Podcasts about document document document

Sandy talks to Sherry Loeffler (Charlotte, NC) about her battle with her homeowners' association's (HOA) attorneys who placed a lien on her home after admitting they had made an error.Host and creator: Sandy RosenthalExecutive producer: Landry BohnVideo version can be seen here: https://youtu.be/dJmUnAnWi04Be sure to like, rate and subscribe

Photos and Videos aren't just for social media any longer. Michael Gogan discusses how CompanyCams platform can help you create SOPs for training, productivity and safety. He also talks about how the software can help create those perfect before and after photos for marketing. PCA Members get a free two week free trial plush 50% off their first two months! We now have an official email PCATODAY@pcapainted.org SHOW NOTES https://www.pcapainted.org/show-notes/ Become a PCA member Watch the episode on PCA Overdrive

Hello and welcome to Episode 129 of the People Powered Business Podcast!In today's episode of the podcast, I have a warning, I may get a little bossy! Today we are talking about one of the simplest things you can do to protect yourself and your business from employee issues – and that is to take notes!Today I encourage you to document, document, document!I know it never feels like we will need the notes, until we actually do, and we can easily fall into the trap of thinking we will remember the details of the discussion, but the truth is we won't.In today's episode I discuss when to take notes and why it's so important to document these notes in relation to discussions with our employees.If you'd like to ask questions or start a discussion about note taking, I have an invitation for you.An InvitationWould you like to connect with other like-minded business owners, leaders and managers experiencing similar situations with their team? Join the discussion inside our free Facebook Group – HR Support for Australian Businesses.https://www.facebook.com/groups/hrsupportaustralia

One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company's risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance. It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company's commitment to compliance by following through on intentions as set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement, by using the following: Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company. Design an execution plan. The KISS method (Keep it Simple Sir) is the best to move forward. This would suggest that for each compliance goal, there should be a simple and straight forward plan to ensure that the goal in question is being addressed. Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a report requirement on how the task assigned is being achieved. Schedule the next review of the plan. There should be a regular review of the process. It allows any problems which may arise to be detected and corrected more quickly than if meetings are held at a less frequent basis. Continuous monitoring is a key step but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program. Three key takeaways: Innovation can come through a new way to think about and use data going forward. Have a plan in place to use the information garnered in your monitoring incorporated back into your compliance program. Always remember that Document Document Document is critical if the regulators come knocking. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rants and shouts outs from Episode 82. 1. Jay Rosen shouts out to first responders. 2. Tom Fox shouts out to the recently indicted Trump Organization for its Document Document Document policy which led to said indictment. 3. Lisa Fine shouts out to employees and others who speak up, raise valid issues and World Whistleblower Day. She rants about the overuse of the term 'thought leader'. 4. Matt Kelly shouts out to proposed legislation in Congress to protect Inspector Generals.

This week's conversation centers around how a good employee investigations (ER) process should be, exploring the partnership between ER and cross functional partners in how they set up employees for success and knowing your employee rights. --- Send in a voice message: https://anchor.fm/yngblkhr/message Support this podcast: https://anchor.fm/yngblkhr/support

Story: document, document, document Author: wtfmulder Rating: GA Site link: https://archiveofourown.org/works/32200720 Read by: AnnieXFlowers Summary: scully discovers that mulder has indeed kept a diary of the time they worked together. some of the pages are just dried flowers she brought him during the years and he kept them inside the diary like a 14 years old Used by the author's permission. The characters in these works are not the property of the Audio Fanfic Podcast or the author and are not being posted for profit.

