SEC Chair Jay Clayton is reduced to having a PR firm create fake investor comments to support a SEC rule change. The Astros cheating scandal gets worse. As Tom worries MLB might take away his replica World Series Championship Trophy and Jay consoles him about when a team cheats and wins, they turn to some other of this week’s top compliance and ethics stories which caught their collective eyes.

  1. Using the same defense as Hoskins, Boustani admits bribery and corruption in Mozambique Tuna Boat case. Will it work out any better for him? Steward Bishop and Frank Runyeon in Law360. (Sub Req’d)
  2. SEC whistleblower tips go down for the first time. Kristen Broughton in the WSJ Risk and Compliance Journal. Kevin LaCroix sees it otherwise, on the D&O Diary.
  3. Jay Clayton gins up fake written comments to support regulation change. Zachary Mider and Ben Elgin report in Bloomberg.
  4. Former Keppel Offshore lawyer sentenced to time served. Dick Cassin reports in the FCPA Blog.
  5. Why punishing the bribe takers is equally important as punishing the bribe payors? Matthew Stephenson explains it all in the Global Anti-Corruption Blog.  
  6. Does an aggressive position in a Wells submission hurt a company in a SEC enforcement action? Lawyers from Simpson Thatcher explore in NYU’s Compliance and Enforcement Blog.
  7. What is ‘enforcement fatigue’ and how did Alstom overcome it? Dylan Tokar reports in the WSJ Risk and Compliance Journal.
  8. of Treasury bringing more sanctions cases against shipping companies. Kristin Broughton reports in the WSJ Risk and Compliance Journal.
  9. What will risk and compliance look like in 2020? David Banks considers in Navex Global’s Ethics & Compliance Matters blog.
  10. How does M&A benefit from an independent assessment? Jay continues his series on CCI.
  11. What are the implications of Gen Z on the front lines of compliance? Gaurov Kapoor explores in CCI.
  12. Recent FCPA enforcement actions shows the SEC will use FCPA Accounting Provisions to hold a company liable for ineffective AML controls. Clay Porter in the National Law Review.
  13. Navex’s Loren Johnson joins the podcast to talk about Navex Global’s 2020 Benchmarking Survey.You can participate in Navex Global’s annual survey by clicking here.

Tom Fox is the Compliance Evangelist and can be reached at Jay Rosen is Mr. Monitor and can be reached at

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at

This week in 1887, Sherlock Holmes made his literary debut. Holmes is known for his rigorous logic and observational skill. He’s recognized worldwide by his deerstalker cap and calabash pipe. He’s been portrayed more than 250 times through film and television. All of this has made Holmes one of literature’s most notorious and iconic figures. Widely known for his eccentric human flaws—social awkwardness, an addiction to narcotics, a lack of patience, Holmes also has an eclectic inhuman mind—one which is able to make logical connections to solve mysteries based on facts that are invisible to the average detective.

Holmes logic and observational skill are the perfect way to introduce today’s topic of business venture under the Foreign Corrupt Practices Act. Whether they are Joint Ventures (JVs), partnerships, franchises, team agreements, strategic alliances or one of the myriad types of business relationships a U.S. company can form outside the U.S., they present diverse risks than those presented by third-parties. Unfortunately, many companies treat business venture risk the same as third-party risk. They are different and must be managed differently.

These problems continue to exist in places like China and India where there have been a number of FCPA enforcement actions involving U.S. companies which enter these markets via a JV. They have some sort of arms-length business relationship with a Chinese or Indian company; then they move to a JV relationship; and as the final step they end up buying out the foreign partner so that they bring the JV into the company. By the time of the full merger into the U.S. organization, the corruption is so established and ingrained that it continues. Then it is no longer them doing bribery and corruption; it is now you doing the bribery and corruption.

Consider the business risk for JVs. It begins with the business reason for setting up the JV. The U.S. company wants a connected, well-placed partner who can gain them influence in the foreign market. That foreign partner may be a government official, employee of a state-owned enterprise, or a state-owned enterprise itself. Mike Volkov has said, “by definition the JV relationship you are creating has risks in terms of why you are even doing business with them or even bringing them to the joint venture”. The next problem is in JV governance.

