Welcome to Episode 10 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on the impact of new technologies and artificial intelligence on Compliance profession. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince the audience that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1 There is no need for Compliance Officer to learn about new technologies as blockchain or artificial intelligence for instance. Tim, would you agree with this statement?

Tim Khasanov-Batirov:

I disagree with this statement. I believe Compliance practitioners should pay attention to new technologies. Let me give you one example. A new bribing scheme might take place by utilizing, for instance, Initial Coin Offerings (ICO) model. This could be done in a simple manner. One is requested to “invest” money to a specified ICO project. One has to pay in hardly trackable cryptocurrency in exchange of tokens. The thing is that ICO (contrary to IPO) is not regulated in the majority of jurisdictions. Thus, there are no mandatory audit or legal requirements, which are able to validate if the project is sound from financial prospective. Consequently, there is no guarantee or obligation that one can expect the return of his money after investing in something, which technically is not illegal. Imagine that a PEP is an ultimate owner of this ICO project. He could get all financial proceeds from “investments” in cryptocurrency, which in certain jurisdiction even is not subject to declaration. While in the US this mechanism will not work due to so-called “Howey test” in other jurisdictions ICO could be used as an innovative bribing scheme.

What are your views, Tom?

Tom:  I agree with your statement, Tim. I have some more points to focus on as well. As the majority of Compliance practitioners are lawyers we have been witnessing how new technologies as artificial intelligence impacts legal profession. The AI technology replaces in-house lawyers in for instance drafting lawsuits. Why AI can’t draft or analyze your Code of Ethics as well? So, as I have mentioned in my posts Using AI in a Compliance Function a compliance practitioner should have a look at opportunities that new technologies bring. This could be process automation for example. The ways to use new technologies in operationalizing Compliance still to be explored.

Tim: Tom, I fully agree with you. There is a great future for utilization of new technologies in Compliance profession.

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. New tech cannot influence the effectiveness of the corporate compliance program. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

As we have discussed earlier new technologies have an impact on the execution of the Corporate Compliance program. The impact of new technologies on Compliance profession I have depicted in the attached new issue of the Compliance man illustrated. Case management systems, which are utilized as platforms for Whistleblowers’ line along databases for due diligence are something to which we are used to already. Technologies allow us to do our work quicker and more effective. At this stage, in-house Compliance community probably is not involved that deeply in new tech, but I believe it is a question of time. What are your views, Tom?

Tom: I would like to reinstate my philosophy, which is based on the necessity to determine not only additional value but also to assess what would bring the biggest bang for your Compliance buck through the greatest contribution to business success. Compliance person has to consider both short and long-term value, as well as projects that might expand into a broader “suite of cognitive capabilities to create competitive advantages.”

 

Some of the questions that Compliance practitioner should consider are:

  • How critical to your overall compliance strategy is addressing the targeted issue?
  • How difficult will it be to implement the proposed AI solution?
  • How would the benefits merit the efforts and are there other uses for the AI solution?

Hope our discussion attracted the attention of our listeners among Compliance community to role of new technologies in compliance management. Tom Fox and Tim Khasanov-Batirov were here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Episode 9 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on things, which actually could kill compliance in the organization. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware of our format, in each podcast, we take two typical concepts or more accurately misconceptions from an in-house compliance perspective. We check out if these concepts work in emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince the audience that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Myth #1 Absence of support from top management could kill compliance as a concept in the organization. Tim, would you agree with this statement?

Tim Khasanov-Batirov: I think we should define whom we consider a top management and what we mean by support. If we start with a question of top management, I would think that there is no need to expect appreciation or kind attitude to compliance from everyone among senior management. It will never happen. You obviously want to have an understanding of what you have been doing among your company’s decision-makers. Still, it does not lead to full support for everything a compliance officer is proposing. I believe it is about values. If key stakeholders appreciate integrity and compliance that something which really matters for a compliance officer.

The second question is about support. Based on my practice there is no way to have daily support from everyone in the organization. If compliance person maintains good working relations with employees from different levels of corporate hierarchy, that makes operationalization of compliance program more effective. What is your opinion, Tom?

Tom:  A couple of things come to my mind, Tim: First and foremost, There are several key issues why top management support is more than simply critical, it is mandatory. It is senior management that sets the priority for a company and if they are not committed to compliance and ethics, everyone in the organization will understand it. I often provide the example of Regional VP who said the following: If I violate the Code of Conduct, I may or may not be caught; If I violate the Code of Conduct and am caught, I may or may not be disciplined; If I miss my numbers for two quarters I will be fired. If senior management focuses only on numbers, that will be communicated throughout the organization.

Yet another key issue I would like to touch upon is the question of trust. When a compliance officer is promoting a compliance initiative across the organization, they could be successful if employees embrace it. He has to demonstrate that they have been doing the right thing rather than just executing corporate compliance requirements. You can achieve this result if people trust you. If there is no trust neither senior management nor employees will support compliance. What must a compliance officer do to get trust? Just be risk-oriented, try to suggest ethical solutions to achieve business tasks, be open-minded, and feel interested in corporate processes. In other words, you must operationalize compliance to make it a part of the very DNA of your organization. You have to become a trustworthy partner in order to get the level of support required for effective execution of the corporate compliance program.

Myth #2. Bad corporate culture can kill Compliance in the organization. Tim, will you agree with this concept?

Tim: I agree that culture of non-compliance could kill the compliance idea in the organization. I believe that no matter if it is a big corporation or a small firm the culture starts from the CEO. There is always someone in the organization who is not a fan of compliance. It is fine unless CEO himself does not support ethics. In this case, you have no chance to survive. In our attached issue of the Compliance Man illustrated series, we have depicted challenges, which compliance professionals face. However, in my view issues like decrease of the department’s headcount or budget are something, which cannot stop compliance officer.

Tom: I believe that strong ethical culture is a key factor for building a solid compliance program. From a practical perspective, I think surveying personnel about their attitude towards integrity could give you a real picture of the state of culture in your organization. Another point to mention is the necessity to understand views of managers who due to their job responsibilities pose compliance risks, those in high-risk positions. This may be heads of construction or procurement teams as they interact with governmental officials. In an ideal scenario, they share your values or at least strictly follow respective compliance procedures. In the worst case, your efforts in embedding compliance program could be diminished by ignorance from actors which play a critical role in its effectiveness.

Thus, as key takeaways from today discussion, which is inspired by the famous Unstoppable video of Sia, I think we can mention the following:

  • A compliance officer should be ready to overcome difficulties at all stages of compliance program execution. The best way to do it is to obtain trust from key stakeholders, win minds and hearts for compliance and never give up. Just be unstoppable.

Tom Fox and Tim Khasanov-Batirov are here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Episode 8 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on tough questions, which Compliance officers need to address. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1 Decrease of the Compliance department’s budget could significantly affect its effectiveness. Tim, would you agree with this statement?

Tim Khasanov-Batirov: I believe it is a tricky question. It depends. Obviously, Compliance officer should has resources to do his job. The question is what we consider as an “adequate” level of resources or budget. Consequently, we need to deploy criteria, which could be used for estimates. In my view, the best algorithm will be the following:

  • To define scope of applicable regulatory requirements;
  • To conduct risk assessment;
  • To plan activities, which will tackle high-risk regulatory requirements. This for instance might be related to implementation of the 10 Hallmarks of the Effective FCPA Compliance Program;
  • To estimate respective budget.

Thus, in my opinion mere fact that the department’s budget is decreased or increased does say anything. First, you have to look whether you have funds to address key priorities.

Another thing to mention is allocation of resources. For instance, in my view due to creation of different apps and software compliance staff is in position to create training video itself significantly cutting costs on expensive video production. Probably you will not become Oscar winner for your video but it is not your goal. One more tip for compliance practitioner is to approach HR, PR/Communications teams to check out if they might be interested to conduct joint activities with Compliance department. In the ideal scenario, they might finance your projects as for instance contest for personnel on knowledge of corporate Ethics Code. In this case, both HR and Compliance departments will find themselves in a win-win situation.

Tom, you write often about Compliance department’s effectiveness. What will be your recommendations when we refer to budget cutting?

Tom:  A couple of things come to my mind, Tim:

When I refer to operationalizing Compliance, I mean tailoring your efforts to particular organization. Thus, look at level of maturity of your organization in order to find out what resources your need and what is more important whether those resources will help you in practice. For instance, you might get budget for sophisticated databases, which might be useless if there is no trained personnel to operate this software. You also do not want to ask budget for doing fancy training video as you already mentioned knowing that majority of staff is located in the fields and would not be able to watch it. I also encourage Compliance practitioners (who are primarily lawyers) to dig deeper in corporate budgeting process exploring basic financial concepts and the logic of forecasting. This will allow you to speak with decision makers on the same business language.