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive the recent move by Delta Airlines to require employees who refuse to be vaccinated to pay a special health care insurance surcharge of $200 to cover the increased health care costs associated with unvaccinated employees who contract Covid-19.  Some of the issues we consider are: ·      What were the underlying facts? ·      How did Delta Airline's actions follow a risk management protocol? ·      How did Delta's actions demonstrate a commitment to compliance?  ·      How about the data? ·      How about Document Document Document?  Resources Matt in Radical Compliance Delta's Smart Approach on Delta Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to the only roundtable podcast in compliance. Today, we have a quartet of Matt Kelly, Jay Rosen, Tom Fox and special guest panelist Lisa Fine for a deep dive into a potpourri of issues and topics for the month of July. We end with a veritable mélange of rants and shouts outs.     Jay Rosen looks at the latest MLB scandal and compares it to the GOP Congress rejecting an investigation into the January 6 insurrection at the US Capitol. Rosen shouts out to first responders. Tom Fox sits in this week to discuss the US Department of Treasury's priorities around AML, fraud, corruption and cybercrime. Fox shouts out to the recently indicted Trump Organization for its Document Document Document policy which led to said indictment. Lisa Fine sits in as a special guest panelist. Fine considers RTW from the compliance perspective. Fine takes this opportunity to both shout out and rant. She rants about the rampant overuse of the term ‘thought leader'. Fine shouts out to employees and others who speak up, raise valid issues and World Whistleblower Day. Matt Kelly considers the Amec Foster Wheeler FCPA enforcement action. Kelly shouts out to proposed legislation in Congress to protect Inspector Generals.  The members of the Everything Compliance are: Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com Jonathan Marks is Partner, Firm Practice Leader - Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network. Learn more about your ad choices. Visit megaphone.fm/adchoices

A little explaination of how I want to move forward on these social platforms. Moving towards the episode speaking on why it is a good idea to document document document your journey... Food intake, feelings, moments with energy, high and low vibrations. You name it write it down until you start to see a pattern. Good for us all. Remember I am here to assist... Get into it, it will help you to get into alignment so you can be your best self...a good thing Peace and Blessings

Managing rogue family members is a delicate balancing act. But how do you navigate these conversations when it is compounded with end of life? Everyone wants what is best for the patient but it is important to honor that person's final wishes and what they want, not necessarily  what "you" want. In today's episode we speak with Jennifer O'Brien and Valerie Armand who share their recommendations on how to navigate the rogue family member and opening up the lines of communication. TOPICS DISCUSSEDEstablishing that you are the one they are confiding in [04:32]Dealing with the family member that isn't on board [06:09]End of life documentation [06:53]Language you can use [08:40]Leverage the nurse [09:30}RESOURCES MENTIONEDMedio: Doing Death DifferentlyQUOTES WE LOVE IN THIS EPISODE"Document Document Document!""I know you see things differently but we need to do what [mom/dad] wants" EPISODE TRANSCRIPTView the transcription for this episode here. OTHER EPISODES YOU MAY ENJOYEnd of Life PlanningEnd of Life Choices with Matt Whitaker and Dee Dee Turpi‪n‬What is included in Palliative Care?SAY HI ON SOCIALYouTubeFacebookPinterestSBC_ORG on Twitter@Survivingbreastcancerorg on Instagram@Breastcancerconversations on InstagramSubscribe to our newsletter Donate to our charity Attend an event________________________________________________________________DISCLAIMER:  Links included in this description might be affiliate links. If you purchase a product or service with the links that we provide, survivingbreastcancer.org may receive a small commission. There is no additional charge to you! Thank you for supporting our work so that we can continue to provide you with free content each week.

One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance. It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following through on intentions as set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement, by using the following: Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company. Design an execution plan. The KISS method (Keep it Simple Sir) is the best to move forward. This would suggest that for each compliance goal, there should be a simple and straight forward plan to ensure that the goal in question is being addressed. Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a report requirement on how the task assigned is being achieved. Schedule the next review of the plan. There should be a regular review of the process. It allows any problems which may arise to be detected and corrected more quickly than if meetings are held at a less frequent basis. Continuous monitoring is a key step but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program. Three key takeaways: Innovation can come through a new way to think about and use data going forward. Have a plan in place to use the information garnered in your monitoring incorporated back into your compliance program. Always remember that Document Document Document is critical if the regulators come knocking. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Three B's discuss documenting employees' files.  

Welcome to the only roundtable podcast in compliance. Today, we have the full quintet of Jonathan Armstrong, Jay Rosen, Matt Kelly, Jonathan Marks and Mike Volkov sitting in to discuss various aspects of the Novartis settlements and ending with a veritable mélange of rants and shouts outs.     Jonathan Armstrong critiques the ongoing corruption in the pharma industry and implores the industry to do business differently. Instead of a shout out, he asks that we each reach out to someone who has been laid off during the Coronavirus crisis and check in with them. Jay Rosen considers the Novartis FCPA settlement from the recidivist angle, noting that the Swiss company joins an ignominious list of multiple FCPA offenders. Rosen rants against the Trump Administration’s attempt to strip visas from foreign students who are studying remotely. Matt Kelly considers the data analytics angle from the Novartis enforcement action and how it instructs a compliance professional on how to use data analysis. He shouts out to the new CEO of Wirecard, named 24 hours after taking over the CCO chair at the embattled company. Mike Volkov looks at False Claims Act settlement by Novartis (as opposed to the FCPA settlement). He shouts out to Chief Justice John Roberts who only dissented in two decisions from the court’s most recent term. Jonathan Marks looks at the Novartis settlement from the internal controls and accounting perspective. He also asks if there are any Caremark claims against the Novartis Board of Directors. He shouts out to the genius who invented the phrase “Document Document Document!”  The members of the Everything Compliance are: Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com Jonathan Marks is Partner, Firm Practice Leader - Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network. He can be reached at tfox@tfoxlaw.com Learn more about your ad choices. Visit megaphone.fm/adchoices

One of the critical elements found in the 2019 Guidance is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. It stated: Evolving Updates – How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.  Three key takeaways: Innovation can come through a new way to think about and use data going forward. Have a plan in place to use the information garnered in your monitoring incorporated back into your compliance program. Always remember that Document Document Document is critical if the regulators come knocking.

One of the critical elements found in the 2019 Guidance is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. It stated:  Evolving Updates – How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.  Three key takeaways: Innovation can come through a new way to think about and use data going forward. Have a plan in place to use the information garnered in your monitoring incorporated back into your compliance program. Always remember that Document Document Document is critical if the regulators come knockin Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to the only roundtable podcast in compliance. Today, we have a quintet of Jay Rosen, Matt Kelly, Sarah Hadden, Jonathan Armstrong and Mike Volkov with a potpourri of topics and commentary on current events from the compliance perspective. Rants and shouts outs follow the commentary for this episode, with one public service announcement from across the pond.    Mike Volkov takes a deep dive into the debate on whether a Chief Compliance Officer should report to the GC or not. Volkov shouts out to Harvard Law Professor Matthew Stephenson for his great blog site Global Anti-Corruption Blog and specifically his recent blog post, If You Don’t Think Conflicts of Interest Matter, Consider the Kurds.  Jay Rosen discusses the role ethics and compliance in the Mergers and Acquisition process. Rosen shouts out General James Mattis’ and his remarks at the Alfred Smith Dinner where accepted Trump’s claim he was the ‘most-overrated general’ by noting Trump had said 3-time Oscar winner Meryl Streep was the ‘most-overrated actress.’ Sarah Hadden takes things a different direction by reading the eBook Trump and Compliance which was published in late 2016 and was based on the Everything Compliance gang’s predictions of how compliance would fare under the Trump Administration. Hadden shouts out to a new section of CCI which will focus on those persons early in their compliance careers. It is certainly a welcome addition to the compliance discussion.  Matt Kelly provides breaking news by discussing the SEC proposed changes to its Whistleblower Program. Kelly shouts out to Boston Celtic Enes Kantor for calling out the NBA on its hypocrisy on China. Jonathan Armstrong discusses the growing tide of US-style class actions coming to the UK and EU around the issue of data breaches under GDPR. Armstrong provides a public service announcement around the perils of using Apple Pay and the failure to Document Document Document. Tom Fox rants about the surreal news conference given by Acting Chief of Staff Mick Mulvaney where he (1) admitted the President violated US law in requiring a quid pro quo from Ukraine for the Congressionally mandated US aid package, claiming it was ‘just politics’ and (2) admitted the President violated the Emoluments Clause of the US Constitution by announcing the President had ordered the 2020 G-7 Summit to be held at Trump properties. The members of the Everything Compliance are: Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com. Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com Sarah Hadden –Publisher at Corporate Compliance Insights. Hadden can be reached at Sarah@corporatecomplianceinsights.com The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we conclude our three-part series of some of the key lessons learned from the first year of GDPR. Some of the issues and highlights are: Remediate then report. The remediation of an issue before reporting can be the key issue for regulators on whether they will move forward with a more public spanking. It is important to show that you have learned lessons and applied them to the facts of your data breach. Don’t try and cheat the victims by imposing new contractual terms such as Equifax did in its recent settlement. Think of the simple way for a data breach to occur, a briefcase left on the Tube. Don’t Diss the DPA. Why would a company take on the regulator? You must respect the regulator even if you disagree with them. You can make a bad situation worse by attacking the regulators. This does not mean you cannot forcefully argue you position or zealously represent you client but calling regulators idiots in public filings will not help you position or your case.  Keep logs. This is important in case you need to revisit a decision later. Regulators can ask to see these logs at any time, not simply during an investigation or enforcement action. A compliance officer should be involved in the maintenance of the log system. Document Document Document. Unannounced inspections are beginning to occur. Debrief and Learn. Revisit the facts to see what lessons are to be learned. Continuous improvement. Even on a journey of 1000 miles, it is important to look back. Once again if you make a change due to a breach or other event, document what you have done so you can show the regulators. For more information on Cordery Compliance, go their website here. For more information on data breaches, see here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into some of the difficulties around distributors in anti-corruption compliance.   Some of the highlights include: Ø The recent Polycom FCPA enforcement action highlighted several FCPA enforcement actions from 2018 involving distributors.Ø How do discounts, coupons, rebates, and sales devices circulate among your company, distributors, and end customers? Distributors present these and other issues separate from sales agents and employees.Ø What do the Sanofi and Stryker enforcement actions tell us around compliance?Ø Why does Document Document Document continue to be a mantra for anti-corruption compliance?   For additional reading see Matt’s blog posts Distributors, FCPA, and Internal Controls — Lessons for Anti-Bribery & Corruption Programsin Navex Global’s Ethics and Compliance Matters For more on the Polycom FCPA enforcement action, see Tom’s blog post, “Follow the Money Through Distributors”  Learn more about your ad choices. Visit megaphone.fm/adchoices

