Fcpa Compliance Report

Many compliance practitioners often inquire how to set up a data analysis program and how to use it to help monitor for a compliance program. I draw from Joe Oringel, co-founder of Visual Risk IQ for the firm’s five-step process for any analytics project. The steps are: (1) Brainstorming, (2) Acquire and Map Data, (3) Write Queries, (4) Analyze and Report, and (5) Refine and Sustain. Step 1 - Brainstorming It all begins with Step 1, brainstorming. Any data analysis project in a compliance setting, or any business context, begins by picking the business questions to answer with data. So in an initial meeting, you could ask one or more of the following opening questions: What do we expect to find if we do a detailed review of this data? What policies should have been followed? What would a mistake or even fraud look like? The data to be reviewed could be expense reports, accounts payable invoices, or sales contracts. The key to successful brainstorming is to identify the questions you want to ask and answer, an

In this episode, I visit with Matt Ellis, a partner at Miller & Chevalier. Ellis has recently published his first book The FCPA in Latin America. Ellis' discusses why he wrote the book, some of the key issues around FCPA compliance in Latin America and debunks the myth that Latin Americans desire bribery and corruption in their business dealing. Learn more about your ad choices. Visit megaphone.fm/adchoices

What if you want to take you post-training analysis to a higher level and begin to consider the effectiveness through your return on investment (ROI)? Joel Smith, the founder of Inhouse Owl, a training services provider, advocates performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. Smith admits that calculating legal ROI is very difficult as ethical and compliance behavior is an end-goal and of itself - not necessarily one that everyone feels should be subject to a ROI calculation.  Smith noted, “it is extremely difficult to isolate the training effect to calculate what costs you avoided

For compliance training to be effective its needs to risk-based in its focus. This means employees with highest risk of exposure to bribery and corruption need to receive the highest levels of training and refreshers. From there you can tailor your training down to an appropriate level for those less at risk. The risk ranking of employees is usually considered in a tripartite structure of (1) high-risk, (2) medium risk and (3) low risk. High-risk employees can be defined as those employees whose roles in your company can significantly impact the company. Medium risk employees can be defined as those employees who face risk on regular basis or present a moderate level of negative impact to a company if they mishandle the risk. Low risk employees can be considered those employees with a low likelihood of facing the attendant risk. Through the risk ranking process, you have internalized the admonition that one size does not fit all in deciding the content and intensity of training needs for each role or individu

You should work to create an action plan to use your data. But never forget you need to get  your digital information right. That means several sources of data to help you choose the best course of action. Earlier this year, Deadspin reported on a joint investigation between BuzzFeed UK and the BBC, in an article entitled “The Tennis Racket”, which looked at what they believed was suspicious betting in professional tennis matches. They used a transactional analysis to come up with the players involved and matches they allegedly fixed at the behest of gamblers. This use of data analysis pointed to this key lesson, data analysis is only the starting point in any investigation. You need to review other data to make an action plan. Other sources of information might include interviewing witnesses, reviewing documents, looking at injury factors that might have influenced the outcome of tennis matches. It is not simply enough to identify suspicious activities, you need to determine the facts behind the numbers and

Show Notes for Episode 35, week ending January 13, the Friday the 13th edition  Hernandez and Beech FCPA guilty pleas. Hernandez Criminal Information, Beech Criminal Information. VW guilty plea in emissions-testing scandal. Link to article in New York Times. VW executive Oliver Schmidt arrested in US. See article on FCPA Compliance and Ethics Blog. Zimmer Bio-Met in follow-up FCPA enforcement action. See article on FCPA Blog. Mondelez FCPA enforcement action. See SEC Cease and Desist Order and article on FCPA Compliance and Ethics Blog. Supreme Court to take up 5 year statute of limitations for profit disgorgement under Securities Act, which applies to FCPA enforcement actions brought by SEC. Article in Law360. NFL Playoff update on Patriots, Cowboys and Texans. Learn more about your ad choices. Visit megaphone.fm/adchoices

You should work to create a culture of data in your compliance program. This comes from an understanding that data is a product, which you can consume internally in the compliance function. Your data is a corporate asset so why not use it. That is a key point that you should recognize. Yet data is not simply big or even scary. It is information that you can use in helping you make better decisions. The CCO needs to find a way to deliver compliance analytics in a manner that is timely within your company’s everyday decision-making calculus.  One of the biggest misunderstandings about using data is that compliance practitioners tend to be myopic. They only look at individual data when it is more useful to know what a population of people are doing. As a CCO how many times have you heard something along the lines of “If we look we might find something”. This defensive attitude can keep you from making use of some of the most useful information to you, your own data. The more transparency there was involving data

You should employ a 6-step process to revising your Code of Conduct. Get buy-in from decision makers at the highest level of the company Your company’s highest level must give the mandate for a revision to a Code of Conduct. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort. Establish a core revision committee You should create a cross-functional working group should head up your effort to revise your Code of Conduct. It can include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally, there should be functions within the company represented such as finance and accounting, IT, marketing and sales. Conduct a thorough technology assessment The foundation of the revision process is how your company captures, collaborates and preserves the decisions during th

