• 31 Days to a More Effective Compliance Program: Day 31 - Using a Root Cause Analysis for Remediation
    Jan 31 2024
    The 2023 ECCP re-emphasized the need for both performing a root cause analysis but equally importantly using it to remediate your compliance program. It stated, “a hallmark of a compliance program that is working effectively in practice is the extent to which a company is able to conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.” It went on to state, what additional steps the company has taken “that demonstrate recognition of the seriousness of the misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risk.”  When you step back and consider what the DOJ was trying to accomplish with its 2023 ECCP, it becomes clear what the DOJ expects from the compliance professional. Consider the structure of your compliance program and how it inter-relates to your company’s risk profile. When you have a compliance failure, use the root cause analysis to think about how each of the structural elements of your compliance program could impact how you manage and deal with that risk.  Three key takeaways: 1. The key to using a root cause analysis is objectivity and independence. 2. The critical element is how did you use the information you developed in the root cause analysis? 3. The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach, using data that already exists in the organization. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program: Day 30 - The Foreign Extortion Prevention Act
    Jan 30 2024
    The compliance community has long recognized the gaping hole in the FCPA. As a supply-side law, it criminalizes the payment of bribes, not the demand to pay a bribe or extortion. The gap was recently filled by the Foreign Extortion Prevention Act (FEPA), which extended crucial protections to Americans working abroad and provided the DOJ with a potent new tool. By criminalizing both the giving and demanding of foreign bribes, FEPA seeks to level the playing field for American workers while fostering ethical business practices globally. FEPA represents a promising solution to protect Americans working overseas, promote fair business competition, and combat corruption on a global scale. With its potential to bring about meaningful change, FEPA is a vital step in safeguarding American values and interests in the international arena. Sam Rubenfeld, cited Scott Greytak, the director of advocacy for Transparency International US, for the following: “FEPA is a landmark, bipartisan law that holds the potential to help root out foreign corruption at its source. It is arguably the most sweeping and consequential foreign bribery law in nearly half a century.” Three key takeaways: 1. FEPA changes the game for ABC. 2. Make sure your policies and procedures capture any extortion attempts made illegal under FEPA. 3. Determine your external reporting for FEPA violations. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program: Day 29 -Strategic Considerations for Implementing AI in Compliance
    Jan 29 2024
    Implementing AI in compliance requires strategic considerations and decision-making. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider. Balancing exploration and rules, as well as selecting the right AI tools, are challenges that need to be addressed. By carefully navigating these considerations and challenges, companies can leverage AI to enhance their compliance programs and stay ahead in an ever-evolving regulatory landscape.  Three key takeaways:  1. What are the key factors that impact these strategic considerations for implementing AI in compliance? 2. Compliance professionals need to stay updated with the latest AI developments and trends, which requires continuous learning and keeping abreast of industry news and insights. 3. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program - Day 28 - Data-Driven Compliance – From Cutting Edge to Table Stakes
    Jan 28 2024
    Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.” Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. It is crucial for compliance professionals to stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance. Three key takeaways: 1. Nicole Argentieri, acting assistant attorney general for the Criminal Division, said, “Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.” 2. . Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. 3. Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program - Day 27 - Compliance Function in an Organization
    Jan 27 2024
    The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, 2020 FCPA Resource Guide, 2nd edition, under the Hallmarks of an Effective Compliance Program, simply noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.” This Hallmark was significantly expanded in both the original FCPA Corporate Enforcement Policy and 2023 ECCP. In the FCPA Corporate Enforcement Policy, the DOJ listed the following as factors relating to a corporate compliance function, that it would consider as indicia of an effective compliance and ethics program: 1) the resources the company has dedicated to compliance; 2) the quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; 3) the authority and independence of the compliance function and the availability of compliance expertise to the board; 4) the compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and 5) the reporting structure of any compliance personnel employed or contracted by the company. The 2023 ECCP and 2023 Update to the FCPA Corporate Enforcement Policy both demonstrate the continued evolution in the thinking of the DOJ around the corporate compliance function. Their articulated inquiries can only strengthen a corporate compliance function specifically; and the compliance profession more generally. The more the DOJ talks about the independence of the compliance function, coupled with resources being made available and authority concomitant with the corporate compliance function, the more corporations will see it is directly in their interest to provide the resources, authority and gravitas to compliance position in their organizations.  Three key takeaways: 1. How is compliance treated in the budget process? 2. Has your compliance function had any decisions over-ridden by senior management? 3. Beware outsourcing of compliance as any such contractor must have access to company documents and personnel. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program - Day 26 - CCO Authority and Independence
