Where does “tone at the top” start? With any public and most private U.S. companies, it is at the Board of Directors. But what is the role of a company’s Board in compliance? First a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this through asking hard questions, risk assessment and identification.

Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information the Board can give oversight to any modifications to managing FCPA risk that should be implemented. CCO reporting to the Compliance Committee must be structured carefully to promote ethics and compliance.

Three key takeaways:

  1. A Board Compliance Committee should provide oversight not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and at the end of the day more profitable.

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this show, we take a personal journey with Ronnie Feldman as he celebrates the 4th Anniversary for Learnings & Entertainment and reflects back on his journey.

Some of the highlights include:

  • What has Ronnie learned in his journey through compliance?
  • Why does compliance need a bunch of comedians?
  • What are the lessons for the compliance professional?
  • How has the compliance community evolved over the past 4 years?
  • Where is it going?
  • What does Ronnie see for Learning & Entertainment?


Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)

Learnings & Entertainments (Website)

60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.

Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.

Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.

In June, the Department of Justice (DOJ) published an Update to their Evaluation of Corporate Compliance Programs (2020 Update) which set out to provide additional clarity on how enforcement officials will evaluate an organization in the event of criminal misconduct. This enhanced guidance sets out a baseline, or the minimum standards to demonstrate an effective ethics and compliance program.

Now Convercent has updated their DOJ Interactive Self-Assessment, initially developed around the 2019 version of the Evaluation. (Full Disclosure – I assisted Convercent in this project and was compensated for my work). With the 2020 updates to the DOJ Guidance for Corporate Compliance Programs, it’s time again to do a health check on your own compliance program. How does it stack up? Are you still meeting the DOJ’s expectations?

Complete this interactive self-assessment to objectively rate how your program fares against the new guidelines. With over 200 questions and a brand-new section on data resources and access, this evaluation gives you a complete view of your compliance program, covering risk assessments, policies, training, reporting, third parties, and much more. Upon completing the assessment, you’ll get a scorecard mapping exactly where you can improve.

How It Works

The assessment sets out to dig into three fundamental questions:

  • Is your corporation’s compliance program well designed?
  • Is your corporate compliance program adequately resourced and empowered to function effectively?
  • Does your corporate compliance program work in practice?

The self-assessment then breakdowns questions for each of the categories listed in the 2020 Update, giving you the opportunity to assess where you are in each element. After compiling your answers, the document will provide a scorecard on the various sections and overall ratings of each high-level focus area. There are multiple and varied reasons for using the interactive self-assessment. Obviously, it gives you ways to see where your program is based upon the latest DOJ pronouncements as to what should go into a best practices compliance program.

One of the key themes from the 2020 Update was the compliance function’s use of data and information to continually monitor and continually. But it is beyond simply the access to data by the Chief Compliance Officer (CCO); it is the use of data. That is why this self-assessment is so useful and, more importantly, so critical. The self-assessment provides you with a detailed view of where you are able to make improvements to your company’s compliance initiatives. Continuous improvement is pivotal to ensuring success in ethics, and a consistent, honest evaluation of the program is the first step in the process. Equally important, it documents where you currently are so that you can begin to remediate any gaps you might find.

As ethics and compliance program maturity varies, so can the use of this tool. Whether building a new program, or continuing to evolve an advanced one, use the guidance as a framework for a self-assessment to determine gaps and opportunities within your ethics and compliance program. You can check out the Convercent Interactive Self-Assessment by clicking here.

The OIG white paper “Practical Guidance for Health Care Governing Boards on Compliance Oversight (OIG Guidance), provides an excellent road map for thinking about how to structure a Compliance Committee for your Board and a Board’s obligations. As an introduction, the OIG Guidance states that a Board must act in good faith around its obligations regarding compliance. This means that there must be both a corporation information and reporting system and that such reporting mechanisms provide appropriate information to a Board. It states: The existence of a corporate reporting system is a key compliance program element, which not only keeps the Board informed of the activities of the organization, but also enables an organization to evaluate and respond to issues of potentially illegal or otherwise inappropriate activity.

The OIG Guidance sets out four areas of Board oversight and review of a compliance function:

  1. Roles of, and relationships between, the organization’s audit, compliance, and legal departments;
  2. Mechanism and process for issue-reporting within an organization;
  3. Approach to identifying regulatory risk; and
  4. Methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives.

The OIG Guidance is an excellent review for not only compliance professionals and others in the healthcare industry but a good primer for Boards around their own duties under a best practices compliance program. The U.S. Sentencing Guidelines, the Hallmarks of an Effective Compliance Program, the OIG Guidance, and OIG Corporate Integrity Agreements can be used as baseline assessment tools for Boards and management in determining what specific functions may be necessary to meet the requirements of an effective compliance program.

Three key takeaways:

  1. Information flow up to the Board is critical.
  2. Compliance should be institutionalized in your company as a way of life.
  3. A Board needs to consider all risks.

This month’s sponsor is Affiliated Monitors, Inc.

Welcome to the only roundtable podcast in compliance. Today, we have the full quintet of Jonathan Armstrong, Jay Rosen, Matt Kelly, Jonathan Marks and Mike Volkov for a potpourri of discussions and ending with a veritable mélange of rants and shouts outs.

  1. Jonathan Armstrong critiques the recent SFO conviction of two former Unaoil employees and the controversy the SFO and its Director, Lisa Osofsky now find themselves in regarding their conduct. Armstrong shouts out to the West Indies cricket team for traveling to the UK to play at Lord’s.
  1. Jay Rosen considers telemedicine in the time of Covid-19. What does it mean for the practice of medicine? What are the compliance issues involved? Jay rants about the Trump Administration targeting surveillance on journalist in Portland and across the country.
  1. Matt Kelly looks at two recent US domestic corruption cases; one in Illinois involving ComEd and one in Ohio involving the Speaker of the Ohio House of Representatives. Matt shouts out to Rebecca Jones the former Florida state employee who left the government to start her own public record of Covid-19 in Florida when the state quit reporting on it.
  1. Mike Volkov looks at two recent OFAC enforcement actions. One involved Amazon and defective tracing software. The second Essentra, doing business with North Korea and shell companies. He draws out the lessons learned from both cases. He shouts out to podcasters and the podcasting community for getting their messages out.
  1. Jonathan Marks considers parallels he has observed in the development of the compliance profession from those he lived through in the Internal Audit world after Enron and WorldCom. He shouts out to the IIA for beginning the discussion to reconfigure its 3 Lines of Defense but chides them for not going far enough.
  1. Tom Fox rants about those attacking fellow Buffalo Wing addicts. 

The members of the Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network. He can be reached at tfox@tfoxlaw.com