March Madness is upon us, with the first ever #16 knocking off a Number 1 see. In the midst of this true madness, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. March Madness is here. So is corruption in NCAA basketball. Tom considers both stories in Compliance Week.
  2. Former FCPA Unit Head Chuck Duross says that self-reporting is still “probably not worth it”. See article in GIR (sub req’d)
  3. Elizabeth Holmes and Theranos were engaged in massive, years long fraud. She is fined, must return her Theranos stock and is banned from running public companies for 10 years. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal. See SEC Complaint for full details.
  4. What are some of the compliance lessons to be learned from the Novartis journey? Jaclyn Jaeger considers them in Compliance Week. (Sub req’d)
  5. First DPA granted under new French anti-corruption law, Sapin II. See article in NYU Compliance and Enforcement Blog.
  6. SFO Director David Green pushed back on the myth that DPAs are sweetheart deals in the FCPA Blog.
  7. Are corporate monitorships on their way out? Adam Dobrik reports in GIR (Sub req’d)
  8. The Trace Global Enforcement Report is out.
  9. On Tuesday, March 20, Tom will premier an exciting new podcast Innovation in Compliance. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  11. Jonathan Armstrong will be in Houston on April 10 to put on a half-day GDPR workshop. You can find out more and register at the Greater Houston Business and Ethics Roundtable website, org.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at

In this episode, I visit with Miller & Chevalier Member John Davis on the firm’s FCPA Winter Review 2018. We discuss the key FCPA enforcement actions from 2017 and developments in compliance. Davis identifies four theme’s from Miller’s report including: (1) What if any change did the new administration bring in FCPA enforcement; (2) the uptick in individual enforcement actions under the FCPA; (3) the new FCPA Corporate Enforcement Policy which incorporated elements from the 2016 FCPA Pilot Program and 2017 Evaluation of Corporate Compliance Programs and (4) the large, multi-national anti-corruption enforcement actions which are becoming more normalized.

We they discuss how these trends may continue into 2018 and beyond. The Miller & Chevalier quarterly FCPA report is always one of the most useful review of FCPA and related laws enforcement around. It reviews all the FCPA enforcement actions in the quarter as well as the key international anti-corruption enforcement actions. Also it has some very useful charts and graphics to summarize key trends. It is an invaluable resource for the compliance practitioner. You can check out the FCPA Winter Review 2018 by clicking here.

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week, including some fury.

  1. Wells Fargo is having its soul investigated by actual nuns. Alistair Gray reports in the Financial Times; Thorton McEnery notes sometimes the Universe is both hilarious and cruel in Dealbreaker; and Bloomberg says the Nuns want to know the root cause of the illegal conduct at Wells Fargo.
  2. BSRG goes into receivership. Tom reports in the FCPA Blog. For the original sordid story see, the piece in the New Yorker in 2013 by Patrick Radden Keefe.
  3. Bill Coffin continues his string of great posts. This week he says your data breach nightmare is only going to get worse in his Compliance Week
  4. Canada to introduce DPAs. Jaclyn Jaeger reports in Compliance Week.
  5. Kobe Steel CEO resigns amid admission of years of fraudulent reports by the company. Henry Cutter reports in the Wall Street Journal Risk and Compliance Journal.
  6. The FCPA declination program will be extended to other areas by the DOJ. See Tom’s piece in the FCPA Compliance Report and Henry Cutter’s piece in the Wall Street Journal.
  7. Mayhem at the Mavericks? Sports Illustrated broke the story of horrific sexual harassment in the Dallas Mavericks front office. Matt Kelly blogged on it in Radical Compliance. Tom and Matt explored it in a podcast on Compliance into the Weeds. Dick Cassin reports that the Mavericks are looking to hire a first ever CCO in the FCPA Blog.
  8. March 6 was the anniversary of the fall of the Alamo. The lads explore what is means for compliance professionals to be seen as the Alamo. Is compliance the last stand or are they simply slaughtered for standing up for their beliefs? Tom considers both perspectives in the FCPA Compliance Report.
  9. Tom and Jonathan Armstrong are back with Episode 3 of Countdown to GDPR. Tom writes about the policies and procedures you need for GDPR in the FCPA Compliance Report.
  10. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at

I continue my exploration of how an agile approach can bring innovation to a corporate compliance function. Yesterday I considered how agile concepts can be used to more fully operationalize a compliance function through coaching to and for middle managers. Today I want to explore how agile can more fully operationalize a compliance program by creating compliance teams. This series on using agile to more fully operationalize compliance is based up a recent article in the Harvard Business Review (HBR) by Peter Cappelli and Anna Tavis, entitled “HR Goes Agile”.