    Jan 26 2024
    The role of the CCO has steadily grown in stature and prestige over the years. In the 2020 FCPA Resource Guide, 2nd edition, under the Hallmarks of an Effective Compliance Program, it focused on whether the CCO held senior management status and had a direct reporting line to the Board. In the 2023 Update to the FCPA Corporate Enforcement Policy, the DOJ lists these factors as follows: 1) The quality and experience of the CCO, such that they can understand and identify the transactions and activities that pose a potential risk; 2) The authority and independence of the CCO; 3) The compensation and promotion of the CCO, in view of their role, responsibilities, performance, and other appropriate factors; and 4) The reporting structure of any CCO employed or contracted by the company. All of these factors are enhanced by the CCO Certification requirement, as announced by Kenneth Polite back in 2022. A CCO must certify the effectiveness of a compliance program after a DPA or NPA has been concluded. This requirement will only become more important moving into 2023 and beyond. In addition to CCO Certification, the Delaware Court of Chancery’s decision in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst, formally recognized the oversight duties of officers of Delaware corporations for the first time. Three key takeaways: 1. How can you show the CCO really has a seat at the senior executive table? 2. What are the professional qualifications of your CCO? 3. Delaware says the CCO is Number 2 in an organization, behind the CEO. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program: Day 25 – Responding to Investigative Findings
    Jan 25 2024
    There is nothing like an internal whistleblower report about a compliance violation, the finding of such an issue, or (even worse) a subpoena from the DOJ or notice letter from the SEC to trigger the attention of the Board of Directors and senior management to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage, followed immediately by the proclamation, “We are an ethical company.” However, it may well be the time for a very serious reality check. You may find yourself in a position where you will have to have some very frank discussions about what to expect in terms of costs and time outlays. While much of these discussions will focus on the investigative process and those costs, these discussions will allow you to initiate the talk about remediation going forward and begin to explain why money must be budgeted for the remediation process. Finally, there should be a solid line of communication between the people who are doing the investigation and the people who are leading the remediation. Otherwise, you can only begin your remediation in the most general terms and you will not be able to deal with specific gaps in your compliance program or risks that need to be managed. Such an approach can also be a recipe for disaster. First and foremost, the DOJ will not give you credit and you may lose the types of benefits articulated in the FCPA Corporate Enforcement Policy. Moreover, the executive attention will have dissipated and you will have lost your momentum to clean things up through a thorough remediation. Three key takeaways: 1. A serious FCPA allegation gets the attention of the Board and senior management. Use this time to move the compliance program forward. 2. Be aware of how your investigation can impact and even inform your remediation efforts. 3. Be prepared to deal with the dreaded “where else” question. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • 31 Days to a More Effective Compliance Program: Day 24 - Internal Reporting and Triaging of Claims
    Jan 24 2024
    The call, email, or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into an FCPA issue for your company. As the CCO, it will be up to you to begin the process, which will determine, in many instances, how the company will respond going forward. This system has become even more important after the 2022 announcement of the Monaco Memo. Further, as the 2022 ABB FCPA resolution made clear, self-disclosing to the DOJ is the vital first step for all discounts under the Corporate Enforcement Policy to begin. This scenario was driven home by the WPP Foreign Corrupt Practices enforcement action in 2021. Here, a whistleblower reported internally on allegations of bribery and corruption in the company’s India subsidiary. WPP turned over the investigation to an inexperienced accounting firm in India and then allowed the investigation to be controlled by the business unit management that was engaging in the bribery and corruption. The result, unsurprisingly, was no adverse findings. However, the whistleblower did not stop there and reported six more times (seven total) with an increasing amount of documentary support. Finally, the company took the allegations seriously and commissioned an internal investigation. Three key takeaways: 1. The DOJ and SEC put special emphasis on internal reporting lines. 2. Test your hotline on a regular basis to make sure it is working. 3. Every claim should be triaged before starting an investigation. For more information on Ethico and a free White Paper on top compliance issues in 2024, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins