Welcome to Episode 8 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on tough questions, which Compliance officers need to address. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1 Decrease of the Compliance department’s budget could significantly affect its effectiveness. Tim, would you agree with this statement?

Tim Khasanov-Batirov: I believe it is a tricky question. It depends. Obviously, Compliance officer should has resources to do his job. The question is what we consider as an “adequate” level of resources or budget. Consequently, we need to deploy criteria, which could be used for estimates. In my view, the best algorithm will be the following:

  • To define scope of applicable regulatory requirements;
  • To conduct risk assessment;
  • To plan activities, which will tackle high-risk regulatory requirements. This for instance might be related to implementation of the 10 Hallmarks of the Effective FCPA Compliance Program;
  • To estimate respective budget.

Thus, in my opinion mere fact that the department’s budget is decreased or increased does say anything. First, you have to look whether you have funds to address key priorities.

Another thing to mention is allocation of resources. For instance, in my view due to creation of different apps and software compliance staff is in position to create training video itself significantly cutting costs on expensive video production. Probably you will not become Oscar winner for your video but it is not your goal. One more tip for compliance practitioner is to approach HR, PR/Communications teams to check out if they might be interested to conduct joint activities with Compliance department. In the ideal scenario, they might finance your projects as for instance contest for personnel on knowledge of corporate Ethics Code. In this case, both HR and Compliance departments will find themselves in a win-win situation.

Tom, you write often about Compliance department’s effectiveness. What will be your recommendations when we refer to budget cutting?

Tom:  A couple of things come to my mind, Tim:

When I refer to operationalizing Compliance, I mean tailoring your efforts to particular organization. Thus, look at level of maturity of your organization in order to find out what resources your need and what is more important whether those resources will help you in practice. For instance, you might get budget for sophisticated databases, which might be useless if there is no trained personnel to operate this software. You also do not want to ask budget for doing fancy training video as you already mentioned knowing that majority of staff is located in the fields and would not be able to watch it. I also encourage Compliance practitioners (who are primarily lawyers) to dig deeper in corporate budgeting process exploring basic financial concepts and the logic of forecasting. This will allow you to speak with decision makers on the same business language.

But from the corporate perspective if your business takes a downturn you may well be faced with a smaller budget and overall compliance resources. If that occurs you will have to do less with less by prioritizing on your highest risk and manage those risks.  The key is how you use the resources available to you.

Tim: Tom, I agree with you.

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. We have adopted internal policies. Now we can save on hiring high qualified and consequently high paid compliance personnel. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

What I have seen on practice at emerging markets that unfortunately in many cases compliance professionals are viewed solely as internal policy makers. Thus, the misconception you have mentioned is based on this presumption. The problem that in this scenario all other key elements of compliance program as top management engagement, communications, risk assessment, etc. are kind of getting out of picture. The sad part that even if we refer to policy making the essential part of it is policies implementation, which becomes impossible in absence of other mentioned elements. To manage compliance risks at high-risk markets the company should hire a person who would be able to demonstrate ability in deploying all elements of the effective compliance program.

What are your views, Tom?

Tom: I think it is good that we are referring to the topic of professional level of compliance personnel. I have some thoughts about that based on my practice.

There is no way to get a high-qualified in-house compliance support if organization hires a junior person or someone who has not practical experience in ethics. I would recommend deploying a risk-based approach hiring seasoned and consequently well-paid professionals. This is particularly important when you look for CCO and practitioners covering risky areas or regions. But the key is qualified professional, coupled with pay commensurate to a senior level position.

Our profession is relatively a new one. Therefore, what I have seen that professionals from different occupations join in-house Compliance community. This is a positive trend if he or she possesses skills and demonstrate knowledge allowing to effectively implementing the corporate compliance program. In the same time, personal experience in compliance profession is something, which could not be substituted by any other expertise or background. This is my message to hiring managers, who consider internal candidates for key compliance roles.

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • No matter whether we talk about in budget planning or in hiring of in-house compliance professional, a risk based approach is your best friend.

Tom: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Special Episode of Compliance Man Goes Global podcast of the Compliance Report-International Edition. We will be celebrating Christmas soon. In many countries, on December 31st people will be celebrating New Year as well. It is the right time to talk about compliance and gifts giving. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1

In our corporate policy, it prescribed that gifts giving is allowed. The main requirement is that gift has to be of modest value. Tim, would you think that this requirement is clear enough for implementing at high risk markets globally?

Tim Khasanov-Batirov: I think it is a vague and non-practical rule:  

Argument #1.

The cited statement from the corporate policy looks to be a legalized language. From practical prospective being located somewhere in Central Asia there is a challenge for local personnel to interpret this ambiguous “modest value” test.

Argument #2.

Even if there is, an extra statement in the corporate policy saying that value of the gift should not exceed rates prescribed by local laws this is still a very non-practical approach. It requires local staff in various locations to research and understand local legislations. This might become a challenge specifically in the cases if there is no local compliance officer, who is in position to provide advice.

