As we move painstakingly towards the end of one of the most trying years in recent memory, I continue to explore some of the top stories through the eyes of my readers and listeners. Yesterday, I looked at my top five blog posts on the FCPA Compliance and Ethics Blog. Today, I want to consider the top five podcasts over the past 12 months, based upon the numbers of listeners.
Demonstrating that once again, listeners (and readers) never tire about hearing (and reading) about the ‘nuts and bolts’ of compliance, this podcast topped the charts in 2020. What should your compliance policy and procedures on charitable donations look like? What should you prohibit or even caution against?
The starting point is the 2020 FCPA Resource Guidance, 2nd edition, regarding charitable donations with the addition of guidance on the red flags from Opinion Releases, which have been available for some time. From the Schering-Plough Corporation and Eli Lilly and Company (Lilly) enforcement actions, your policy should consider the timing of charitable donations to see if they are at or near the time of the awarding of new or continued business. Finally, in managing the relationship, you now need to look at overall increases in sales to determine if they are tied to a pattern of charitable donations. By looking at the timing and quantum of charitable donations, internal audit may be able to ascertain that a spike in sales is tied to corrupt conduct.
On August 31 of this year, I posted my 500th podcast episode. This was a special highlight for me and to lead up to the event, I asked five of the top compliance practitioners and commentators around to visit with me about their reflections on where compliance has been in the decade from 2010 to 2020 and where it might be heading. It turned out the most popular was Episode 497, in which I interviewed Jonathan Armstrong. Armstrong is a long-time data privacy/data protection professional and co-founder of Cordery Compliance. We visited about the changes brought by the UK Bribery Act (UKBA), General Data Protection Regulation (GDPR) and the UK Modern Slavery Act for the compliance professional.
A highlight for me was Armstrong’s passion around the UK’s fight against modern slavery, which he termed “a job half done.” Obviously, Britain steered the western world in fighting this scourge, led by Will Wilberforce. Yet Armstrong believes there is much left to do. He believes the UK government affected a cultural change on slavery with the passage of the Modern Slavery Act. He concluded with “one of the things in the last 10 years or so that we’ve had, I think is the UK realizing that the fight against slavery was a job half done.”
When you consider my posts on the Cardinal Health, Inc. Foreign Corrupt Practices Act (FCPA) enforcement action were some of my most popular blogs over the past year, it is not too surprising this podcast made my top five list. When you throw in Matt Kelly, the Coolest Guy in Compliance, you know it will be something special.
Indeed, it was, as we began with the background to the matter and explored just how a Chinese acquisition cause so much FCPA grief. We considered the different types of business relationships involved and the missteps by the Cardinal Health corporate office in their response. We asked what red flags were spotted or missed and why the corporate office did not take stronger action. Finally, we considered the Securities and Exchange Commission’s (SEC) response in the fine and penalty phase.
In this our special first emergency podcast on Life with GDPR, Jonathan Armstrong and myself discussed the dawn raid by the Irish Data Protection Commission against Facebook in Ireland. It was done just before Facebook was about to roll out a new dating app, just in time for Valentine’s Day. The shock was so great that Facebook had to pull the app from commercial use.
Some of the issues we considered were why a dawn raid and what whether European data protection authorities have dawn raid powers? What were the Irish Data Protection Commission looking for in this raid? What is the role of a DPIA in this process, why is it so critical and when should a DPIA be carried out? Could Facebook have used a thorough Data Protection Impact Assessment (DPIA) as a mitigating or aggravating factor? Most importantly what does this mean for companies and clients going forward?
This year would not be complete without a podcast dealing with Coronavirus. I was lucky enough to garner Ben Locwin for a podcast on the burgeoning health crisis back in April. We discussed COVID-19 and the risk management issues associated with the disease. Locwin, an infectious disease specialist, said that coronaviruses have been around for a long time. During flu season, about 10% of patients with upper respiratory symptoms test positive for a type of coronavirus. He explained how the virus got its name and how it affects human cells.
Locwin warned that if you’re experiencing upper respiratory symptoms, see your healthcare provider right away to have a test done. We also used coronavirus to discuss smart risk management practices regarding the situation, noting that it was sad that it took situations like this to force companies to examine their business operations. However, by cutting out non-critical practices, businesses not only limit their risk exposure, but it also allows them to employ operational excellence, which is what we now have observed over the course of this pandemic.
Tomorrow I will consider the top five podcasts posted on the Compliance Podcast Network, from hosts other than Tom Fox.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2020