We are on the final countdown, moving closer to Number 500. On Monday, August 31, I will be celebrating my 500th Anniversary episode, where I will talk about some of the key changes I have seen in compliance over the past 10 years, plus highlights from some of my 500 podcasts. Today on the FCPA Compliance Report, I post Episode 499, which is an interview with Jonathan Marks. This is the final episode in this week’s special series where five of the top commentators in compliance talk about what they have seen in compliance over the past 10 years.
When Marks read the 2020 Update to the Evaluation of Corporate Compliance Programs, he had the most prescient comment I have heard about it. He said, “business intelligence comes to compliance.” He specified that was based on what the roles and the mission of compliance should be and what a good compliance program should look like. Moreover, “If you look at all the things that are happening within the company, there’s so much information out there that if you can wrap your arms around just a small part of that and reduce the imperfect nature of data and use information that to make the program better. Then I think you become more of a business intelligent organization.”
Those remarks really set the tone of Mark’s interview. He is a CPA by professional background and a long-time internal auditor. I was interested in his view of the compliance profession over the past 10 years or so as it mirrors many of the struggles of the internal audit profession over the past 25 years or so.
Marks could recall going back to 1988 doing internal audits, working with the internal auditors who were not highly regarded individuals at that time in the corporate hierarchy. They were not seen as critical to the operations of the organization. Often, the entire corporate function consisted of one individual much like compliance over the past 10 years. Moreover, even if they wrote something impactful, it was not taken in the right vein. A lot of times those critical issues that were brought up were not really looked at or treated the way they probably should have been. All of this changed after the accounting failures at Enron and WorldCom and the passage of Sarbanes-Oxley (SOX).
Interesting, Marks sees a direct line from the enactment of the Foreign Corrupt Practices Act (FCPA) in 1977, particularly in the internal controls provisions, with these same issues in SOX. Marks believes this was the model for SOX controls and certification, which, of course, led, in turn, to the explosion of FCPA enforcement in the first decade of this century. SOX also led to the uplift of internal audit. One of the impacts was that “anyone who had a CPA attached to the end of their name now found themselves in chief audit executive jobs, some qualified and some not so qualified.”
That led to a discussion about the arc of professionalism in internal audit. Marks sees compliance going through many of these same challenges over the past 10 years. He stated, “I don’t know whether that was sort of defining moment, like SOX for internal audit, but now you look around and there are more compliance officers and CCO-types. Starting with the FCPA Resource Guide, 1st edition, released in 2012; the DOJ and SEC talked about the compliance function being adequately resourced, having resources such as head count and then more professionalism and expertise.” He drew a straight line from that 2012 document right up to the 2020 Update to the Evaluation of Corporate Compliance Programs.
He also remarked on having true compliance professionals in the corporate compliance function. He decried the dumping of lawyers, who could not cut in the General Counsel’s office or someone from HR being sent into compliance. He sees the DOJ’s thoughts on this point in both the 2020 Update and the FCPA Corporate Enforcement Policy. This also extends to lawyers who cannot read a spreadsheet, understand internal controls or read final statements. All of these are key skills he identified for the 2020 CCO-type.
You can check out Marks’ full remarks in today’s podcast here. Please join me Monday, where I will be interviewed by C-Suite Network General Manager Gregg Greenberg on looking back at the evolution of compliance over the past 10 years, the top five podcast episodes over the years and some of the highlights of the podcast over its 500-episode run.
The schedule for this week is as follows:
- Monday, Aug. 24 – Episode 495 – Mike Volkov on changes in FCPA enforcement;
- Tuesday, Aug. 25 – Episode 496 – Matt Kelly on changes in compliance from the business journalist perspective;
- Wednesday, Aug. 26 – Episode 497 – Jonathan Armstrong in changes in data protection/data privacy compliance;
- Thursday, Aug. 27 – Episode 498 – Jay Rosen in changes to proactive monitoring from the business development perspective; and
- Friday, Aug. 28 – Episode 499 – Jonathan Marks on how changes in internal audit both mirror and even foreshadow some of the changes he has seen in compliance.