One of the key insights I received from the article was the focus on teams. When you think about that in the context of further operationalizing compliance, you can see such an approach will also help to improve overall corporate culture by imbuing a real sense of doing business ethically and in compliance as a business differentiator for the organization.

The authors suggested three separate scenarios where compliance teams could benefit from an agile approach. Each scenario more fully operationalizes compliance down to the business unit level and more fully engages a company’s front line employees in the first step of doing compliance. This approach is not only favored by regulators and prosecutors but will also work to create greater efficiencies closer to the business front lines and will give the company the ability to embed risk management strategies and techniques in a location where they can be employed the quickest to better manage risks as they appear.

Most of the consideration of a compliance program is focused on the individual, whether it be training, monitoring, incentives and discipline or risk management. While such an approach is not inappropriate, consider how much more powerful your approach could be if you could mobilize business teams into compliance teams. Such is the power of agile.

In agile nomenclature, such groups are called scrums where they create, execute and revise their goals and strategies that give them the ability to react more quickly as new information becomes available, which is to say, on an ongoing basis. Such compliance teams can track their progress against measurable standards, identify both compliance obstacles and compliance risks, assess the tools available or provided to them and provide insights on how to improve team performance from the compliance perspective.

The first area where team compliance can improve through an agile approach is with directional feedback. In an agile environment, peer feedback is essential to make course corrections. Such comments and information are usually shared between team members. It is important there also be upward feedback from the front line compliance team to middle management and through to the compliance function.

This approach can lead to a quantum of feedback, which needs to be captured, usually through a tool or app. This allows comments to be more thoroughly reviewed later and used for other purposes or projects. It also allows for more full and robust ongoing monitoring of compliance trends and issues. This type of feedback can be invaluable for a corporate compliance program to then deliver a more targeted or robust risk management solution if warranted or needed.

The second area where an agile approach aids compliance teams is in frontline decision rights. As compliance more fully operationalizes their programs and moves it into the front lines, it equips employees to operate more independently. Yet the authors note this can “be a huge behavioral change and people need support to pull it off.” Put another way, your employees may not be used to making what were thought of as compliance decisions. The answer is to embed a compliance coach closer to the front-line business folks to not only encourage such decision making and be present as a compliance resource; but also help structure an after-action review which can identify successes, failures and perform a root cause analysis, much closer to the time, place and event.

For the compliance coach role consider our discussion yesterday on agile and coaching. These compliance trained coaches are uniquely situated to bring exactly this type of support. You also see how both the coaches and compliance teams are tied together in a holistic approach which more fully delivers an operationalized compliance solution to the organization.

The third and final area around agile and compliance teams is complex team dynamics. In this capacity, companies should continually monitor compliance teams as learning mechanisms. You should identify your best performing compliance teams to understand their dynamics, so you can move their success techniques to other compliance teams in your organization. You can also use an organization wide tracking system to measure and then improve what the compliance teams are doing within specific business units, geographic areas and across the organization globally.

The use of agile to create compliance teams can be a very innovative and powerful tool to more fully operationalize your compliance function. However, this approach will take time and commitment from all involved, including senior management. There must also be a high level of trust within your organization which will allow front line employees who may not be used to voicing opinions to do so, in a way under which there will not be retaliation or even negative consequences for the compliance teams providing feedback.

Next, I will consider how an agile approach to other aspects of the Ten Hallmarks of an Effective Compliance Program can more fully help to operationalize compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018


In this episode I consider the role of the Boards of Directors in having a Compliance Committee and having a compliance expert on the Board itself. When you consider any of the most recent corporate scandals, from industries as wide as pharmaceutical to banking to manufacturing to transportation, one of the key themes in common was they had no compliance expertise on the Board of Directors. This lack of a key resource to the Board is something which has now drawn the attention of regulators and prosecutors.

At the Board of Directors level, a Board Compliance Committee can devote itself exclusively to non-financial compliance, such as FCPA compliance. While many companies have fulfilled these obligations through an Audit Committee, clearly the better practice is to have a separate Compliance Committee. The reason is clear, that compliance has become not only central to any well-run business but it is critical to overseeing a wider variety of risks than the typical Audit Committee has experience with, which is usually only aimed towards financial risks.

Every Board of Directors need a true compliance expert sitting on their Board. Almost every Board has a former Chief Financial Officer, former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance-based issues. All of these considerations were incorporated into the Justice Department’s thinking when it added the requirement for compliance expertise to a Board of Directors in the 2017 FCPA Corporate Enforcement Policy.

For more information on the role of the Board of Directors and compliance, check out the information on my new book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. In it, you will find out how you can more fully incorporate a Board of Directors into your compliance program.  It is available for PreSale here.