Tom Fox:  I think, Tim that there are some cons here as well:

Argument #1

When we are talking about global corporations, which operate in dozens of countries it, is difficult to track rates of permitted values for gifts across the globe. Thus, the “modest value” approach serves as a basic principle. You can always use the common-sense test, if a gift seems to be too expensive, it is too expensive. As you note, what might be modest in Moscow, Oslo or New York may be of high value in a west African country.

Argument #2

I would agree with you that organization should tailor the language probably in the local corporate policies identifying rules applicable for each respective country. Moreover, in legislation on gifts giving to PEPs might significantly vary from country to country.

Tim Khasanov-Batirov: Tom, I agree with you. By the way, listeners, as you can see from the attached illustration Compliance Man and Ms. Corporate, congratulate us with the forthcoming holidays reminding us key compliance principles on gifts giving.

 

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2.

We are ethical. In our organization, everybody knows that we are not giving expensive gifts. No need to repeat this mantra for personnel prior to each holiday. Tim, will you agree with this concept?

Tim Khasanov-Batirov: I strongly disagree with this concept.

To get certain level of ethics in organization compliance officer has to be sure that everybody in the organization is aware about corporate rules on gifts and entertainment. Taking in consideration high staff’s turnover in certain industries there is a threat that in absence of systemic communication in a couple of years significant part of personnel will be unaware about compliance requirements. I would recommend reminding personnel on corporate gifts rules beforehand each major holiday of the respective country.

What are your views, Tom?

Tom Fox: I agree with you, Tim. In the same time, let’s look a bit closer on the way compliance practitioner should communicate rules on gifts among personnel.

There are different ways compliance practitioners communicate integrity rules among staff. This could be in person trainings, video clips, email messaging, etc. The main idea is that the way you disseminate the rules has to be effective. It has to be operationalized, as I like to say. For instance, there is no need to circulate emails if you know that recipients are in the field and could not read the messages. I would also recommend avoiding lengthy and vague language. You want to be precise and clear. A good movie clip from a Christmas film can work in this situation.

Finally, always remember to Document Document Document your communications around gift-giving if the regulators ever come knocking.

Tim Khasanov-Batirov: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • The organization should have clear rules on gifts giving which should be tailored per each respective jurisdiction. Every compliance officer must to choose the most effective way to remind personnel before major local holidays on corporate gifts policies.

Tom Fox: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov wish you a Merry Christmas and Happy New Year!

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Episode 7 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we focus on typical mistakes, which Compliance professionals do sometimes make in their roles and programs. We will explore this matter in a plain language and in the simple game form. Moreover, to make the podcast and text more appealing, will also illustrate today’s episode with an illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work in emerging jurisdictions. For each podcast, we divide roles with Timur, a 17-year compliance practitioner who focuses on embedding compliance programs in emerging and high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: OK, Tim, let’s get started.

Myth #1 There is no practical way to improve Compliance program. This is just a fancy and useless statement. In corporate practice, it is just unreal. Tim, is it a mistaken position?

Tim Khasanov-Batirov: I believe it is a huge mistake:  

Argument #1.

As corporate business processes change, from time to time respective adjustments in the policies should be reflected. Thus, if this mere fact is ignored efficiency of compliance controls is getting less or in the worst-case scenario, the control mechanism becomes obsolete.

Argument #2.

There is a classical view that Internal Audit could help a lot in improving the corporate compliance program. I fully share this position. Having said that I would also strongly recommend traditionally Compliance professionals finding common language with business leadership in order to promptly fine tune controls for existing processes and set new ones for brand new business processes.

Tom:  I think, Tim that there are some cons here as well:

Argument #1

While the DOJ’s 10 Hallmarks of the Effective Compliance Program makes clear a ‘check-the-box’ compliance program is insufficient. It provides for monitoring and continuous improvement as vital to avoid “paper” improvements that do not address real risks. In a poorly constructed compliance program, the company is just imitating attempt to tackle the improvements box in the checklist so to say.

Argument #2

The second thing is about more advanced matters. It is about operationalizing and measurement of the compliance program improvement’s efficiency. Good dialogue with business on how to implement, measure and make changes to the program effective is a key to success.

Tim: Tom, I agree with you.

Tom: OK, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. As compliance practitioners, we should draft and amend exclusively compliance policies. The list of such policies is well known and is exhaustive like code of ethics, gifts policies and alike. There is no need spare time for reviewing corporate policies beyond our Compliance Policies List. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

In my view, a red flags approach should be deployed. You should have a set of compliance red flags, which are duly allocated among risky business processes. Than you insert Compliance controls in the policies, which govern those risky processes. More generally, Compliance professional should pay attention to the core of the process not just a formal side. It is not about technical finding hashtag Compliance (which might not even exist in corporate jargon of particular organization), but about embedding Compliance controls in policies which regulate risky areas. We have depicted this situation in the attached issue of the Compliance Man illustrated series.

