Before we head to Boston for an event at AMI on Monday, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.

  1. Inside the Fall of Mossack Fonseca, reviewed by Dick Cassin in the FCPA Blog.
  2. Where will your next crisis come from? Today’s news or 10 years ago? Sam Rubenfeld reports on the reputational hit companies which helped separate children from their parents at the border in the Wall Street Journal Risk & Compliance Journal. Ben DiPietro considers the trial in France of the fallout from a 10 year old corporate restructuring, also in the Risk & Compliance Journal.
  3. The OECD is looking at anti-corruption enforcement and finds it lacking in Germany and in trouble in Norway. Henry Cutter reports on Germanyand Sam Rubenfeld on Norway, both in the WSJ Risk and Compliance Journal.
  4. Brazil is a model for international enforcement, investigations and cooperation, believes Kees Thompson, writing in the Global Anti-Corruption Blog.
  5. How do you classify your third parties? Mike Volkov explains it in the Navex blog, Ethics and Compliance Matters. On his blog Corruption, Crime and ComplianceMike discusses how to build a business case for a third party risk management system.
  6. Auditors behaving badly. Tammy Whitehouse reports on a negative report from U.K. Financial Reporting Council in Compliance Week. (sub req’d)Francine McKenna, writing in MarketWatch reports on the continuing KPMG
  7. SEC Chief Jay Clayton talks corporate culture. Matt Kelly, writing in Radical Compliance, finds it lacking.
  8. How does Sherlock Holmes inform your compliance program? Tom explored in a 5-day series. Part I-Communication; Part II-Institutional Justice; Part III-Criminality; Part IV-Mentoring; and Part V-Imagination.
  9. Support your local book sellers! River Oaks Bookstore, 3270 Westheimer, in Houston is now stockingThe Complete Compliance Handbook. Tom will be on hand for a book signing on Thursday, June 28 from 5:30 to 7.
  10. Tom’s new book The Complete Compliance Handbookremains a hot seller. It is available oncom. Purchase an autographed copy here. It is reviewed in the FCPA Blog, Radical Complianceand Corruption, Crime and Compliance.
  11. Serving up some Breakfast and Compliance. Join Tom in Boston on June 25 at the offices of Affiliated Monitors to learn here about show the story of compliance is the story of innovation. For more information and registration, click here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

This week I have returned to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. During this week, I have considering themes from the short stories  found in The Return of Sherlock Holmes to illustrate broader application to components of a best practices compliance program. I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie Klinger. Today, I consider the theme of imagination in your compliance program.

Even though as the site Shmoop noted that  “Sherlock Holmes basically gave the world the entire CSI franchise” and that  “Holmes really was on the cutting edge of science in the 1890s.” did not only use scientific methods to solve crimes though. He also embraces science as a behavioral regime which was cool, rational, logical, and efficient. At times he even appears to be a forerunner of Mr. Spock because, “being a scientist and a scientific detective meant favoring the mind over emotion, and crime solving skills over social skills.” An example of this is found in The Adventure of the Empty House, where Holmes says, “All day I turned these facts over in my mind, endeavouring to hit some theory which could reconcile them all, and to find that line of least resistance which my poor friend had declared to be the starting-point of every investigation.” As Watson describes Holmes’s scientific methods here as he tries to follow his friends reasoning to solve the puzzle.”

The story The Adventure of the Empty House may well be one of the most famous in the entire Holmes oeuvre. It was the first story in over ten years, although Doyle set the tale only three years after the meeting of Holmes and Moriarty at Reichenbach Falls. Returned from touring the world, Watson and Holmes have an emotional reunion (at least for Watson) and then begin to tackle a locked room murder. This leads to Holmes being in jeopardy and putting a mannequin in his window to draw an attempted assassination attempt by Colonel Sebastian Moran, a henchman of Dr. Moriarty. Moran uses an air rifle which makes the murder and attempted murder all the more sinister.

In every recent Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) issued by the Department of Justice they all include an element along the following strictures, “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]. This means that the DOJ expects imagination in your compliance program to keep up with evolving international and industry standards. This requires you imagination in your compliance strategy.

All of this means you should begin with a strategy for your compliance program. The key to success is something that every CCO or compliance practitioner should take to heart; which is, a compliance practitioner must be able to lay out a strategy for compliance that details the efforts will support the overall business strategy. This means creating a for compliance that will create value for customers of compliance, IE., employees, third parties and customer, show how the company will capture that compliance value going forward and finally which types of compliance imagination to pursue.