But from the corporate perspective if your business takes a downturn you may well be faced with a smaller budget and overall compliance resources. If that occurs you will have to do less with less by prioritizing on your highest risk and manage those risks.  The key is how you use the resources available to you.

Tim: Tom, I agree with you.

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. We have adopted internal policies. Now we can save on hiring high qualified and consequently high paid compliance personnel. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

What I have seen on practice at emerging markets that unfortunately in many cases compliance professionals are viewed solely as internal policy makers. Thus, the misconception you have mentioned is based on this presumption. The problem that in this scenario all other key elements of compliance program as top management engagement, communications, risk assessment, etc. are kind of getting out of picture. The sad part that even if we refer to policy making the essential part of it is policies implementation, which becomes impossible in absence of other mentioned elements. To manage compliance risks at high-risk markets the company should hire a person who would be able to demonstrate ability in deploying all elements of the effective compliance program.

What are your views, Tom?

Tom: I think it is good that we are referring to the topic of professional level of compliance personnel. I have some thoughts about that based on my practice.

There is no way to get a high-qualified in-house compliance support if organization hires a junior person or someone who has not practical experience in ethics. I would recommend deploying a risk-based approach hiring seasoned and consequently well-paid professionals. This is particularly important when you look for CCO and practitioners covering risky areas or regions. But the key is qualified professional, coupled with pay commensurate to a senior level position.

Our profession is relatively a new one. Therefore, what I have seen that professionals from different occupations join in-house Compliance community. This is a positive trend if he or she possesses skills and demonstrate knowledge allowing to effectively implementing the corporate compliance program. In the same time, personal experience in compliance profession is something, which could not be substituted by any other expertise or background. This is my message to hiring managers, who consider internal candidates for key compliance roles.

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • No matter whether we talk about in budget planning or in hiring of in-house compliance professional, a risk based approach is your best friend.

Tom: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Special Episode of Compliance Man Goes Global podcast of the Compliance Report-International Edition. We will be celebrating Christmas soon. In many countries, on December 31st people will be celebrating New Year as well. It is the right time to talk about compliance and gifts giving. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1

In our corporate policy, it prescribed that gifts giving is allowed. The main requirement is that gift has to be of modest value. Tim, would you think that this requirement is clear enough for implementing at high risk markets globally?

Tim Khasanov-Batirov: I think it is a vague and non-practical rule:  

Argument #1.

The cited statement from the corporate policy looks to be a legalized language. From practical prospective being located somewhere in Central Asia there is a challenge for local personnel to interpret this ambiguous “modest value” test.

Argument #2.

Even if there is, an extra statement in the corporate policy saying that value of the gift should not exceed rates prescribed by local laws this is still a very non-practical approach. It requires local staff in various locations to research and understand local legislations. This might become a challenge specifically in the cases if there is no local compliance officer, who is in position to provide advice.

Tom Fox:  I think, Tim that there are some cons here as well:

Argument #1

When we are talking about global corporations, which operate in dozens of countries it, is difficult to track rates of permitted values for gifts across the globe. Thus, the “modest value” approach serves as a basic principle. You can always use the common-sense test, if a gift seems to be too expensive, it is too expensive. As you note, what might be modest in Moscow, Oslo or New York may be of high value in a west African country.

Argument #2

I would agree with you that organization should tailor the language probably in the local corporate policies identifying rules applicable for each respective country. Moreover, in legislation on gifts giving to PEPs might significantly vary from country to country.

Tim Khasanov-Batirov: Tom, I agree with you. By the way, listeners, as you can see from the attached illustration Compliance Man and Ms. Corporate, congratulate us with the forthcoming holidays reminding us key compliance principles on gifts giving.

 

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2.

We are ethical. In our organization, everybody knows that we are not giving expensive gifts. No need to repeat this mantra for personnel prior to each holiday. Tim, will you agree with this concept?

Tim Khasanov-Batirov: I strongly disagree with this concept.

To get certain level of ethics in organization compliance officer has to be sure that everybody in the organization is aware about corporate rules on gifts and entertainment. Taking in consideration high staff’s turnover in certain industries there is a threat that in absence of systemic communication in a couple of years significant part of personnel will be unaware about compliance requirements. I would recommend reminding personnel on corporate gifts rules beforehand each major holiday of the respective country.