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into some of the difficulties around distributors in anti-corruption compliance.   Some of the highlights include: Ø The recent Polycom FCPA enforcement action highlighted several FCPA enforcement actions from 2018 involving distributors.Ø How do discounts, coupons, rebates, and sales devices circulate among your company, distributors, and end customers? Distributors present these and other issues separate from sales agents and employees.Ø What do the Sanofi and Stryker enforcement actions tell us around compliance?Ø Why does Document Document Document continue to be a mantra for anti-corruption compliance?   For additional reading see Matt’s blog posts Distributors, FCPA, and Internal Controls — Lessons for Anti-Bribery & Corruption Programsin Navex Global’s Ethics and Compliance Matters For more on the Polycom FCPA enforcement action, see Tom’s blog post, “Follow the Money Through Distributors”  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this new podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. So if you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you. Today we look at the classic favorite, Mary Poppins Returns. Some of the highlights include:  Ø  Can you successfully remake a beloved classic?Ø How do eggs come into play in Hollywood and beyond?Ø Where is Dick Van Dyke when you need him?Ø Does the cinematography still work some 50 years after the original? Ø Why you need to watch the original Mary Poppins before seeing Mary Poppins Returns. Ø  Jay feels that while Mary Poppins Returns had the support and investment of the Walt Disney Company and it faithfully tried to recreate the original, the artistic returns fall short of the sum of its parts. The Compliance takeaways:1.    Document Document Document-the parable from the share certificates to save the house on Cherry Tree Lane.2.    Change in corporate culture needed-Mr. Dawes Jr. (Dick Van Dyke) fired Bank President William Wilkins.3.    Tone at the Top-As bank President, William Wilkins had taken the bank far afield from its mission and core values.4.    If you lack the passion, you may fail.  5.    You cannot simply follow the road map, but you must design your compliance program to be fresh, as you are taking this journey for the first time.  Not that you must re-invent the wheel, but you need to keep your colleagues and employees engaged on their journey. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this new podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. So if you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you. Today we look at the classic favorite, Mary Poppins Returns. Some of the highlights include:  Ø  Can you successfully remake a beloved classic?Ø How do eggs come into play in Hollywood and beyond?Ø Where is Dick Van Dyke when you need him?Ø Does the cinematography still work some 50 years after the original? Ø Why you need to watch the original Mary Poppins before seeing Mary Poppins Returns. Ø  Jay feels that while Mary Poppins Returns had the support and investment of the Walt Disney Company and it faithfully tried to recreate the original, the artistic returns fall short of the sum of its parts. The Compliance takeaways:1.    Document Document Document-the parable from the share certificates to save the house on Cherry Tree Lane.2.    Change in corporate culture needed-Mr. Dawes Jr. (Dick Van Dyke) fired Bank President William Wilkins.3.    Tone at the Top-As bank President, William Wilkins had taken the bank far afield from its mission and core values.4.    If you lack the passion, you may fail.  5.    You cannot simply follow the road map, but you must design your compliance program to be fresh, as you are taking this journey for the first time.  Not that you must re-invent the wheel, but you need to keep your colleagues and employees engaged on their journey. Learn more about your ad choices. Visit megaphone.fm/adchoices

Understanding the results of proper documentation during the divorce.