If you have a good strategy, it can promote alignment among diverse groups in a company, help to clarify objectives and priorities and guide your focus on those objectives. It can also be modified as necessary and with sufficient feedback. There are several questions you need to consider in connecting your strategy to the business. Initially, how will it create value for the customers of compliance; IE., your employees and relevant third parties? Your imagination can make compliance faster, easier, quicker, nimbler and so on. Focus on that creation of value going forward. Next what types of imagination will allow the company to create and capture value, and what resources should each type receive, such as a change in technology and a change in a business process.

Obviously senior management has a key role around imagination in compliance, as imagination can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resources allocated but management must also incentivize the business units to proceed with implementing the imaginations. Another area where senior management is critical is with making trade-offs. A supply-push approach comes when your imagination is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. A demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement imagination around those needs.

Finally, consider what every DOJ or speaker from the Securities and Exchange Commission (SEC) I have ever heard say, when they talk about the basics of any best practices compliance program. It is that both compliance and strategies must evolve. You must recognize that your compliance program will have to be innovative. Start with a strategy which has senior management buy-in and support, then move to implement. Finally use data in a feedback loop to fine tune your imaginations. Imagination in compliance is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate an operationalized compliance program is that the latter creates an active, vibrant and effective compliance program. That is the bottom line for imagination in compliance.

I hope you have enjoyed this Sherlock Holmes inspired week as much as I have enjoyed researching it, writing it and bringing it to you. If you would like more Holmes themed compliance, please let me know.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

This week is a return to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over this week, I am considering themes from the short stories found in The Return of Sherlock Holmes to illustrate broader application to components of a best practices compliance program. I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its contribution, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the two-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie. S. Klinger. Today, I consider the theme of mentoring in compliance.

Shmoop tackles head on the issue of admiration in the Holmes canon. They state, “Aside from being the world’s best sidekick, Watson is definitely the president of the Sherlock Holmes fan club. Watson admires Holmes so much that he basically devotes his entire life to Holmes. In fact, Watson almost doesn’t exist outside of Holmes. But not all types of admiration are taken to such extremes in these stories. Holmes is universally admired, and we see signs of hero-worship in Stanley Hopkins, Inspector Martin of the “Dancing Men” case, and even Inspector Lestrade on occasion. Holmes himself rarely admires anyone, except for a small number of clever nemeses. People often seem to bore Holmes. Neither Watson nor Holmes can see past Holmes’s awesomeness at times, but Watson’s admiration isn’t totally blind. He definitely expresses annoyance with Holmes on occasion. Admiration can be a positive emotion, but it’s often a source of blindness in these stories.” I believe Watson’s lack of blindness (at times) can be used to consider how a Chief Compliance Officer (CCO) should mentor.

In the story The Adventure of the Six Napoleons, Inspector Lestrade says to Holmes, “Well,” said Lestrade, “I’ve seen you handle a good many cases, Mr. Holmes, but I don’t know that I ever knew a more workmanlike one than that. We’re not jealous of you at Scotland Yard. No sir, we are very proud of you, and if you come down to-morrow, there’s not a man […] who wouldn’t be glad to shake your hand.” This comment provides insights into how Holmes is viewed by other law enforcement officers; Holmes is a sort of living legend and the other officers respect his skills.

The matter involved the theft of jewelry as Inspector Lestrade of Scotland Yard brings Holmes a seemingly trivial problem about a man who shatters plaster busts of Napoleon. One was shattered in Morse Hudson’s shop, and two others, sold by Hudson to a Dr. Barnicot, were smashed after the doctor’s house and branch office had been burgled. Nothing else was taken in any of the break-ins. It turns out that the thief had stolen several pieces of jewelry and then hid them in the Napoleonic busts. The thief, having been released from prison on an unrelated offense, was tracking down the busts in which he had placed the jewels for hiding, breaking them open and reclaiming his purloined property.

What are some of the ways that you might mentor a younger or less senior compliance professional? I think there are several ways suggested by Conan Doyle as epitomized by the statement by Lestrade and his relationship with Holmes and Watson. CCOs and seasoned compliance professionals tend to be passionate about compliance even if (like myself) they have a legal background and came to compliance from a corporate legal department. You should work to transmit that passion to others you are mentoring. In today’s hyper-transparent world of reputational risk, that passion can stand out as a differentiator. As with Holmes’ investigation into the destruction of the Napoleon busts, it is integration of the understanding of compliance into your company with all its various components. It is not simply the crossing of siloed boundaries but understanding the differences in business units, corporate functions and even geographic locations that can bring this broad sense of context.