The first problem was why the JV was created but the next is how it will be created? Will it be 50/50 ownership between the U.S. and foreign partner or something else? If its 50/50 how will you split the Board or other governing body. How will you resolve final disputes? All of these questions should be considered from the compliance perspective.

Next, what are the incentives of all the parties and what were the roles that everybody was going to take on regarding the business operation. Volkov said, “if you have a 50/50 joint venture then you would have a situation where the joint venture itself retains third-parties or distributors.” Whose third-party risk management program will be followed? What if red flags arise, who and more importantly, how will they clear them going forward.

Next is the JV going to use lobbyists and consultants to facilitate the JV operations? The foreign partner may want to hire third-parties with no U.S. partner input. The bottom line is that this is an incredibly high risk which requires more than just third-party risk management strategies because you need to get into the guts of the business; how it was created, how it operates and then how is it going to operate.

A different situation comes into play with franchisors and international franchising. Here the issue may be one of control and you must look at the nature of the relationship between the parties in a franchise relationship. Most franchise agreements raise significant FCPA risks. They are outside the classic agent/distributor situation a business needs to take a hard look at the nature of the business venture or how it is operating, why the people have gotten together, next look at the intricacies of the business and, finally, apply a risk analysis to the entire transaction.

In addition to the following the money issues present in every business relationship, the franchisee may also hire its own third-parties, have its own interactions with foreign government regulators, need to train on compliance programs and of course have its own compliance program in place. Yet how many international franchisors have thought through all of these compliance requirements? Regarding franchising, it is both structure and oversight that are required. A company must use its full compliance tool kit in managing the relationship. Sitting back, putting compliance requirements in a franchise agreement will simply not suffice. There must be active management of the compliance risk going forward on an ongoing basis.

The bottom line is that may compliance practitioners have not thought through the specific risks of business ventures such as JVs, franchises, strategic alliances, teaming partner or others as opposed to sales agents or representatives on the sales side of the business. I hope that this will help facilitate a discussion that maybe people will begin to think about more of the issues, more of the risk parameters and perhaps put a better risk management strategy in place.

While you are considering all of this settle in with the first Sherlock Holmes story, A Study In Scarlet  or check out my podcast entry in the Compliance Podcast Network.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019

You probably have to be a true NY Yankees fan to know the name of Irv Noren. He was a little known and long forgotten Yankee from the early 1950s who helped bridge the gap between the retirement of the greatest Yankees ever—Joe DiMaggio to the ascension of the next Yankee great, Mickey Mantle. DiMaggio retired after the 1951 season and Mantle was still recovering from a knee injury that would plague him for all his career. Yankee Manager Casey Stengel and General Manager George Young were not satisfied with the outfielders on the roster so they traded for Noren.

Noren had been a star with the lowly Washington Senators and was awestruck when he joined the team. As cited in his New York Times (NYT) obituary “I said to myself, ‘This is where Babe Ruth, Lou Gehrig and everybody was, in this clubhouse,’” he told the website Baseball Happenings in 2016. “You had to produce over there. In Washington you could go 0-8, but in New York if you went 0-8, someone else would be there. They had to win.”” Win and produce he did, with the Yankees winning the World Series in 1952, 1953 and losing to the Brooklyn Dodgers in the 1955 World Series and winning it all again in 1956.

I thought of Noren and how he was seen as bridging the gap between two Yankee superstars as an introduction into today’s blog post on how can you determine if your Human Resources (HR)  Department can meet the needs of a best practices compliance program? One place to start is with a gap analysis to determine what HR has in place that can facilitate your company’s compliance program. For it is through a gap analysis that you can work to bridge the gap between what exists and where your program needs to go to be effective.

From the HR and compliance perspective, there are four steps to undertaking a gap analysis: 1) understanding the compliance and HR environment in your organization; 2) taking a holistic approach to understanding the compliance and HR environment; 3) determining a framework for analysis, and 4) compiling supportive data to test the program.

Yet before beginning this exercise it is incumbent to understand that the first element of an effective compliance program under the U.S. Sentencing Guidelines is to have Established Policies and Procedures to protect and detect non-compliance with regulations. While the U.S. Sentencing Guidelines specifically target “criminal conduct”, companies would be wise not to limit their risk assessment or gap analysis to only criminal conduct.