The 360-degree approach to compliance works with all the stakeholders in a compliance program, even the Document Document Document stakeholders; IE., the regulators. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Justice Department Evaluation of Corporate Compliance Programs states in Prong 10, Appropriate Controls – What was the business rationale for the use of the third parties in question? What mechanisms have existed to ensure that the contract terms specifically described the services to be performed, that the payment terms are appropriate, that the described contractual work is performed, and that compensation is commensurate with the services rendered?   You should incorporate compliance terms and conditions into your contracts with third parties. You must have appropriate compliance terms and conditions in every contract with third parties. I would suggest that you prepare a template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.  What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.” Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:  payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract; the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual; the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law; the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.  I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.  In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.  Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation. Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner. Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments. No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company's prior written consent (to be based on adequate due diligence). Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training. Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship. On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training. Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct. Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.  Many do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum compliance terms and conditions. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator.  Three Key Takeaways There is no set formula for clearing of red flags or the evaluation of due diligence. Know when to say enough has been done. You must Document Document Document your evaluation of any red flags.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

An important part of the job duties of any compliance practitioner is clearing red flags which might appear for a proposed third-party relationship during the due diligence process. It is mandatory that not only must all red flags be cleared but there also be evidence of the decision-making process to show to a regulator if one comes knocking. The Justice Department Evaluation of Corporate Compliance Program states under Prong 10 the following, “Real Actions and Consequences – Were red flags identified from the due diligence of the third parties involved in the misconduct and how were they resolved?” There is no set formula or guideline for clearing red flags or evaluating due diligence. One approach came from two compliance practitioners at GE Oil & Gas, Flora Francis and Andrew Baird made at the 2014 SCCE Utility and Energy Conference on GE’s third party risk management, where they described the process by which GE reviews the risks around each third party with which it does business.  Some of the factors which GE considers, when evaluating a third party, include the following:  Business Model: Do we need third parties to reach our customers or can we build the organization ourselves? In-house Capabilities: Do we already have the organization in place to handle these capabilities? Overlap: Do we already have a third party in the region/country that can handle our needs? Volume of Business: How much business will this third party bring to the company? Compliance Risk: Where is the third party located? Will they interact with government officials? Do they have same commitment to compliance? Regulatory Environment: Is it simple or strict? What are the chances of regulatory violations? Reputation: What is the third party’s reputation in the market?  GE takes this information and then break downs the risks down into low risk and high risk. A low risk received a limited review and analysis, while a high risk receives an escalated review and analysis consisting of the following reviews: compliance, legal, business leadership and finance. But more than simply the level of review, I was interested in the ‘Risk Score Drivers’ that GE has developed. Once again, the speakers emphasized that these are GE’s risk score drivers and have been developed over time through the company’s internal analysis and processes. Nevertheless I found them to be a very useful way to think about third party risk. The risk score drivers listed were:  Country channel where the third party is located in or where it sells into; Experience by the third party with the sales channel; Type of third party involved; agent, reseller, distributor; Commission rate, is it standard v. non-standard; Will any sub-third party relationships be involved; Will the third party sell to government entity or instrumentality; Do any of the third party’s principals, Officers or Agents work for a foreign government, state owned enterprise or political party; Was the third party mandated by customer or the end user; What is the third party’s contract duration; Is the third party involved in more than one project; Does the third party have any historical compliance issues; What is the percent of sales with products or services; and What is GE’s annual revenue with the third party?  GE compliance then takes these scoring factors and puts them into an evaluation matrix when determining the amount of risk involved and a Go/NoGo decision whether the company should move forward with a proposed third party.  One approach came from Randy Corley, Executive Vice President (EVP), Global Compliance Officer at Edelmen Inc. I found his questions to be very relevant when considering how far down the chain a company must go.  Step 1: How Much is Enough? Here your goal is to have a realistic process so that it can be effectively managed and still be of sufficient value for the business unit decision makers, who have the ultimate responsibility over the company’s third parties.  