What are your views, Tom?

Tom Fox: I agree with you, Tim. In the same time, let’s look a bit closer on the way compliance practitioner should communicate rules on gifts among personnel.

There are different ways compliance practitioners communicate integrity rules among staff. This could be in person trainings, video clips, email messaging, etc. The main idea is that the way you disseminate the rules has to be effective. It has to be operationalized, as I like to say. For instance, there is no need to circulate emails if you know that recipients are in the field and could not read the messages. I would also recommend avoiding lengthy and vague language. You want to be precise and clear. A good movie clip from a Christmas film can work in this situation.

Finally, always remember to Document Document Document your communications around gift-giving if the regulators ever come knocking.

Tim Khasanov-Batirov: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • The organization should have clear rules on gifts giving which should be tailored per each respective jurisdiction. Every compliance officer must to choose the most effective way to remind personnel before major local holidays on corporate gifts policies.

Tom Fox: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov wish you a Merry Christmas and Happy New Year!

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Episode 7 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we focus on typical mistakes, which Compliance professionals do sometimes make in their roles and programs. We will explore this matter in a plain language and in the simple game form. Moreover, to make the podcast and text more appealing, will also illustrate today’s episode with an illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work in emerging jurisdictions. For each podcast, we divide roles with Timur, a 17-year compliance practitioner who focuses on embedding compliance programs in emerging and high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1 There is no practical way to improve Compliance program. This is just a fancy and useless statement. In corporate practice, it is just unreal. Tim, is it a mistaken position?

Tim Khasanov-Batirov: I believe it is a huge mistake:  

Argument #1.

As corporate business processes change, from time to time respective adjustments in the policies should be reflected. Thus, if this mere fact is ignored efficiency of compliance controls is getting less or in the worst-case scenario, the control mechanism becomes obsolete.

Argument #2.

There is a classical view that Internal Audit could help a lot in improving the corporate compliance program. I fully share this position. Having said that I would also strongly recommend traditionally Compliance professionals finding common language with business leadership in order to promptly fine tune controls for existing processes and set new ones for brand new business processes.

Tom:  I think, Tim that there are some cons here as well:

Argument #1

While the DOJ’s 10 Hallmarks of the Effective Compliance Program makes clear a ‘check-the-box’ compliance program is insufficient. It provides for monitoring and continuous improvement as vital to avoid “paper” improvements that do not address real risks. In a poorly constructed compliance program, the company is just imitating attempt to tackle the improvements box in the checklist so to say.

Argument #2

The second thing is about more advanced matters. It is about operationalizing and measurement of the compliance program improvement’s efficiency. Good dialogue with business on how to implement, measure and make changes to the program effective is a key to success.

Tim: Tom, I agree with you.

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. As compliance practitioners, we should draft and amend exclusively compliance policies. The list of such policies is well known and is exhaustive like code of ethics, gifts policies and alike. There is no need spare time for reviewing corporate policies beyond our Compliance Policies List. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

In my view, a red flags approach should be deployed. You should have a set of compliance red flags, which are duly allocated among risky business processes. Than you insert Compliance controls in the policies, which govern those risky processes. More generally, Compliance professional should pay attention to the core of the process not just a formal side. It is not about technical finding hashtag Compliance (which might not even exist in corporate jargon of particular organization), but about embedding Compliance controls in policies which regulate risky areas. We have depicted this situation in the attached issue of the Compliance Man illustrated series.

What are your views, Tom?

Tom: I agree with you, Tim. In the same time, there are some pros to support Compliance policies approach.

Argument #1.

The list of Compliance policies or more generally Compliance policies approach could be used as a single point of reference avoiding situation when personnel need to look into various corporate documents. For instance, when we talk about gifts the rules are universal across the organization. Consequently, you just want to have a single Gifts policy rather than many operational procedures, which would repeat the very same rule in every document.

Argument #2.

For organizations where the control environment is not yet mature, it is advisable to deploy Compliance policies approach to form a basis for further enhancements. Another benefit of such approach is that you can easily add missing policy as KYC for instance or amend the current policy without necessity to change various corporate procedures.

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • No matter what approach organization chooses in policy making the implemented set of Compliance controls should tackle key risks.

Tom: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.