Most, if not all, companies possess several corporate policies that govern employee behaviors.  The person in charge of the corporate compliance function should first identify the policies in place by utilizing a gap analysis to catalog the existence of corporate policies across the company, noting policy gaps and inconsistent application of policies across various locations. The business units and functional disciplines should be tasked with filling the gaps and standardizing conflicting polices.

This exercise allows you to move forward to what is required to operationalize compliance as you must know what you must be compliant with going forward. So how does one work with the business units and the functional disciplines to structure the identification of legal and compliance risks in a way that can be managed and utilized with some degree of ease? Here are a few questions that a compliance practitioner may pose to HR to perform a gap analysis regarding policies and procedures:

  • Does HR have an inventory of policies, procedures, laws and regulations covering employees and employment related matters applicable to the company’s business?
  • If yes, do you have a specified person who is in charge of updating the inventory?
  • If no, what system does HR utilize to ensure that it is aware of the various compliance laws and regulations and has a process to comply with them?
  • What evidence would HR be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
  • What types of compliance training are mandatory for all employees, which are optional and how does HR track and document completion? How is the training performed? Is it provided in the native language of the employee or only in English?
  • What types of enforcement actions predominate in the compliance arena for your industry or where your organization does business? How is such data tracked in your company?
  • Are HR employees specifically trained to understand compliance requirements applicable to your organization?
  • Does HR provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within HR?
  • Has HR established some type of escalation criteria to ensure that high-risk compliance issues are reviewed at the corporate level?
  • Does HR have compliance monitoring standards in place?
  • Does HR perform periodic audits to ensure that the policies and procedures are being complied with?

These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company.

My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and “Document, Document, and Document”.

Irv Noren not only provided a vital bridge between two Yankee stalwarts; he was an All-Star and excellent player in his own right. In 1954, he had the third best average in the America League with a .314 average. He was an All-Star for several years as well. When you can bridge a gaps with someone like Noren or use a gap analysis to bridge your HR compliance program from good to great, you are on to something very significant.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015

In this episode of Excellence in Training, Shawn Rogers provides some thoughts on the veiled land of –the future of compliance training.

Highlights include:

  1. I Hope Compliance Training will be More Respectful of the Learner

Compliance training needs to evolve to be more respectful of the user’s time and intellect. I hope that compliance training will become much less repetitive and that companies will figure out ways to give learners credit for the training they have taken in the past.

No other training discipline that makes the learner take mandatory training on the same learning objectives year over year. Rather than giving the learners credit for understanding and internalizing and applying the training they have received in the past; they keep repeating the same learning objectives. To eliminate the monotony, they try to take different approaches, such as gamification, videos, virtual reality, etc., but in the final analysis, they are still teaching the same basic learning objectives.

Embrace the concept of teach once (maybe twice) and then remind frequently. Over-training is a waste of both company resources and employee time. If we could accurately measure scrap learning rates, there could well be incredibly high in most compliance training programs.

  1. I Hope “Compliance Training Abuse” will Stop 

By “training abuse,” Rogers’ mean the tendency of companies and government officials/agencies to apply/require training courses/programs to problems that training can’t and won’t solve – but instead gives the illusion that “something is being done.”

Government Mandates

In the United States, many state governments are requiring companies to implement anti-harassment training, and repeat it every year (e.g., New York) or every other year (e.g., California). There are only so many ways you can train people on anti-harassment, and only so many learning objectives associated with anti-harassment. Yet, in some jurisdictions, companies have to provide annual training to employees, not because the training will change anything when done for the fifth or tenth time, but because it is required by the force of law. This becomes another form of tax on the company, it annoys and frustrates the learners, and it undermines carefully thought-out training strategies.

Virtue Signaling 

When a company is hit by a major scandal, often the first response is “we will require training.” This decision is typically motivated by a desire to send a signal that the company recognizes it has a problem and that it’s going to train people into behaving properly. Well, Rogers believes that 98% of problems a company face are caused by about 2% of its employee population. So, for 98% of the employees, the training becomes punitive rather than helpful, and the 2% of the bad actors ignore it. But there has been an illusion created that the company is taking steps to fix the problem, and it gets headlines and publicity. And the masses are pacified.