Step 2: How Deep Do We Dig? Here I think the question you should consider is how many tiers down you must go in managing your third parties? Clearly you should manage all direct counter-parties in the sales chain and those considered high-risk in the supply chain. Further, in the sales chain, I think you need to know directly if your business representatives are sub-contracting down your business representation, at least through one tier. On the supply chain, if a high-risk truly is a high-risk for bribery and corruption under your internal evaluation system, you should also consider digging down one tier.  Step 3: What Do You Need To Know? While with your first-tier relationships you may scope your review depending on your internal risk assessment and attendant risk ranking, your data collection down the chain may not need to be as robust. For counter-parties further down the chain than tier 2, a list of actual and beneficial owners, coupled with commitments to follow relevant anti-corruption legislation is needed. Such commitments should be secured through each tier’s contract with its counter-parties.  Step 4: What Did We Learn? If there is any information from which Red Flags appear, they must be cleared. If additional information is needed or points clarified, now is the time to do it and not wait until later in the process. Here I would rely on Jan Farley’s proscription not to stretch your compliance program too thin. Focus your training, communication and management on your direct counter-parties and communicate to them that your company expects them to manage their relationships with their direct counter-parties, which would include the clearing of any Red Flags that may have appeared.  Step 5: Then What? After you have made your decision you still need to manage the relationship. This will entail continuing compliance communications with your direct counter-parties on an ongoing basis. Preferably your business unit sponsor will do this but as the compliance practitioner, you should also be mindful of checking in from time-to-time with your third parties. As your compliance program matures, you also reach the point where you will need to consider auditing of your third parties from the compliance perspective. Finally, do not forget the three most important things about your FCPA compliance program: “Document, Document and Document” the entire process.  In the area of third parties, consider what risks you face in both your sales and supply chain. If there is a key player several tiers down the line who creates or builds a key component or delivers a critical service, you may want to put more management around that relationship from the compliance perspective. For anything below a tier 2; you may be able to manage your risks through having your direct tier 1 counter-party take the lead in managing such compliance risks. But make sure that the expectation is communicated to your direct counter-party so that if the government comes knocking you can show that not only did you contractually obligate your direct counter-party to do so but that you provided them the tools and training to do so. Finally, you will need to be able to show that your direct counter-party did so.  Three Key Takeaways There is no set formula for clearing of red flags or the evaluation of due diligence. Know when to say enough has been done. You must Document Document Document your evaluation of any red flags.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Yesterday I considered the need for due diligence in the management of third parties. Today, I want to take a deeper dive and explore the levels of due diligence. Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.  Level I  First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering, anti-bribery, sanctions lists, coupled with other financial corruption & criminal databases.  These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities.  It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.  Level II  Level II due diligence encompasses supplementing these Global Watch lists with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company; the third party’s key executives and associated parties.  I believe that Level II should also include an in-country data base search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments of the third party; a check for international derogatory electronic and physical media searches, you should perform both English and foreign-language repositories searches on the third party, in its country of domicile, if you are in a specific industry, using technical specialists you should also obtain information from sector specific sources.  Level III This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation. According to Candice Tal, founder of Infortal, Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions.  Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in country investigation.” Further the “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English.  Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”  But more than simply an investigation of the company, critically including a site visit and coupled with onsite interviews, Tal says that some other things you investigate include “an in-depth background check of key executives or principal players.  These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such  “Reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publically.”   Further you may need to engage a foreign law firm, to investigate the third party in its home country to determine the third party’s compliance with its home country’s laws, licensing requirements and regulations. Lastly and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the FCPA; you can use a Level III to determine if the third party willing to stand up with under the FCPA and are you willing to partner with the third party.  The Risk Advisory Group, has put together a handy chart of its Level I, II and III approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence. There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II & III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to Document Document Document all your due diligence.   Three Key Takeaways A Level I due diligence should be only used where there is a low risk of corruption. A Level II due diligence is sufficient in a high risk jurisdiction if there are no red flags to clear. Level III due diligence is deep dive, boots on the ground investigation. This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.   Learn more about your ad choices. Visit megaphone.fm/adchoices