As compliance professionals, transmit the ability to see not only the technical details but also the big picture of compliance. Introduce your mentees to others in your organization, so that they can be exposed to different leadership styles and see how such leadership styles work in various areas and with different constituencies. Encourage mentees to have a powerful sense of compliance community by encouraging cultivation in personal and professional networks. Any chance to participate in such an opportunity should be accepted.

Beyond passion, help them to develop purpose around careers in compliance. This can be aided through reflection, introspection and ability to change as a leader. Moreover, rather than influencing others through individual speeches or stories, the everyday connections between a compliance professional’s sense of purpose and the compliance vision can work to form an indelible impression about the importance of compliance to an organization. This is Louis Sapirman’s 360-degees of compliance in action.

If you are mentoring a compliance professional, you probably have a next generation mindset. But it is equally important that you communicate that to your mentee as it is certainly important that each generation of compliance leaders be fit for the future and be committed to continuous improvement going forward. Pass it forward.

By using these steps, a successful enterprise leader, a CCO or compliance practitioner can bring greater corporate wide presence to the compliance function. Moreover, by using them as guideposts for mentoring, you will make compliance a part of the business process as it becomes second nature and a recognized part of any business transaction. As you communicate to those under you to develop better relationships and how to mobilize compliance for the greater good, it will have the direct benefit of allowing you as the mentor to deliver more value for the company. It does not get much better than that.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

This week I have returned to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. I am using themes from the short stories to illustrate broader application to components of a best practices compliance program. I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger)  edited with notes by Leslie S. Klinger. Today, I consider the theme of criminality and compliance.

Shmoop believes that a question of what makes someone a criminal, runs throughout the Holmes canon. They go on to ask, “Are criminals born or made? Do they tend to be foreigners or can they be found next door? Why do people commit crimes? While the Sherlock Holmes stories always answer the last question at the end of each story, with a handy run-down of people’s motives, the first two questions get a lot of different answers.” In the series entitled “The Return of Sherlock Holmes”, the thirteen stories looked at all sorts of crimes and all sorts of criminals. Shmoop noted there were “professional gangsters and career blackmailers; people who kill in a rage or by accident; petty thieves and stone-cold killers. Sherlock Holmes stories tend to be fairly comforting and enjoyable in that everything is always solved and answered by the end. But they can also be unsettling. Pretty much anyone can commit a crime (even Holmes and Watson themselves) or can be the victim of a crime in these tales.” There’s a lot of uncertainty in that which is said to constitute criminal London.

In the story The Adventure of the Priory School, Watson meets a character, Reuben Hayes, who  believes to be the most “self-evident villain” he has ever seen. The tale revolves around the disappearance of a Duke’s son who is kidnapped by the Duke’s illegitimate son, James Wilder, who has in turn hired that most evil person Hayes to kidnap the lad. In pulling off the crime, Hayes had killed the lad’s tutor, one Heidegger, who had gone off in search of the boy. Holmes resolves the matter, while Hayes swings for his crime, the illegitimate son, Wilder is packed off to Australia.

Rarely do employees in companies begin with an intent to commit criminal acts. Yet by the time they have engaged in criminal fraud, there has usually been significant damage to the organization. One might only consider the recent criminal indictment of Elizabeth Holmes, founder and former Chief Executive Officer (CEO) of Theranos, Inc. and the company’s former COO, Sunny Balwani. I greatly doubt they originally planned to defraud investors out of millions of dollars or intentionally wrongly reported on the health of all those who were tested with their products. Yet the indictment alleges, at the end of the day, that they did so defraud a wide variety of stakeholders, customers and others. Now the company is down to just a few remaining employees.

But this type of massive fraud, perpetrated at the highest level, is a rarity in Foreign Corrupt Practices Act (FCPA) cases (although not unheard of). Yet, as the Association of Certified Fraud Examiners (ACFE) noted in its most recent Report to the Nations (Report), corruption represents one of the most significant fraud risks for organizations. This means that companies should understand the specific factors involved in corruption schemes so they can work to effectively prevent, detect and remediate them.