In this episode, I visit with Sherman & Sterling partner Phillip Urofsky who leads a team which produced the the 2017 FCPA Digest, one of the top annual compendium of annual FCPA reviews of the prior year's enforcement actions and related issues. We  discuss the following: Any trends or highlights that observed in the Digest; How cases of Qualcomm, JPMorgan, and VimpelCom reflect new expansions of regulators’ views as to the scope of the term “anything of value” in FCPA bribery cases; Why the ruling in the SEC’s ongoing case against the Magyar executives upheld a novel theory on the Commission’s jurisdiction to enforce the FCPA; His thought on the Pilot Program; is it as a success? Where might it go after this first year? Will it be renewed or made permanent? Do the Embraer and Odebrecht cases portend greater global anti-corruption enforcement? Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Matt Kelly and myself take a deep dive into the compliance weeds by looking at a paper written by then SEC General Counsel James Doty (later head of the PCAOB) in 2007 where he proposes a regulatory scheme for FCPA compliance. Matt and I discuss the pros and cons and how the SEC Chairman designate Jay Clayton may view the issues. We then take a brief look at the arrest of VW executive Oliver Schmidt and both conclude that it presents ZERO problems for any Chief Compliance Officer or compliance practitioner going forward.  For additional reading, see Matt Kelly blog post on Doty article, "Ye Olde Plan for FCPA Compliance"; Matt Kelly blog post on Oliver arrest, "Enough About CCO Liability" Tom Fox blog post on Oliver arrest "Honey I Think We Should Vacation at Home this Year"' and  Jim Doty article "Toward a Reg. FCPA: A Modest Proposal for Change in Administering the Foreign Corrupt Practices Act"   Learn more about your ad choices. Visit megaphone.fm/adchoices

A company that does not perform adequate due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps, most commonly, inadequate due diligence can allow a course of bribery to continue - with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. Equally important is that if a company engages in the suggested actions, they will go a long way towards insulating, or at least lessening, the risk of FCPA liability going forward. Pre-Acquisition Risk Assessment It should all begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk expo

No area has become more challenging in compliance than continuous improvement. The FCPA Guidance specifies that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its custom­ers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”  Continuous improvement requires that you not only audit but also monitor whether employees are staying with the compliance program. In addition to the language set out in the FCPA Guidance, two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three acti

In this episode I visit with Leona Lewis, the founder and host of the podcast Masters of Disaster. She reflects on her experiences over the past 18 months of podcasting; what she learned, what surprised her and she highlights some of her more memorable podcasts and guests. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FCPA Guidance has about as clear, concise and short a statement about hotlines than any other Tenet of an Effective Compliance Program. It states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” But more than simply hotlines, companies have to make real efforts to listen to employees. But you must spend time working on this issue. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.  The reason is that its own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to

There are five steps in the life cycle of third party management. Business Justification and Business Sponsor; Questionnaire to Third Party; Due Diligence on Third Party; Compliance Terms and Conditions, including payment terms; and Management and Oversight of Third Parties After Contract Signing.   Step 1 - Business Justification  The first step breaks down into two parts:  Business Sponsor Business Justification  The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.   Step 2 - Questionnaire  The term ‘questionnaire’ is mentioned several times in the FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this require

The FCPA Guidance states, that “In addition to evaluating the design and implementa­tion of a compliance program throughout an organization, enforcement of that program is fundamental to its effec­tiveness. A compliance program should apply from the board room to the supply room—no one should be beyond its reach. DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropri­ate and clear disciplinary procedures, whether those proce­dures are applied reliably and promptly, and whether they are commensurate with the violation. Many companies have found that publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”  This means you need to have recognized incentives for doing business under your Code of Conduct and in fulfillment of your compliance policy and procedures. Incentives can be immediate such as cash bonuses or other awa

In this episode Jay Rosen and I take a dive into the General Cable FCPA enforcement action, consider the 'Invisible Hand' of regulatory enforcement, corporate response and innovation. We explain how these three factors combine in an 'Invisible Hand' to form a continuous improvement loop of compliance program innovation. It leads developments from cutting edge to best practices to becoming a routine part of an effective compliance program. We discuss the upcoming NFL divisional round of playoffs and conclude with Jay previewing the Jay Rosen Weekend Report. For more information on the General Cable FCPA enforcement action, check out my three-part blog post series. Part I-the Bribery Schemes Part II-the Comeback Part III-the DenouementLearn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to Day 5 of 30 Days to a Better Compliance Program. Today, I focus on training, ongoing communications and the use of social media in a best practices compliance program.  Training The communication of your anti-corruption compliance program is something that must be done on a regular basis to ensure its effectiveness. The FCPA Guidance explains, “Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been com­municated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”  One of the key goals of any FCPA compliance program is to train company employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. Beginning in the fall of 2015

Welcome to Day 4 of 30 Days to a Better Compliance Program. Today we tackle risk assessments. One cannot really say enough about risk assessments in the context of anti-corruption programs. The FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” The simple reason is straightforward; one cannot define, plan for, or design an effective compliance program to prevent bribery and corruption unless you can measure the risks you face.  What Should You Assess? What risks should you assess? There are a number of ways you can slice and dice your basic inquiry. The FCPA Guidance states, “Factors to consider, for instance, include risks presented by: the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigrati

In this episode Matt Kelly and I take a deep dive into 6 compliance issues you should keep an eye on in 2017. They include the Wal-Mart FCPA resolution, the future of the FCPA Pilot Program, the SEC Whistleblower program, the Next PCAOB Chairman, the future of new overtime rules and finally the Barclay's trial for mortgage fraud in the context of the 2008 financial crisis. We also take a look at the GOP attempt to denude the Office of Congressional Ethics and their immediate reversal in the face of intense criticism. For additional reading check out Matt's two blogs on these subjects: Ethics, Politics, and Optics in New Washington and Six Compliance Events to Watch in 2017. Learn more about your ad choices. Visit megaphone.fm/adchoices