The Evaluation, in Prong 10, Third Part Management asks, “What was the business rationale for the use of the third party in question?” This question is one of the most basic tools to operationalize your compliance program and should form the basis of your third-party risk management process.  It is common sense that you should have a business rationale to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have that specific third party representing your company. This concept is enshrined in the 2012 FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.”  The Internal Revenue Service (IRS) also considers a business rationale to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, speaking at a presentation, said that the lack of business rationale to be a Red Flag, indeed the IRS views such lack of business rationale as possible indicia of corruption. With the Department of Justice; Securities and Exchange Commission and IRS all noting the importance of a business rationale, it is clear this is something you should use to operationalize your compliance program.  But the business rationale also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business rationale to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues. Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:  Business Sponsor - Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but business unit accountability for the business relationship and puts the onus on each stakeholder to more fully operationalize this portion of your compliance program. Business Rationale - The Business Sponsor should then articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?  What should go into your Business Rationale? At the most basic level, you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts which include the following. You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is Red Flag is a customer or government representative points you towards a specific third party. You should inquire into what services the third party will perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this specific third party should be used as opposed to an existing or other third party, is such were considered. All this information should be written down and then signed by the Business Sponsor.  Another way to think about this issue is by considering the competence of foreign business partner to provide services to your organization. Such considerations include a review of the qualifications of the third-party candidate for subject matter expertise, the resources to perform the services for which they are being considered and the third party’s expected activities for your company.  More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.  Remember, the purpose of the Business Rationale is to document the satisfactoriness of the business case to retain a third party.  The Business Rationale should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third-party relationship is renewed. As explained by the Tom Fox Mantra for compliance, this means Document Document Document.    Three Key Takeaways You should always have a business reason for using a third party which is articulated by the business folks, not compliance. A Business Sponsor is the key relationship going forward in operationalizing your compliance program through the life of the third-party relationship with your company. Always remember to Document Document Document.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC Accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