  1. I Hope Compliance Training will become More Relevant to Learner Roles

There are some ethics and compliance topics that every employee in a company needs to know at an awareness level. For example, every employee needs to know that the company has a code of conduct, where to find it, and what it contains. Every employee needs to know about the company’s hotline and how to report issues. Every employee needs to know about the company’s non-retaliation policy and the protections it provides. Every employee needs to be aware of safety policies and procedures.

However, when it comes to some of the more serious legal and regulatory risks, not every employee has the same level of risk exposure. Take bribery, for example. Most employees need to know the company’s position on bribery and that the company has a policy. These employees need understanding at an awareness level, not at a highly technical level. However, there are some employees that are in a position to either offer bribes or be bribed because of their job function or their location. These employees need in-depth training on how to handle these situations.

Hopefully, as a compliance profession, will become more adept at providing training that is adapted and tailored to the risk that specific individuals or groups of individuals present to the company and to themselves. This could be accomplished by better profiling learners through HR data, by using “adaptive” online training, and by focused training campaigns to high-risk audiences.

  1. I Hope Compliance Training becomes More Integrated into Business Processes

This is the “just-in-time” training model. It is one thing to have an annual compliance training requirement, and quite another thing to provide training exactly when and where the employee needs the information. For example, many companies provide insider trading training as part of annual training requirements. Then, they hope the employee remembers the principles when he/she decides to buy/sell the company stock.

But wouldn’t it be better to include some kind of “micro training” or policy reminder at specific times when and where the risk is highest? Perhaps certain groups are more prone to being aware of insider information – they should get frequent and targeted reminders. Perhaps the company has “trading windows” after earnings announcements. When the emails go out to the company that talk about the authorized trading windows, perhaps that’s a good time to provide an embedded training module.

Another example is when an employee is traveling overseas and might be carrying company samples or might have a computer that contains sensitive company data. That would be a great point to embed a “hand carry” training module or a trade controls training module into the travel booking process.

  1. I Hope Compliance Training becomes More “Bottom-Up” Driven than “Top Down” Driven 

Rogers hopes that compliance training can get to the point where managers and people leaders drive compliance training based on how they perceive the risks in their organizations. In other words, I hope that awareness of risks can permeate the organization to such a degree that managers will be able to recognize when their employees need training and can call on the compliance function to provide custom training opportunities.

Rogers ended by noting he would like to see managers become more empowered with the tools they need to be better partners with the compliance function. This is happening to some extent, but it needs to happen more. For example, at GM we recently installed a new leader for our Korea operations. One of the first things he did was to request compliance training for the senior leadership and all people leaders. He suggested both the topics and the approach to the training. He wants to see this happening more across the company.

Disclaimer-As a company, GM uses many training vendors. GM’s compliance function primarily uses two vendors. Rogers has worked with other good vendors that currently do not work with GM. Rogers is not promoting any specific vendors, nor is he disparaging any specific vendors in this podcast. And, of course, these opinions are Roger’s alone and opinions that  developed over almost 15 years. He is not speaking on behalf of GM in any way.


Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this concluding episode Ronnie and Tom finish out their a five-part series on creative ideas you can use during the 2019 Corporate Compliance and Ethics Week, including using the Week as a stepping stone going forward.

In this Part 5, we wrap up our series on things you can do to foster greater communication for your compliance messaging. You should use compliance communications to educate and entertain. They should be designed to influence employee behavior. Tom and Ronnie both agree that Corporate Compliance and Ethics Week initiatives should only be seen as a starting point and must be followed up throughout the year.

Some of the ideas include:

  • Have Managers lead compliance related discussions; you can create toolkits for them with talking points.
  • Have senior management discuss an ethical dilemma they faced and how they resolved it.
  • Use real world examples to stress your company’s values.
  • Any initiatives you begin must be followed up throughout the year.


Ronnie Feldman (LinkedIn)

Learnings & Entertainments (LinkedIn)

Ronnie Feldman (Twitter)

Learnings & Entertainments (Website)

60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.

Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.

Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.