This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:

  1. Tom reports on Compliance Week 2017. See his articles in Compliance Week, here and here.
  2. If the DOJ releases new information in the form of the Evaluation of Corporate Compliance Programs, does anyone read it. See article in GIR (sub req’d).
  3. Jay discusses the SCCE event he attended last week in San Francisco. See Jay’s recap in his article I Left My #SCCE Heart in San Francisco or I Love It When A Plan Comes Together!
  4. Was the individual enforcement against the MoneyGram CCO significant or much ado about nothing? See article by Dick Cassin in the FCPA Blog and by Sara Kropt in her Grand Jury Blog.
  5. DOJ will embed prosecutors overseas. See article by Sam Rubenfeld in WSJ Risk and Compliance Journal. See full text of speech by Deputy AG Trevor McFadden by clicking here.
  6. Warriors and Cavs meet in the first time, three consecutive title match run. Tom and Jay consider from the compliance perspective.
  7. Tom announces the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.

 

Jay Rosen can be reached:

Mobile (310) 729-6746

Toll Free (866)-201-0903

JRosen@affiliatedmonitors.com

Tom Fox can be reached:

Phone: 832-744-0264

Email: tfox@tfoxlaw.com

This week I have engaged in a series on how a Chief Compliance Officer (CCO) or compliance practitioner might think about operationalizing a compliance program with other corporate functions and disciplines. I have been joined in this exploration by Russ Berland, a well-known compliance commentator and practitioner who recently joined Dematic Inc., a Supply Chain optimization company, as it CCO. Today I conclude my series with how the Controller’s Office can be used to more fully operationalize compliance.

Another area for further operationalization is the corporate controller’s office. The Controller’s Office generally has the responsibility to accurately record and report the financial transactions of the company, to design, implement and execute the financial processes and controls of the company to be both effective and efficient, and to safeguard the financial assets of the company. Some of the compliance responsibilities of the Controller’s Office include: (1) Designing and implementing internal controls that impact legal, ethics and compliance risks; (2) Accurately recording the financial transactions of the company; and (3) Preventing and detecting fraudulent activity. All of this means, in practical terms the Controller’s Office is both being the keeper of the books and records and the implementer of internal controls. Moreover, while many of these internal controls would most probably be viewed financial internal controls, there are additional internal controls which are not financial in nature.

From Berland’s perspective, “Those guys live really in the battle zone. They are constantly looking at financial transactions. They’re evaluating them. They’re figuring out where things go within the books and records. They are implementing the processes that should be keeping fraud from happening, keeping bribery and corruption from happening. When a remediation occurs within a company you often find that a lion share of the remediation is not about the compliance program as such, but about those internal controls that have been implemented by the Controller’s office.”

This means that not only can the Controller’s Office be one of the compliance function’s strongest corporate allies, the role of a Controller’s Office by its nature works to operationalize compliance. This is because to implement the appropriate internal controls around Foreign Corrupt Practices Act (FCPA) compliance, the Controller’s office must know the specific requirements of the FCPA, know what kinds of issues are likely to come up that might create a risk of bribery and corruption, all leading to an appropriate understanding of the appropriate compliance internal controls to implement.

A concrete example is in the area of offshore payments, which are generally defined as payments made to a location other than the home domicile of the party or the location where the services where delivered. If a Tunisian agent who performs services in Dubai asks for payment in a location other than Dubai or Tunisia, that would qualify as an offshore payment. If you train people who are in the Controller’s group on this issue, “all of a sudden you’ll get someone in the Controller’s Office who’ll give you a phone call and say “Hey, we just saw a request for a payment to this guy in this Middle Eastern country and we’re just not sure what it’s for.” That’s where the controls are really working, as opposed to that person just really dealing with it on an administrative level instead of keeping your antenna up.” Those are the types of communications, when properly documented, demonstrate that your compliance program is operationalized into the fabric of the organization.

Another way to view it is if there is a Controller’s Office control for such a scenario which notes the exception and requires the clearance of a red flag through additional investigation, elevation for approval and documentation of the entire process. This is a financial control which acts as a compliance control as well. It strengthens the company’s internal controls to both prevent and detect key compliance risks going forward.

Another area would on a company’s Vendor Master List (VML). Some obvious internal controls are that no person or third party gets paid unless they are properly on the VML; no person or third party is admitted to the VML unless they have gone through the appropriate level of due diligence, which varies by task and function and country. The Controller’s Office can also put internal controls in place when employees attempt “workarounds when someone can’t get a vendor paid and wants to.” Such apparent financial controls might well include those around the manual check process and your internal requirements for international wire transfers. Finally, even to this day petty cash continues to be a source of funds to fuel bribery and corruption. The Controller’s Office is on the front lines for petty cash.

These issues are usually dealt with what are generally viewed as internal controls specific to controlling the outflow of money to third parties and requiring that those third parties have gone through your due diligence processes. As Berland noted, they are “all sitting right in the Controller’s Office.” Additional benefits to the corporate compliance function include the retrieval and analysis of financial data and design of internal controls. It allows the compliance function to rely on actual financial expertise rather than “home grown” financial expertise within the compliance department. It extends the compliance function influence through the Controller’s Office. Finally, the compliance function is made aware of relevant concerns found by recording transactions, executing internal controls and financial monitoring.

These benefits are not a one-way street for compliance as a Controller’s Office benefits from a closer relationship with the corporate compliance function as well. The Controller’s Office can leverage compliance resources. The compliance function can bring its observations and insights from investigations and emerging risks to the Controller’s Office. A closer collaboration will broaden awareness of compliance risks which relate to the company’s financial processes.

By more fully integrating compliance into the Controller’s Office function a more robust picture of enterprise risk emerges, one which encompasses legal, compliance, ethics, internal controls, financial, business and governance risks.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

 

 I. Compensation, Incentive and Compliance

In this episode, Roy Snell and myself discuss how incentives are integral to the compensation plans of a wide range of workers. Many experts point to their value in rewarding behavior that is in the interest of the organization and for keeping workers focused on activities that help the bottom line. At the same time, however, the incentives can pose great risks.

Many corporate scandals have shown that workers and corporate leaders may give in to the temptation to cheat to make their numbers, doing whatever they can to achieve their goals and reap the rewards. As a consequence, incentive plans may turn out to be a roadmap for compliance risk.

This danger argues for the compliance department having a role in reviewing incentive plans, if nothing else than to develop controls that ensure the numbers are hit properly, without violating policies, procedures, the law, and ethical norms.

To better assess the role of the compliance team in reviewing incentive plans, in April 2017 the Society of Corporate Compliance and Ethics and the Health Care Compliance Association fielded a survey among compliance professionals. The results indicate that, despite the risks, compliance rarely plays a role in evaluating incentive programs. For the recent SCCE/HCCA survey on this issue, click here.

For additional writings by Tom see the following blog posts:

Incentivizing Compliance

Executives and Compliance Compensation Incentives

Sales Incentives and Compliance

II. Compliance and the Board of Directors

On a second topic, Roy and I discuss the need that a true compliance expert sit on a company’s Board of Directors. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.

Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such compliance subject matter expertise at the Board level?

Roy sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.

For Roy’s further thoughts on this issues, see his blog post, Compliance Expertise Needed on Your Board”.

For Tom’s writing on the subject see his blog post, “Compliance Expertise Needed on the Board”.

I am excited to announce at Compliance Week 2017 the publication of my latest book 2016-The Year in Corporate FCPA Enforcement: Cardinal and Provident, published by Compliance Week. In it I take a look the most prolific year in FCPA enforcement and what it means for the compliance practitioner.

We have never seen and may well never see again a year of FCPA corporate enforcements as we did in 2016. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) combined twenty-seven corporate enforcement actions and nearly $2.48bn in total fines and penalties, the highest since the statute’s enactment in 1977. The vast majority of that amount, some 90 percent, was generated by a few very large and significant FCPA enforcement actions involving the following entities: VimpelCom, Och-Ziff, Embraer, JPMorgan, Odebrecht/Braskem, and Teva. While these cases all involved substantial, company-wide bribery schemes, which led to their massive penalties, the majority of 2016’s FCPA enforcement actions involved relatively small-to-medium-sized penalties which involved less systemic, routine bribery schemes. Yet these smaller cases usually provided some of the most interesting fact patterns, which can be studied by chief compliance officers (CCOs) and compliance professionals to help prevent and detect bribery in their organizations.

What do these enforcement actions signify? More importantly what are the lessons to be drawn from these cases for compliance going forward? What about the FCPA Pilot Program, what does it portend for the future. Finally I consider the public comments of the regulators around FCPA enforcement and compliance. You can parse the facts and figures but if you want to understand what 2016 means going forward for the compliance profession, this is the book for you. If you are a compliance professional, this is the single must have  book around the the most prolific year in FCPA enforcement history.

You can purchase of copy of the book, from Compliance Week by clicking here.

If you are attending Compliance Week 2017, drop by the Compliance Week booth for an autographed copy!

 

In this second of a two-part series, we conclude the panel’s discussion of the first 100 days of the Trump administration as it relates to compliance. This episode concludes with the panelists’ rants.

  1. Matt Kelly opens with a discussion of regulatory enforcement under the Trump administration, how the ‘Trump Effect’ is negatively impacting corporations, industry responses to deregulation issues and lays down some markers around compliance issues under the new administration.

For Matt Kelly’s posts see the following:

Compliance in the Trump Era: More Markers Placed

Trump Administration Whacks Telco Firm for $892 Million

Drone Industry Pan Trump’s Regulatory

Trump Risk Disclosures Start Rolling In

First SEC Whistleblower Award of Trump Era

Sessions Dodges, Weaves, Promises on FCPA

  1. Mike Volkov rounds out the discussion with a review of where the DOJ is currently under AG Sessions, remarks by DOJ officials on FCPA enforcement, the future of the Pilot Program and DOJ Compliance Counsel, Hui Chen.

For Mike Volkov’s posts see the following:

Yates, AG Sessions and Individual Criminal Prosecutions

New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance

FCPA Remediation Focus on Supervisory Personnel

FPCA Pilot Program Motors On

 

For the Cordery Compliance client alerts see the following:

EU conflicts minerals compliance legislation 

DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?

 

For Jay Rosen’s posts see the following:

 Still in the Enforcement Business and Evaluation of Corporate Compliance Programs

“It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”

 

For Tom Fox’s posts see the following:

The Trump Administration-Kaos is Bad for Business

The Trump Administration-Failures in Leadership and Management

The Trump Administration-Preparing for a Catastrophe

The Trump Administration-the Business Response

DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration

 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com