What are your views, Tom?

Tom: I agree with you, Tim. In the same time, there are some pros to support Compliance policies approach.

Argument #1.

The list of Compliance policies or more generally Compliance policies approach could be used as a single point of reference avoiding situation when personnel need to look into various corporate documents. For instance, when we talk about gifts the rules are universal across the organization. Consequently, you just want to have a single Gifts policy rather than many operational procedures, which would repeat the very same rule in every document.

Argument #2.

For organizations where the control environment is not yet mature, it is advisable to deploy Compliance policies approach to form a basis for further enhancements. Another benefit of such approach is that you can easily add missing policy as KYC for instance or amend the current policy without necessity to change various corporate procedures.

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • No matter what approach organization chooses in policy making the implemented set of Compliance controls should tackle key risks.

Tom: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.

Welcome to Episode 6 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on typical concepts (or probably myths) on Know Your Client -probably the most important process in corporate Compliance portfolio. We will do it in plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners. Read More

Welcome to Episode 5 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we focus on typical concepts (or probably myths) of ways a Compliance professional might become a more valuable member of the management team rather than becoming most hated person in the organization. We will do it in plain language and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Tom: To start with, Tim, probably we should explain to our listeners why we called our today’s episode ‘You Really Like Me’?

Tim Khasanov-Batirov: We call today’s episode “You Really Like Me!” remembering Sally Field’s gushing acceptance speech at Oscar ceremony. The funny thing is that sometimes even in-house Compliance people have a strong wish to exclaim after her something like: “I haven’t had an orthodox career, and I’ve wanted more than anything to have your respect. The first time I didn’t feel it, but this time I feel it—and I can’t deny the fact that you like me, right now, you like me!”

Tom: OK, Tim, let’s see if this is possible in reality or would remain just a dream of Compliance officers globally.

Myth #1 There is a chance that Compliance officer could avoid being named the most hated person in the organization.  Tim, do you agree with this statement?

Tim Khasanov-Batirov: Let’s try. I think we have some pros here:  

Argument #1.

A Compliance professional can avoid being the most hated person if personnel along with top management understand the role of Compliance function in the organization. Unless a Compliance professional delivers a clear message about risks he or she manages and value they bring, they are dependent on subjective views of other team members. We have depicted this situation in the attached release of Compliance Man illustrated series.

Argument #2.

You might think about setting KPIs based on respective regulatory requirements referring for instance to 10 Hallmarks of the Effective Compliance Program or the Evalution of Corporate Compliance Programs. This will allow you to set criteria, which could be used for unbiased and verifiable evaluation of your efforts.

Tom:  I think, Tim that there are some cons here as well:

Argument #1

As we know, there is no way people will like a Compliance officer all the time. Subject to particular situation or position, the Compliance professional’s managers might change their minds. So we should not have illusion of being most loved person constantly.

Argument #2

There is a big risk if Compliance person becomes too friendly with the employees and becomes co-opted by the business folks. This could lead to losing impartiality. Therefore, there is a very thin line between being business-oriented ethics professional and attempts just to ‘get likes’ from management.

Tim: Tom, I agree with you.

Tom: Let’s go, Tim. We can formulate the next concept or maybe misconception in the following way:

Myth #2. In real life, Compliance officer de-facto is not able to become a member of managerial team (or just “team” so to say) being isolated from it by virtue of his “business prevention” mission. Tim, will you agree with this concept?

Tim: I strongly disagree with this concept.

Argument #1.

In my view, Compliance department in many cases is called a “Business prevention unit” not because of being very strict and picky. It is because of not fully understanding the business processes involved. As soon as compliance officer starts to hear other team members, he will be able to suggest solutions, which are compliant, and business oriented in the same time.

Argument #2.

It is about priorities. Management team should clearly see that Compliance officer is focusing on real regulatory risks and priorities rather than creating a useless bureaucracy regarding minor issues, which in many cases could be easily resolved.

What are your views, Tom?

Tom: I have some pros to support the concept that in reality Compliance officer is not just another member of the business team.

Argument #1.

We have a special mission to assess business from external, in majority of cases regulatory prospective. Thus, many things, which at first glance might look as being good for business, could pose regulatory risk in the future. Thus, Compliance person is in charge of demonstrating a high-level or strategic view rather than solely looking at momentary business advantages.

Argument #2.

Compliance is a relatively new job in comparison to well established corporate functions such as a Legal Department or even Internal Audit. So even just by mere fact of being a “newcomer” the Compliance Officer differs from almost all members of the management team which represent “traditional” occupations.

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • Compliance officer should be a business-oriented person with good understanding of business processes along with clear views on how to structure them in line with regulatory expectations.

Tom: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.

Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition. Let’s bust more corporate compliance myths with us.