-training analysis to a higher level and begin to consider the effectiveness through your return on investment (ROI)? Joel Smith, the founder of Inhouse Owl, a training services provider, advocates performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. Smith admits that calculating legal ROI is very difficult as ethical and compliance behavior is an end-goal and of itself - not necessarily one that everyone feels should be subject to a ROI calculation.  Smith noted, “it is extremely difficult to isolate the training effect to calculate what costs you avoided

For compliance training to be effective its needs to risk-based in its focus. This means employees with highest risk of exposure to bribery and corruption need to receive the highest levels of training and refreshers. From there you can tailor your training down to an appropriate level for those less at risk. The risk ranking of employees is usually considered in a tripartite structure of (1) high-risk, (2) medium risk and (3) low risk. High-risk employees can be defined as those employees whose roles in your company can significantly impact the company. Medium risk employees can be defined as those employees who face risk on regular basis or present a moderate level of negative impact to a company if they mishandle the risk. Low risk employees can be considered those employees with a low likelihood of facing the attendant risk. Through the risk ranking process, you have internalized the admonition that one size does not fit all in deciding the content and intensity of training needs for each role or individu

You should work to create an action plan to use your data. But never forget you need to get  your digital information right. That means several sources of data to help you choose the best course of action. Earlier this year, Deadspin reported on a joint investigation between BuzzFeed UK and the BBC, in an article entitled “The Tennis Racket”, which looked at what they believed was suspicious betting in professional tennis matches. They used a transactional analysis to come up with the players involved and matches they allegedly fixed at the behest of gamblers. This use of data analysis pointed to this key lesson, data analysis is only the starting point in any investigation. You need to review other data to make an action plan. Other sources of information might include interviewing witnesses, reviewing documents, looking at injury factors that might have influenced the outcome of tennis matches. It is not simply enough to identify suspicious activities, you need to determine the facts behind the numbers and

Show Notes for Episode 35, week ending January 13, the Friday the 13th edition  Hernandez and Beech FCPA guilty pleas. Hernandez Criminal Information, Beech Criminal Information. VW guilty plea in emissions-testing scandal. Link to article in New York Times. VW executive Oliver Schmidt arrested in US. See article on FCPA Compliance and Ethics Blog. Zimmer Bio-Met in follow-up FCPA enforcement action. See article on FCPA Blog. Mondelez FCPA enforcement action. See SEC Cease and Desist Order and article on FCPA Compliance and Ethics Blog. Supreme Court to take up 5 year statute of limitations for profit disgorgement under Securities Act, which applies to FCPA enforcement actions brought by SEC. Article in Law360. NFL Playoff update on Patriots, Cowboys and Texans. Learn more about your ad choices. Visit megaphone.fm/adchoices

You should work to create a culture of data in your compliance program. This comes from an understanding that data is a product, which you can consume internally in the compliance function. Your data is a corporate asset so why not use it. That is a key point that you should recognize. Yet data is not simply big or even scary. It is information that you can use in helping you make better decisions. The CCO needs to find a way to deliver compliance analytics in a manner that is timely within your company’s everyday decision-making calculus.  One of the biggest misunderstandings about using data is that compliance practitioners tend to be myopic. They only look at individual data when it is more useful to know what a population of people are doing. As a CCO how many times have you heard something along the lines of “If we look we might find something”. This defensive attitude can keep you from making use of some of the most useful information to you, your own data. The more transparency there was involving data

You should employ a 6-step process to revising your Code of Conduct. Get buy-in from decision makers at the highest level of the company Your company’s highest level must give the mandate for a revision to a Code of Conduct. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort. Establish a core revision committee You should create a cross-functional working group should head up your effort to revise your Code of Conduct. It can include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally, there should be functions within the company represented such as finance and accounting, IT, marketing and sales. Conduct a thorough technology assessment The foundation of the revision process is how your company captures, collaborates and preserves the decisions during th

In this episode, I visit with Sherman & Sterling partner Phillip Urofsky who leads a team which produced the the 2017 FCPA Digest, one of the top annual compendium of annual FCPA reviews of the prior year's enforcement actions and related issues. We  discuss the following: Any trends or highlights that observed in the Digest; How cases of Qualcomm, JPMorgan, and VimpelCom reflect new expansions of regulators’ views as to the scope of the term “anything of value” in FCPA bribery cases; Why the ruling in the SEC’s ongoing case against the Magyar executives upheld a novel theory on the Commission’s jurisdiction to enforce the FCPA; His thought on the Pilot Program; is it as a success? Where might it go after this first year? Will it be renewed or made permanent? Do the Embraer and Odebrecht cases portend greater global anti-corruption enforcement? Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Matt Kelly and myself take a deep dive into the compliance weeds by looking at a paper written by then SEC General Counsel James Doty (later head of the PCAOB) in 2007 where he proposes a regulatory scheme for FCPA compliance. Matt and I discuss the pros and cons and how the SEC Chairman designate Jay Clayton may view the issues. We then take a brief look at the arrest of VW executive Oliver Schmidt and both conclude that it presents ZERO problems for any Chief Compliance Officer or compliance practitioner going forward.  For additional reading, see Matt Kelly blog post on Doty article, "Ye Olde Plan for FCPA Compliance"; Matt Kelly blog post on Oliver arrest, "Enough About CCO Liability" Tom Fox blog post on Oliver arrest "Honey I Think We Should Vacation at Home this Year"' and  Jim Doty article "Toward a Reg. FCPA: A Modest Proposal for Change in Administering the Foreign Corrupt Practices Act"   Learn more about your ad choices. Visit megaphone.fm/adchoices

A company that does not perform adequate due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps, most commonly, inadequate due diligence can allow a course of bribery to continue - with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. Equally important is that if a company engages in the suggested actions, they will go a long way towards insulating, or at least lessening, the risk of FCPA liability going forward. Pre-Acquisition Risk Assessment It should all begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk expo

No area has become more challenging in compliance than continuous improvement. The FCPA Guidance specifies that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its custom­ers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”  Continuous improvement requires that you not only audit but also monitor whether employees are staying with the compliance program. In addition to the language set out in the FCPA Guidance, two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three acti