I conclude my One Month to Operationalizing your Compliance Program series by discussing how you can put your compliance program at the center of corporate strategy. An article in the Harvard Business Review (HBR) by Frank Cespedes, entitled “Putting Sales at the Center of Strategy”, discussed how to connect up management’s new sales plans with the “field realities.” Referencing the well-known Sam Waltonism that “There ain’t many customers at headquarters”; Cespedes believes that “If you and your team can’t make the crucial connections between strategy and sales, then no matter how much you invest in social media or worry about disruptive innovations, you may end up pressing for better execution when you actually need a better strategy or changing strategic direction when you should be focusing on the basics in the field.”  This can be a critical problem when operationalizing compliance because operationalizing compliance is usually perceived as a top-down exercise. The reality that the employee base that must execute the compliance strategy is not considered. Even when there are comments from employees on compliance initiatives they are often derisively characterized as ‘push-back’ and not taken into account in moving the compliance effort forward.  Communicate the Strategy  It can be difficult for an employee base to implement a strategy that they do not understand. Even with a company wide training rollout, followed by “a string of e-mails from headquarters and periodic reports back on results. There are too few communications, and most are one-way; the root causes of underperformance are often hidden from both groups.” Here Cespedes’ insight is that clarification is a leadership responsibility and in the compliance function that means the Chief Compliance Officer (CCO) or other senior compliance practitioner. Moreover, if the problem is that employees do not understand how to function within the parameters of the compliance program, then there is a training problem and that is the fault of the compliance department. I once was subjected to a PowerPoint of 268 slides, which lasted 7.5 hours, about my company’s compliance regime. To say this was worse than useless was accurate. The business guys were all generally asleep one hour into the presentation as we went through the intricacies of the books and records citations to the FCPA. The training was a failure but it was not the fault of the attendees. If your own employees do not understand your compliance program that is your fault.  Continually improve your compliance productivity Why not do the incentivize productivity around compliance? Work with your Human Resources (HR) department to come up with appropriate financial incentives. Many companies have ad hoc financial awards, which they present to employees to celebrate and honor outstanding efforts. Why not give out something like that around doing business in compliance? Does your company have, as a component of its bonus compensation plan, a part dedicated to compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. HR can, and should, facilitate this process by setting expectations early in the year and then following through when annual bonuses are released. With the assistance of HR, such a bonus can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice.   Improve the human element in your compliance program  This is another area where HR can help the compliance program. More than ongoing assessment of employees for promotion into leadership positions, here HR can assist on the ground floor. HR can take the lead in asking questions around compliance and ethics in the interview process. Studies have suggested that certainly Gen Y & Xers appreciate such inquiries and want to work for companies that make such business ethics a part of the discussion. By having the discussion during the interview process, you can not only set expectations but you can also begin the training process on compliance.  However, this approach should not end when an employee is hired. HR can also assist your compliance efforts by tracking employees through their company career to identify those who perform high in any compliance metric. This can also facilitate the delivery on more focused compliance training to those who may need it because of changes on compliance risks during their careers.  Make your compliance strategy relevant  Cespedes notes, “Most C-suite executives know these value-creation levers, but too few understand and operationalize the sales factors that affect them.” In the sales world this can translate into a reduction in assets to underperforming activities. This is all well and good but such actions must be coupled with an understanding of why sales might be underperforming in certain areas. In the compliance realm, I think this translates into two concepts, ongoing monitoring and risk assessment. Ongoing monitoring can allow you to move from a simple prevent mode to a more prescriptive mode; where you can uncover violations of your company’s compliance program before they become full blown FCPA violations. By using a risk assessment, you can take the temperature of where and how your company is doing business and determine if new products or service offerings increase your compliance risks.  Above all, you need to get out and tell the compliance story. Louis D’Amrosio was quoted for the following, “You have to repeat something at least 10 times for an organization to fully internalize it.” If there is a disconnect between your compliance strategy and how your employee base is implementing or even interpreting that strategy, get out of the office and go out to the field. But you need to do more that simply talk you also need to listen. By doing so, can help to align your company’s compliance strategy with both the delivery and in the field.  Three Key Takeaways Use information from your employees to make your compliance program more productive. Use social media and other innovative techniques to communicate your compliance strategy. Operationalize Operationalize Operationalize, then Document Document Document.  This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Evaluation, in Prong 10, Third Part Management asks, “What was the business rationale for the use of the third party in question?” This question is one of the most basic tools to operationalize your compliance program and should form the basis of your third party risk management process.  It is common sense that you should have a business rationale to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have a particular third party representing your company. This concept is enshrined in the FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.”  The Internal Revenue Service (IRS) also considers a business rationale to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, speaking at a presentation, said that the lack of business rationale to be a Red Flag, indeed the IRS views such lack of business rationale as possible indicia of corruption. With the Department of Justice; Securities and Exchange Commission and IRS all noting the importance of a business rationale, it is clear this is something you should use to operationalize your compliance program.  But the business rationale also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business rationale to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues. Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:  Business Sponsor - Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but business unit accountability for the business relationship and puts the onus on each stakeholder to more fully operationalize this portion of your compliance program. Business Rationale - The Business Sponsor should then articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction? So what should go into your Business Rationale? At the most basic level, you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts which include the following. You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is Red Flag is a customer or government representative points you towards a specific third party. You should inquire into what services the third party will perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this specific third party should be used as opposed to an existing or other third party, is such were considered. All this information should be written down and then signed by the Business Sponsor.  Another way to think about this issue is by considering the competence of foreign business partner to provide services to your organization. Such considerations would include a review of the qualifications of the third party candidate for subject matter expertise, the resources to perform the services for which they are being considered and identifying the third party’s expected activities for your company.  More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.  Remember, the purpose of the Business Rationale is to document the satisfactoriness of the business case to retain a third party.  The Business Rationale should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third-party relationship is renewed. As explained by the Tom Fox Mantra for compliance, this means Document Document Document.     Three Key Takeaways You should always have a business reason for using a third party which is articulated by the business folks, not compliance. A Business Sponsor is the key relationship going forward in operationalizing your compliance program through the life of the third-party relationship with your company. Always remember to Document Document Document.  This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode of the Dunn Solutions Podcast you’ll be hearing from Shelli Lucus-Kennedy with American Insurance Associates. Shelli has been educating and serving her clients in the Pacific Northwest for over 30 years. Shelli will explain the different options you have when managing your risk, and encouraging you to document, document, document!! Shelli will also cover the following: 1. Why you should view your insurance policies as a contract (And accept the fact that by signing, you give the insurer full authority to settle claims any way they choose) 2. She will help you understand that as a general contractor, you are already guilty if you are sued. And the only way to minimize that is the quality of your policy and paperwork. 3. What it means to do work in a Type 2 indemnity state. Why you should consider adding cyber liability to your policy if you own a cell phone. If you have additional questions for Shelli, please visit American Insurance Associates: http://www.americaninsuranceassociates.com/Pages/default.aspx