Some of the key findings in the Report around corruption were that 70% of corruption cases were perpetrated by someone in an organization who was in a position of authority; either a manager or senior executive. The top red flags in corruption cases were (1) an employee living beyond their means; (2) employees with unusually close associations with vendors or customer; (3) employees who were in financial difficulties; and (4) employees who had a ‘wheeler-dealer’ attitude when it came to doing business. Interestingly, corruption continues to be a worldwide problem. While the usually geographic regions of southeast Asia and west Africa have high indices for corruption, in every region across the globe, with the notable exception of the US itself, corruption was found to be the most pervasive type of fraud.

However, the part of the Report that will bring some of the most important insights to the compliance practitioner is the similarities between the fraud perpetrator and the employee engaged in corruption. They share the same profile. The red flags I noted above are the same for those involved in either fraud or corruption. The mechanisms for concealing fraud are concealing or altering documents, creating fraudulent transactions and entries in the accounting system, altering transactions or files and override of internal controls to allow fraudulent transactions.

One other lesson from our Holmes story is what Konnikova says is “be objective”. She said that it is more than simply investigating the apparent facts of the missing schoolboy as “it entails understanding something very specific: a situation (in its broadest sense, be it mental, physical or something as un-situation like as an empty room) is inherently dynamic. And you by the very action of entering it, shift it from what it was before your arrival to something altogether different.” In the story, this means the Headmaster who calls for Holmes and the investigating police believe a kidnapping has occurred and they report the facts in that manner.

Both the information from the Report and Konnikova’s observations point to the need for robust internal controls in every best practices compliance program. Such compliance internal controls can help detect and prevent fraud and corruption from occurring in a much more objective manner. For the reality is if the red flags noted as the top indicators of fraud appear in your organization, it is an objective sign that a more thorough investigation should take place. Konnikova ends this section of her book with the following, “every time you find yourself making a judgment immediately upon observing—in fact, even if you don’t think you are, and even if everything seems to make perfect sense—train yourself to stop and repeat: It is impossible as I state it and there I must in some respect be wrong. Then go back and restate it from the beginning and in a different fashion than you did the first time… It will save you from many errors in perception.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

Building and operating an effective compliance program is a tall order if you don’t have the information or the tools – and people – to make it happen. Today, Tom’s talks with Greg Radner, the chief marketing officer of RANE (Risk Assistance Network + Exchange), about his company’s innovative compliance assistance solutions in the management of risk.

  • What do Greg and the team at RANE do in the compliance arena? Greg gives us the lowdown on what RANE’s focus is: addressing compliance dysfunction by giving professionals the tools to build robust preventative compliance programs to avoid chronic reactionary compliance efforts.
  • Greg lays out three areas where RANE identified compliance dysfunction in the market today: information overload, reactive risk management, and finding the appropriate expertise for the job.
  • How are RANE’s offerings unique compared to other compliance solutions companies? Greg talks about RANE’s expert network, a global network of over 5000 risk experts and service providers that focus on six main areas: physical safety and security, cybersecurity, governance risk and compliance, due diligence and geopolitical risk, medical/psychological risk and legal/regulatory risk.
  • RANE’s mantra is simple: proactive is always better than reactive. Through a daily newsletter called RiskBook and other informative periodicals, RANE arms clients with curated information – developed by RANE or other parties – that addresses the risk situations that truly matter to them.
  • As we’ve seen with RANE’s focus areas above, the areas relevant to the compliance profession have become highly diverse. Tom asks Greg about how this situation is manifesting in RANE’s work; Greg talks about RANE’s focused webinars and about their custom-made periodical monitors, packed with targeted information.
  • Tom asks Greg about one of RANE’s key philosophies: doing more with less. Greg talks about the power of leveraging the network and how making RANE’s experts available to CCO’s can act as an extremely valuable extension of their own resources.
  • Emerging markets can feature a plethora of different kinds of risks. Tom asks Greg about RANE’s solution for making sure a CCO isn’t overloaded by information when trying to keep up with emerging risk. Greg gives some insight into RANE’s curation service and their risk desk team. These folks know the expert network back to front and can tap into exactly what a CCO needs to know.
  • With a diversity of risk and compliance situations comes a requirement for custom-tailored solutions. Greg talks about RANE’s subject matter experts and the ins and outs of matching a client with the right solutions providers.

Links

Greg Radner on LinkedIn

RANE (Risk Assistance Network + Exchange)

RiskBook email alert registration

If you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, check out our Compliance Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.